Warning: Permanently added '[localhost]:36377' (ECDSA) to the list of known hosts. 2025/08/29 08:11:34 fuzzer started 2025/08/29 08:11:34 dialing manager at localhost:43077 syzkaller login: [ 51.296789] cgroup: Unknown subsys name 'net' [ 51.369560] cgroup: Unknown subsys name 'cpuset' [ 51.393719] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:11:45 syscalls: 2214 2025/08/29 08:11:45 code coverage: enabled 2025/08/29 08:11:45 comparison tracing: enabled 2025/08/29 08:11:45 extra coverage: enabled 2025/08/29 08:11:45 setuid sandbox: enabled 2025/08/29 08:11:45 namespace sandbox: enabled 2025/08/29 08:11:45 Android sandbox: enabled 2025/08/29 08:11:45 fault injection: enabled 2025/08/29 08:11:45 leak checking: enabled 2025/08/29 08:11:45 net packet injection: enabled 2025/08/29 08:11:45 net device setup: enabled 2025/08/29 08:11:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:11:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:11:45 USB emulation: enabled 2025/08/29 08:11:45 hci packet injection: enabled 2025/08/29 08:11:45 wifi device emulation: enabled 2025/08/29 08:11:45 802.15.4 emulation: enabled 2025/08/29 08:11:45 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:11:45 fetching corpus: 50, signal 28241/30861 (executing program) 2025/08/29 08:11:45 fetching corpus: 100, signal 37216/40569 (executing program) 2025/08/29 08:11:45 fetching corpus: 150, signal 44044/47900 (executing program) 2025/08/29 08:11:45 fetching corpus: 200, signal 49024/53229 (executing program) 2025/08/29 08:11:45 fetching corpus: 250, signal 54741/59005 (executing program) 2025/08/29 08:11:45 fetching corpus: 300, signal 60386/64449 (executing program) 2025/08/29 08:11:46 fetching corpus: 350, signal 64563/68405 (executing program) 2025/08/29 08:11:46 fetching corpus: 400, signal 68128/71683 (executing program) 2025/08/29 08:11:46 fetching corpus: 450, signal 70375/73776 (executing program) 2025/08/29 08:11:46 fetching corpus: 500, signal 74443/77177 (executing program) 2025/08/29 08:11:46 fetching corpus: 550, signal 77006/79478 (executing program) 2025/08/29 08:11:46 fetching corpus: 600, signal 79521/81434 (executing program) 2025/08/29 08:11:46 fetching corpus: 650, signal 81536/82921 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83314 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83415 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83495 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83575 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83656 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83725 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83808 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83900 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/83972 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84050 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84137 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84228 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84312 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84396 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84484 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84561 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84653 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84730 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84801 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84903 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/84989 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85063 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85153 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85235 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85313 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85401 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85492 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85576 (executing program) 2025/08/29 08:11:47 fetching corpus: 659, signal 81990/85576 (executing program) 2025/08/29 08:11:49 starting 8 fuzzer processes 08:11:49 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = inotify_init() poll(&(0x7f0000000080)=[{r0}, {r0}, {r0}, {r1}, {r0}, {r2}], 0x6, 0x1) 08:11:49 executing program 1: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 08:11:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) 08:11:49 executing program 6: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) 08:11:49 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) 08:11:49 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@md0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000880)='securityfs\x00', 0x0, 0x0) 08:11:49 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$VT_ACTIVATE(r1, 0x2203, 0x8000000000004) [ 66.128204] audit: type=1400 audit(1756455109.776:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:11:49 