Warning: Permanently added '[localhost]:20773' (ECDSA) to the list of known hosts.
2025/08/29 08:39:34 fuzzer started
2025/08/29 08:39:34 dialing manager at localhost:43077
syzkaller login: [ 50.088332] cgroup: Unknown subsys name 'net'
[ 50.128670] cgroup: Unknown subsys name 'cpuset'
[ 50.139171] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:39:45 syscalls: 2214
2025/08/29 08:39:45 code coverage: enabled
2025/08/29 08:39:45 comparison tracing: enabled
2025/08/29 08:39:45 extra coverage: enabled
2025/08/29 08:39:45 setuid sandbox: enabled
2025/08/29 08:39:45 namespace sandbox: enabled
2025/08/29 08:39:45 Android sandbox: enabled
2025/08/29 08:39:45 fault injection: enabled
2025/08/29 08:39:45 leak checking: enabled
2025/08/29 08:39:45 net packet injection: enabled
2025/08/29 08:39:45 net device setup: enabled
2025/08/29 08:39:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:39:45 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:39:45 USB emulation: enabled
2025/08/29 08:39:45 hci packet injection: enabled
2025/08/29 08:39:45 wifi device emulation: enabled
2025/08/29 08:39:45 802.15.4 emulation: enabled
2025/08/29 08:39:45 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:39:45 fetching corpus: 28, signal 16855/20253 (executing program)
2025/08/29 08:39:45 fetching corpus: 78, signal 33186/37473 (executing program)
2025/08/29 08:39:45 fetching corpus: 127, signal 41987/47025 (executing program)
2025/08/29 08:39:45 fetching corpus: 177, signal 47482/53279 (executing program)
2025/08/29 08:39:45 fetching corpus: 227, signal 52502/58938 (executing program)
2025/08/29 08:39:45 fetching corpus: 277, signal 56809/63807 (executing program)
2025/08/29 08:39:45 fetching corpus: 326, signal 64359/71290 (executing program)
2025/08/29 08:39:46 fetching corpus: 376, signal 69295/76303 (executing program)
2025/08/29 08:39:46 fetching corpus: 426, signal 73842/80828 (executing program)
2025/08/29 08:39:46 fetching corpus: 475, signal 76456/83637 (executing program)
2025/08/29 08:39:46 fetching corpus: 524, signal 79450/86645 (executing program)
2025/08/29 08:39:46 fetching corpus: 573, signal 80937/88397 (executing program)
2025/08/29 08:39:46 fetching corpus: 623, signal 84028/91464 (executing program)
2025/08/29 08:39:47 fetching corpus: 673, signal 85665/93248 (executing program)
2025/08/29 08:39:47 fetching corpus: 723, signal 88313/95650 (executing program)
2025/08/29 08:39:47 fetching corpus: 771, signal 89940/97258 (executing program)
2025/08/29 08:39:47 fetching corpus: 821, signal 91720/98908 (executing program)
2025/08/29 08:39:47 fetching corpus: 871, signal 93031/100202 (executing program)
2025/08/29 08:39:47 fetching corpus: 921, signal 95222/101979 (executing program)
2025/08/29 08:39:47 fetching corpus: 970, signal 96451/103122 (executing program)
2025/08/29 08:39:48 fetching corpus: 1017, signal 98652/104818 (executing program)
2025/08/29 08:39:48 fetching corpus: 1066, signal 100354/106109 (executing program)
2025/08/29 08:39:48 fetching corpus: 1115, signal 101916/107256 (executing program)
2025/08/29 08:39:48 fetching corpus: 1165, signal 103076/108120 (executing program)
2025/08/29 08:39:48 fetching corpus: 1214, signal 104032/108885 (executing program)
2025/08/29 08:39:48 fetching corpus: 1264, signal 105884/110021 (executing program)
2025/08/29 08:39:48 fetching corpus: 1313, signal 107138/110867 (executing program)
2025/08/29 08:39:48 fetching corpus: 1363, signal 108958/111895 (executing program)
2025/08/29 08:39:49 fetching corpus: 1411, signal 110349/112687 (executing program)
2025/08/29 08:39:49 fetching corpus: 1461, signal 111321/113224 (executing program)
2025/08/29 08:39:49 fetching corpus: 1500, signal 112776/114014 (executing program)
2025/08/29 08:39:49 fetching corpus: 1500, signal 112776/114052 (executing program)
2025/08/29 08:39:49 fetching corpus: 1500, signal 112776/114091 (executing program)
2025/08/29 08:39:49 fetching corpus: 1500, signal 112776/114138 (executing program)
2025/08/29 08:39:49 fetching corpus: 1500, signal 112776/114179 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112783/114215 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112783/114254 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112783/114292 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112783/114329 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112783/114375 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112783/114405 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112785/114442 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112785/114482 (executing program)
