Warning: Permanently added '[localhost]:53205' (ECDSA) to the list of known hosts.
2025/08/29 09:07:05 fuzzer started
2025/08/29 09:07:05 dialing manager at localhost:43077
syzkaller login: [ 50.760803] cgroup: Unknown subsys name 'net'
[ 50.821929] cgroup: Unknown subsys name 'cpuset'
[ 50.844250] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:07:15 syscalls: 2214
2025/08/29 09:07:15 code coverage: enabled
2025/08/29 09:07:15 comparison tracing: enabled
2025/08/29 09:07:15 extra coverage: enabled
2025/08/29 09:07:15 setuid sandbox: enabled
2025/08/29 09:07:15 namespace sandbox: enabled
2025/08/29 09:07:15 Android sandbox: enabled
2025/08/29 09:07:15 fault injection: enabled
2025/08/29 09:07:15 leak checking: enabled
2025/08/29 09:07:15 net packet injection: enabled
2025/08/29 09:07:15 net device setup: enabled
2025/08/29 09:07:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:07:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:07:15 USB emulation: enabled
2025/08/29 09:07:15 hci packet injection: enabled
2025/08/29 09:07:15 wifi device emulation: enabled
2025/08/29 09:07:15 802.15.4 emulation: enabled
2025/08/29 09:07:15 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:07:15 fetching corpus: 50, signal 21993/25322 (executing program)
2025/08/29 09:07:15 fetching corpus: 100, signal 28916/33562 (executing program)
2025/08/29 09:07:15 fetching corpus: 150, signal 36781/42546 (executing program)
2025/08/29 09:07:15 fetching corpus: 200, signal 43425/50165 (executing program)
2025/08/29 09:07:15 fetching corpus: 250, signal 52278/59610 (executing program)
2025/08/29 09:07:15 fetching corpus: 300, signal 58178/66075 (executing program)
2025/08/29 09:07:15 fetching corpus: 350, signal 62786/71269 (executing program)
2025/08/29 09:07:15 fetching corpus: 400, signal 66891/75861 (executing program)
2025/08/29 09:07:16 fetching corpus: 450, signal 70556/80025 (executing program)
2025/08/29 09:07:16 fetching corpus: 500, signal 72664/82678 (executing program)
2025/08/29 09:07:16 fetching corpus: 550, signal 74330/84896 (executing program)
2025/08/29 09:07:16 fetching corpus: 600, signal 76109/87175 (executing program)
2025/08/29 09:07:16 fetching corpus: 650, signal 78877/90274 (executing program)
2025/08/29 09:07:16 fetching corpus: 700, signal 81381/93064 (executing program)
2025/08/29 09:07:16 fetching corpus: 750, signal 83521/95505 (executing program)
2025/08/29 09:07:16 fetching corpus: 800, signal 85263/97534 (executing program)
2025/08/29 09:07:16 fetching corpus: 850, signal 87896/100213 (executing program)
2025/08/29 09:07:16 fetching corpus: 900, signal 90091/102417 (executing program)
2025/08/29 09:07:17 fetching corpus: 950, signal 92094/104501 (executing program)
2025/08/29 09:07:17 fetching corpus: 1000, signal 94233/106560 (executing program)
2025/08/29 09:07:17 fetching corpus: 1050, signal 95564/108045 (executing program)
2025/08/29 09:07:17 fetching corpus: 1100, signal 96850/109507 (executing program)
2025/08/29 09:07:17 fetching corpus: 1150, signal 98299/111012 (executing program)
2025/08/29 09:07:17 fetching corpus: 1200, signal 99340/112162 (executing program)
2025/08/29 09:07:17 fetching corpus: 1250, signal 100462/113351 (executing program)
2025/08/29 09:07:17 fetching corpus: 1300, signal 103145/115442 (executing program)
2025/08/29 09:07:17 fetching corpus: 1350, signal 105878/117492 (executing program)
2025/08/29 09:07:18 fetching corpus: 1400, signal 107554/118896 (executing program)
2025/08/29 09:07:18 fetching corpus: 1450, signal 108692/119887 (executing program)
2025/08/29 09:07:18 fetching corpus: 1500, signal 109944/120980 (executing program)
2025/08/29 09:07:18 fetching corpus: 1550, signal 111623/122214 (executing program)
2025/08/29 09:07:18 fetching corpus: 1600, signal 112596/123095 (executing program)
2025/08/29 09:07:18 fetching corpus: 1650, signal 113868/124008 (executing program)
2025/08/29 09:07:18 fetching corpus: 1700, signal 114886/124773 (executing program)
2025/08/29 09:07:18 fetching corpus: 1750, signal 116297/125683 (executing program)
2025/08/29 09:07:18 fetching corpus: 1800, signal 117181/126364 (executing program)
2025/08/29 09:07:19 fetching corpus: 1850, signal 118800/127438 (executing program)
2025/08/29 09:07:19 fetching corpus: 1900, signal 120367/128371 (executing program)
2025/08/29 09:07:19 fetching corpus: 1950, signal 121372/129132 (executing program)
2025/08/29 09:07:19 fetching corpus: 2000, signal 122071/129618 (executing program)
2025/08/29 09:07:19 fetching corpus: 2050, signal 122836/130055 (executing program)
2025/08/29 09:07:19 fetching corpus: 2100, signal 123710/130511 (executing program)
2025/08/29 09:07:19 fetching corpus: 2150, signal 124538/130932 (executing program)
2025/08/29 09:07:19 fetching corpus: 2200, signal 125805/131528 (executing program)
2025/08/29 09:07:20 fetching corpus: 2250, signal 126978/132000 (executing program)
2025/08/29 09:07:20 fetching corpus: 2300, signal 127719/132363 (executing program)
2025/08/29 09:07:20 fetching corpus: 2350, signal 128706/132736 (executing program)
2025/08/29 09:07:20 fetching corpus: 2400, signal 129749/133101 (executing program)
2025/08/29 09:07:20 fetching corpus: 2450, signal 130702/133407 (executing program)
2025/08/29 09:07:20 fetching corpus: 2500, signal 131552/133706 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/133888 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/133919 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/133949 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/133983 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134018 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134049 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134081 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134108 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134146 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134173 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134199 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134240 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134291 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134320 (executing program)
2025/08/29 09:07:20 fetching corpus: 2529, signal 132027/134320 (executing program)
2025/08/29 09:07:23 starting 8 fuzzer processes
09:07:23 executing program 0:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:07:23 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
execve(0x0, 0x0, 0x0)
09:07:23 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
09:07:23 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:07:23 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
09:07:23 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/crash_elfcorehdr_size', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/102400, 0x19000)
