Warning: Permanently added '[localhost]:38410' (ECDSA) to the list of known hosts. 2025/09/01 11:18:21 fuzzer started 2025/09/01 11:18:22 dialing manager at localhost:35473 syzkaller login: [ 51.026456] cgroup: Unknown subsys name 'net' [ 51.110224] cgroup: Unknown subsys name 'cpuset' [ 51.126726] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:18:32 syscalls: 2214 2025/09/01 11:18:32 code coverage: enabled 2025/09/01 11:18:32 comparison tracing: enabled 2025/09/01 11:18:32 extra coverage: enabled 2025/09/01 11:18:32 setuid sandbox: enabled 2025/09/01 11:18:32 namespace sandbox: enabled 2025/09/01 11:18:32 Android sandbox: enabled 2025/09/01 11:18:32 fault injection: enabled 2025/09/01 11:18:32 leak checking: enabled 2025/09/01 11:18:32 net packet injection: enabled 2025/09/01 11:18:32 net device setup: enabled 2025/09/01 11:18:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:18:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:18:32 USB emulation: enabled 2025/09/01 11:18:32 hci packet injection: enabled 2025/09/01 11:18:32 wifi device emulation: enabled 2025/09/01 11:18:32 802.15.4 emulation: enabled 2025/09/01 11:18:32 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:18:32 fetching corpus: 50, signal 11602/15352 (executing program) 2025/09/01 11:18:32 fetching corpus: 100, signal 24241/29523 (executing program) 2025/09/01 11:18:32 fetching corpus: 150, signal 33425/40046 (executing program) 2025/09/01 11:18:33 fetching corpus: 200, signal 41743/49626 (executing program) 2025/09/01 11:18:33 fetching corpus: 250, signal 48106/57104 (executing program) 2025/09/01 11:18:33 fetching corpus: 300, signal 54949/64899 (executing program) 2025/09/01 11:18:33 fetching corpus: 350, signal 60529/71410 (executing program) 2025/09/01 11:18:33 fetching corpus: 400, signal 62414/74477 (executing program) 2025/09/01 11:18:33 fetching corpus: 450, signal 64734/77944 (executing program) 2025/09/01 11:18:33 fetching corpus: 500, signal 67591/81786 (executing program) 2025/09/01 11:18:33 fetching corpus: 550, signal 71514/86516 (executing program) 2025/09/01 11:18:33 fetching corpus: 600, signal 75811/91381 (executing program) 2025/09/01 11:18:33 fetching corpus: 650, signal 79131/95379 (executing program) 2025/09/01 11:18:34 fetching corpus: 700, signal 81010/98115 (executing program) 2025/09/01 11:18:34 fetching corpus: 750, signal 83743/101552 (executing program) 2025/09/01 11:18:34 fetching corpus: 800, signal 86064/104549 (executing program) 2025/09/01 11:18:34 fetching corpus: 850, signal 88020/107252 (executing program) 2025/09/01 11:18:34 fetching corpus: 900, signal 89219/109265 (executing program) 2025/09/01 11:18:34 fetching corpus: 950, signal 91609/112210 (executing program) 2025/09/01 11:18:34 fetching corpus: 1000, signal 92911/114245 (executing program) 2025/09/01 11:18:34 fetching corpus: 1050, signal 94371/116385 (executing program) 2025/09/01 11:18:34 fetching corpus: 1100, signal 95790/118474 (executing program) 2025/09/01 11:18:34 fetching corpus: 1150, signal 97858/121005 (executing program) 2025/09/01 11:18:35 fetching corpus: 1200, signal 99816/123440 (executing program) 2025/09/01 11:18:35 fetching corpus: 1250, signal 101690/125742 (executing program) 2025/09/01 11:18:35 fetching corpus: 1300, signal 103866/128191 (executing program) 2025/09/01 11:18:35 fetching corpus: 1350, signal 104976/129873 (executing program) 2025/09/01 11:18:35 fetching corpus: 1400, signal 106087/131540 (executing program) 2025/09/01 11:18:35 fetching corpus: 1450, signal 107524/133388 (executing program) 2025/09/01 11:18:35 fetching corpus: 1500, signal 109435/135512 (executing program) 2025/09/01 11:18:35 fetching corpus: 1550, signal 110743/137243 (executing program) 2025/09/01 11:18:35 fetching corpus: 1600, signal 111914/138832 (executing program) 2025/09/01 11:18:35 fetching corpus: 1650, signal 113559/140741 (executing program) 2025/09/01 11:18:36 fetching corpus: 1700, signal 114785/142338 (executing program) 2025/09/01 11:18:36 fetching corpus: 1750, signal 115568/143595 (executing program) 2025/09/01 11:18:36 fetching corpus: 1800, signal 117532/145632 (executing program) 2025/09/01 11:18:36 fetching corpus: 1850, signal 118747/147101 (executing program) 2025/09/01 11:18:36 fetching corpus: 1900, signal 119530/148336 (executing program) 2025/09/01 11:18:36 fetching corpus: 1950, signal 120917/149866 (executing program) 2025/09/01 11:18:36 fetching corpus: 2000, signal 121681/151013 (executing program) 2025/09/01 11:18:36 fetching corpus: 2050, signal 122649/152307 (executing program) 2025/09/01 11:18:36 fetching corpus: 2100, signal 123349/153415 (executing program) 2025/09/01 11:18:36 fetching corpus: 2150, signal 124371/154661 (executing program) 2025/09/01 11:18:37 fetching corpus: 2200, signal 125244/155816 (executing program) 2025/09/01 11:18:37 fetching corpus: 2250, signal 126427/157090 (executing program) 2025/09/01 11:18:37 fetching corpus: 2300, signal 127325/158240 (executing program) 2025/09/01 11:18:37 fetching corpus: 2350, signal 128209/159350 (executing program) 2025/09/01 11:18:37 fetching corpus: 2400, signal 128878/160336 (executing program) 2025/09/01 11:18:37 fetching corpus: 2450, signal 130099/161476 (executing program) 2025/09/01 11:18:37 fetching corpus: 2500, signal 131007/162516 (executing program) 2025/09/01 11:18:37 fetching corpus: 2550, signal 131635/163422 (executing program) 2025/09/01 11:18:38 fetching corpus: 2600, signal 132537/164451 (executing program) 2025/09/01 11:18:38 fetching corpus: 2650, signal 136044/166532 (executing program) 2025/09/01 11:18:38 fetching corpus: 2700, signal 136876/167410 (executing program) 2025/09/01 11:18:38 fetching corpus: 2750, signal 137825/168408 (executing program) 2025/09/01 11:18:38 fetching corpus: 2800, signal 138952/169437 (executing program) 2025/09/01 11:18:38 fetching corpus: 2850, signal 140349/170439 (executing program) 2025/09/01 11:18:38 fetching corpus: 2900, signal 140956/171200 (executing program) 2025/09/01 11:18:38 fetching corpus: 2950, signal 142087/172120 (executing program) 2025/09/01 11:18:38 fetching corpus: 3000, signal 142546/172767 (executing program) 2025/09/01 11:18:38 fetching corpus: 3050, signal 143047/173414 (executing program) 2025/09/01 11:18:38 fetching corpus: 3100, signal 143541/174052 (executing program) 2025/09/01 11:18:39 fetching corpus: 3150, signal 144168/174792 (executing program) 2025/09/01 11:18:39 fetching corpus: 3200, signal 144812/175602 (executing program) 2025/09/01 11:18:39 fetching corpus: 3250, signal 145218/176185 (executing program) 2025/09/01 11:18:39 fetching corpus: 3300, signal 145979/176853 (executing program) 2025/09/01 11:18:39 fetching corpus: 3350, signal 146812/177573 (executing program) 2025/09/01 11:18:39 fetching corpus: 3400, signal 147542/178229 (executing program) 2025/09/01 11:18:39 fetching corpus: 3450, signal 148198/178860 (executing program) 2025/09/01 11:18:39 fetching corpus: 3500, signal 148916/179445 (executing program) 2025/09/01 11:18:39 fetching corpus: 3550, signal 149491/180087 (executing program) 2025/09/01 11:18:39 fetching corpus: 3600, signal 149880/180599 (executing program) 2025/09/01 11:18:39 fetching corpus: 3650, signal 150429/181110 (executing program) 2025/09/01 11:18:40 fetching corpus: 3700, signal 151037/181635 (executing program) 2025/09/01 11:18:40 fetching corpus: 3750, signal 151467/182135 (executing program) 2025/09/01 11:18:40 fetching corpus: 3800, signal 152032/182698 (executing program) 2025/09/01 11:18:40 fetching corpus: 3850, signal 152508/183214 (executing program) 2025/09/01 11:18:40 fetching corpus: 3900, signal 153050/183688 (executing program) 2025/09/01 11:18:40 fetching corpus: 3950, signal 153618/184133 (executing program) 2025/09/01 11:18:40 fetching corpus: 4000, signal 154776/184646 (executing program) 2025/09/01 11:18:40 fetching corpus: 4050, signal 155367/185132 (executing program) 2025/09/01 11:18:40 fetching corpus: 4100, signal 155887/185573 (executing program) 2025/09/01 11:18:40 fetching corpus: 4150, signal 156359/186008 (executing program) 2025/09/01 11:18:40 fetching corpus: 4200, signal 157019/186401 (executing program) 2025/09/01 11:18:40 fetching corpus: 4250, signal 157411/186806 (executing program) 2025/09/01 11:18:40 fetching corpus: 4300, signal 157775/187184 (executing program) 2025/09/01 11:18:41 fetching corpus: 4350, signal 158080/187551 (executing program) 2025/09/01 11:18:41 fetching corpus: 4400, signal 158584/187894 (executing program) 2025/09/01 11:18:41 fetching corpus: 4450, signal 159059/188242 (executing program) 2025/09/01 11:18:41 fetching corpus: 4500, signal 159381/188570 (executing program) 2025/09/01 11:18:41 fetching corpus: 4550, signal 159754/188932 (executing program) 2025/09/01 11:18:41 fetching corpus: 4600, signal 160169/189281 (executing program) 2025/09/01 11:18:41 fetching corpus: 4650, signal 160481/189395 (executing program) 2025/09/01 11:18:41 fetching corpus: 4700, signal 160946/189427 (executing program) 2025/09/01 11:18:41 fetching corpus: 4750, signal 161431/189429 (executing program) 2025/09/01 11:18:41 fetching corpus: 4800, signal 161740/189429 (executing program) 2025/09/01 11:18:41 fetching corpus: 4850, signal 162327/189501 (executing program) 2025/09/01 11:18:42 fetching corpus: 4900, signal 162784/189512 (executing program) 2025/09/01 11:18:42 fetching corpus: 4950, signal 163279/189521 (executing program) 2025/09/01 11:18:42 fetching corpus: 5000, signal 163806/189537 (executing program) 2025/09/01 11:18:42 fetching corpus: 5050, signal 164058/189540 (executing program) 2025/09/01 11:18:42 fetching corpus: 5100, signal 164465/189562 (executing program) 2025/09/01 11:18:42 fetching corpus: 5150, signal 164895/189564 (executing program) 2025/09/01 11:18:42 fetching corpus: 5200, signal 165277/189576 (executing program) 2025/09/01 11:18:42 fetching corpus: 5250, signal 165871/189610 (executing program) 2025/09/01 11:18:42 fetching corpus: 5300, signal 166222/189633 (executing program) 2025/09/01 11:18:42 fetching corpus: 5350, signal 166491/189651 (executing program) 2025/09/01 11:18:42 fetching corpus: 5400, signal 166920/189651 (executing program) 2025/09/01 11:18:42 fetching corpus: 5450, signal 167417/189651 (executing program) 2025/09/01 11:18:43 fetching corpus: 5500, signal 167721/189652 (executing program) 2025/09/01 11:18:43 fetching corpus: 5550, signal 168311/189659 (executing program) 2025/09/01 11:18:43 fetching corpus: 5600, signal 168712/189672 (executing program) 2025/09/01 11:18:43 fetching corpus: 5650, signal 169059/189693 (executing program) 2025/09/01 11:18:43 fetching corpus: 5700, signal 169490/189698 (executing program) 2025/09/01 11:18:43 fetching corpus: 5750, signal 169805/189713 (executing program) 2025/09/01 11:18:43 fetching corpus: 5800, signal 170167/189716 (executing program) 2025/09/01 11:18:43 fetching corpus: 5850, signal 170610/189730 (executing program) 2025/09/01 11:18:43 fetching corpus: 5900, signal 170948/189732 (executing program) 2025/09/01 11:18:43 fetching corpus: 5950, signal 171488/189736 (executing program) 2025/09/01 11:18:43 fetching corpus: 6000, signal 171764/189741 (executing program) 2025/09/01 11:18:44 fetching corpus: 6050, signal 172340/189749 (executing program) 2025/09/01 11:18:44 fetching corpus: 6100, signal 172761/189749 (executing program) 2025/09/01 11:18:44 fetching corpus: 6150, signal 173058/189789 (executing program) 2025/09/01 11:18:44 fetching corpus: 6200, signal 173288/189819 (executing program) 2025/09/01 11:18:44 fetching corpus: 6250, signal 173916/189824 (executing program) 2025/09/01 11:18:44 fetching corpus: 6300, signal 174184/189854 (executing program) 2025/09/01 11:18:44 fetching corpus: 6350, signal 174644/189895 (executing program) 2025/09/01 11:18:44 fetching corpus: 6400, signal 174985/189904 (executing program) 2025/09/01 11:18:44 fetching corpus: 6450, signal 175294/189914 (executing program) 2025/09/01 11:18:45 fetching corpus: 6500, signal 175632/189917 (executing program) 2025/09/01 11:18:45 fetching corpus: 6550, signal 175930/189921 (executing program) 2025/09/01 11:18:45 fetching corpus: 6600, signal 176432/189952 (executing program) 2025/09/01 11:18:45 fetching corpus: 6650, signal 176667/189955 (executing program) 2025/09/01 11:18:45 fetching corpus: 6700, signal 176882/189963 (executing program) 2025/09/01 11:18:45 fetching corpus: 6750, signal 177601/189968 (executing program) 2025/09/01 11:18:45 fetching corpus: 6800, signal 177852/189994 (executing program) 2025/09/01 11:18:45 fetching corpus: 6850, signal 178222/190002 (executing program) 2025/09/01 11:18:45 fetching corpus: 6900, signal 178610/190066 (executing program) 2025/09/01 11:18:45 fetching corpus: 6950, signal 178816/190070 (executing program) 2025/09/01 11:18:45 fetching corpus: 7000, signal 179038/190112 (executing program) 2025/09/01 11:18:45 fetching corpus: 7050, signal 179381/190114 (executing program) 2025/09/01 11:18:46 fetching corpus: 7100, signal 179768/190155 (executing program) 2025/09/01 11:18:46 fetching corpus: 7150, signal 180007/190158 (executing program) 2025/09/01 11:18:46 fetching corpus: 7200, signal 180238/190160 (executing program) 2025/09/01 11:18:46 fetching corpus: 7250, signal 180518/190167 (executing program) 2025/09/01 11:18:46 fetching corpus: 7300, signal 181056/190168 (executing program) 2025/09/01 11:18:46 fetching corpus: 7350, signal 181374/190169 (executing program) 2025/09/01 11:18:46 fetching corpus: 7400, signal 181800/190178 (executing program) 2025/09/01 11:18:46 fetching corpus: 7450, signal 182092/190180 (executing program) 2025/09/01 11:18:46 fetching corpus: 7500, signal 182356/190184 (executing program) 2025/09/01 11:18:46 fetching corpus: 7550, signal 182597/190193 (executing program) 2025/09/01 11:18:46 fetching corpus: 7600, signal 182893/190193 (executing program) 2025/09/01 11:18:47 fetching corpus: 7650, signal 183132/190201 (executing program) 2025/09/01 11:18:47 fetching corpus: 7700, signal 183359/190218 (executing program) 2025/09/01 11:18:47 fetching corpus: 7750, signal 183615/190221 (executing program) 2025/09/01 11:18:47 fetching corpus: 7800, signal 184175/190224 (executing program) 2025/09/01 11:18:47 fetching corpus: 7850, signal 184375/190225 (executing program) 2025/09/01 11:18:47 fetching corpus: 7900, signal 184580/190227 (executing program) 2025/09/01 11:18:47 fetching corpus: 7950, signal 184887/190231 (executing program) 2025/09/01 11:18:47 fetching corpus: 