2025/08/29 08:39:49 fetching corpus: 1501, signal 112785/114525 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114591 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114633 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114673 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114709 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114744 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114795 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114840 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114882 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114921 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114951 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114982 (executing program)
2025/08/29 08:39:49 fetching corpus: 1502, signal 112811/114982 (executing program)
2025/08/29 08:39:52 starting 8 fuzzer processes
08:39:52 executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000000)=@ready={0x0, 0x0, 0x8, 'BBBB'})
08:39:52 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
08:39:52 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000180)=""/207)
08:39:52 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f00000000c0)=0xffffffff, 0x4)
08:39:52 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
08:39:52 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCSPGRP(r0, 0x5410, 0xfffffffffffffffc)
08:39:52 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)='^', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fadvise64(r1, 0x0, 0x0, 0x1)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0x3)
[ 67.763735] audit: type=1400 audit(1756456792.257:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:39:52 executing program 7:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r0, &(0x7f0000000080)={0x24, @long}, 0x7)
[ 69.053825] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 69.055854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 69.057986] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 69.061468] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 69.063265] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 69.063835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 69.064741] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 69.067601] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 69.069298] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 69.072989] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 69.073615] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 69.078393] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.080276] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 69.081006] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 69.085434] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.090213] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 69.094667] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 69.099737] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 69.099929] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.104506] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 69.109479] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 69.114544] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 69.119609] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 69.124728] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 69.135371] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.138192] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 69.145396] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 69.147020] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 69.148654] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 69.151362] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 69.153574] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 69.160815] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 69.163962] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.165400] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 69.174493] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 69.205674] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 69.209858] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 69.212014] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 69.218965] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 69.229846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 71.136776] Bluetooth: hci3: command tx timeout
[ 71.201301] Bluetooth: hci1: command tx timeout
[ 71.202368] Bluetooth: hci5: command tx timeout
[ 71.203314] Bluetooth: hci2: command tx timeout
[ 71.264411] Bluetooth: hci4: command tx timeout
[ 71.265521] Bluetooth: hci0: command tx timeout