09:07:23 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='timerslack_ns\x00')
write(r0, 0x0, 0x20)
[ 68.247844] audit: type=1400 audit(1756458443.288:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:07:23 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x80089203)
[ 69.463717] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 69.466220] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 69.468170] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 69.473534] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.475632] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 69.480533] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.482308] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 69.487573] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.494346] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.506986] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.520786] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 69.529398] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 69.536335] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 69.544374] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 69.550849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 69.580511] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 69.585373] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 69.598006] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 69.606313] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 69.609339] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 69.667654] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 69.670849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 69.676363] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 69.683538] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 69.688397] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 69.691772] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 69.698757] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 69.702172] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 69.703300] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 69.705294] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 69.739656] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 69.745438] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 69.757902] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 69.767749] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 69.768861] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 69.769980] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 69.774485] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 69.784669] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 69.794476] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 69.800371] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 71.547907] Bluetooth: hci0: command tx timeout
[ 71.549921] Bluetooth: hci1: command tx timeout
[ 71.611380] Bluetooth: hci2: command tx timeout
[ 71.677107] Bluetooth: hci3: command tx timeout
[ 71.803176] Bluetooth: hci5: command tx timeout
[ 71.867414] Bluetooth: hci7: command tx timeout
[ 71.867494] Bluetooth: hci4: command tx timeout
[ 71.932032] Bluetooth: hci6: command tx timeout
[ 73.595313] Bluetooth: hci1: command tx timeout
[ 73.595781] Bluetooth: hci0: command tx timeout
[ 73.660126] Bluetooth: hci2: command tx timeout
[ 73.724269] Bluetooth: hci3: command tx timeout
[ 73.852109] Bluetooth: hci5: command tx timeout
[ 73.915443] Bluetooth: hci4: command tx timeout
[ 73.915460] Bluetooth: hci7: command tx timeout
[ 73.979158] Bluetooth: hci6: command tx timeout
[ 75.643272] Bluetooth: hci0: command tx timeout
[ 75.643304] Bluetooth: hci1: command tx timeout
[ 75.707149] Bluetooth: hci2: command tx timeout
[ 75.771135] Bluetooth: hci3: command tx timeout
[ 75.901104] Bluetooth: hci5: command tx timeout
[ 75.963145] Bluetooth: hci7: command tx timeout
[ 75.964241] Bluetooth: hci4: command tx timeout
[ 76.027102] Bluetooth: hci6: command tx timeout
[ 77.691208] Bluetooth: hci0: command tx timeout
[ 77.692464] Bluetooth: hci1: command tx timeout
[ 77.756361] Bluetooth: hci2: command tx timeout
[ 77.819120] Bluetooth: hci3: command tx timeout
[ 77.948078] Bluetooth: hci5: command tx timeout
[ 78.011143] Bluetooth: hci4: command tx timeout
[ 78.011547] Bluetooth: hci7: command tx timeout
[ 78.075112] Bluetooth: hci6: command tx timeout
[ 105.516830] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.517640] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.748320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.748950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.894419] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.895027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.019144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.019768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
[ 106.140998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.142132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
[ 106.333907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.334959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.341855] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.343145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.447261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.448042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
[ 106.568524] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.569147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.609659] audit: type=1400 audit(1756458481.650:8): avc: denied { open } for pid=3886 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 106.611637] audit: type=1400 audit(1756458481.650:9): avc: denied { kernel } for pid=3886 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
[ 106.661662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.662316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:08:01 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x80089203)
09:08:01 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
[ 106.741287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.741925] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.766020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.766671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.810644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.811322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.844529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.845588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.912386] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.913018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.959012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.959691] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:08:02 executing program 0:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:08:02 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