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) [ 67.296867] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.299125] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.302685] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.307359] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.312395] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.356981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.360537] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.364525] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.368764] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.371220] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.487354] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.493344] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.504125] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.521335] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.543707] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.561387] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.562958] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.565522] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.569803] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.571604] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.575570] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.579509] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.583622] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.585737] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.588191] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.614648] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.616586] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.625428] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.631026] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.639585] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.650376] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.653518] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.655269] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.657492] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.658366] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.663496] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.666615] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.679681] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.682990] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.684229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.390651] Bluetooth: hci1: command tx timeout [ 69.390691] Bluetooth: hci0: command tx timeout [ 69.646180] Bluetooth: hci6: command tx timeout [ 69.646205] Bluetooth: hci3: command tx timeout [ 69.646912] Bluetooth: hci2: command tx timeout [ 69.710257] Bluetooth: hci7: command tx timeout [ 69.774236] Bluetooth: hci5: command tx timeout [ 69.774275] Bluetooth: hci4: command tx timeout [ 71.438550] Bluetooth: hci1: command tx timeout [ 71.439238] Bluetooth: hci0: command tx timeout [ 71.694201] Bluetooth: hci3: command tx timeout [ 71.695230] Bluetooth: hci2: command tx timeout [ 71.695607] Bluetooth: hci6: command tx timeout [ 71.760072] Bluetooth: hci7: command tx timeout [ 71.822125] Bluetooth: hci4: command tx timeout [ 71.823124] Bluetooth: hci5: command tx timeout [ 73.486123] Bluetooth: hci1: command tx timeout [ 73.487260] Bluetooth: hci0: command tx timeout [ 73.742292] Bluetooth: hci6: command tx timeout [ 73.742738] Bluetooth: hci2: command tx timeout [ 73.743312] Bluetooth: hci3: command tx timeout [ 73.808080] Bluetooth: hci7: command tx timeout [ 73.870136] Bluetooth: hci5: command tx timeout [ 73.870244] Bluetooth: hci4: command tx timeout [ 75.534168] Bluetooth: hci0: command tx timeout [ 75.534267] Bluetooth: hci1: command tx timeout [ 75.790230] Bluetooth: hci3: command tx timeout [ 75.790683] Bluetooth: hci2: command tx timeout [ 75.790984] Bluetooth: hci6: command tx timeout [ 75.854099] Bluetooth: hci7: command tx timeout [ 75.918203] Bluetooth: hci4: command tx timeout [ 75.918236] Bluetooth: hci5: command tx timeout [ 104.243006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.243829] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.436711] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.437464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.614308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.614923] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.706526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.707156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.791444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.792274] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.822135] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15975 [ 