[ 71.265555] Bluetooth: hci7: command tx timeout
[ 71.266731] Bluetooth: hci6: command tx timeout
[ 73.184613] Bluetooth: hci3: command tx timeout
[ 73.248198] Bluetooth: hci1: command tx timeout
[ 73.248623] Bluetooth: hci5: command tx timeout
[ 73.249013] Bluetooth: hci2: command tx timeout
[ 73.312174] Bluetooth: hci6: command tx timeout
[ 73.312616] Bluetooth: hci4: command tx timeout
[ 73.313143] Bluetooth: hci7: command tx timeout
[ 73.313583] Bluetooth: hci0: command tx timeout
[ 75.232205] Bluetooth: hci3: command tx timeout
[ 75.296151] Bluetooth: hci2: command tx timeout
[ 75.296186] Bluetooth: hci5: command tx timeout
[ 75.296608] Bluetooth: hci1: command tx timeout
[ 75.360167] Bluetooth: hci0: command tx timeout
[ 75.360224] Bluetooth: hci7: command tx timeout
[ 75.361284] Bluetooth: hci4: command tx timeout
[ 75.361676] Bluetooth: hci6: command tx timeout
[ 77.280178] Bluetooth: hci3: command tx timeout
[ 77.344288] Bluetooth: hci5: command tx timeout
[ 77.345016] Bluetooth: hci2: command tx timeout
[ 77.345776] Bluetooth: hci1: command tx timeout
[ 77.408237] Bluetooth: hci6: command tx timeout
[ 77.409142] Bluetooth: hci4: command tx timeout
[ 77.409887] Bluetooth: hci0: command tx timeout
[ 77.410244] Bluetooth: hci7: command tx timeout
[ 106.817625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.818400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.001914] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.002571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.257165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.257789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.370475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.371700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.466314] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[ 107.469552] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[ 107.500138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.500803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:40:32 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
[ 107.540884] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.541507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.585613] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
08:40:32 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
[ 107.680823] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[ 107.687624] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.688226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:40:32 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
[ 107.736866] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
08:40:32 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
[ 107.789527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.790472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.814906] audit: type=1400 audit(1756456832.307:8): avc: denied { open } for pid=3874 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.817916] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[ 107.819229] audit: type=1400 audit(1756456832.307:9): avc: denied { kernel } for pid=3874 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
08:40:32 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
[ 107.859292] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[ 107.867940] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.869671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:40:32 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_tcp(0x0, &(0x7f0000001f80)='./file0\x00', 0x0, 0x22, &(0x7f0000002000)={'trans=tcp,', {}, 0x2c, {[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}})
08:40:32 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
[ 107.966134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.966847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.977915] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[ 107.997738] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.998462] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:40:32 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
[ 108.105318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.105928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.121995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.122803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.174120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.174750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.210038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 108.213186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 108.220676] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.221372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.289651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.290320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.715505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 108.716820] misc raw-gadget: fail, usb_gadget_register_driver returned -16