execve(0x0, 0x0, 0x0)
09:08:02 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/crash_elfcorehdr_size', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/102400, 0x19000)
09:08:02 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='timerslack_ns\x00')
write(r0, 0x0, 0x20)
09:08:02 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:08:02 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
09:08:02 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x80089203)
09:08:02 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
09:08:02 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x80089203)
09:08:02 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r0, &(0x7f00000000c0), 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
r2 = getpid()
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x10)
pipe2(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
clone3(0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
09:08:02 executing program 0:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:08:02 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
execve(0x0, 0x0, 0x0)
09:08:02 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/crash_elfcorehdr_size', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/102400, 0x19000)
09:08:02 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
09:08:02 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:08:02 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='timerslack_ns\x00')
write(r0, 0x0, 0x20)
09:08:02 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:08:02 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:08:02 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:08:02 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:08:02 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/crash_elfcorehdr_size', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/102400, 0x19000)
09:08:02 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
execve(0x0, 0x0, 0x0)
09:08:02 executing program 0:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:08:02 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:08:02 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
09:08:02 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='timerslack_ns\x00')
write(r0, 0x0, 0x20)
[ 107.443820] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 107.444730] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 107.445329] CPU: 0 UID: 0 PID: 3949 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.446766] Tainted: [W]=WARN
[ 107.447540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.449354] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.450622] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.454845] RSP: 0018:ffff888016c77800 EFLAGS: 00010212
[ 107.455266] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.455821] RDX: ffff888019bd9b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.456378] RBP: ffff888016c77a70 R08: ffff88806ce31340 R09: ffffe8ffffc16ce8
[ 107.456934] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.457490] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.458058] FS: 0000555583291400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.458685] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.459139] CR2: 0000555583292c18 CR3: 0000000044190000 CR4: 0000000000350ef0
[ 107.459696] Call Trace:
[ 107.459903]
[ 107.460090] ? arch_scale_cpu_capacity+0x17/0xa0
[ 107.460479] ? __pfx_perf_tp_event+0x10/0x10
[ 107.460831] ? __asan_memset+0x24/0x50
[ 107.461162] ? perf_trace_lock+0xb5/0x5d0
[ 107.461496] ? kvm_sched_clock_read+0x16/0x30
[ 107.461860] ? sched_clock+0x37/0x60
[ 107.462178] ? lock_is_held_type+0x9e/0x120
[ 107.462529] ? perf_trace_run_bpf_submit+0xef/0x180
[ 107.462925] perf_trace_run_bpf_submit+0xef/0x180
[ 107.463318] perf_trace_lock+0x337/0x5d0
[ 107.463646] ? __pfx_perf_trace_lock+0x10/0x10
[ 107.464016] ? lock_acquire+0x15e/0x2f0
[ 107.464335] ? futex_ref_get+0x48/0x300
[ 107.464652] ? futex_ref_get+0x114/0x300
[ 107.464972] ? futex_hash+0x15c/0x390
[ 107.465278] lock_release+0x1ab/0x290
[ 107.465586] ? futex_hash+0x15c/0x390
[ 107.465890] futex_ref_get+0x119/0x300
[ 107.466208] ? futex_hash+0x15c/0x390
[ 107.466512] futex_hash+0x70/0x390
[ 107.466799] futex_wake+0x143/0x540
[ 107.467099] ? put_pid+0x1f/0x30
[ 107.467371] ? kernel_clone+0x204/0x7f0
[ 107.467688] ? __pfx_futex_wake+0x10/0x10
[ 107.468020] ? __pfx_kernel_clone+0x10/0x10
[ 107.468364] ? perf_trace_lock+0xb5/0x5d0
[ 107.468696] do_futex+0x26d/0x370
[ 107.468982] ? __pfx_do_futex+0x10/0x10
[ 107.469301] ? __pfx___do_sys_clone+0x10/0x10
[ 107.469657] ? find_held_lock+0x2b/0x80
[ 107.469981] __x64_sys_futex+0x1c9/0x4d0
[ 107.470319] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.470689] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 107.471106] do_syscall_64+0xbf/0x360
[ 107.471413] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.471817] RIP: 0033:0x7fd33e84cb19
[ 107.472111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 107.473517] RSP: 002b:00007ffd9c8ea4c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.474114] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd33e84cb19
[ 107.474669] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd33e95ff68
[ 107.475224] RBP: 00007fd33e95ff60 R08: 00007fd33bdc2700 R09: 0000000000000000
[ 107.475780] R10: 00007fd33bdc2700 R11: 0000000000000246 R12: 00007fd33e964070
[ 107.476331] R13: 00007ffd9c8ea5d0 R14: 00007fd33e95ff60 R15: 000000000001a347
[ 107.476896]
[ 107.477085] Modules linked in:
[ 107.477834] ---[ end trace 0000000000000000 ]---
[ 107.478307] RIP: 0010:perf_tp_event+0x175/0xe70
[ 107.478685] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 107.480172] RSP: 0018:ffff888016c77800 EFLAGS: 00010212
[ 107.480591] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 107.481166] RDX: ffff888019bd9b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 107.481723] RBP: ffff888016c77a70 R08: ffff88806ce31340 R09: ffffe8ffffc16ce8
[ 107.482301] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 107.482865] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 107.483438] FS: 0000555583291400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 107.484076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 107.484534] CR2: 0000555583292c18 CR3: 0000000044190000 CR4: 0000000000350ef0
[ 107.485108] note: syz-executor.0[3949] exited with preempt_count 1
[ 107.485593] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[ 107.486308] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3949, name: syz-executor.0
[ 107.486965] preempt_count: 0, expected: 0
[ 107.487302] RCU nest depth: 2, expected: 0
[ 107.487630] INFO: lockdep is turned off.