8000, signal 185191/190235 (executing program) 2025/09/01 11:18:47 fetching corpus: 8050, signal 185574/190245 (executing program) 2025/09/01 11:18:47 fetching corpus: 8100, signal 185762/190248 (executing program) 2025/09/01 11:18:47 fetching corpus: 8150, signal 186084/190250 (executing program) 2025/09/01 11:18:47 fetching corpus: 8200, signal 186385/190257 (executing program) 2025/09/01 11:18:47 fetching corpus: 8250, signal 186608/190259 (executing program) 2025/09/01 11:18:48 fetching corpus: 8300, signal 186872/190268 (executing program) 2025/09/01 11:18:48 fetching corpus: 8350, signal 187209/190269 (executing program) 2025/09/01 11:18:48 fetching corpus: 8400, signal 187433/190269 (executing program) 2025/09/01 11:18:48 fetching corpus: 8435, signal 187575/190273 (executing program) 2025/09/01 11:18:48 fetching corpus: 8435, signal 187575/190273 (executing program) 2025/09/01 11:18:50 starting 8 fuzzer processes 11:18:50 executing program 0: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) ftruncate(r0, 0x8800000) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/243, 0x7ffff000}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x2) 11:18:50 executing program 2: unlinkat(0xffffffffffffffff, &(0x7f0000001ac0)='./file0\x00', 0x200) 11:18:50 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="200000006d000100000000000000000021cfb66e65"], 0x20}], 0x1}, 0x0) 11:18:50 executing program 7: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x3, &(0x7f0000000000), 0x0) 11:18:50 executing program 3: seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000000)) [ 79.526170] audit: type=1400 audit(1756725530.799:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:18:50 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x17) 11:18:50 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x56, &(0x7f0000000040)={@broadcast, @random="5e52989c7e32", @void, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "aa3ab8446a84edc760baf5d5e1b0228ec5bfd22d6df372518b10708bdb014b7899f059b9e8ae4e0ffd6c4cee48f722e396f35768e2ae0fab78858811c5ce3e8d"}}}}, 0x0) 11:18:50 executing program 6: mount_setattr(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000140)={0x1000000}, 0x20) [ 80.705651] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.716270] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.718427] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.728002] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.732578] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.828385] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.830507] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.832371] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.836075] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.838450] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.890405] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.895400] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.898648] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.903017] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.907361] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.973588] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.981636] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.983409] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.986206] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.987371] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.989673] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.991759] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.993805] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.996687] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.997688] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.002452] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.010406] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.013079] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.014511] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.014807] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.018518] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.021501] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.024982] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.036640] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.040270] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.052723] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.081279] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.083691] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.088785] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.097903] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.800580] Bluetooth: hci0: command tx timeout [ 82.865359] Bluetooth: hci1: command tx timeout [ 82.928259] Bluetooth: hci2: command tx timeout [ 83.057210] Bluetooth: hci4: command tx timeout [ 83.121135] Bluetooth: hci7: command tx timeout [ 83.124205] Bluetooth: hci5: command tx timeout [ 83.124672] Bluetooth: hci3: command tx timeout [ 83.184297] Bluetooth: hci6: command tx timeout [ 84.849022] Bluetooth: hci0: command tx timeout [ 84.912205] Bluetooth: hci1: command tx timeout [ 84.976234] Bluetooth: hci2: command tx timeout [ 85.104427] Bluetooth: hci4: command tx timeout [ 85.168238] Bluetooth: hci5: command tx timeout [ 85.168694] Bluetooth: hci3: command tx timeout [ 85.169076] Bluetooth: hci7: command tx timeout [ 85.232153] Bluetooth: hci6: command tx timeout [ 86.896161] Bluetooth: hci0: command tx timeout [ 86.960260] Bluetooth: hci1: command tx timeout [ 87.026125] Bluetooth: hci2: command tx timeout [ 87.152149] Bluetooth: hci4: command tx timeout [ 87.216163] Bluetooth: hci7: command tx timeout [ 87.216209] Bluetooth: hci3: command tx timeout [ 87.216598] Bluetooth: hci5: command tx timeout [ 87.281564] Bluetooth: hci6: command tx timeout [ 88.944347] Bluetooth: hci0: command tx timeout [ 89.008212] Bluetooth: hci1: command tx timeout [ 89.072146] Bluetooth: hci2: command tx timeout [ 89.200176] Bluetooth: hci4: command tx timeout [ 89.264309] Bluetooth: hci5: command tx timeout [ 89.264343] Bluetooth: hci3: command tx timeout [ 89.264752] Bluetooth: hci7: command tx timeout [ 89.328668] Bluetooth: hci6: command tx timeout [ 118.656348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.657025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.819616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.820280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.955627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.956862] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.119530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.120168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:19:30 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x56, &(0x7f0000000040)={@broadcast, @random="5e52989c7e32", @void, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "aa3ab8446a84edc760baf5d5e1b0228ec5bfd22d6df372518b10708bdb014b7899f059b9e8ae4e0ffd6c4cee48f722e396f35768e2ae0fab78858811c5ce3e8d"}}}}, 0x0) [ 119.411203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.411814] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:19:30 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x56, &(0x7f0000000040)={@broadcast, @random="5e52989c7e32", @void, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "aa3ab8446a84edc760baf5d5e1b0228ec5bfd22d6df372518b10708bdb014b7899f059b9e8ae4e0ffd6c4cee48f722e396f35768e2ae0fab78858811c5ce3e8d"}}}}, 0x0) 11:19:30 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x56, &(0x7f0000000040)={@broadcast, @random="5e52989c7e32", @void, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "aa3ab8446a84edc760baf5d5e1b0228ec5bfd22d6df372518b10708bdb014b7899f059b9e8ae4e0ffd6c4cee48f722e396f35768e2ae0fab78858811c5ce3e8d"}}}}, 0x0) [ 119.579072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.579720] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:19:30 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000200)) sync() [ 119.652513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.653128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.653597] audit: type=1400 audit(1756725570.931:8): avc: denied { open } for pid=3862 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.657397] audit: type=1400 audit(1756725570.932:9): avc: denied { kernel } for pid=3862 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:19:31 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$FIBMAP(r0, 0x80081272, &(0x7f0000000000)) [ 119.871688] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.872332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.913521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.914135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.026574] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.027573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.067705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.068395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.123069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.123867] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.192422] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.193021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.256735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.257334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.342166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.342803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.373036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.373712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:19:31 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_SCAN_REQ(r1, &(0x7f0000000280)={&(0x7f0000000180), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r2, 0xd2b, 0x0, 0x0, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5}, @IEEE802154_ATTR_CHANNELS={0x8}]}, 0x24}}, 0x0) 11:19:31 executing program 5: process_vm_writev(0x0, &(0x7f0000001a80)=[{&(0x7f0000001a40)=""/28, 0x1c}], 0x1, &(0x7f0000003080)=[{&(0x7f0000001ac0)=""/116, 0x74}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) 11:19:31 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) get_robust_list(0x0, &(0x7f0000000280)=0x0, &(0x7f00000002c0)) 11:19:31 executing program 7: syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_io_uring_setup(0x6dad, &(0x7f0000000740)={0x0, 0x8be9, 0xb, 0x0, 0x19e}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000007c0), &(0x7f0000000800)) 11:19:31 executing program 0: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) ftruncate(r0, 0x8800000) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/243, 0x7ffff000}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x2) 11:19:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="200000006d000100000000000000000021cfb66e65"], 0x20}], 0x1}, 0x0) 11:19:31 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001f40), 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, 0x0, 0x0, 0xffffffffffffffff) 11:19:31 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001480), 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, 0x0) 11:19:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="200000006d000100000000000000000021cfb66e65"], 0x20}], 0x1}, 0x0) 11:19:31 executing program 4: r0 = getpid() r1 = pidfd_open(r0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) process_madvise(r1, 0x0, 0x0, 0x0, 0x0) 11:19:31 executing program 6: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) setresuid(0x0, r0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 11:19:31 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x24, 0x1, 0x4, 0x201, 0x0, 0x0, {}, [@NFULA_CFG_QTHRESH={0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x24}}, 0x4) 11:19:32 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x13) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) 11:19:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="200000006d000100000000000000000021cfb66e65"], 0x20}], 0x1}, 0x0) 11:19:32 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) 11:19:32 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000100)={{0x3}, 'port1\x00'}) 11:19:32 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) bind$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x3}, 0x6e) 11:19:32 executing program 4: r0 = getpid() r1 = pidfd_open(r0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) process_madvise(r1, 0x0, 0x0, 0x0, 0x0) 11:19:32 executing program 2: syz_mount_image$tmpfs(&(0x7f00000007c0), &(0x7f0000000800)='./file0\x00', 0x0, 0x0, &(0x7f0000000ac0), 0x0, &(0x7f0000000b40)={[{@size={'size', 0x3d, [0x35, 0x0]}}]}) 11:19:32 executing program 0: r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0) ftruncate(r0, 0x8800000) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/243, 0x7ffff000}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x2) 11:19:32 executing program 4: r0 = getpid() r1 = pidfd_open(r0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) process_madvise(r1, 0x0, 0x0, 0x0, 0x0) 11:19:32 executing program 6: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd", 0xfe1e) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x8) fcntl$setstatus(r0, 0x4, 0x44000) sendfile(r0, r1, 0x0, 0xfdef) [ 120.903071] ================================================================== [ 120.903728] BUG: KASAN: slab-out-of-bounds in perf_tp_event+0xd8c/0xe70 [ 120.904286] Read of size 8 at addr ffff888019bc85a0 by task syz-executor.6/290 [ 120.904859] [ 120.905321] CPU: 0 UID: 0 PID: 290 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 120.905340] Tainted: [W]=WARN [ 120.905344] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.905352] Call Trace: [ 120.905356] [ 120.905361] dump_stack_lvl+0xca/0x120 [ 120.905383] print_report+0xcb/0x610 [ 120.905400] ? __virt_addr_valid+0x100/0x5d0 [ 120.905420] ? perf_tp_event+0xd8c/0xe70 [ 120.905436] ? perf_tp_event+0xd8c/0xe70 [ 120.905451] kasan_report+0xca/0x100 [ 120.905468] ? perf_tp_event+0xd8c/0xe70 [ 120.905485] perf_tp_event+0xd8c/0xe70 [ 120.905501] ? find_held_lock+0x2b/0x80 [ 120.905520] ? __pfx_perf_tp_event+0x10/0x10 [ 120.905536] ? lock_release+0xc8/0x290 [ 120.905550] ? __is_insn_slot_addr+0x140/0x290 [ 120.905570] ? kernel_text_address+0x5b/0xc0 [ 120.905586] ? __kernel_text_address+0xd/0x40 [ 120.905600] ? unwind_get_return_address+0x59/0xa0 [ 120.905618] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 120.905634] ? arch_stack_walk+0x9c/0xf0 [ 120.905648] ? __lock_acquire+0x694/0x1b70 [ 