08:40:33 executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000000)=@ready={0x0, 0x0, 0x8, 'BBBB'})
08:40:33 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)='^', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fadvise64(r1, 0x0, 0x0, 0x1)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0x3)
08:40:33 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000180)=""/207)
08:40:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
08:40:33 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
08:40:33 executing program 7:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r0, &(0x7f0000000080)={0x24, @long}, 0x7)
08:40:33 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f00000000c0)=0xffffffff, 0x4)
08:40:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCSPGRP(r0, 0x5410, 0xfffffffffffffffc)
[ 108.796411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 108.810334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
08:40:33 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000180)=""/207)
08:40:33 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f00000000c0)=0xffffffff, 0x4)
08:40:33 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
08:40:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCSPGRP(r0, 0x5410, 0xfffffffffffffffc)
08:40:33 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000180)=""/207)
08:40:33 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="c3", 0x1, r0)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/98, 0x62)
08:40:33 executing program 7:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r0, &(0x7f0000000080)={0x24, @long}, 0x7)
[ 108.949719] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 108.950674] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 108.951294] CPU: 0 UID: 0 PID: 3937 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.953117] Tainted: [W]=WARN
[ 108.958076] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.959714] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.960487] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.963380] RSP: 0018:ffff88800e8b7780 EFLAGS: 00010012
[ 108.964233] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 108.965368] RDX: ffff888043089b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 108.966507] RBP: ffff88800e8b79f0 R08: ffff88806ce31340 R09: ffffe8ffffc151b8
[ 108.967659] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.968800] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 108.969944] FS: 00005555638b3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 108.971242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.972172] CR2: 00007f135710e000 CR3: 0000000045d23000 CR4: 0000000000350ef0
[ 108.973316] Call Trace:
[ 108.973738]
[ 108.974112] ? __pfx_perf_tp_event+0x10/0x10
[ 108.974791] ? perf_trace_lock+0xb5/0x5d0
[ 108.975461] ? arch_scale_cpu_capacity+0x17/0xa0
[ 108.976239] ? cpu_util.constprop.0+0x17d/0x340
[ 108.977004] ? __asan_memset+0x24/0x50
[ 108.977638] ? sched_balance_find_dst_group+0xa9a/0x1c00
[ 108.978515] ? perf_trace_lock+0xb5/0x5d0
[ 108.979200] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.980013] perf_trace_run_bpf_submit+0xef/0x180
[ 108.980793] perf_trace_preemptirq_template+0x259/0x430
[ 108.981651] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.982392] ? __pfx_perf_trace_lock+0x10/0x10
[ 108.983144] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.984097] ? update_curr+0x39e/0x500
[ 108.984734] ? find_held_lock+0x2b/0x80
[ 108.985390] ? try_to_wake_up+0x8ae/0x11d0
[ 108.986086] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 108.986921] trace_irq_enable.constprop.0+0xa6/0x100
[ 108.987736] trace_hardirqs_on+0x26/0x40
[ 108.988390] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 108.989186] try_to_wake_up+0x8ae/0x11d0
[ 108.989854] ? __pfx_try_to_wake_up+0x10/0x10
[ 108.990594] ? plist_del+0x122/0x270
[ 108.991204] ? find_held_lock+0x2b/0x80
[ 108.991858] ? futex_wake+0x474/0x540
[ 108.992484] wake_up_q+0xa1/0x130
[ 108.993061] futex_wake+0x47e/0x540
[ 108.993663] ? __pfx_futex_wake+0x10/0x10
[ 108.994328] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 108.995135] ? finish_task_switch.isra.0+0x206/0x840
[ 108.995963] do_futex+0x26d/0x370
[ 108.996535] ? __pfx_do_futex+0x10/0x10