[ 107.487946] CPU: 0 UID: 0 PID: 3949 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.487964] Tainted: [D]=DIE, [W]=WARN
[ 107.487968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.487974] Call Trace:
[ 107.487978]
[ 107.487982] dump_stack_lvl+0xfa/0x120
[ 107.488002] __might_resched+0x2f3/0x510
[ 107.488015] exit_signals+0x25/0x940
[ 107.488033] do_exit+0x2db/0x2970
[ 107.488050] ? _printk+0xbe/0xf0
[ 107.488063] ? __pfx__printk+0x10/0x10
[ 107.488075] ? __pfx_do_exit+0x10/0x10
[ 107.488090] make_task_dead+0x174/0x3b0
[ 107.488102] ? do_syscall_64+0xbf/0x360
[ 107.488112] rewind_stack_and_make_dead+0x16/0x20
[ 107.488127] RIP: 0033:0x7fd33e84cb19
[ 107.488135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 107.488145] RSP: 002b:00007ffd9c8ea4c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.488156] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd33e84cb19
[ 107.488163] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd33e95ff68
[ 107.488170] RBP: 00007fd33e95ff60 R08: 00007fd33bdc2700 R09: 0000000000000000
[ 107.488177] R10: 00007fd33bdc2700 R11: 0000000000000246 R12: 00007fd33e964070
[ 107.488184] R13: 00007ffd9c8ea5d0 R14: 00007fd33e95ff60 R15: 000000000001a347
[ 107.488195]
09:08:02 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x8008b705, 0xfffffffffffffffd)
09:08:02 executing program 3:
syz_io_uring_setup(0x3f13, &(0x7f00000001c0)={0x0, 0x0, 0x20}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff9000/0x6000)=nil, &(0x7f0000000240), &(0x7f0000000280))
[ 107.539015] kmemleak: Found object by alias at 0x607f1a639cec
[ 107.539032] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.539055] Tainted: [D]=DIE, [W]=WARN
[ 107.539059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.539066] Call Trace:
[ 107.539069]
[ 107.539073] dump_stack_lvl+0xca/0x120
[ 107.539094] __lookup_object+0x94/0xb0
[ 107.539110] delete_object_full+0x27/0x70
[ 107.539125] free_percpu+0x30/0x1160
[ 107.539140] ? arch_uprobe_clear_state+0x16/0x140
[ 107.539157] futex_hash_free+0x38/0xc0
[ 107.539170] mmput+0x2d3/0x390
[ 107.539187] do_exit+0x79d/0x2970
[ 107.539199] ? lock_acquire+0x18c/0x2f0
[ 107.539213] ? __pfx_do_exit+0x10/0x10
[ 107.539229] ? do_raw_spin_lock+0x123/0x260
[ 107.539243] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.539259] do_group_exit+0xd3/0x2a0
[ 107.539272] get_signal+0x2315/0x2340
[ 107.539288] ? put_task_stack+0xd2/0x240
[ 107.539299] ? __pfx_get_signal+0x10/0x10
[ 107.539315] ? __schedule+0xe91/0x3590
[ 107.539331] arch_do_signal_or_restart+0x80/0x790
[ 107.539348] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.539363] ? __x64_sys_futex+0x1c9/0x4d0
[ 107.539375] ? __x64_sys_futex+0x1d2/0x4d0
[ 107.539387] ? fput+0x6a/0x100
[ 107.539401] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.539416] exit_to_user_mode_loop+0x8b/0x110
[ 107.539428] do_syscall_64+0x2f7/0x360
[ 107.539438] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.539449] RIP: 0033:0x7fac704b7b19
[ 107.539457] Code: Unable to access opcode bytes at 0x7fac704b7aef.