120.905663] ? __lock_acquire+0x694/0x1b70 [ 120.905679] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.905696] perf_trace_run_bpf_submit+0xef/0x180 [ 120.905713] perf_trace_contention_begin+0x235/0x3e0 [ 120.905730] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 120.905744] ? lock_acquire+0x15e/0x2f0 [ 120.905757] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 120.905777] trace_contention_begin+0xae/0x110 [ 120.905792] __mutex_lock+0x14b/0x1020 [ 120.905812] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 120.905828] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 120.905845] ? __pfx___mutex_lock+0x10/0x10 [ 120.905863] ? find_held_lock+0x2b/0x80 [ 120.905880] ? obj_cgroup_charge_account+0x2b3/0x6e0 [ 120.905900] ? lock_release+0xc8/0x290 [ 120.905914] ? obj_cgroup_charge_account+0x2b8/0x6e0 [ 120.905933] ? lock_release+0xc8/0x290 [ 120.905946] pcpu_alloc_noprof+0xaa0/0x1170 [ 120.905962] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 120.905979] ? __create_object+0x59/0x80 [ 120.905996] ? pcpu_alloc_noprof+0x12d/0x1170 [ 120.906014] __percpu_counter_init_many+0x44/0x360 [ 120.906031] mm_init+0xcac/0x1170 [ 120.906043] copy_process+0x3ab7/0x73c0 [ 120.906059] ? __pfx_copy_process+0x10/0x10 [ 120.906073] ? do_raw_spin_lock+0x123/0x260 [ 120.906090] kernel_clone+0xea/0x7f0 [ 120.906103] ? __pfx_kernel_clone+0x10/0x10 [ 120.906116] ? __lock_acquire+0x694/0x1b70 [ 120.906129] ? css_rstat_updated+0x1b8/0x4d0 [ 120.906147] ? __pfx_css_rstat_updated+0x10/0x10 [ 120.906165] __do_sys_clone+0xce/0x120 [ 120.906177] ? __pfx___do_sys_clone+0x10/0x10 [ 120.906189] ? find_held_lock+0x2b/0x80 [ 120.906211] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 120.906225] do_syscall_64+0xbf/0x360 [ 120.906221] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#1] SMP KASAN NOPTI [ 120.906238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.906252] RIP: 0033:0x7f461051a10b [ 120.906262] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 120.906274] RSP: 002b:00007ffec8b53110 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 120.906286] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f461051a10b [ 120.906295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 120.906302] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555579937400 [ 120.906309] R10: 00005555799376d0 R11: 0000000000000246 R12: 0000000000000001 [ 120.906317] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffec8b531f0 [ 120.906327] [ 120.906332] [ 120.912199] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 120.912464] Allocated by task 3951: [ 120.912473] kasan_save_stack+0x24/0x50 [ 120.913667] CPU: 1 UID: 0 PID: 3951 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 120.913876] kasan_save_track+0x14/0x30 [ 120.914213] Tainted: [W]=WARN [ 120.914518] __kasan_slab_alloc+0x59/0x70 [ 120.915043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.915399] kmem_cache_alloc_node_noprof+0x21a/0x690 [ 120.915992] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 120.916318] alloc_unbound_pwq+0xa51/0xe20 [ 120.916852] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 120.917172] apply_wqattrs_prepare+0x851/0xb60 [ 120.917732] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 120.918050] apply_workqueue_attrs_locked+0x64/0xf0 [ 120.918697] [ 120.919011] __alloc_workqueue+0x1065/0x1820 [ 120.919674] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 120.920026] alloc_workqueue_noprof+0xc7/0x200 [ 120.920667] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 120.921068] loop_configure+0xf73/0x1590 [ 120.921843] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 120.922170] lo_ioctl+0x66d/0x1c70 [ 120.922780] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.923117] blkdev_ioctl+0x27c/0x6c0 [ 120.923844] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 120.924232] __x64_sys_ioctl+0x18f/0x210 [ 120.924955] FS: 00007f5acc5cd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 120.925374] do_syscall_64+0xbf/0x360 [ 120.925924] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.926259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.926907] CR2: 00007ff762fe0000 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 120.927197] [ 120.927201] The buggy address belongs to the object at ffff888019bc8300 [ 120.927201] which belongs to the cache pool_workqueue of size 512 [ 120.927830] Call Trace: [ 120.928168] The buggy address is located 160 bytes to the right of [ 120.928168] allocated 512-byte region [ffff888019bc8300, ffff888019bc8500) [ 120.928763] [ 120.929066] [ 120.929070] The buggy address belongs to the physical page: [ 120.929779] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 120.930071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19bc8 [ 120.930778] perf_tp_event+0x8b4/0xe70 [ 120.931069] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 120.931683] ? __pfx_perf_tp_event+0x10/0x10 [ 120.932058] flags: 0x100000000000040(head|node=0|zone=1) [ 120.932617] ? lock_release+0x42/0x290 [ 120.932961] page_type: f5(slab) [ 120.933654] ? __lock_acquire+0xc65/0x1b70 [ 120.933917] raw: 0100000000000040 ffff888008cc4280 dead000000000122 0000000000000000 [ 120.934479] ? lock_acquire+0x15e/0x2f0 [ 120.934801] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 120.935392] ? find_held_lock+0x2b/0x80 [ 120.935682] head: 0100000000000040 ffff888008cc4280 dead000000000122 0000000000000000 [ 120.936273] ? mark_held_locks+0x49/0x80 [ 120.936591] head: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 120.937206] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.937562] head: 0100000000000002 ffffea000066f201 00000000ffffffff 00000000ffffffff [ 120.938095] ? trace_sched_exit_tp+0xbf/0x100 [ 120.938438] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004 [ 120.938982] perf_trace_run_bpf_submit+0xef/0x180 [ 120.939375] page dumped because: kasan: bad access detected [ 120.939913] perf_trace_contention_begin+0x235/0x3e0 [ 120.940740] [ 120.940745] Memory state around the buggy address: [ 120.941449] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 120.941728] ffff888019bc8480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 120.944276] ? lock_acquire+0x15e/0x2f0 [ 120.944847] ffff888019bc8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.945834] ? __alloc_workqueue+0x9e1/0x1820 [ 120.946373] >ffff888019bc8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.947382] trace_contention_begin+0xae/0x110 [ 120.947922] ^ [ 120.947930] ffff888019bc8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 120.948926] __mutex_lock+0x14b/0x1020 [ 120.949110] ffff888019bc8680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 120.949362] ? __alloc_workqueue+0x9e1/0x1820 [ 120.950007] ================================================================== [ 121.009317] ? __alloc_workqueue+0x9e1/0x1820 [ 121.009977] ? __pfx___mutex_lock+0x10/0x10 [ 121.010606] ? kfree+0x281/0x550 [ 121.011111] ? apply_workqueue_attrs_locked+0xa1/0xf0 [ 121.011867] ? apply_wqattrs_cleanup.part.0+0x203/0x2b0 [ 121.012632] __alloc_workqueue+0x9e1/0x1820 [ 121.013265] alloc_workqueue_noprof+0xc7/0x200 [ 121.013919] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 121.014657] ? lock_release+0xc8/0x290 [ 121.015222] loop_configure+0xf73/0x1590 [ 121.015831] ? lock_release+0xc8/0x290 [ 121.016392] ? __is_insn_slot_addr+0x140/0x290 [ 121.017069] ? kernel_text_address+0x5b/0xc0 [ 121.017710] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.018481] ? __kernel_text_address+0xd/0x40 [ 121.019126] ? unwind_get_return_address+0x59/0xa0 [ 121.019848] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.020624] ? __pfx_loop_configure+0x10/0x10 [ 121.021275] ? __lock_acquire+0x694/0x1b70 [ 121.021887] ? lock_acquire+0x15e/0x2f0 [ 121.022465] ? avc_has_extended_perms+0x107/0xf20 [ 121.023171] ? find_held_lock+0x2b/0x80 [ 121.023760] ? avc_has_extended_perms+0x23b/0xf20 [ 121.024458] ? lock_release+0xc8/0x290 [ 121.025029] lo_ioctl+0x66d/0x1c70 [ 121.025554] ? __pfx_lo_ioctl+0x10/0x10 [ 121.026138] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 121.026888] ? lock_acquire+0x15e/0x2f0 [ 121.027463] ? __virt_addr_valid+0x1c6/0x5d0 [ 121.028117] ? find_held_lock+0x2b/0x80 [ 121.028705] ? __virt_addr_valid+0x2e8/0x5d0 [ 121.029345] ? lock_release+0xc8/0x290 [ 121.029908] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 121.030655] ? percpu_is_read_locked+0x100/0x1d0 [ 121.031340] ? __fget_files+0x34/0x3b0 [ 121.031908] ? find_held_lock+0x2b/0x80 [ 121.032487] ? __fget_files+0x203/0x3b0 [ 121.033065] ? __pfx_lo_ioctl+0x10/0x10 [ 121.033643] blkdev_ioctl+0x27c/0x6c0 [ 121.034197] ? __pfx_blkdev_ioctl+0x10/0x10 [ 121.034816] ? selinux_file_ioctl+0xb9/0x280 [ 121.035454] ? __pfx_blkdev_ioctl+0x10/0x10 [ 121.036084] __x64_sys_ioctl+0x18f/0x210 [ 121.036681] do_syscall_64+0xbf/0x360 [ 121.037238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.037969] RIP: 0033:0x7f5acf0578d7 [ 121.038501] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.041059] RSP: 002b:00007f5acc5ccf48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 121.042129] RAX: ffffffffffffffda RBX: 00007f5acf0a1970 RCX: 00007f5acf0578d7 [ 121.043129] RDX: 0000000000000003 RSI: 0000000000004c00 RDI: 0000000000000004 [ 121.044140] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 121.045142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 121.046155] R13: 0000000000000003 R14: 0000000020000ac0 R15: 0000000000000000 [ 121.047169] [ 121.047508] Modules linked in: [ 121.047986] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] SMP KASAN NOPTI [ 121.048853] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.049010] ---[ end trace 0000000000000000 ]--- [ 121.049438] CPU: 0 UID: 0 PID: 290 Comm: syz-executor.6 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.049460] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.049465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.049472] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.049492] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.049503] RSP: 0018:ffff8880162f7460 EFLAGS: 00010256 [ 121.049513] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.049522] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.049529] RBP: ffff8880162f7730 R08: 0000000000000001 R09: fffffbfff0f12690 [ 121.049537] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.049544] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.049554] FS: 0000555579937400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.049565] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.049573] CR2: 00007f46115683a4 CR3: 0000000044b67000 CR4: 0000000000350ef0 [ 121.049581] Call Trace: [ 121.049586] [ 121.049592] perf_tp_event+0x8b4/0xe70 [ 121.049609] ? find_held_lock+0x2b/0x80 [ 121.049626] ? __pfx_perf_tp_event+0x10/0x10 [ 121.049642] ? lock_release+0xc8/0x290 [ 121.049656] ? __is_insn_slot_addr+0x140/0x290 [ 121.049674] ? kernel_text_address+0x5b/0xc0 [ 121.049688] ? __kernel_text_address+0xd/0x40 [ 121.049702] ? unwind_get_return_address+0x59/0xa0 [ 121.049720] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.049735] ? arch_stack_walk+0x9c/0xf0 [ 121.049748] ? __lock_acquire+0x694/0x1b70 [ 121.049762] ? __lock_acquire+0x694/0x1b70 [ 121.049779] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.049795] perf_trace_run_bpf_submit+0xef/0x180 [ 121.049813] perf_trace_contention_begin+0x235/0x3e0 [ 121.049828] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.049843] ? lock_acquire+0x15e/0x2f0 [ 121.049856] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 121.049874] trace_contention_begin+0xae/0x110 [ 121.049889] __mutex_lock+0x14b/0x1020 [ 121.049906] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 121.049923] ? pcpu_alloc_noprof+0xaa0/0x1170 [ 121.049940] ? __pfx___mutex_lock+0x10/0x10 [ 121.049958] ? find_held_lock+0x2b/0x80 [ 121.049975] ? obj_cgroup_charge_account+0x2b3/0x6e0 [ 121.049994] ? lock_release+0xc8/0x290 [ 121.050008] ? obj_cgroup_charge_account+0x2b8/0x6e0 [ 121.050026] ? lock_release+0xc8/0x290 [ 121.050040] pcpu_alloc_noprof+0xaa0/0x1170 [ 121.050056] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 121.050072] ? __create_object+0x59/0x80 [ 121.050089] ? pcpu_alloc_noprof+0x12d/0x1170 [ 121.050107] __percpu_counter_init_many+0x44/0x360 [ 121.050122] mm_init+0xcac/0x1170 [ 121.050133] copy_process+0x3ab7/0x73c0 [ 121.050148] ? __pfx_copy_process+0x10/0x10 [ 121.050821] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.051730] ? do_raw_spin_lock+0x123/0x260 [ 121.051749] kernel_clone+0xea/0x7f0 [ 121.052543] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.053104] ? __pfx_kernel_clone+0x10/0x10 [ 121.053119] ? __lock_acquire+0x694/0x1b70 [ 121.053829] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.055221] ? css_rstat_updated+0x1b8/0x4d0 [ 121.055240] ? __pfx_css_rstat_updated+0x10/0x10 [ 121.056001] [ 121.056548] __do_sys_clone+0xce/0x120 [ 121.056562] ? __pfx___do_sys_clone+0x10/0x10 [ 121.056574] ? find_held_lock+0x2b/0x80 [ 121.057588] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.058125] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.058140] do_syscall_64+0xbf/0x360 [ 121.058152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.059166] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.059702] RIP: 0033:0x7f461051a10b [ 121.060854] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.061280] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 121.061294] RSP: 002b:00007ffec8b53110 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 121.062309] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.062496] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f461051a10b [ 121.062819] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.063117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 121.063126] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555579937400 [ 121.063134] R10: 00005555799376d0 R11: 0000000000000246 R12: 0000000000000001 [ 121.063142] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffec8b531f0 [ 121.063706] FS: 00007f5acc5cd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.064045] [ 121.064605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.064932] Modules linked in: [ 121.065569] CR2: 00007ff762fe0000 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 121.067787] ---[ end trace 0000000000000000 ]--- [ 121.067950] note: syz-executor.2[3951] exited with preempt_count 2 [ 121.068982] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.073182] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#3] SMP