[ 108.997183] ? __pfx___schedule+0x10/0x10
[ 108.997859] __x64_sys_futex+0x1c9/0x4d0
[ 108.998523] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.999483] ? __pfx___x64_sys_futex+0x10/0x10
[ 109.000229] ? xfd_validate_state+0x55/0x180
[ 109.000959] do_syscall_64+0xbf/0x360
[ 109.001577] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.002403] RIP: 0033:0x7f11e945ab19
[ 109.003012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 109.005888] RSP: 002b:00007fff526133d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 109.007050] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f11e945ab19
[ 109.008181] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f11e956df68
[ 109.009301] RBP: 00007f11e956df60 R08: 00007f11e69d0700 R09: 0000000000000000
[ 109.010384] R10: 00007f11e69d0700 R11: 0000000000000246 R12: 00007f11e95720a8
[ 109.011525] R13: 00007fff526134e0 R14: 00007f11e956df60 R15: 000000000001a916
[ 109.012665]
[ 109.013050] Modules linked in:
[ 109.013574] ---[ end trace 0000000000000000 ]---
[ 109.013579] BUG: unable to handle page fault for address: ffffed10287585b6
[ 109.014323] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.014974] #PF: supervisor read access in kernel mode
[ 109.015701] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.016162] #PF: error_code(0x0000) - not-present page
[ 109.018962] RSP: 0018:ffff88800e8b7780 EFLAGS: 00010012
[ 109.019428] PGD 7ffd4067
[ 109.019431]
[ 109.019440] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 109.019904] P4D 7ffd4067
[ 109.020342] RDX: ffff888043089b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 109.020505] PUD 7ffd3067
[ 109.021620] RBP: ffff88800e8b79f0 R08: ffff88806ce31340 R09: ffffe8ffffc151b8
[ 109.021873] PMD 0
[ 109.023006] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 109.023263]
[ 109.023271] Oops: Oops: 0000 [#2] SMP KASAN NOPTI
[ 109.024386] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 109.024599] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 109.025676] FS: 00005555638b3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.025845] Tainted: [D]=DIE, [W]=WARN
[ 109.026594] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.027231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 109.029103] CR2: 00007f135710e000 CR3: 0000000045d23000 CR4: 0000000000350ef0
[ 109.029814] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.030417] note: syz-executor.5[3937] exited with irqs disabled
[ 109.030934] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.035415] RSP: 0018:ffff88801aedf780 EFLAGS: 00010012
[ 109.035896] RAX: 1ffff110287585b6 RBX: ffff888143ac2bc0 RCX: ffffc90001ffd000
[ 109.036538] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: ffff888143ac2db0
[ 109.037174] RBP: ffff88801aedf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd151b8
[ 109.037814] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 109.038448] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 109.039101] FS: 00007f8a1ccdf700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 109.039816] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.040346] CR2: ffffed10287585b6 CR3: 0000000045e2a000 CR4: 0000000000350ef0
[ 109.040984] Call Trace:
[ 109.041225]
[ 109.041439] ? __pfx_perf_tp_event+0x10/0x10
[ 109.041850] ? __asan_memcpy+0x3d/0x60
[ 109.042212] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 109.042780] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 109.043351] ? kvm_sched_clock_read+0x16/0x30
[ 109.043766] ? local_clock_noinstr+0xf/0xc0
[ 109.044162] ? perf_trace_lock+0xb5/0x5d0
[ 109.044547] ? perf_trace_lock+0xb5/0x5d0
[ 109.044926] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 109.045382] ? perf_swevent_event+0x63/0x3f0
[ 109.045789] ? perf_tp_event+0x807/0xe70
[ 109.046168] ? perf_trace_run_bpf_submit+0xef/0x180
[ 109.046631] ? perf_trace_run_bpf_submit+0xef/0x180
[ 109.047085] perf_trace_run_bpf_submit+0xef/0x180
[ 109.047531] perf_trace_preemptirq_template+0x259/0x430
[ 109.048021] ? __pfx_perf_trace_lock+0x10/0x10
[ 109.048441] ? __pfx_perf_trace_lock+0x10/0x10
[ 109.048862] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.049395] ? __pfx___resched_curr+0x10/0x10
[ 109.049811] ? try_to_wake_up+0x8ae/0x11d0
[ 109.050202] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 109.050676] trace_irq_enable.constprop.0+0xa6/0x100
[ 109.051135] trace_hardirqs_on+0x26/0x40
[ 109.051505] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 109.051952] try_to_wake_up+0x8ae/0x11d0
[ 109.052333] ? __pfx_try_to_wake_up+0x10/0x10
[ 109.052745] ? plist_del+0x122/0x270
[ 109.053096] ? futex_wake+0x474/0x540