[ 107.539462] RSP: 002b:00007fac6da2d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.539473] RAX: 0000000000000001 RBX: 00007fac705caf68 RCX: 00007fac704b7b19
[ 107.539480] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fac705caf6c
[ 107.539487] RBP: 00007fac705caf60 R08: 000000000000000e R09: 0000000000000000
[ 107.539494] R10: 000000000000009c R11: 0000000000000246 R12: 00007fac705caf6c
[ 107.539501] R13: 00007ffcb00292ff R14: 00007fac6da2d300 R15: 0000000000022000
[ 107.539511]
[ 107.539515] kmemleak: Object (percpu) 0x607f1a639ce8 (size 8):
[ 107.539521] kmemleak: comm "syz-executor.7", pid 3957, jiffies 4294774323
[ 107.539528] kmemleak: min_count = 1
[ 107.539532] kmemleak: count = 0
[ 107.539535] kmemleak: flags = 0x21
[ 107.539539] kmemleak: checksum = 0
[ 107.539543] kmemleak: backtrace:
[ 107.539546] pcpu_alloc_noprof+0x87a/0x1170
[ 107.539561] perf_trace_event_init+0x366/0xa10
[ 107.539574] perf_trace_init+0x1a4/0x2f0
[ 107.539585] perf_tp_event_init+0xa6/0x120
[ 107.539600] perf_try_init_event+0x140/0x9f0
[ 107.539613] perf_event_alloc.part.0+0x118e/0x45f0
[ 107.539629] __do_sys_perf_event_open+0x719/0x2c20
[ 107.539642] do_syscall_64+0xbf/0x360
[ 107.539650] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:08:02 executing program 4:
clone3(&(0x7f00000015c0)={0x10000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
09:08:02 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)
09:08:02 executing program 4:
clone3(&(0x7f00000015c0)={0x10000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
09:08:02 executing program 5:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='(\x00')
09:08:02 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
09:08:02 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})
[ 107.640363] kmemleak: Found object by alias at 0x607f1a639cec
[ 107.640386] CPU: 1 UID: 0 PID: 3972 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.640409] Tainted: [D]=DIE, [W]=WARN
[ 107.640413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.640421] Call Trace:
[ 107.640425]
[ 107.640430] dump_stack_lvl+0xca/0x120
[ 107.640459] __lookup_object+0x94/0xb0
[ 107.640476] delete_object_full+0x27/0x70
[ 107.640492] free_percpu+0x30/0x1160
[ 107.640508] ? arch_uprobe_clear_state+0x16/0x140
[ 107.640526] futex_hash_free+0x38/0xc0
[ 107.640541] mmput+0x2d3/0x390
[ 107.640559] do_exit+0x79d/0x2970
[ 107.640572] ? signal_wake_up_state+0x85/0x120
[ 107.640587] ? zap_other_threads+0x2b9/0x3a0
[ 107.640602] ? __pfx_do_exit+0x10/0x10
[ 107.640614] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.640630] ? lock_release+0x1c7/0x290
[ 107.640644] do_group_exit+0xd3/0x2a0
[ 107.640657] __x64_sys_exit_group+0x3e/0x50
[ 107.640670] x64_sys_call+0x18c5/0x18d0
[ 107.640686] do_syscall_64+0xbf/0x360
[ 107.640696] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.640708] RIP: 0033:0x7fac704b7b19
[ 107.640717] Code: Unable to access opcode bytes at 0x7fac704b7aef.
[ 107.640722] RSP: 002b:00007ffcb0029528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 107.640734] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fac704b7b19
[ 107.640741] RDX: 00007fac7046a72b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 107.640749] RBP: 0000000000000000 R08: 0000001b2cd23a28 R09: 0000000000000000
[ 107.640756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 107.640763] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcb0029610
[ 107.640773]
[ 107.640777] kmemleak: Object (percpu) 0x607f1a639ce8 (size 8):
[ 107.640783] kmemleak: comm "syz-executor.1", pid 3978, jiffies 4294774515
[ 107.640790] kmemleak: min_count = 1
[ 107.640794] kmemleak: count = 0
[ 107.640798] kmemleak: flags = 0x21
[ 107.640802] kmemleak: checksum = 0
[ 107.640805] kmemleak: backtrace:
[ 107.640809] pcpu_alloc_noprof+0x87a/0x1170
[ 107.640824] perf_trace_event_init+0x366/0xa10
[ 107.640838] perf_trace_init+0x1a4/0x2f0
[ 107.640850] perf_tp_event_init+0xa6/0x120
[ 107.640865] perf_try_init_event+0x140/0x9f0
[ 107.640879] perf_event_alloc.part.0+0x118e/0x45f0
[ 107.640895] __do_sys_perf_event_open+0x719/0x2c20
[ 107.640908] do_syscall_64+0xbf/0x360
[ 107.640917] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.660178] audit: type=1400 audit(1756458482.681:10): avc: denied { write } for pid=3976 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
09:08:02 executing program 3:
syz_io_uring_setup(0x3f13, &(0x7f00000001c0)={0x0, 0x0, 0x20}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff9000/0x6000)=nil, &(0x7f0000000240), &(0x7f0000000280))
09:08:02 executing program 4:
clone3(&(0x7f00000015c0)={0x10000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
09:08:02 executing program 7:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000001480)=0x1, 0x4)
09:08:02 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df69b60", 0xb}], 0x1)
[ 107.835960] kmemleak: Found object by alias at 0x607f1a639cec
[ 107.835984] CPU: 1 UID: 0 PID: 3988 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 107.836005] Tainted: [D]=DIE, [W]=WARN