KASAN NOPTI [ 121.073493] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.074226] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.074533] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.075248] CPU: 1 UID: 0 PID: 3948 Comm: modprobe Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.075556] [ 121.075561] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.076170] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.076555] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.077116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.077130] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.077470] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.078147] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.078426] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.078979] RSP: 0018:ffff888045e2f860 EFLAGS: 00010217 [ 121.079328] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.080030] [ 121.080378] FS: 0000555579937400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.080880] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.082286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.082876] RDX: ffff888009cb8000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.083215] CR2: 00007f46115683a4 CR3: 0000000044b67000 CR4: 0000000000350ef0 [ 121.083995] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.084346] note: syz-executor.6[290] exited with preempt_count 2 [ 121.084997] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.135207] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.136220] FS: 00007ff762d80540(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.137354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.138180] CR2: 000055b81f2a14c8 CR3: 0000000045092000 CR4: 0000000000350ef0 [ 121.139183] Call Trace: [ 121.139560] [ 121.139886] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.140606] perf_tp_event+0x8b4/0xe70 [ 121.141175] ? __pfx_perf_tp_event+0x10/0x10 [ 121.141821] ? unwind_get_return_address+0x59/0xa0 [ 121.142531] ? trace_mm_page_alloc+0xfc/0x150 [ 121.143180] ? __alloc_frozen_pages_noprof+0x296/0x1f20 [ 121.143957] ? stack_trace_save+0x8e/0xc0 [ 121.144553] ? stack_depot_save_flags+0x2c/0xa20 [ 121.145229] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 121.146029] ? __kasan_save_free_info+0x3a/0x60 [ 121.146704] ? __kasan_slab_free+0x3f/0x50 [ 121.147322] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.148054] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 121.148789] ? css_rstat_updated+0x1b8/0x4d0 [ 121.149428] perf_trace_run_bpf_submit+0xef/0x180 [ 121.150125] perf_trace_contention_begin+0x235/0x3e0 [ 121.150857] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.151657] ? lock_release+0x1c7/0x290 [ 121.152229] ? lock_release+0x1c7/0x290 [ 121.152801] ? lock_acquire+0x18c/0x2f0 [ 121.153380] trace_contention_begin+0xae/0x110 [ 121.154041] __mutex_lock+0x14b/0x1020 [ 121.154612] ? fdget_pos+0x2a8/0x380 [ 121.155152] ? fdget_pos+0x2a8/0x380 [ 121.155711] ? __pfx___mutex_lock+0x10/0x10 [ 121.156341] ? __pfx___handle_mm_fault+0x10/0x10 [ 121.157029] ? __pfx_css_rstat_updated+0x10/0x10 [ 121.157725] fdget_pos+0x2a8/0x380 [ 121.158242] __x64_sys_getdents64+0xe0/0x2c0 [ 121.158887] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 121.159621] ? lock_release+0x1c7/0x290 [ 121.160192] ? access_error+0x17d/0x380 [ 121.160768] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.161514] do_syscall_64+0xbf/0x360 [ 121.162061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.162798] RIP: 0033:0x7ff762e6f9c7 [ 121.163327] Code: 0f 1f 00 48 8b 47 20 c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 81 fa ff ff ff 7f b8 ff ff ff 7f 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 99 74 0f 00 f7 d8 64 89 02 48 [ 121.165885] RSP: 002b:00007ffd09431bc8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 121.166953] RAX: ffffffffffffffda RBX: 000055b81f299490 RCX: 00007ff762e6f9c7 [ 121.167966] RDX: 0000000000008000 RSI: 000055b81f2994c0 RDI: 0000000000000000 [ 121.168965] RBP: 000055b81f2994c0 R08: 0000000000000030 R09: 00007ff762f67be0 [ 121.169969] R10: 0000000000000076 R11: 0000000000000293 R12: ffffffffffffff80 [ 121.170970] R13: 000055b81f299494 R14: 0000000000000000 R15: 000055b81f299310 [ 121.171997] [ 121.172336] Modules linked in: [ 121.172802] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#4] SMP KASAN NOPTI [ 121.173651] ---[ end trace 0000000000000000 ]--- [ 121.173702] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.174964] CPU: 0 UID: 0 PID: 269 Comm: kworker/0:3 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.174956] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.175932] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.175938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.175946] Workqueue: mld mld_dad_work [ 121.176658] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.177044] [ 121.177049] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.178272] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.178517] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.181102] [ 121.181222] RSP: 0018:ffff8880173d76a0 EFLAGS: 00010256 [ 121.181933] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.182345] [ 121.182349] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.182357] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.182365] RBP: ffff8880173d7970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.184948] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.185069] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.185844] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.186387] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.186398] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.186409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.186653] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.187201] CR2: 00007f46115683a4 CR3: 0000000044b67000 CR4: 0000000000350ef0 [ 121.187210] Call Trace: [ 121.187214] [ 121.187219] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.188237] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.188764] perf_tp_event+0x8b4/0xe70 [ 121.189789] FS: 00007ff762d80540(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.190314] ? __dev_queue_xmit+0x9a2/0x3cc0 [ 121.191347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.191876] ? __pfx_perf_tp_event+0x10/0x10 [ 121.193014] CR2: 000055b81f2a14c8 CR3: 0000000045092000 CR4: 0000000000350ef0 [ 121.193436] ? __pfx_selinux_ip_postroute+0x10/0x10 [ 121.194460] note: modprobe[3948] exited with preempt_count 2 [ 121.194997] ? __pfx___dev_queue_xmit+0x10/0x10 [ 121.200257] ? register_lock_class+0x41/0x560 [ 121.200620] ? __lock_acquire+0x694/0x1b70 [ 121.200955] ? __lock_acquire+0xc65/0x1b70 [ 121.201296] ? lock_acquire+0x15e/0x2f0 [ 121.201616] ? ipv6_chk_mcast_addr+0x38/0x990 [ 121.201977] ? lock_acquire+0x15e/0x2f0 [ 121.202296] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.202701] perf_trace_run_bpf_submit+0xef/0x180 [ 121.203096] perf_trace_contention_begin+0x235/0x3e0 [ 121.203506] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.203958] ? sched_clock+0x37/0x60 [ 121.204266] ? lock_acquire+0x18c/0x2f0 [ 121.204592] trace_contention_begin+0xae/0x110 [ 121.204970] __mutex_lock+0x14b/0x1020 [ 121.205298] ? mld_dad_work+0x2a/0x1e0 [ 121.205617] ? mld_dad_work+0x2a/0x1e0 [ 121.205927] ? __perf_event_task_sched_in+0x235/0x5e0 [ 121.206340] ? __pfx___mutex_lock+0x10/0x10 [ 121.206690] ? lock_release+0x1c7/0x290 [ 121.207012] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.207435] ? lock_acquire+0x18c/0x2f0 [ 121.207764] mld_dad_work+0x2a/0x1e0 [ 121.208068] process_one_work+0x8e1/0x19c0 [ 121.208415] ? __pfx_process_one_work+0x10/0x10 [ 121.208794] ? move_linked_works+0x172/0x270 [ 121.209163] ? assign_work+0x196/0x240 [ 121.209477] worker_thread+0x67e/0xe90 [ 121.209793] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.210211] ? __pfx_worker_thread+0x10/0x10 [ 121.210568] kthread+0x3c8/0x740 [ 121.210850] ? __pfx_kthread+0x10/0x10 [ 121.211171] ? ret_from_fork+0x23/0x430 [ 121.211504] ? lock_release+0xc8/0x290 [ 121.211830] ? __pfx_kthread+0x10/0x10 [ 121.212147] ret_from_fork+0x34b/0x430 [ 121.212473] ? __pfx_kthread+0x10/0x10 [ 121.212790] ret_from_fork_asm+0x1a/0x30 [ 121.213130] [ 121.213323] Modules linked in: [ 121.213589] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#5] SMP KASAN NOPTI [ 121.214583] ---[ end trace 0000000000000000 ]--- [ 121.215174] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.215197] CPU: 1 UID: 0 PID: 97 Comm: systemd-journal Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.215234] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.215243] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.215255] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.215288] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.215309] RSP: 0018:ffff88801602f660 EFLAGS: 00010217 [ 121.215327] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.215342] RDX: ffff8880145c5280 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.215356] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.215371] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.215385] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.215401] FS: 00007f6907cc7900(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.215422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.215436] CR2: 000055b81f2a14c8 CR3: 000000000bc94000 CR4: 0000000000350ef0 [ 121.215451] Call Trace: [ 121.215458] [ 121.215467] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.215493] perf_tp_event+0x8b4/0xe70 [ 121.215522] ? unwind_get_return_address+0x59/0xa0 [ 121.215566] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.215597] ? __pfx_perf_tp_event+0x10/0x10 [ 121.215628] ? stack_trace_save+0x8e/0xc0 [ 121.215654] ? stack_depot_save_flags+0x2c/0xa20 [ 121.215680] ? kasan_save_stack+0x34/0x50 [ 121.215706] ? kasan_save_stack+0x24/0x50 [ 121.215731] ? kasan_save_track+0x14/0x30 [ 121.215758] ? __kasan_save_free_info+0x3a/0x60 [ 121.215779] ? __kasan_slab_free+0x3f/0x50 [ 121.215806] ? kmem_cache_free+0x2a1/0x540 [ 121.216211] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.217413] ? jbd2_journal_stop+0x5d5/0xe20 [ 121.218352] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.219048] ? __ext4_journal_stop+0xe2/0x1f0 [ 121.219721] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.220421] ? css_rstat_updated+0x1b8/0x4d0 [ 121.221870] [ 121.222605] ? __pfx_css_rstat_updated+0x10/0x10 [ 121.223186] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.224189] ? lock_is_held_type+0x9e/0x120 [ 121.224767] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.225765] ? trace_pelt_se_tp+0xdf/0x130 [ 121.227339] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.227460] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.227928] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.228926] perf_trace_run_bpf_submit+0xef/0x180 [ 121.228961] perf_trace_contention_begin+0x235/0x3e0 [ 121.228989] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.229017] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.229040] ? lock_acquire+0x18c/0x2f0 [ 121.229067] trace_contention_begin+0xae/0x110 [ 121.229094] __mutex_lock+0x14b/0x1020 [ 121.229126] ? ep_send_events+0xff/0xaa0 [ 121.229154] ? ep_send_events+0xff/0xaa0 [ 121.229182] ? __pfx___mutex_lock+0x10/0x10 [ 121.229216] ? lock_acquire+0x15e/0x2f0 [ 121.229241] ? find_held_lock+0x2b/0x80 [ 121.229272] ? schedule+0x2c7/0x390 [ 121.229300] ? lock_release+0xc8/0x290 [ 121.229326] ep_send_events+0xff/0xaa0 [ 121.229353] ? schedule_hrtimeout_range_clock+0x1c0/0x310 [ 121.229382] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 121.229412] ? __pfx_ep_send_events+0x10/0x10 [ 121.229441] ? lock_release+0xc8/0x290 [ 121.229467] do_epoll_wait+0x42e/0xee0 [ 121.229498] ? __pfx_do_epoll_wait+0x10/0x10 [ 121.229524] ? do_timerfd_settime+0x1e4/0x1110 [ 121.229557] ? populate_seccomp_data+0x213/0x540 [ 121.229587] ? __pfx_ep_autoremove_wake_function+0x10/0x10 [ 121.229797] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.230129] ? __pfx___seccomp_filter+0x10/0x10 [ 121.230535] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.231080] __x64_sys_epoll_wait+0x15b/0x280 [ 121.231474] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.232236] ? __pfx___x64_sys_epoll_wait+0x10/0x10 [ 121.232596] CR2: 00007f46115683a4 CR3: 0000000044b67000 CR4: 0000000000350ef0 [ 121.233173] ? __secure_computing+0x18d/0x290 [ 121.233555] note: kworker/0:3[269] exited with preempt_count 2 [ 121.234133] do_syscall_64+0xbf/0x360 [ 121.272370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.273110] RIP: 0033:0x7f6908590116 [ 121.273650] Code: 10 89 7c 24 0c 89 4c 24 1c e8 86 6c f8 ff 44 8b 54 24 1c 8b 54 24 18 41 89 c0 48 8b 74 24 10 8b 7c 24 0c b8 e8 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 32 44 89 c7 89 44 24 0c e8 b6 6c f8 ff 8b 44 [ 121.276231] RSP: 002b:00007ffd2f2d9c00 EFLAGS: 00000293 ORIG_RAX: 00000000000000e8 [ 121.277316] RAX: ffffffffffffffda RBX: 000055d330c48360 RCX: 00007f6908590116 [ 121.278324] RDX: 0000000000000015 RSI: 000055d330c4e700 RDI: 0000000000000008 [ 121.279337] RBP: ffffffffffffffff R08: 0000000000000000 R09: 00007f690891c000 [ 121.280366] R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001 [ 121.281376] R13: 0000000000000015 R14: 0000000000000000 R15: 0000000000000000 [ 121.282390] [ 121.282731] Modules linked in: [ 121.283199] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#6] SMP KASAN NOPTI [ 121.284095] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.284124] ---[ end trace 0000000000000000 ]--- [ 121.284688] CPU: 0 UID: 0 PID: 224 Comm: kworker/u9:3 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.285945] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.286276] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.286282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.286289] Workqueue: events_unbound cfg80211_wiphy_work [ 121.287010] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.287406] [ 121.287411] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.287428] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.288679] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.289026] RSP: 0018:ffff88800ddef6a0 EFLAGS: 00010256 [ 121.291624] [ 121.291740] [ 