104.826537] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15975 08:12:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) [ 104.885414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.886028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.929389] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15975 08:12:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) [ 104.965243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.965823] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.982513] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15975 08:12:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) [ 105.071801] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.072409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.074418] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15975 08:12:28 executing program 1: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 08:12:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) [ 105.164610] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15977 08:12:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) [ 105.193811] audit: type=1400 audit(1756455148.839:8): avc: denied { open } for pid=3875 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.193816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.195145] audit: type=1400 audit(1756455148.840:9): avc: denied { kernel } for pid=3875 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.195453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:12:28 executing program 1: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) [ 105.232538] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15977 [ 105.233969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.234688] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:12:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[]) [ 105.302894] EXT4-fs warning (device sda): ext4_block_to_path:105: block 1768304430 > max in inode 15985 [ 105.332766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.333408] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.396094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.396723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.464269] audit: type=1400 audit(1756455149.110:10): avc: denied { read } for pid=3894 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 105.469869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.470638] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.513408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.514142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.581194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.581820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.626003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.626666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:12:29 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = inotify_init() poll(&(0x7f0000000080)=[{r0}, {r0}, {r0}, {r1}, {r0}, {r2}], 0x6, 0x1) 08:12:29 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) 08:12:29 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 08:12:29 executing program 6: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) 08:12:29 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@md0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000880)='securityfs\x00', 0x0, 0x0) 08:12:29 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$VT_ACTIVATE(r1, 0x2203, 0x8000000000004) 08:12:29 executing program 1: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 08:12:29 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000080)={@broadcast, @remote}, 0xc) 08:12:29 executing program 6: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) 08:12:29 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = inotify_init() poll(&(0x7f0000000080)=[{r0}, {r0}, {r0}, {r1}, {r0}, {r2}], 0x6, 0x1) 08:12:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000080)={@broadcast, @remote}, 0xc) 08:12:29 executing program 6: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) 08:12:29 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) 08:12:29 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) 08:12:29 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000080)={@broadcast, @remote}, 0xc) 08:12:29 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@md0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000880)='securityfs\x00', 0x0, 0x0) 08:12:29 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$VT_ACTIVATE(r1, 0x2203, 0x8000000000004) [ 105.960456] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 105.961401] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 105.962060] CPU: 1 UID: 0 PID: 3938 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 105.963535] Tainted: [W]=WARN [ 105.964035] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.965634] RIP: 