[ 107.836009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 107.836017] Call Trace:
[ 107.836021]
[ 107.836025] dump_stack_lvl+0xca/0x120
[ 107.836059] __lookup_object+0x94/0xb0
[ 107.836075] delete_object_full+0x27/0x70
[ 107.836091] free_percpu+0x30/0x1160
[ 107.836107] ? arch_uprobe_clear_state+0x16/0x140
[ 107.836125] futex_hash_free+0x38/0xc0
[ 107.836139] mmput+0x2d3/0x390
[ 107.836157] do_exit+0x79d/0x2970
[ 107.836169] ? lock_acquire+0x18c/0x2f0
[ 107.836185] ? __pfx_do_exit+0x10/0x10
[ 107.836197] ? do_raw_spin_lock+0x123/0x260
[ 107.836212] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.836228] do_group_exit+0xd3/0x2a0
[ 107.836241] get_signal+0x2315/0x2340
[ 107.836259] ? put_task_stack+0xd2/0x240
[ 107.836270] ? __pfx_get_signal+0x10/0x10
[ 107.836286] ? __schedule+0xe91/0x3590
[ 107.836303] arch_do_signal_or_restart+0x80/0x790
[ 107.836320] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 107.836335] ? __x64_sys_futex+0x1c9/0x4d0
[ 107.836348] ? __x64_sys_futex+0x1d2/0x4d0
[ 107.836360] ? __x64_sys_openat+0x142/0x200
[ 107.836376] ? __pfx___x64_sys_futex+0x10/0x10
[ 107.836391] exit_to_user_mode_loop+0x8b/0x110
[ 107.836403] do_syscall_64+0x2f7/0x360
[ 107.836414] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.836427] RIP: 0033:0x7fac704b7b19
[ 107.836436] Code: Unable to access opcode bytes at 0x7fac704b7aef.
[ 107.836441] RSP: 002b:00007fac6da2d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 107.836452] RAX: 0000000000000001 RBX: 00007fac705caf68 RCX: 00007fac704b7b19
[ 107.836460] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fac705caf6c
[ 107.836467] RBP: 00007fac705caf60 R08: 000000000000000e R09: 0000000000000000
[ 107.836474] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fac705caf6c
[ 107.836481] R13: 00007ffcb00292ff R14: 00007fac6da2d300 R15: 0000000000022000
[ 107.836492]
[ 107.836495] kmemleak: Object (percpu) 0x607f1a639ce8 (size 8):
[ 107.836502] kmemleak: comm "syz-executor.1", pid 3978, jiffies 4294774692
[ 107.836509] kmemleak: min_count = 1
[ 107.836513] kmemleak: count = 0
[ 107.836517] kmemleak: flags = 0x21
[ 107.836520] kmemleak: checksum = 0
[ 107.836524] kmemleak: backtrace:
[ 107.836528] pcpu_alloc_noprof+0x87a/0x1170
[ 107.836543] perf_trace_event_init+0x366/0xa10
[ 107.836556] perf_trace_init+0x1a4/0x2f0
[ 107.836568] perf_tp_event_init+0xa6/0x120
[ 107.836583] perf_try_init_event+0x140/0x9f0
[ 107.836596] perf_event_alloc.part.0+0x118e/0x45f0
[ 107.836612] __do_sys_perf_event_open+0x719/0x2c20
[ 107.836625] do_syscall_64+0xbf/0x360
[ 107.836634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
09:08:05 executing program 4:
clone3(&(0x7f00000015c0)={0x10000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
09:08:05 executing program 3:
syz_io_uring_setup(0x3f13, &(0x7f00000001c0)={0x0, 0x0, 0x20}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff9000/0x6000)=nil, &(0x7f0000000240), &(0x7f0000000280))
09:08:05 executing program 5:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='(\x00')
09:08:05 executing program 7:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000001480)=0x1, 0x4)
09:08:05 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
09:08:05 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})
09:08:05 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df69b60", 0xb}], 0x1)
09:08:05 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0)
09:08:05 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="a20e73f1b1812c8df69b60", 0xb}], 0x1)
[ 110.496627] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#2] SMP KASAN NOPTI
[ 110.497549] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587]
[ 110.498228] CPU: 1 UID: 0 PID: 4009 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 110.499169] Tainted: [D]=DIE, [W]=WARN
[ 110.499471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.500117] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.500500] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.501922] RSP: 0018:ffff88804235f780 EFLAGS: 00010012
[ 110.502355] RAX: 00200000000000b0 RBX: ffff8880440812c1 RCX: ffffc90002604000
[ 110.502921] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580
[ 110.503483] RBP: ffff88804235f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16ce8
[ 110.504042] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 110.504602] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000
[ 110.505164] FS: 00007fd33bdc2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 110.505795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.506268] CR2: 00007fd33e960018 CR3: 000000004308b000 CR4: 0000000000350ef0
[ 110.506833] Call Trace:
[ 110.507041]
[ 110.507225] ? merge_sched_in+0xcb/0x1810
[ 110.507560] ? __pfx_perf_tp_event+0x10/0x10
[ 110.507918] ? __asan_memcpy+0x3d/0x60
[ 110.508236] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 110.508727] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 110.509232] ? kvm_sched_clock_read+0x16/0x30
[ 110.509601] ? local_clock_noinstr+0xf/0xc0
[ 110.509949] ? ctx_sched_in+0x134/0x9b0