121.291744] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.292469] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.293887] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.293896] RBP: ffff88800ddef970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.293904] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.294669] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.295065] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.295336] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.295451] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.296484] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.297025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.298049] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.298587] CR2: 0000000020446000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 121.298596] Call Trace: [ 121.298600] [ 121.298605] ? find_held_lock+0x2b/0x80 [ 121.299635] FS: 00007f6907cc7900(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.300174] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.300189] perf_tp_event+0x8b4/0xe70 [ 121.301217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.301761] ? __pfx_perf_tp_event+0x10/0x10 [ 121.302902] CR2: 000055b81f2a14c8 CR3: 000000000bc94000 CR4: 0000000000350ef0 [ 121.303434] ? ret_from_fork_asm+0x1a/0x30 [ 121.303452] ? stack_trace_save+0x8e/0xc0 [ 121.304301] note: systemd-journal[97] exited with preempt_count 2 [ 121.304842] ? stack_depot_save_flags+0x2c/0xa20 [ 121.310706] ? kasan_save_stack+0x34/0x50 [ 121.311044] ? kasan_save_stack+0x24/0x50 [ 121.311378] ? kasan_save_track+0x14/0x30 [ 121.311714] ? __kasan_save_free_info+0x3a/0x60 [ 121.312087] ? __kasan_slab_free+0x3f/0x50 [ 121.312428] ? kmem_cache_free+0x2a1/0x540 [ 121.312766] ? kfree_skbmem+0x18a/0x1f0 [ 121.313089] ? sk_skb_reason_drop+0x10e/0x1b0 [ 121.313453] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.313855] perf_trace_run_bpf_submit+0xef/0x180 [ 121.314245] perf_trace_contention_begin+0x235/0x3e0 [ 121.314650] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.315095] ? __pick_eevdf+0x326/0x570 [ 121.315418] ? update_curr+0x71/0x500 [ 121.315730] ? lock_acquire+0x18c/0x2f0 [ 121.316084] trace_contention_begin+0xae/0x110 [ 121.316457] __mutex_lock+0x14b/0x1020 [ 121.316776] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.317140] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.317506] ? lock_release+0x1c7/0x290 [ 121.317825] ? lock_release+0x1c7/0x290 [ 121.318148] ? __pfx___mutex_lock+0x10/0x10 [ 121.318498] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.318906] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.319282] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.319725] cfg80211_wiphy_work+0x7e/0x480 [ 121.320080] process_one_work+0x8e1/0x19c0 [ 121.320412] ? __pfx_process_one_work+0x10/0x10 [ 121.320777] ? move_linked_works+0x172/0x270 [ 121.321129] ? assign_work+0x196/0x240 [ 121.321437] worker_thread+0x67e/0xe90 [ 121.321746] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.322156] ? __pfx_worker_thread+0x10/0x10 [ 121.322505] kthread+0x3c8/0x740 [ 121.322775] ? __pfx_kthread+0x10/0x10 [ 121.323082] ? ret_from_fork+0x23/0x430 [ 121.323401] ? lock_release+0xc8/0x290 [ 121.323722] ? __pfx_kthread+0x10/0x10 [ 121.324052] ret_from_fork+0x34b/0x430 [ 121.324381] ? __pfx_kthread+0x10/0x10 [ 121.324698] ret_from_fork_asm+0x1a/0x30 [ 121.325031] [ 121.325220] Modules linked in: [ 121.325487] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#7] SMP KASAN NOPTI [ 121.325569] ---[ end trace 0000000000000000 ]--- [ 121.327080] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.327464] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.328707] CPU: 1 UID: 0 PID: 289 Comm: syz-executor.4 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.328745] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.328754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.328765] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.328798] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.328818] RSP: 0018:ffff88800b6ef3a0 EFLAGS: 00010217 [ 121.328837] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.328852] RDX: ffff88801b560000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.328866] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.328881] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.328895] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.328912] FS: 000055556f435400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.328932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.328947] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.328961] Call Trace: [ 121.328968] [ 121.328976] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.329003] perf_tp_event+0x8b4/0xe70 [ 121.329035] ? __pfx_perf_tp_event+0x10/0x10 [ 121.329063] ? do_raw_spin_lock+0x123/0x260 [ 121.329093] ? lock_acquire+0x18c/0x2f0 [ 121.329117] ? dup_mmap+0xd2f/0x1d10 [ 121.329147] ? copy_process+0x3ad5/0x73c0 [ 121.329169] ? kernel_clone+0xea/0x7f0 [ 121.329190] ? css_rstat_updated+0x1b8/0x4d0 [ 121.329220] ? __pfx_css_rstat_updated+0x10/0x10 [ 121.329251] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.329274] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 121.329304] ? __create_object+0x59/0x80 [ 121.329336] ? do_raw_spin_lock+0x123/0x260 [ 121.329364] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 121.329396] ? lock_acquire+0x18c/0x2f0 [ 121.329420] ? __pte_offset_map_lock+0x190/0x330 [ 121.329445] ? percpu_counter_add_batch+0x126/0x240 [ 121.329471] ? vm_normal_page+0x154/0x270 [ 121.329502] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.329534] perf_trace_run_bpf_submit+0xef/0x180 [ 121.329566] perf_trace_contention_begin+0x235/0x3e0 [ 121.329594] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.329623] ? lock_acquire+0x18c/0x2f0 [ 121.329649] trace_contention_begin+0xae/0x110 [ 121.329676] __mutex_lock+0x14b/0x1020 [ 121.329708] ? ldt_dup_context+0x46/0x350 [ 121.330798] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.331803] ? ldt_dup_context+0x46/0x350 [ 121.332226] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.333375] ? __pfx___mutex_lock+0x10/0x10 [ 121.333775] [ 121.333781] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.336373] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 121.336802] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.337800] ? mas_next_slot+0x13cc/0x1ac0 [ 121.338378] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.339374] ldt_dup_context+0x46/0x350 [ 121.339962] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.340967] dup_mmap+0x178e/0x1d10 [ 121.341619] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.342431] ? __pfx_dup_mmap+0x10/0x10 [ 121.342988] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.343363] ? lock_is_held_type+0x9e/0x120 [ 121.343552] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.344241] copy_process+0x3ad5/0x73c0 [ 121.344546] CR2: 0000000020446000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 121.345160] ? __pfx_copy_process+0x10/0x10 [ 121.345493] note: kworker/u9:3[224] exited with preempt_count 2 [ 121.346043] ? do_raw_spin_lock+0x123/0x260 [ 121.378328] kernel_clone+0xea/0x7f0 [ 121.378876] ? __pfx_kernel_clone+0x10/0x10 [ 121.379499] ? __lock_acquire+0x694/0x1b70 [ 121.380115] ? css_rstat_updated+0x1b8/0x4d0 [ 121.380766] __do_sys_clone+0xce/0x120 [ 121.381334] ? __pfx___do_sys_clone+0x10/0x10 [ 121.381985] ? find_held_lock+0x2b/0x80 [ 121.382578] ? lock_release+0xc8/0x290 [ 121.383146] ? __might_fault+0xe0/0x190 [ 121.383749] ? __might_fault+0x151/0x190 [ 121.384343] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.385097] do_syscall_64+0xbf/0x360 [ 121.385653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.386390] RIP: 0033:0x7fef513ae10b [ 121.386927] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 121.389502] RSP: 002b:00007ffc4d4b6c60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 121.390591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fef513ae10b [ 121.391615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 121.392649] RBP: 0000000000000001 R08: 0000000000000000 R09: 000055556f435400 [ 121.393653] R10: 000055556f4356d0 R11: 0000000000000246 R12: 0000000000000001 [ 121.394655] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc4d4b6d40 [ 121.395666] [ 121.396006] Modules linked in: [ 121.396471] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#8] SMP KASAN NOPTI [ 121.397330] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.397403] ---[ end trace 0000000000000000 ]--- [ 121.397911] CPU: 0 UID: 0 PID: 1355 Comm: kworker/u10:7 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.399208] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.399467] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.400211] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.400570] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.403130] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.403735] Workqueue: events_unbound cfg80211_wiphy_work [ 121.404509] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.404898] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.405912] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.406276] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.406289] RSP: 0018:ffff88800f6276a0 EFLAGS: 00010256 [ 121.407307] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.408676] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.408686] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.408693] RBP: ffff88800f627970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.408702] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.409461] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.410009] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.411101] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.411653] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.412675] FS: 000055556f435400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.413211] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.413220] CR2: 0000000020a52000 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 121.413228] Call Trace: [ 121.413233] [ 121.414257] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.414790] ? find_held_lock+0x2b/0x80 [ 121.415831] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.416437] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.416453] perf_tp_event+0x8b4/0xe70 [ 121.417613] note: syz-executor.4[289] exited with preempt_count 2 [ 121.418044] ? __pfx_perf_tp_event+0x10/0x10 [ 121.422235] ? ret_from_fork_asm+0x1a/0x30 [ 121.422576] ? stack_trace_save+0x8e/0xc0 [ 121.422906] ? stack_depot_save_flags+0x2c/0xa20 [ 121.423287] ? kasan_save_stack+0x34/0x50 [ 121.423628] ? kasan_save_stack+0x24/0x50 [ 121.423975] ? kasan_save_track+0x14/0x30 [ 121.424320] ? __kasan_save_free_info+0x3a/0x60 [ 121.424706] ? __kasan_slab_free+0x3f/0x50 [ 121.425058] ? kmem_cache_free+0x2a1/0x540 [ 121.425407] ? kfree_skbmem+0x18a/0x1f0 [ 121.425742] ? sk_skb_reason_drop+0x10e/0x1b0 [ 121.426116] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.426529] perf_trace_run_bpf_submit+0xef/0x180 [ 121.426932] perf_trace_contention_begin+0x235/0x3e0 [ 121.427354] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.427820] ? lock_acquire+0x18c/0x2f0 [ 121.428153] trace_contention_begin+0xae/0x110 [ 121.428535] __mutex_lock+0x14b/0x1020 [ 121.428866] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.429240] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.429616] ? lock_release+0x1c7/0x290 [ 121.429954] ? __pfx___mutex_lock+0x10/0x10 [ 121.430316] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.430739] ? xfd_validate_state+0x55/0x180 [ 121.431110] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.431490] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.431927] cfg80211_wiphy_work+0x7e/0x480 [ 121.432289] process_one_work+0x8e1/0x19c0 [ 121.432642] ? __pfx_process_one_work+0x10/0x10 [ 121.433033] ? move_linked_works+0x172/0x270 [ 121.433404] ? assign_work+0x196/0x240 [ 121.433725] worker_thread+0x67e/0xe90 [ 121.434052] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.434482] ? __pfx_worker_thread+0x10/0x10 [ 121.434848] kthread+0x3c8/0x740 [ 121.435134] ? __pfx_kthread+0x10/0x10 [ 121.435464] ? ret_from_fork+0x23/0x430 [ 121.435810] ? lock_release+0xc8/0x290 [ 121.436135] ? __pfx_kthread+0x10/0x10 [ 121.436460] ret_from_fork+0x34b/0x430 [ 121.436790] ? __pfx_kthread+0x10/0x10 [ 121.437117] ret_from_fork_asm+0x1a/0x30 [ 121.437460] [ 121.437655] Modules linked in: [ 121.437923] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#9] SMP KASAN NOPTI [ 121.438986] ---[ end trace 0000000000000000 ]--- [ 121.439552] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.439576] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.439612] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.439621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.439635] Workqueue: ipv6_addrconf addrconf_dad_work [ 121.439685] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.439728] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.439749] RSP: 0018:ffff8880095ff620 EFLAGS: 00010217 [ 121.439766] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.439781] RDX: ffff8880095dd280 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.439795] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.439810] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.439823] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.439841] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.439865] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.439885] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.439905] Call Trace: [ 121.439913] [ 121.439922] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.439949] perf_tp_event+0x8b4/0xe70 [ 121.439981] ? __pfx_perf_tp_event+0x10/0x10 [ 121.440012] ? lock_acquire+0x15e/0x2f0 [ 121.440037] ? __asan_memcpy+0x3d/0x60 [ 121.440064] ? neigh_resolve_output+0x49a/0x7f0 [ 121.440093] ? ip6_finish_output2+0x968/0x1780 [ 121.440132] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.440162] ? find_held_lock+0x2b/0x80 [ 121.440192] perf_trace_run_bpf_submit+0xef/0x180 [ 121.440225] perf_trace_contention_begin+0x235/0x3e0 [ 121.440251] ? __mutex_unlock_slowpath+0x157/0x750 [ 121.440660] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.441904] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.442861] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.443586] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 