0010:perf_tp_event+0x175/0xe70 [ 105.966493] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 105.969985] RSP: 0018:ffff88801566f600 EFLAGS: 00010212 [ 105.971012] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900074c4000 [ 105.972389] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 105.974034] RBP: ffff88801566f870 R08: ffff88806cf31340 R09: ffffe8ffffd169a0 [ 105.974617] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 105.975147] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 105.975670] FS: 00007fe3e9cad700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 105.976263] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.976725] CR2: 000055558345dc18 CR3: 0000000042095000 CR4: 0000000000350ef0 [ 105.977259] Call Trace: [ 105.977456] [ 105.977642] ? __pfx_perf_tp_event+0x10/0x10 [ 105.978016] ? perf_trace_run_bpf_submit+0xef/0x180 [ 105.978403] perf_trace_run_bpf_submit+0xef/0x180 [ 105.978777] perf_trace_lock+0x337/0x5d0 [ 105.979092] ? __pfx_perf_trace_lock+0x10/0x10 [ 105.979440] ? lock_acquire+0x15e/0x2f0 [ 105.979744] ? futex_ref_get+0x48/0x300 [ 105.980045] ? futex_ref_get+0x114/0x300 [ 105.980349] ? futex_hash+0x15c/0x390 [ 105.980644] lock_release+0x1ab/0x290 [ 105.980938] ? futex_hash+0x15c/0x390 [ 105.981226] futex_ref_get+0x119/0x300 [ 105.981517] ? futex_hash+0x15c/0x390 [ 105.981802] futex_hash+0x70/0x390 [ 105.982080] futex_wait_setup+0xae/0x550 [ 105.982398] __futex_wait+0x151/0x300 [ 105.982692] ? __pfx___futex_wait+0x10/0x10 [ 105.983022] ? __pfx_futex_wake_mark+0x10/0x10 [ 105.983382] futex_wait+0xde/0x380 [ 105.983663] ? __pfx_futex_wait+0x10/0x10 [ 105.983976] ? perf_trace_lock+0xb5/0x5d0 [ 105.984292] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 105.984685] do_futex+0x2ee/0x370 [ 105.984952] ? __pfx_do_futex+0x10/0x10 [ 105.985254] ? do_raw_spin_lock+0x123/0x260 [ 105.985583] __x64_sys_futex+0x1c9/0x4d0 [ 105.985896] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 105.986294] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.986639] ? kcov_ioctl+0x386/0x6c0 [ 105.986929] ? fput+0x6a/0x100 [ 105.987185] do_syscall_64+0xbf/0x360 [ 105.987475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.987863] RIP: 0033:0x7fe3ec737b19 [ 105.988141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 105.989458] RSP: 002b:00007fe3e9cad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.990013] RAX: ffffffffffffffda RBX: 00007fe3ec84af68 RCX: 00007fe3ec737b19 [ 105.990546] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe3ec84af68 [ 105.991070] RBP: 00007fe3ec84af60 R08: 00007fe3e9cad700 R09: 0000000000000000 [ 105.991589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe3ec84af6c [ 105.992108] R13: 00007ffd7c2d90df R14: 00007fe3e9cad300 R15: 0000000000022000 [ 105.992639] [ 105.992820] Modules linked in: [ 105.993270] ---[ end trace 0000000000000000 ]--- [ 105.993623] RIP: 0010:perf_tp_event+0x175/0xe70 [ 105.993975] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 105.995359] RSP: 0018:ffff88801566f600 EFLAGS: 00010212 [ 105.995754] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900074c4000 [ 105.996289] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 105.996810] RBP: ffff88801566f870 R08: ffff88806cf31340 R09: ffffe8ffffd169a0 [ 105.997343] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 105.997867] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 105.998409] FS: 00007fe3e9cad700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 105.999001] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.999442] CR2: 000055558345dc18 CR3: 0000000042095000 CR4: 0000000000350ef0 [ 105.999970] note: syz-executor.7[3938] exited with preempt_count 1 [ 106.000442] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 106.001121] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3938, name: syz-executor.7 [ 106.001743] preempt_count: 0, expected: 0 [ 106.002057] RCU nest depth: 2, expected: 0 [ 106.002373] INFO: lockdep is turned off. [ 106.002671] CPU: 1 UID: 0 PID: 3938 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 106.002689] Tainted: [D]=DIE, [W]=WARN [ 106.002693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.002700] Call Trace: [ 106.002703] [ 106.002707] dump_stack_lvl+0xfa/0x120 [ 106.002726] __might_resched+0x2f3/0x510 [ 106.002739] exit_signals+0x25/0x940 [ 106.002757] do_exit+0x2db/0x2970 [ 106.002771] ? _printk+0xbe/0xf0 [ 106.002783] ? __pfx__printk+0x10/0x10 [ 106.002794] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 106.002806] ? __pfx_do_exit+0x10/0x10 [ 106.002818] ? kcov_ioctl+0x386/0x6c0 [ 106.002832] make_task_dead+0x174/0x3b0 [ 106.002844] ? do_syscall_64+0xbf/0x360 [ 106.002854] rewind_stack_and_make_dead+0x16/0x20 [ 106.002869] RIP: 0033:0x7fe3ec737b19 [ 106.002877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 