[ 110.510274] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 110.510677] ? perf_swevent_event+0x63/0x3f0
[ 110.511032] ? perf_tp_event+0x807/0xe70
[ 110.511361] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.511764] perf_trace_run_bpf_submit+0xef/0x180
[ 110.512153] perf_trace_preemptirq_template+0x259/0x430
[ 110.512588] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.513061] ? __pfx_remote_function+0x10/0x10
[ 110.513437] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 110.513840] ? perf_swevent_event+0x63/0x3f0
[ 110.514205] ? _raw_spin_lock_irqsave+0x53/0x60
[ 110.514579] trace_irq_disable.constprop.0+0xa6/0x100
[ 110.514994] _raw_spin_lock_irqsave+0x53/0x60
[ 110.515358] try_to_wake_up+0xa0/0x11d0
[ 110.515684] ? lock_acquire+0x18c/0x2f0
[ 110.516007] ? __pfx_try_to_wake_up+0x10/0x10
[ 110.516372] ? plist_del+0x122/0x270
[ 110.516676] ? __futex_unqueue+0xda/0x1c0
[ 110.517015] wake_up_q+0xa1/0x130
[ 110.517300] futex_wake+0x47e/0x540
[ 110.517601] ? __pfx_futex_wake+0x10/0x10
[ 110.517939] ? lock_release+0x1c7/0x290
[ 110.518274] ? lock_release+0x1c7/0x290
[ 110.518596] ? fd_install+0x1f0/0x660
[ 110.518905] do_futex+0x26d/0x370
[ 110.519189] ? __pfx_do_futex+0x10/0x10
[ 110.519510] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.519911] __x64_sys_futex+0x1c9/0x4d0
[ 110.520240] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.520714] ? __pfx___x64_sys_futex+0x10/0x10
[ 110.521085] do_syscall_64+0xbf/0x360
[ 110.521393] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.521804] RIP: 0033:0x7fd33e84cb19
[ 110.522111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.523543] RSP: 002b:00007fd33bdc2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.524144] RAX: ffffffffffffffda RBX: 00007fd33e95ff68 RCX: 00007fd33e84cb19
[ 110.524703] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd33e95ff6c
[ 110.525268] RBP: 00007fd33e95ff60 R08: 000000000000000e R09: 0000000000000000
[ 110.525828] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd33e95ff6c
[ 110.526423] R13: 00007ffd9c8ea44f R14: 00007fd33bdc2300 R15: 0000000000022000
[ 110.526986]
[ 110.527175] Modules linked in:
[ 110.527434] ---[ end trace 0000000000000000 ]---
[ 110.527806] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.528185] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.529618] RSP: 0018:ffff888016c77800 EFLAGS: 00010212
[ 110.530037] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 110.530609] RDX: ffff888019bd9b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 110.531174] RBP: ffff888016c77a70 R08: ffff88806ce31340 R09: ffffe8ffffc16ce8
[ 110.531733] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.532294] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 110.532855] FS: 00007fd33bdc2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 110.533489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.533948] CR2: 00007fd33e960018 CR3: 000000004308b000 CR4: 0000000000350ef0
[ 110.534521] note: syz-executor.0[4009] exited with irqs disabled
[ 110.535058] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#3] SMP KASAN NOPTI
[ 110.535931] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587]
[ 110.536594] CPU: 1 UID: 0 PID: 4009 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 110.537530] Tainted: [D]=DIE, [W]=WARN
[ 110.537836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.538493] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.538873] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.540294] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012
[ 110.540713] RAX: 00200000000000b0 RBX: ffff8880440812c1 RCX: ffffffff8189962c
[ 110.541274] RDX: ffff888016bd0000 RSI: ffffffff818996ad RDI: 0100000000000580
[ 110.541834] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd16ce8
[ 110.542400] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 110.542958] R13: 0100000000000000 R14: ffff88806cf313e8 R15: dffffc0000000000
[ 110.543527] FS: 00007fd33bdc2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 110.544158] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.544616] CR2: 00007fd33e960018 CR3: 000000004308b000 CR4: 0000000000350ef0
[ 110.545181] Call Trace:
[ 110.545388]
[ 110.545567] ? __smp_call_single_queue+0x15b/0x2f0
[ 110.545971] ? kvm_sched_clock_read+0x16/0x30
[ 110.546347] ? __pfx_perf_tp_event+0x10/0x10
[ 110.546703] ? trace_pelt_se_tp+0xdf/0x130
[ 110.547043] ? __update_load_avg_se+0x428/0xa40
[ 110.547421] ? __rb_insert_augmented+0x4b6/0x8b0
[ 110.547808] ? enqueue_task_fair+0x43a/0x1e00
[ 110.548173] ? check_preempt_wakeup_fair+0x6e/0x950
[ 110.548569] ? wakeup_preempt+0x140/0x2a0
[ 110.548901] ? lock_release+0x1c7/0x290
[ 110.549222] ? lock_release+0x1c7/0x290
[ 110.549541] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.549948] perf_trace_run_bpf_submit+0xef/0x180
[ 110.550348] perf_trace_preemptirq_template+0x259/0x430
[ 110.550777] ? lock_release+0x1c7/0x290
[ 110.551095] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.551569] ? lock_acquire+0x18c/0x2f0