[ 109.053452] wake_up_q+0xa1/0x130
[ 109.053779] futex_wake+0x47e/0x540
[ 109.054120] ? __pfx_futex_wake+0x10/0x10
[ 109.054504] ? lock_release+0x1c7/0x290
[ 109.054882] ? fd_install+0x1f0/0x660
[ 109.055241] do_futex+0x26d/0x370
[ 109.055564] ? __pfx_do_futex+0x10/0x10
[ 109.055934] __x64_sys_futex+0x1c9/0x4d0
[ 109.056307] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.056843] ? __pfx___x64_sys_futex+0x10/0x10
[ 109.057266] do_syscall_64+0xbf/0x360
[ 109.057613] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.058081] RIP: 0033:0x7f8a1f769b19
[ 109.058418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 109.060026] RSP: 002b:00007f8a1ccdf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 109.060701] RAX: ffffffffffffffda RBX: 00007f8a1f87cf68 RCX: 00007f8a1f769b19
[ 109.061339] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8a1f87cf6c
[ 109.061979] RBP: 00007f8a1f87cf60 R08: 000000000000000e R09: 0000000000000000
[ 109.062623] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8a1f87cf6c
[ 109.063260] R13: 00007ffcc3d6a02f R14: 00007f8a1ccdf300 R15: 0000000000022000
[ 109.063900]
[ 109.064117] Modules linked in:
[ 109.064414] CR2: ffffed10287585b6
[ 109.064728] ---[ end trace 0000000000000000 ]---
[ 109.064729] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[ 109.065155] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.066945] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 109.067362] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.068572] CPU: 0 UID: 0 PID: 3937 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 109.070162] RSP: 0018:ffff88800e8b7780 EFLAGS: 00010012
[ 109.071992] Tainted: [D]=DIE, [W]=WARN
[ 109.072466] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 109.073086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 109.073718] RDX: ffff888043089b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 109.075052] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.075686] RBP: ffff88800e8b79f0 R08: ffff88806ce31340 R09: ffffe8ffffc151b8
[ 109.076433] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.077066] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 109.079924] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[ 109.080556] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 109.080560]
[ 109.080575] FS: 00007f8a1ccdf700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 109.081417] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 109.082048] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.082320] RDX: ffff888043089b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 109.083036] CR2: ffffed10287585b6 CR3: 0000000045e2a000 CR4: 0000000000350ef0
[ 109.084182] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc151b8
[ 109.084704] note: syz-executor.4[3945] exited with irqs disabled
[ 109.085853] R10: 0000000000000000 R11: ffff888016edd098 R12: dffffc0000000000
[ 109.089728] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 109.090849] FS: 00005555638b3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.092145] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.093106] CR2: 00007f135710e000 CR3: 0000000045d23000 CR4: 0000000000350ef0
[ 109.094281] Call Trace:
[ 109.094715]
[ 109.095091] ? __pfx_perf_tp_event+0x10/0x10
[ 109.095833] ? trace_pelt_se_tp+0xdf/0x130
[ 109.096537] ? __pfx_perf_trace_lock+0x10/0x10
[ 109.097299] ? __pfx_perf_trace_lock+0x10/0x10
[ 109.098063] ? do_raw_spin_lock+0x123/0x260
[ 109.098742] ? try_to_wake_up+0x128/0x11d0
[ 109.099410] ? lock_release+0x1c7/0x290
[ 109.100080] ? do_raw_spin_unlock+0x53/0x220
[ 109.100828] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 109.101679] ? try_to_wake_up+0x128/0x11d0
[ 109.102396] ? perf_trace_lock+0xb5/0x5d0
[ 109.103104] ? do_raw_spin_lock+0x123/0x260
[ 109.103830] ? __pfx_perf_trace_lock+0x10/0x10
[ 109.104602] ? perf_trace_run_bpf_submit+0xef/0x180
[ 109.105439] perf_trace_run_bpf_submit+0xef/0x180
[ 109.106251] perf_trace_preemptirq_template+0x259/0x430
[ 109.107165] ? read_tsc+0x9/0x20
[ 109.107754] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.108746] ? clockevents_program_event+0x135/0x360
[ 109.109606] ? tick_program_event+0xac/0x140
[ 109.110352] ? handle_softirqs+0x16e/0x770
[ 109.111085] trace_irq_enable.constprop.0+0xa6/0x100
[ 109.111948] trace_hardirqs_on+0x26/0x40
[ 109.112618] handle_softirqs+0x16e/0x770
[ 109.113326] __irq_exit_rcu+0xc4/0x100
[ 109.114003] irq_exit_rcu+0x9/0x20
[ 109.114580] sysvec_apic_timer_interrupt+0x70/0x80
[ 109.115348]
[ 109.115737]