106.002887] RSP: 002b:00007fe3e9cad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.002897] RAX: ffffffffffffffda RBX: 00007fe3ec84af68 RCX: 00007fe3ec737b19 [ 106.002905] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe3ec84af68 [ 106.002911] RBP: 00007fe3ec84af60 R08: 00007fe3e9cad700 R09: 0000000000000000 [ 106.002918] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe3ec84af6c [ 106.002925] R13: 00007ffd7c2d90df R14: 00007fe3e9cad300 R15: 0000000000022000 [ 106.002935] 08:12:29 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) 08:12:29 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = inotify_init() poll(&(0x7f0000000080)=[{r0}, {r0}, {r0}, {r1}, {r0}, {r2}], 0x6, 0x1) 08:12:29 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@md0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000880)='securityfs\x00', 0x0, 0x0) [ 106.086948] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 106.087813] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 106.088449] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 106.089317] Tainted: [D]=DIE, [W]=WARN [ 106.089601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.090211] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.090568] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.091879] RSP: 0018:ffff888043167600 EFLAGS: 00010212 [ 106.092270] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 106.092787] RDX: ffff88800f8c5280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 106.093304] RBP: ffff888043167870 R08: ffff88806cf31340 R09: ffffe8ffffd169a0 [ 106.093820] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 106.094344] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 106.094863] FS: 000055558345c400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 106.095450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.095876] CR2: 00007fa2140b9000 CR3: 0000000042095000 CR4: 0000000000350ef0 [ 106.096395] Call Trace: [ 106.096590] [ 106.096766] ? lock_release+0x1c7/0x290 [ 106.097068] ? __pfx_perf_tp_event+0x10/0x10 [ 106.097405] ? __is_insn_slot_addr+0x140/0x290 [ 106.097753] ? kernel_text_address+0x5b/0xc0 [ 106.098091] ? lock_release+0x1c7/0x290 [ 106.098389] ? __kernel_text_address+0xd/0x40 [ 106.098725] ? perf_trace_lock+0xb5/0x5d0 [ 106.099064] ? css_rstat_updated+0x1b8/0x4d0 [ 106.099427] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.099802] ? __rmqueue_pcplist+0x1f3/0x10f0 [ 106.100172] ? perf_trace_lock+0xb5/0x5d0 [ 106.100509] ? __perf_event_task_sched_in+0x1e1/0x5e0 [ 106.100927] ? perf_trace_run_bpf_submit+0xef/0x180 [ 106.101336] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 106.101774] perf_trace_run_bpf_submit+0xef/0x180 [ 106.102175] perf_trace_lock+0x337/0x5d0 [ 106.102506] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.102878] ? trace_sched_exit_tp+0xbf/0x100 [ 106.103246] ? __schedule+0xe91/0x3590 [ 106.103565] ? get_futex_key+0x592/0x14a0 [ 106.103898] ? futex_ref_get+0x114/0x300 [ 106.104225] ? futex_hash+0x15c/0x390 [ 106.104533] lock_release+0x1ab/0x290 [ 106.104847] ? futex_hash+0x15c/0x390 [ 106.105157] futex_ref_get+0x119/0x300 [ 106.105472] ? futex_hash+0x15c/0x390 [ 106.105780] futex_hash+0x70/0x390 [ 106.106077] futex_wait_setup+0xae/0x550 [ 106.106417] __futex_wait+0x151/0x300 [ 106.106730] ? __pfx___futex_wait+0x10/0x10 [ 106.107080] ? lock_acquire+0x18c/0x2f0 [ 106.107408] ? css_rstat_updated+0x1b8/0x4d0 [ 106.107772] ? __pfx_futex_wake_mark+0x10/0x10 [ 106.108145] ? __hrtimer_setup+0x1a4/0x2c0 [ 106.108495] ? ktime_add_safe+0x5f/0x70 [ 106.108823] futex_wait+0xde/0x380 [ 106.109120] ? __pfx_futex_wait+0x10/0x10 [ 106.109460] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 106.109829] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.110207] ? __might_fault+0xe0/0x190 [ 106.110536] do_futex+0x2ee/0x370 [ 106.110825] ? __pfx_do_futex+0x10/0x10 [ 106.111150] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 106.111574] ? read_tsc+0x9/0x20 [ 106.111861] __x64_sys_futex+0x1c9/0x4d0 [ 106.112193] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.112563] ? xfd_validate_state+0x55/0x180 [ 106.112929] do_syscall_64+0xbf/0x360 [ 106.113241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.113658] RIP: 0033:0x7fe3ec737b19 [ 106.113960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 106.115413] RSP: 002b:00007ffd7c2d9158 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.116017] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007fe3ec737b19 [ 106.116586] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe3ec84af6c [ 106.117152] RBP: 00007fe3ec84af6c R08: 00007fe3ec827000 R09: 0000000000000000 [ 106.117716] R10: 00007ffd7c2d9230 R11: 0000000000000246 R12: 0000000000019db6 [ 106.118292] R13: 00000000000003e8 R14: 