[ 110.551891] ? irqentry_enter+0x2a/0x60
[ 110.552215] trace_irq_disable.constprop.0+0xa6/0x100
[ 110.552622] irqentry_enter+0x2a/0x60
[ 110.552936] sysvec_call_function_single+0x18/0xc0
[ 110.553329] asm_sysvec_call_function_single+0x1a/0x20
[ 110.553746] RIP: 0010:handle_softirqs+0x174/0x770
[ 110.554147] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f 84 48 06 00 00 e8 42 80 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d
[ 110.555570] RSP: 0018:ffff88806cf08f78 EFLAGS: 00000246
[ 110.555989] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c2b86
[ 110.556553] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e
[ 110.557108] RBP: ffff88804235fe78 R08: 0000000000000000 R09: 0000000000000000
[ 110.557667] R10: ffffffff8643ac57 R11: ffff888013b86898 R12: 0000000000000000
[ 110.558232] R13: 0000000000000000 R14: 0000000000000382 R15: 0000000000000000
[ 110.558799] ? trace_irq_enable.constprop.0+0x26/0x100
[ 110.559218] ? handle_softirqs+0x16e/0x770
[ 110.559564] ? handle_softirqs+0x16e/0x770
[ 110.559910] __irq_exit_rcu+0xc4/0x100
[ 110.560231] irq_exit_rcu+0x9/0x20
[ 110.560518] sysvec_apic_timer_interrupt+0x70/0x80
[ 110.560910]
[ 110.561092]
[ 110.561274] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 110.561695] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 110.562076] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 110.563495] RSP: 0018:ffff88804235ff28 EFLAGS: 00000246
[ 110.563915] RAX: 0000000000000001 RBX: ffff888016bd0000 RCX: ffffffff817c2b86
[ 110.564478] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 110.565036] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 110.565594] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016bd0000
[ 110.566165] R13: 0000000000000000 R14: e01ffc00000000b0 R15: 0000000000000000
[ 110.566724] ? trace_irq_enable.constprop.0+0x26/0x100
[ 110.567142] ? make_task_dead+0x214/0x3b0
[ 110.567481] ? make_task_dead+0x214/0x3b0
[ 110.567817] ? do_syscall_64+0xbf/0x360
[ 110.568135] rewind_stack_and_make_dead+0x16/0x20
[ 110.568524] RIP: 0033:0x7fd33e84cb19
[ 110.568817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.570248] RSP: 002b:00007fd33bdc2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.570841] RAX: ffffffffffffffda RBX: 00007fd33e95ff68 RCX: 00007fd33e84cb19
[ 110.571401] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd33e95ff6c
[ 110.571959] RBP: 00007fd33e95ff60 R08: 000000000000000e R09: 0000000000000000
[ 110.572514] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd33e95ff6c
[ 110.573071] R13: 00007ffd9c8ea44f R14: 00007fd33bdc2300 R15: 0000000000022000
[ 110.573632]
[ 110.573821] Modules linked in:
[ 110.574084] ---[ end trace 0000000000000000 ]---
[ 110.574455] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.574829] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.576239] RSP: 0018:ffff888016c77800 EFLAGS: 00010212
[ 110.576658] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 110.577210] RDX: ffff888019bd9b80 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 110.577764] RBP: ffff888016c77a70 R08: ffff88806ce31340 R09: ffffe8ffffc16ce8
[ 110.578330] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.578885] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[ 110.579444] FS: 00007fd33bdc2700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 110.580072] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.580528] CR2: 00007fd33e960018 CR3: 000000004308b000 CR4: 0000000000350ef0
[ 110.581086] Kernel panic - not syncing: Fatal exception in interrupt
[ 110.581836] Kernel Offset: disabled
[ 110.582135] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:08:02 Registers:
info registers vcpu 0
RAX=0000000000000036 RBX=ffff888016c76e10 RCX=dffffc0000000000 RDX=0000000000000000
RSI=0000000000000016 RDI=0000000000000010 RBP=ffff888016c76d80 RSP=ffff888016c76cd0
R8 =0000000000000001 R9 =ffffed1002d8ee00 R10=0000000000000010 R11=fffffffffffcd688
R12=ffffffff84c88e08 R13=ffffffff84c88e07 R14=ffffffff84c88e08 R15=0000000000000016
RIP=ffffffff8173e254 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555583291400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2800000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000555583292c18 CR3=0000000044190000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fd33e9337c000007fd33e9337c8
XMM02=00007fd33e9337e000007fd33e9337c0 XMM03=00007fd33e9337c800007fd33e9337c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3de00 RCX=ffffffff816880fc RDX=ffff888016940000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888042a3f980
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff8173e788 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055557501e400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe3d00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2ce25000 CR3=0000000041d57000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=0000ff000000000000000000000000ff
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f8c363ca7c800007f8c363ca7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000