[ 109.116126] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 109.117013] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 109.117807] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 109.120722] RSP: 0018:ffff88800e8b7f28 EFLAGS: 00000246
[ 109.121614] RAX: 0000000000000001 RBX: ffff888043089b80 RCX: ffffffff817c2b86
[ 109.122755] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 109.123809] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 109.124860] R10: ffffffff8643ac57 R11: 6572617764726148 R12: ffff888043089b80
[ 109.125923] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[ 109.126993] ? trace_irq_enable.constprop.0+0x26/0x100
[ 109.127775] ? make_task_dead+0x214/0x3b0
[ 109.128402] ? make_task_dead+0x214/0x3b0
[ 109.129026] ? do_syscall_64+0xbf/0x360
[ 109.129625] rewind_stack_and_make_dead+0x16/0x20
[ 109.130356] RIP: 0033:0x7f11e945ab19
[ 109.130923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 109.133593] RSP: 002b:00007fff526133d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 109.134719] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f11e945ab19
[ 109.135782] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f11e956df68
[ 109.136845] RBP: 00007f11e956df60 R08: 00007f11e69d0700 R09: 0000000000000000
[ 109.137904] R10: 00007f11e69d0700 R11: 0000000000000246 R12: 00007f11e95720a8
[ 109.138980] R13: 00007fff526134e0 R14: 00007f11e956df60 R15: 000000000001a916
[ 109.140045]
[ 109.140403] Modules linked in:
[ 109.140894] ---[ end trace 0000000000000000 ]---
[ 109.140905] BUG: unable to handle page fault for address: ffffed10287585b6
[ 109.141593] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.142809] #PF: supervisor read access in kernel mode
[ 109.143490] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.144364] #PF: error_code(0x0000) - not-present page
[ 109.147041] RSP: 0018:ffff88800e8b7780 EFLAGS: 00010012
[ 109.147913] PGD 7ffd4067 P4D 7ffd4067
[ 109.148701] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 109.148707] PUD 7ffd3067
[ 109.148720] RDX: ffff888043089b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 109.149368] PMD 0
[ 109.150422] RBP: ffff88800e8b79f0 R08: ffff88806ce31340 R09: ffffe8ffffc151b8
[ 109.150891]
[ 109.151947] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 109.152331] Oops: Oops: 0000 [#4] SMP KASAN NOPTI
[ 109.153390] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 109.153691] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 109.154736] FS: 00005555638b3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.155556] Tainted: [D]=DIE, [W]=WARN
[ 109.156610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.158571] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 109.159761] CR2: 00007f135710e000 CR3: 0000000045d23000 CR4: 0000000000350ef0
[ 109.160420] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.161290] Kernel panic - not syncing: Fatal exception in interrupt
[ 110.270945] Shutting down cpus with NMI
[ 110.274193] Kernel Offset: disabled
[ 110.274765] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:40:33 Registers:
info registers vcpu 0
RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88800e8b7118
R8 =0000000000000000 R9 =ffffed1001d25046 R10=000000000000005d R11=3a6465746e696154
R12=000000000000005d R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00005555638b3400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe4400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f135710e000 CR3=0000000045d23000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f11e95417c000007f11e95417c8
XMM02=00007f11e95417e000007f11e95417c0 XMM03=00007f11e95417c800007f11e95417c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000482b96b148 RBX=0000000000000000 RCX=00000000000006e0 RDX=0000000000000048
RSI=ffff88806cf238c0 RDI=000000000000557e RBP=ffff88806cf238c0 RSP=ffff88806cf08ed8
R8 =ffffffff84ca6fe0 R9 =0000000000000000 R10=000000000000f4b9 R11=ffff88806cf37018
R12=000000000000557e R13=0000000000000000 R14=0000000000000000 R15=ffff88806cf28080
RIP=ffffffff81327f55 RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f73c502a8c0 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4500000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8a1fc81004 CR3=000000001ed8c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffff0000000000ff0000000000000000
XMM02=00007f73c55a9be000007f73c55a9be0 XMM03=00007f73c55a9b00736563697665642f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=010001000000ffff0000000300000004
XMM06=0000000700000002000055c5661ab5c0 XMM07=00000000000000000000000000000000
XMM08=610064253a64252f6b636f6c622f7665 XMM09=00000000000000000000000000000000
XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000