00007fe3ec84af60 R15: 0000000000019d66 [ 106.118871] [ 106.119062] Modules linked in: [ 106.119360] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 106.120244] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 106.120932] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 106.121879] Tainted: [D]=DIE, [W]=WARN [ 106.122194] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.122843] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.123224] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.124666] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 106.125090] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 106.125656] RDX: ffff88800f8c5280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 106.126231] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd169a0 [ 106.126797] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 106.127367] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 106.127944] FS: 000055558345c400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 106.128758] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.129321] CR2: 00007fa2140b9000 CR3: 0000000042095000 CR4: 0000000000350ef0 [ 106.129896] Call Trace: [ 106.130176] [ 106.130439] ? __pfx_perf_tp_event+0x10/0x10 [ 106.130802] ? sched_clock_cpu+0x6c/0x4e0 [ 106.131138] ? perf_trace_lock+0xb5/0x5d0 [ 106.131475] ? trace_pelt_se_tp+0xdf/0x130 [ 106.131813] ? __update_load_avg_se+0x428/0xa40 [ 106.132194] ? perf_trace_lock+0xb5/0x5d0 [ 106.132529] ? perf_trace_lock+0xb5/0x5d0 [ 106.132862] ? __resched_curr+0x2a2/0x330 [ 106.133201] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.133573] ? kvm_sched_clock_read+0x16/0x30 [ 106.133937] ? sched_clock+0x37/0x60 [ 106.134250] ? sched_clock_cpu+0x6c/0x4e0 [ 106.134587] ? perf_trace_run_bpf_submit+0xef/0x180 [ 106.134988] perf_trace_run_bpf_submit+0xef/0x180 [ 106.135382] perf_trace_lock+0x337/0x5d0 [ 106.135711] ? place_entity+0x300/0x410 [ 106.136030] ? kvm_sched_clock_read+0x16/0x30 [ 106.136397] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.136767] ? check_preempt_wakeup_fair+0x6e/0x950 [ 106.137168] ? sched_ttwu_pending+0x2e0/0x4a0 [ 106.137536] lock_release+0x1ab/0x290 [ 106.137844] ? ttwu_do_activate+0x1a4/0x8a0 [ 106.138200] _raw_spin_unlock+0x16/0x40 [ 106.138525] sched_ttwu_pending+0x2e0/0x4a0 [ 106.138876] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 106.139266] ? flush_tlb_func+0x24d/0x560 [ 106.139599] __flush_smp_call_function_queue+0x434/0x740 [ 106.140037] __sysvec_call_function_single+0x6d/0x370 [ 106.140454] sysvec_call_function_single+0xa1/0xc0 [ 106.140848] [ 106.141030] [ 106.141213] asm_sysvec_call_function_single+0x1a/0x20 [ 106.141630] RIP: 0010:oops_exit+0x0/0x50 [ 106.141959] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 106.143403] RSP: 0018:ffff888043167490 EFLAGS: 00000202 [ 106.143823] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 106.144389] RDX: ffff88800f8c5280 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 106.144953] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 106.145514] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888043167558 [ 106.146085] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 106.146653] ? add_taint+0x5f/0xd0 [ 106.146942] ? oops_end+0x4a/0xe0 [ 106.147231] oops_end+0x65/0xe0 [ 106.147506] exc_general_protection+0x1a2/0x330 [ 106.147886] asm_exc_general_protection+0x26/0x30 [ 106.148273] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.148654] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.150118] RSP: 0018:ffff888043167600 EFLAGS: 00010212 [ 106.150541] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 106.151103] RDX: ffff88800f8c5280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 106.151666] RBP: ffff888043167870 R08: ffff88806cf31340 R09: ffffe8ffffd169a0 [ 106.152227] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 106.152791] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 106.153363] ? perf_tp_event+0x167/0xe70 [ 106.153697] ? lock_release+0x1c7/0x290 [ 106.154020] ? __pfx_perf_tp_event+0x10/0x10 [ 106.154380] ? __is_insn_slot_addr+0x140/0x290 [ 106.154748] ? kernel_text_address+0x5b/0xc0 [ 106.155098] ? lock_release+0x1c7/0x290 [ 106.155413] ? __kernel_text_address+0xd/0x40 [ 106.155771] ? perf_trace_lock+0xb5/0x5d0 [ 106.156099] ? css_rstat_updated+0x1b8/0x4d0 [ 106.156453] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.156821] ? __rmqueue_pcplist+0x1f3/0x10f0 [ 106.157192] ? perf_trace_lock+0xb5/0x5d0 [ 106.157519] ? __perf_event_task_sched_in+0x1e1/0x5e0 [ 106.157927] ? perf_trace_run_bpf_submit+0xef/0x180 [ 106.158330] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 106.158756] perf_trace_run_bpf_submit+0xef/0x180 [ 106.159122] perf_trace_lock+0x337/0x5d0 [ 106.159429] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.159769] ? trace_sched_exit_tp+0xbf/0x100 [ 106.160111] ? __schedule+0xe91/0x3590 [ 106.160408] ? get_futex_key+0x592/0x14a0 [ 106.160717] ? futex_ref_get+0x114/0x300 [ 106.161016] ? futex_hash+0x15c/0x390 [ 106.161300] lock_release+0x1ab/0x290 [ 106.161586] ? futex_hash+0x15c/0x390 [ 106.161870] futex_ref_get+0x119/0x300 [ 106.162170] ? futex_hash+0x15c/0x390 [ 106.162452] futex_hash+0x70/0x390 [ 106.162719] futex_wait_setup+0xae/0x550 [ 106.163026] __futex_wait+0x151/0x300 [ 106.163315] ? __pfx___futex_wait+0x10/0x10 [ 106.163638] ? lock_acquire+0x18c/0x2f0 [ 106.163934] ? css_rstat_updated+0x1b8/0x4d0 [ 106.164266] ? __pfx_futex_wake_mark+0x10/0x10 [ 106.164609] ? __hrtimer_setup+0x1a4/0x2c0 [ 106.164931] ? ktime_add_safe+0x5f/0x70 [ 106.165231] futex_wait+0xde/0x380 [ 106.165501] ? __pfx_futex_wait+0x10/0x10 [ 106.165811] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 106.166153] ? __pfx_perf_trace_lock+0x10/0x10 [ 106.166494] ? __might_fault+0xe0/0x190 [ 106.166791] do_futex+0x2ee/0x370 [ 106.167053] ? __pfx_do_futex+0x10/0x10 [ 106.167348] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 106.167732] ? read_tsc+0x9/0x20 [ 106.167996] __x64_sys_futex+0x1c9/0x4d0 [ 106.168299] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.168639] ? xfd_validate_state+0x55/0x180 [ 106.168972] do_syscall_64+0xbf/0x360 [ 106.169255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.169631] RIP: 0033:0x7fe3ec737b19 [ 106.169905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 106.171222] RSP: 002b:00007ffd7c2d9158 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.171771] RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 00007fe3ec737b19 [ 106.172288] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe3ec84af6c [ 106.172804] RBP: 00007fe3ec84af6c R08: 00007fe3ec827000 R09: 0000000000000000 [ 106.173319] R10: 00007ffd7c2d9230 R11: 0000000000000246 R12: 0000000000019db6 [ 106.173834] R13: 00000000000003e8 R14: 00007fe3ec84af60 R15: 0000000000019d66 [ 106.174360] [ 106.174535] Modules linked in: [ 106.174777] ---[ end trace 0000000000000000 ]--- [ 106.174780] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 106.175120] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.176015] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 106.176350] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.176949] CPU: 0 UID: 0 PID: 3951 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 106.178350] RSP: 0018:ffff88801566f600 EFLAGS: 00010212 [ 106.179256] Tainted: [D]=DIE, [W]=WARN [ 106.179660] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900074c4000 [ 106.179958] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.180502] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 106.181133] RIP: 0010:perf_tp_event+0x175/0xe70 [ 106.181679] RBP: ffff88801566f870 R08: ffff88806cf31340 R09: ffffe8ffffd169a0 [ 106.182035] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 106.182589] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 106.183978] RSP: 0018:ffff88804320f8c0 EFLAGS: 00010212 [ 106.184523] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 106.184525] [ 106.184535] FS: 000055558345c400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 106.184934] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900062bb000 [ 106.185481] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.185615] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 106.186247] CR2: 00007fa2140b9000 CR3: 0000000042095000 CR4: 0000000000350ef0 [ 106.186791] RBP: ffff88804320fb30 R08: ffff88806ce31340 R09: ffffe8ffffc169a0 [ 106.187243] Kernel panic - not syncing: Fatal exception in interrupt [ 106.189646] Kernel Offset: disabled [ 106.189933] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:12:29 Registers: info registers vcpu 0 RAX=ffff8880409f8000 RBX=0000000000004000 RCX=ffffffff819cee60 RDX=ffff8880409f8000 RSI=ffffffff819ce778 RDI=0000000000000000 RBP=0000000000000000 RSP=ffff888043207670 R8 =0000000000000000 R9 =fffff940001f127e R10=00007f48e2da4000 R11=1ffff1100d9c6f7b R12=0000000000000000 R13=00007f48e2d46000 R14=ffff888043207ad0 R15=00007f48e2da4000 RIP=ffffffff819ce793 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cf24000 CR3=000000003fe83000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801566ef18 R8 =0000000000000000 R9 =ffffed10016d3046 R10=00000000000fe503 R11=6666666666662052 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000 RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe3e9cad700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055558345dc18 CR3=0000000042095000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fe3ec81e7c000007fe3ec81e7c8 XMM02=00007fe3ec81e7e000007fe3ec81e7c0 XMM03=00007fe3ec81e7c800007fe3ec81e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000