121.444269] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.445012] ? lock_release+0xc8/0x290 [ 121.445429] [ 121.448052] ? insn_decode_mmio+0x4e3/0x650 [ 121.448494] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.449494] ? lock_acquire+0x18c/0x2f0 [ 121.450069] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.451078] trace_contention_begin+0xae/0x110 [ 121.451664] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.452669] __mutex_lock+0x14b/0x1020 [ 121.453323] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.454128] ? addrconf_dad_work+0xf6/0x11a0 [ 121.454702] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.455082] ? addrconf_dad_work+0xf6/0x11a0 [ 121.455284] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.456013] ? sched_clock_cpu+0x6c/0x4e0 [ 121.456342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.456963] ? __pfx___mutex_lock+0x10/0x10 [ 121.457295] CR2: 0000000020a52000 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 121.457841] ? __update_load_avg_se+0x428/0xa40 [ 121.458228] note: kworker/u10:7[1355] exited with preempt_count 2 [ 121.458872] ? __perf_event_task_sched_in+0x235/0x5e0 [ 121.483237] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 121.484025] ? lock_is_held_type+0x9e/0x120 [ 121.484657] addrconf_dad_work+0xf6/0x11a0 [ 121.485282] ? __pfx_addrconf_dad_work+0x10/0x10 [ 121.485971] ? lock_acquire+0x18c/0x2f0 [ 121.486549] ? lock_release+0x1c7/0x290 [ 121.487131] process_one_work+0x8e1/0x19c0 [ 121.487754] ? __pfx_process_one_work+0x10/0x10 [ 121.488423] ? move_linked_works+0x172/0x270 [ 121.489084] ? assign_work+0x196/0x240 [ 121.489650] worker_thread+0x67e/0xe90 [ 121.490229] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.490976] ? __pfx_worker_thread+0x10/0x10 [ 121.491623] kthread+0x3c8/0x740 [ 121.492129] ? __pfx_kthread+0x10/0x10 [ 121.492693] ? ret_from_fork+0x23/0x430 [ 121.493296] ? lock_release+0xc8/0x290 [ 121.493866] ? __pfx_kthread+0x10/0x10 [ 121.494428] ret_from_fork+0x34b/0x430 [ 121.495001] ? __pfx_kthread+0x10/0x10 [ 121.495579] ret_from_fork_asm+0x1a/0x30 [ 121.496182] [ 121.496525] Modules linked in: [ 121.496991] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#10] SMP KASAN NOPTI [ 121.497915] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.497979] ---[ end trace 0000000000000000 ]--- [ 121.498528] CPU: 0 UID: 0 PID: 637 Comm: kworker/u10:5 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.498550] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.498555] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.498563] Workqueue: events_unbound cfg80211_wiphy_work [ 121.498583] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.498604] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.498616] RSP: 0018:ffff88800deff6a0 EFLAGS: 00010256 [ 121.498626] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.498634] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.498642] RBP: ffff88800deff970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.498650] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.498658] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.498667] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.498679] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.498687] CR2: 0000000021000000 CR3: 000000001f523000 CR4: 0000000000350ef0 [ 121.498695] Call Trace: [ 121.498700] [ 121.498705] ? find_held_lock+0x2b/0x80 [ 121.498723] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.498738] perf_tp_event+0x8b4/0xe70 [ 121.498757] ? __pfx_perf_tp_event+0x10/0x10 [ 121.498774] ? __lock_acquire+0xc65/0x1b70 [ 121.498788] ? __lock_acquire+0xc65/0x1b70 [ 121.498805] ? mark_held_locks+0x49/0x80 [ 121.498820] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.498836] perf_trace_run_bpf_submit+0xef/0x180 [ 121.498854] perf_trace_contention_begin+0x235/0x3e0 [ 121.498870] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.498885] ? lock_acquire+0x18c/0x2f0 [ 121.498900] trace_contention_begin+0xae/0x110 [ 121.498915] __mutex_lock+0x14b/0x1020 [ 121.498935] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.498947] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.498960] ? lock_release+0x1c7/0x290 [ 121.498973] ? __pfx___mutex_lock+0x10/0x10 [ 121.498991] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.499009] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.499027] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.499041] cfg80211_wiphy_work+0x7e/0x480 [ 121.499055] process_one_work+0x8e1/0x19c0 [ 121.499073] ? __pfx_process_one_work+0x10/0x10 [ 121.499087] ? move_linked_works+0x172/0x270 [ 121.499106] ? assign_work+0x196/0x240 [ 121.499120] worker_thread+0x67e/0xe90 [ 121.499134] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.499148] ? __pfx_worker_thread+0x10/0x10 [ 121.499162] kthread+0x3c8/0x740 [ 121.499175] ? __pfx_kthread+0x10/0x10 [ 121.499188] ? ret_from_fork+0x23/0x430 [ 121.499207] ? lock_release+0xc8/0x290 [ 121.499220] ? __pfx_kthread+0x10/0x10 [ 121.499233] ret_from_fork+0x34b/0x430 [ 121.499251] ? __pfx_kthread+0x10/0x10 [ 121.499936] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.500862] ret_from_fork_asm+0x1a/0x30 [ 121.500889] [ 121.500893] Modules linked in: [ 121.501028] ---[ end trace 0000000000000000 ]--- [ 121.501676] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.502302] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.503071] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.503472] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.506048] [ 121.506451] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.506463] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.507477] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.508019] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.509056] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.509635] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.509646] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.510684] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.511345] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.511356] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.512217] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.512790] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.513194] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.513376] CR2: 0000000021000000 CR3: 000000001f523000 CR4: 0000000000350ef0 [ 121.513949] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.514361] note: kworker/u10:5[637] exited with preempt_count 2 [ 121.514585] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#11] SMP KASAN NOPTI [ 121.514928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.515290] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.515303] CPU: 0 UID: 0 PID: 175 Comm: in:imklog Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.515925] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.516262] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.516269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.516275] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.516863] note: kworker/u8:0[12] exited with preempt_count 2 [ 121.517254] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.517267] RSP: 0018:ffff888017bef3e0 EFLAGS: 00010256 [ 121.517277] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.549506] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.550084] RBP: ffff888017bef6b0 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.550662] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.551238] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.551829] FS: 00007f9fe10ec700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.552462] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.552919] CR2: 0000000021000000 CR3: 000000000c693000 CR4: 0000000000350ef0 [ 121.553480] Call Trace: [ 121.553688] [ 121.553872] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.554273] perf_tp_event+0x8b4/0xe70 [ 121.554590] ? __pfx_perf_tp_event+0x10/0x10 [ 121.554948] ? lock_acquire+0x15e/0x2f0 [ 121.555266] ? __is_insn_slot_addr+0x2e/0x290 [ 121.555637] ? find_held_lock+0x2b/0x80 [ 121.555964] ? __is_insn_slot_addr+0x136/0x290 [ 121.556337] ? lock_release+0xc8/0x290 [ 121.556648] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 121.557091] ? __resched_curr+0x2a2/0x330 [ 121.557425] ? __pfx___resched_curr+0x10/0x10 [ 121.557790] ? update_se+0x1ba/0x670 [ 121.558095] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.558495] perf_trace_run_bpf_submit+0xef/0x180 [ 121.558882] perf_trace_contention_begin+0x235/0x3e0 [ 121.559282] ? xfd_validate_state+0x55/0x180 [ 121.559651] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.560096] ? _prb_read_valid+0x6e9/0x830 [ 121.560436] ? lock_acquire+0x18c/0x2f0 [ 121.560756] trace_contention_begin+0xae/0x110 [ 121.561124] __mutex_lock+0x14b/0x1020 [ 121.561449] ? syslog_print+0x244/0x5c0 [ 121.561768] ? syslog_print+0x244/0x5c0 [ 121.562086] ? __pfx___mutex_lock+0x10/0x10 [ 121.562437] ? lock_acquire+0x15e/0x2f0 [ 121.562757] ? prb_read_valid+0x78/0xa0 [ 121.563084] ? __pfx_prb_read_valid+0x10/0x10 [ 121.563451] syslog_print+0x244/0x5c0 [ 121.563768] ? __pfx_syslog_print+0x10/0x10 [ 121.564112] ? __pfx_autoremove_wake_function+0x10/0x10 [ 121.564540] ? lock_acquire+0x15e/0x2f0 [ 121.564856] ? avc_has_perm_noaudit+0x59/0x3d0 [ 121.565235] ? find_held_lock+0x2b/0x80 [ 121.565557] ? avc_has_perm_noaudit+0x11b/0x3d0 [ 121.565940] do_syslog.part.0+0x20b/0x5b0 [ 121.566272] ? __pfx_do_syslog.part.0+0x10/0x10 [ 121.566651] ? avc_has_perm+0x12b/0x1d0 [ 121.566976] ? __pfx_avc_has_perm+0x10/0x10 [ 121.567327] ? lock_is_held_type+0x9e/0x120 [ 121.567686] do_syslog+0xcd/0x110 [ 121.567968] kmsg_read+0x8e/0xc0 [ 121.568245] ? __pfx_kmsg_read+0x10/0x10 [ 121.568567] proc_reg_read+0x120/0x310 [ 121.568882] ? __pfx_proc_reg_read+0x10/0x10 [ 121.569238] vfs_read+0x1eb/0xc70 [ 121.569524] ? __pfx_vfs_read+0x10/0x10 [ 121.569846] ? lock_release+0xc8/0x290 [ 121.570158] ? __fget_files+0x20d/0x3b0 [ 121.570482] ksys_read+0x121/0x240 [ 121.570770] ? __pfx_ksys_read+0x10/0x10 [ 121.571095] do_syscall_64+0xbf/0x360 [ 121.571401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.571818] RIP: 0033:0x7f9fe1b2f08c [ 121.572121] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 89 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf fc ff ff 48 [ 121.573543] RSP: 002b:00007f9fe10cb4d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 121.574140] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9fe1b2f08c [ 121.574707] RDX: 0000000000001fa0 RSI: 00007f9fe10cbd00 RDI: 0000000000000005 [ 121.575264] RBP: 0000557a159db4c0 R08: 0000000000000000 R09: 0000557a159d7e88 [ 121.575832] R10: a3d70a3d70a3d70b R11: 0000000000000246 R12: 00007f9fe10cbd00 [ 121.576399] R13: 0000000000001fa0 R14: 00007f9fe10cbd00 R15: 00007f9fe10cbd9e [ 121.576961] [ 121.577152] Modules linked in: [ 121.577415] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#12] SMP KASAN NOPTI [ 121.578696] ---[ end trace 0000000000000000 ]--- [ 121.579013] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.580218] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.580622] CPU: 1 UID: 0 PID: 40 Comm: kworker/u9:2 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.581014] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.582655] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.584122] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.584792] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.585222] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.586372] Workqueue: events_unbound cfg80211_wiphy_work [ 121.586931] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.586935] [ 121.586943] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.587719] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.588305] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.588543] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.589109] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.589812] RSP: 0018:ffff88800a25f6a0 EFLAGS: 00010217 [ 121.590382] FS: 00007f9fe10ec700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.592922] [ 121.592929] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.593504] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.594233] RDX: ffff88800a250000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.594873] CR2: 0000000021000000 CR3: 000000000c693000 CR4: 0000000000350ef0 [ 121.595121] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.595708] note: in:imklog[175] exited with preempt_count 2 [ 121.596520] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.600924] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.601946] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.603090] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.603929] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.604946] Call Trace: [ 121.605324] [ 121.605658] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.606382] perf_tp_event+0x8b4/0xe70 [ 121.606963] ? __pfx_perf_tp_event+0x10/0x10 [ 121.607621] ? ret_from_fork_asm+0x1a/0x30 [ 121.608246] ? stack_trace_save+0x8e/0xc0 [ 121.608853] ? stack_depot_save_flags+0x2c/0xa20 [ 121.609543] ? kasan_save_stack+0x34/0x50 [ 121.610145] ? kasan_save_stack+0x24/0x50 [ 121.610748] ? kasan_save_track+0x14/0x30 [ 121.611357] ? __kasan_save_free_info+0x3a/0x60 [ 121.612042] ? __kasan_slab_free+0x3f/0x50 [ 121.612658] ? kmem_cache_free+0x2a1/0x540 [ 121.613266] ? kfree_skbmem+0x18a/0x1f0 [ 121.613851] ? sk_skb_reason_drop+0x10e/0x1b0 [ 121.614506] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.615235] perf_trace_run_bpf_submit+0xef/0x180 [ 121.615954] perf_trace_contention_begin+0x235/0x3e0 [ 121.616705] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.617530] ? lock_acquire+0x18c/0x2f0 [ 121.618121] trace_contention_begin+0xae/0x110 [ 121.618804] __mutex_lock+0x14b/0x1020 [ 121.619396] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.620069] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.620738] ? lock_release+0x1c7/0x290 [ 121.621328] ? __pfx___mutex_lock+0x10/0x10 [ 121.621982] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.622730] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.623410] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.624180] cfg80211_wiphy_work+0x7e/0x480 [ 121.624831] process_one_work+0x8e1/0x19c0 [ 121.625466] ? __pfx_process_one_work+0x10/0x10 [ 121.626161] ? move_linked_works+0x172/0x270 [ 121.626823] ? assign_work+0x196/0x240 [ 121.627402] worker_thread+0x67e/0xe90 [ 121.627993] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.628767] ? __pfx_worker_thread+0x10/0x10 [ 121.629434] kthread+0x3c8/0x740 [ 121.629935] ? __pfx_kthread+0x10/0x10 [ 121.630519] ? ret_from_fork+0x23/0x430 [ 121.631114] ? lock_release+0xc8/0x290 [ 121.631696] ? __pfx_kthread+0x10/0x10 [ 121.632279] ret_from_fork+0x34b/0x430 [ 121.632865] ? __pfx_kthread+0x10/0x10 [ 121.633446] ret_from_fork_asm+0x1a/0x30 [ 121.634061] [ 121.634408] Modules linked in: [ 121.634882] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#13] SMP KASAN NOPTI [ 121.635809] ---[ end trace 0000000000000000 ]--- [ 121.635827] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.637127] CPU: 0 UID: 0 PID: 273 Comm: kworker/u10:4 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.637623] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.638084] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.638090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.638098] Workqueue: events_unbound cfg80211_wiphy_work [ 121.638116] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.638133] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.638145] RSP: 0018:ffff888020cd76a0 EFLAGS: 00010256 [ 121.638154] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.638162] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.638169] RBP: ffff888020cd7970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.638177] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.638185] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.638194] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.638205] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.638213] CR2: 0000001b2cf22000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 121.638220] Call Trace: [ 121.638224] [ 121.638229] ? __inode_add_lru+0xb7/0x280 [ 121.638244] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.638259] perf_tp_event+0x8b4/0xe70 [ 121.638277] ? __pfx_perf_tp_event+0x10/0x10 [ 121.638294] ? fprop_reflect_period_percpu.isra.0+0x4b/0x300 [ 121.638314] ? mark_held_locks+0x49/0x80 [ 121.638329] ? fprop_fraction_percpu+0x1da/0x340 [ 121.638342] ? __wb_calc_thresh+0x309/0x4b0 [ 121.638355] ? __pfx___wb_calc_thresh+0x10/0x10 [ 121.638369] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.638385] perf_trace_run_bpf_submit+0xef/0x180 [ 121.638403] perf_trace_contention_begin+0x235/0x3e0 [ 121.638418] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.638434] ? lock_acquire+0x18c/0x2f0 [ 121.638448] trace_contention_begin+0xae/0x110 [ 121.638462] __mutex_lock+0x14b/0x1020 [ 121.639247] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.639628] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.640829] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.641247] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.641261] ? lock_release+0x1c7/0x290 [ 121.641988] [ 121.643459] ? __pfx___mutex_lock+0x10/0x10 [ 121.643479] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.644265] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.644834] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.645873] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.646426] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.646443] cfg80211_wiphy_work+0x7e/0x480 [ 121.647488] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.648052] process_one_work+0x8e1/0x19c0 [ 121.649211] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.649662] ? __pfx_process_one_work+0x10/0x10 [ 121.650689] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.650884] ? move_linked_works+0x172/0x270 [ 121.651236] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.651552] ? assign_work+0x196/0x240 [ 121.652286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.652582] worker_thread+0x67e/0xe90 [ 121.653239] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.653685] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.654290] note: kworker/u9:2[40] exited with preempt_count 2 [ 121.654649] ? __pfx_worker_thread+0x10/0x10 [ 121.670395] kthread+0x3c8/0x740 [ 121.670676] ? __pfx_kthread+0x10/0x10 [ 121.670987] ? ret_from_fork+0x23/0x430 [ 121.671311] ? lock_release+0xc8/0x290 [ 121.671630] ? __pfx_kthread+0x10/0x10 [ 121.671944] ret_from_fork+0x34b/0x430 [ 121.672262] ? __pfx_kthread+0x10/0x10 [ 121.672573] ret_from_fork_asm+0x1a/0x30 [ 121.672908] [ 121.673096] Modules linked in: [ 121.673357] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#14] SMP KASAN NOPTI [ 121.674388] ---[ end trace 0000000000000000 ]--- [ 121.674961] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.676041] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.676606] CPU: 1 UID: 0 PID: 63 Comm: kworker/1:2 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.677012] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.678622] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.680070] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.680772] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.681204] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.682361] Workqueue: mld mld_ifc_work [ 121.682926] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.682930] [ 121.682938] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.683491] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.684060] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.684304] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.684872] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.685587] RSP: 0018:ffff88800a73f660 EFLAGS: 00010217 [ 121.686166] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.688711] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.689291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.690039] RDX: ffff88800a705280 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.690702] CR2: 0000001b2cf22000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 121.691719] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.692214] note: kworker/u10:4[273] exited with preempt_count 2 [ 121.693232] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.696774] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.697818] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.698989] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.699854] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.700891] Call Trace: [ 121.701274] [ 121.701615] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.702355] perf_tp_event+0x8b4/0xe70 [ 121.702939] ? perf_trace_lock+0xb5/0x5d0 [ 121.703558] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.704237] ? __pfx_perf_tp_event+0x10/0x10 [ 121.704899] ? unwind_next_frame+0x3b2/0x2540 [ 121.705571] ? lock_release+0x1c7/0x290 [ 121.706173] ? unwind_next_frame+0x3bc/0x2540 [ 121.706843] ? ret_from_fork_asm+0x1a/0x30 [ 121.707474] ? ret_from_fork_asm+0x1a/0x30 [ 121.708116] ? kernel_text_address+0x11/0xc0 [ 121.708774] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.709558] ? arch_stack_walk+0x86/0xf0 [ 121.710164] ? ret_from_fork_asm+0x1a/0x30 [ 121.710794] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.711579] perf_trace_run_bpf_submit+0xef/0x180 [ 121.712309] perf_trace_contention_begin+0x235/0x3e0 [ 121.713054] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.713872] ? lock_acquire+0x18c/0x2f0 [ 121.714466] trace_contention_begin+0xae/0x110 [ 121.715145] __mutex_lock+0x14b/0x1020 [ 121.715747] ? mld_ifc_work+0x42/0xb60 [ 121.716326] ? mld_ifc_work+0x42/0xb60 [ 121.716903] ? __update_load_avg_se+0x428/0xa40 [ 121.717593] ? __pfx___mutex_lock+0x10/0x10 [ 121.718240] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 121.719037] ? __pfx_perf_trace_lock+0x10/0x10 [ 121.719714] ? lock_acquire+0x18c/0x2f0 [ 121.720306] ? lock_release+0x1c7/0x290 [ 121.720907] mld_ifc_work+0x42/0xb60 [ 121.721471] ? lock_release+0x1c7/0x290 [ 121.722080] process_one_work+0x8e1/0x19c0 [ 121.722711] ? __pfx_process_one_work+0x10/0x10 [ 121.723397] ? move_linked_works+0x172/0x270 [ 121.724074] ? assign_work+0x196/0x240 [ 121.724663] worker_thread+0x67e/0xe90 [ 121.725256] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.726027] ? __pfx_worker_thread+0x10/0x10 [ 121.726696] kthread+0x3c8/0x740 [ 121.727200] ? __pfx_kthread+0x10/0x10 [ 121.727798] ? ret_from_fork+0x23/0x430 [ 121.728399] ? lock_release+0xc8/0x290 [ 121.728980] ? __pfx_kthread+0x10/0x10 [ 121.729554] ret_from_fork+0x34b/0x430 [ 121.730149] ? __pfx_kthread+0x10/0x10 [ 121.730730] ret_from_fork_asm+0x1a/0x30 [ 121.731346] [ 121.731742] Modules linked in: [ 121.732218] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#15] SMP KASAN NOPTI [ 121.732254] ---[ end trace 0000000000000000 ]--- [ 121.733147] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.733162] CPU: 0 UID: 0 PID: 3935 Comm: syz-executor.7 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.733844] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.734458] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.734464] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.734471] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.736188] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.736580] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.737329] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.737973] RSP: 0018:ffff88801b5077a0 EFLAGS: 00010256 [ 121.737985] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.737993] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.738001] RBP: ffff88801b507a70 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.738009] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.738016] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.738025] FS: 000055555fe0b400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.738036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.738044] CR2: 0000001b2d522000 CR3: 000000001f523000 CR4: 0000000000350ef0 [ 121.738052] Call Trace: [ 121.738056] [ 121.738060] ? ext4_page_mkwrite+0x329/0x1710 [ 121.738077] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.738092] perf_tp_event+0x8b4/0xe70 [ 121.738108] ? __pfx_ext4_inode_csum+0x10/0x10 [ 121.738127] ? __pfx_perf_tp_event+0x10/0x10 [ 121.738144] ? lock_release+0x1c7/0x290 [ 121.738158] ? __virt_addr_valid+0x100/0x5d0 [ 121.738179] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.738191] ? kasan_quarantine_put+0x84/0x1e0 [ 121.738207] ? kmem_cache_free+0x2a1/0x540 [ 121.738219] ? jbd2_journal_stop+0x5d5/0xe20 [ 121.738240] ? jbd2_journal_stop+0x184/0xe20 [ 121.738259] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.738275] ? __block_write_begin_int+0xfef/0x1570 [ 121.738291] ? do_raw_spin_lock+0x123/0x260 [ 121.738306] perf_trace_run_bpf_submit+0xef/0x180 [ 121.738324] perf_trace_contention_begin+0x235/0x3e0 [ 121.738338] ? pfn_pte+0xde/0x230 [ 121.738352] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.738367] ? percpu_counter_add_batch+0x126/0x240 [ 121.738383] ? lock_acquire+0x18c/0x2f0 [ 121.738397] trace_contention_begin+0xae/0x110 [ 121.738412] __mutex_lock+0x14b/0x1020 [ 121.738430] ? perf_remove_from_owner+0x145/0x570 [ 121.738447] ? perf_remove_from_owner+0x145/0x570 [ 121.738464] ? __pfx___mutex_lock+0x10/0x10 [ 121.738483] ? fault_dirty_shared_page+0x17c/0x640 [ 121.738498] ? lock_acquire+0x18c/0x2f0 [ 121.738511] ? __handle_mm_fault+0x753/0x3260 [ 121.738528] ? lock_release+0x1c7/0x290 [ 121.738542] perf_remove_from_owner+0x145/0x570 [ 121.738559] ? __pfx_perf_release+0x10/0x10 [ 121.738571] perf_event_release_kernel+0x8f/0x540 [ 121.738586] ? __pfx_perf_release+0x10/0x10 [ 121.738598] perf_release+0x31/0x40 [ 121.738610] __fput+0x401/0xb50 [ 121.738629] fput_close_sync+0x10f/0x240 [ 121.738645] ? __pfx_fput_close_sync+0x10/0x10 [ 121.738661] ? dnotify_flush+0x79/0x4c0 [ 121.738675] __x64_sys_close+0x8f/0x120 [ 121.738694] do_syscall_64+0xbf/0x360 [ 121.738707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.738719] RIP: 0033:0x7f86cd43e72b [ 121.738729] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 121.738740] RSP: 002b:00007ffe38be22b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 121.738751] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f86cd43e72b [ 121.738759] RDX: 0000001b2d522bdc RSI: ffffffff812bfd37 RDI: 0000000000000003 [ 121.738766] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b2d522634 [ 121.738774] R10: 0000000000000fdf R11: 0000000000000293 R12: 00007f86cd59fb60 [ 121.738781] R13: 00007f86cd59fb60 R14: 00007f86cd59ef60 R15: 000000000001d78c [ 121.738791] ? sched_clock+0x37/0x60 [ 121.738808] [ 121.738811] Modules linked in: [ 121.739896] ---[ end trace 0000000000000000 ]--- [ 121.739904] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.739922] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.739934] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.739944] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.739952] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.739960] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.739968] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.739975] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.739985] FS: 000055555fe0b400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.739996] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.740004] CR2: 0000001b2d522000 CR3: 000000001f523000 CR4: 0000000000350ef0 [ 121.740013] note: syz-executor.7[3935] exited with preempt_count 2 [ 121.743195] kworker/u10:5 (637) used greatest stack depth: 24624 bytes left [ 121.745468] [ 121.745926] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#16] SMP KASAN NOPTI [ 121.746677] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.747236] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.747249] CPU: 0 UID: 0 PID: 895 Comm: kworker/u9:8 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.748311] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.748885] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.749918] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.750479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.750488] Workqueue: events_unbound cfg80211_wiphy_work [ 121.750504] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.751664] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.752116] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.752129] RSP: 0018:ffff8880455df6a0 EFLAGS: 00010256 [ 121.753184] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.753383] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.753718] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.754078] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.754087] RBP: ffff8880455df970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.754095] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.754102] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.754812] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.755125] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.755137] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.755146] CR2: 0000001b2d522000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 121.755806] CR2: 000055b81f2a14c8 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 121.756159] Call Trace: [ 121.756164] [ 121.756169] ? lock_release+0xc8/0x290 [ 121.756751] note: kworker/1:2[63] exited with preempt_count 2 [ 121.757102] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.757117] perf_tp_event+0x8b4/0xe70 [ 121.801464] ? __pfx_perf_tp_event+0x10/0x10 [ 121.801841] ? lock_acquire+0x18c/0x2f0 [ 121.802174] ? lock_release+0x1c7/0x290 [ 121.802505] ? unwind_next_frame+0x3bc/0x2540 [ 121.802881] ? ret_from_fork_asm+0x1a/0x30 [ 121.803237] ? ret_from_fork_asm+0x1a/0x30 [ 121.803596] ? kernel_text_address+0x11/0xc0 [ 121.803965] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.804419] ? arch_stack_walk+0x86/0xf0 [ 121.804762] ? ret_from_fork_asm+0x1a/0x30 [ 121.805115] ? stack_trace_save+0x8e/0xc0 [ 121.805464] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.805882] ? do_raw_spin_lock+0x123/0x260 [ 121.806243] perf_trace_run_bpf_submit+0xef/0x180 [ 121.806647] perf_trace_contention_begin+0x235/0x3e0 [ 121.807069] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.807532] ? __pick_eevdf+0x326/0x570 [ 121.807870] ? update_curr+0x71/0x500 [ 121.808191] ? lock_acquire+0x18c/0x2f0 [ 121.808521] trace_contention_begin+0xae/0x110 [ 121.808903] __mutex_lock+0x14b/0x1020 [ 121.809237] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.809614] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.809986] ? lock_release+0x1c7/0x290 [ 121.810324] ? lock_release+0x1c7/0x290 [ 121.810653] ? __pfx___mutex_lock+0x10/0x10 [ 121.811017] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.811443] ? __virt_addr_valid+0x100/0x5d0 [ 121.811818] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.812194] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 121.812645] cfg80211_wiphy_work+0x7e/0x480 [ 121.813004] process_one_work+0x8e1/0x19c0 [ 121.813361] ? __pfx_process_one_work+0x10/0x10 [ 121.813748] ? move_linked_works+0x172/0x270 [ 121.814125] ? assign_work+0x196/0x240 [ 121.814449] worker_thread+0x67e/0xe90 [ 121.814775] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.815204] ? __pfx_worker_thread+0x10/0x10 [ 121.815588] kthread+0x3c8/0x740 [ 121.815874] ? __pfx_kthread+0x10/0x10 [ 121.816195] ? ret_from_fork+0x23/0x430 [ 121.816537] ? lock_release+0xc8/0x290 [ 121.816865] ? __pfx_kthread+0x10/0x10 [ 121.817194] ret_from_fork+0x34b/0x430 [ 121.817521] ? __pfx_kthread+0x10/0x10 [ 121.817843] ret_from_fork_asm+0x1a/0x30 [ 121.818186] [ 121.818383] Modules linked in: [ 121.818843] ---[ end trace 0000000000000000 ]--- [ 121.819256] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.819691] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.821174] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.821609] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.822201] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.822790] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.822800] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#17] SMP KASAN NOPTI [ 121.823383] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.824985] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.825584] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.826822] CPU: 1 UID: 0 PID: 3934 Comm: syz-executor.5 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.827407] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.829071] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.829708] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.830404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.830417] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.830867] CR2: 0000001b2d522000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 121.832031] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.832454] note: kworker/u9:8[895] exited with preempt_count 2 [ 121.833439] RSP: 0018:ffff88800dfdf4e0 EFLAGS: 00010217 [ 121.836466] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.837477] RDX: ffff888017379b80 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.838487] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.839502] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.840518] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.841534] FS: 0000555556aea400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.842679] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.843509] CR2: 00007fed5fed6718 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 121.844530] Call Trace: [ 121.844908] [ 121.845240] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.845967] perf_tp_event+0x8b4/0xe70 [ 121.846542] ? __pfx_perf_tp_event+0x10/0x10 [ 121.847186] ? __kernel_text_address+0xd/0x40 [ 121.847849] ? arch_stack_walk+0x9c/0xf0 [ 121.848439] ? stack_trace_save+0x8e/0xc0 [ 121.849042] ? stack_depot_save_flags+0x2c/0xa20 [ 121.849730] ? lock_acquire+0x18c/0x2f0 [ 121.850308] ? lock_release+0x1c7/0x290 [ 121.850887] ? lock_acquire+0x18c/0x2f0 [ 121.851466] ? lock_acquire+0x18c/0x2f0 [ 121.852053] ? lock_release+0x1c7/0x290 [ 121.852638] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.853363] perf_trace_run_bpf_submit+0xef/0x180 [ 121.854071] perf_trace_contention_begin+0x235/0x3e0 [ 121.854803] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.855616] ? lock_acquire+0x18c/0x2f0 [ 121.856204] trace_contention_begin+0xae/0x110 [ 121.856894] __mutex_lock+0x14b/0x1020 [ 121.857479] ? freezer_fork+0xc1/0x500 [ 121.858071] ? freezer_fork+0xc1/0x500 [ 121.858645] ? delete_node+0x20e/0x730 [ 121.859228] ? __pfx___mutex_lock+0x10/0x10 [ 121.859892] ? __radix_tree_replace+0x117/0x300 [ 121.860587] ? lock_acquire+0x18c/0x2f0 [ 121.861183] ? do_raw_spin_lock+0x123/0x260 [ 121.861823] ? lock_release+0x1c7/0x290 [ 121.862412] freezer_fork+0xc1/0x500 [ 121.862971] cgroup_post_fork+0x31f/0x9a0 [ 121.863601] ? __pfx_cgroup_post_fork+0x10/0x10 [ 121.864287] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 121.864969] ? lock_release+0x1c7/0x290 [ 121.865549] copy_process+0x5e31/0x73c0 [ 121.866132] ? __pfx_copy_process+0x10/0x10 [ 121.866757] ? lock_acquire+0x18c/0x2f0 [ 121.867344] ? lock_release+0x1c7/0x290 [ 121.867939] kernel_clone+0xea/0x7f0 [ 121.868484] ? __pfx_kernel_clone+0x10/0x10 [ 121.869117] ? vma_start_read+0x304/0x8e0 [ 121.869719] ? __pfx___handle_mm_fault+0x10/0x10 [ 121.870418] ? css_rstat_updated+0x1b8/0x4d0 [ 121.871065] ? __pfx_css_rstat_updated+0x10/0x10 [ 121.871764] __do_sys_clone+0xce/0x120 [ 121.872331] ? __pfx___do_sys_clone+0x10/0x10 [ 121.872994] ? count_memcg_events+0x32b/0x420 [ 121.873667] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.874428] do_syscall_64+0xbf/0x360 [ 121.874980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.875735] RIP: 0033:0x7fed62982f41 [ 121.876271] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 121.878856] RSP: 002b:00007fff91d7c298 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 121.879948] RAX: ffffffffffffffda RBX: 00007fed5fed6700 RCX: 00007fed62982f41 [ 121.880972] RDX: 00007fed5fed69d0 RSI: 00007fed5fed62f0 RDI: 00000000003d0f00 [ 121.881998] RBP: 00007fff91d7c4d0 R08: 00007fed5fed6700 R09: 00007fed5fed6700 [ 121.883017] R10: 00007fed5fed69d0 R11: 0000000000000206 R12: 00007fff91d7c34e [ 121.884037] R13: 00007fff91d7c34f R14: 00007fed5fed6300 R15: 0000000000022000 [ 121.885062] [ 121.885404] Modules linked in: [ 121.886806] ---[ end trace 0000000000000000 ]--- [ 121.888172] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.888946] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.889176] kworker/u10:7 (1355) used greatest stack depth: 24512 bytes left [ 121.891569] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.892898] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.894137] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#18] SMP KASAN NOPTI [ 121.894152] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.894164] CPU: 0 UID: 0 PID: 354 Comm: kworker/u9:6 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.894184] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.894189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.894197] Workqueue: events_unbound cfg80211_wiphy_work [ 121.894213] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.895944] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.896379] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.896391] RSP: 0018:ffff888017f976a0 EFLAGS: 00010256 [ 121.896401] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 121.896409] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 121.896416] RBP: ffff888017f97970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 121.896424] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.896431] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.896441] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.896451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.896459] CR2: 0000001b2d522000 CR3: 0000000038c61000 CR4: 0000000000350ef0 [ 121.896467] Call Trace: [ 121.896470] [ 121.896475] ? __virt_addr_valid+0x1c6/0x5d0 [ 121.896493] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.896508] perf_tp_event+0x8b4/0xe70 [ 121.896525] ? mark_held_locks+0x49/0x80 [ 121.896538] ? __pfx_perf_tp_event+0x10/0x10 [ 121.896555] ? put_task_struct_rcu_user+0x75/0xc0 [ 121.898294] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.898580] ? release_task+0xcd4/0x1870 [ 121.899893] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.900182] ? __pfx_release_task+0x10/0x10 [ 121.900197] ? lock_acquire+0x15e/0x2f0 [ 121.900211] ? lock_is_held_type+0x9e/0x120 [ 121.900230] ? lock_is_held_type+0x9e/0x120 [ 121.900248] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.900264] perf_trace_run_bpf_submit+0xef/0x180 [ 121.900282] perf_trace_contention_begin+0x235/0x3e0 [ 121.900297] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.900311] ? __pick_eevdf+0x326/0x570 [ 121.900323] ? update_curr+0x71/0x500 [ 121.900334] ? lock_acquire+0x18c/0x2f0 [ 121.900349] trace_contention_begin+0xae/0x110 [ 121.901056] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.901613] __mutex_lock+0x14b/0x1020 [ 121.901631] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.901644] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.901656] ? lock_release+0x1c7/0x290 [ 121.901669] ? lock_release+0x1c7/0x290 [ 121.901682] ? __pfx___mutex_lock+0x10/0x10 [ 121.901700] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.901717] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.901735] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.901748] cfg80211_wiphy_work+0x7e/0x480 [ 121.901762] process_one_work+0x8e1/0x19c0 [ 121.901779] ? __pfx_process_one_work+0x10/0x10 [ 121.901794] ? move_linked_works+0x172/0x270 [ 121.904533] FS: 0000555556aea400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.904778] ? assign_work+0x196/0x240 [ 121.905910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.906347] worker_thread+0x67e/0xe90 [ 121.906362] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.906376] ? __pfx_worker_thread+0x10/0x10 [ 121.906390] kthread+0x3c8/0x740 [ 121.906402] ? __pfx_kthread+0x10/0x10 [ 121.906414] ? ret_from_fork+0x23/0x430 [ 121.906432] ? lock_release+0xc8/0x290 [ 121.906445] ? __pfx_kthread+0x10/0x10 [ 121.906458] ret_from_fork+0x34b/0x430 [ 121.907592] CR2: 00007fed5fed6718 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 121.908037] ? __pfx_kthread+0x10/0x10 [ 121.909205] note: syz-executor.5[3934] exited with preempt_count 2 [ 121.909676] ret_from_fork_asm+0x1a/0x30 [ 121.929851] [ 121.930041] Modules linked in: [ 121.930303] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#19] SMP KASAN NOPTI [ 121.930345] ---[ end trace 0000000000000000 ]--- [ 121.931894] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 121.932299] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.933521] CPU: 1 UID: 0 PID: 49 Comm: kworker/u10:2 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.933932] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.935582] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.937068] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.937773] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.938219] [ 121.939367] Workqueue: events_unbound cfg80211_wiphy_work [ 121.939519] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 121.939523] [ 121.939532] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.940308] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.940895] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.941139] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.941721] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.942427] RSP: 0018:ffff88800afd76a0 EFLAGS: 00010217 [ 121.944060] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.945593] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 121.945610] RDX: ffff88800af79b80 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 121.945624] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 121.945639] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.945652] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 121.945669] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 121.945689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.945704] CR2: 00007fed5fed6718 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 121.945718] Call Trace: [ 121.945725] [ 121.945733] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.945760] perf_tp_event+0x8b4/0xe70 [ 121.945792] ? __pfx_perf_tp_event+0x10/0x10 [ 121.945821] ? arch_stack_walk+0x86/0xf0 [ 121.945845] ? ret_from_fork_asm+0x1a/0x30 [ 121.945875] ? stack_trace_save+0x8e/0xc0 [ 121.945901] ? stack_depot_save_flags+0x2c/0xa20 [ 121.945926] ? kasan_save_stack+0x34/0x50 [ 121.945951] ? kasan_save_stack+0x24/0x50 [ 121.945977] ? kasan_save_track+0x14/0x30 [ 121.946002] ? __kasan_save_free_info+0x3a/0x60 [ 121.946023] ? __kasan_slab_free+0x3f/0x50 [ 121.946050] ? kmem_cache_free+0x2a1/0x540 [ 121.946070] ? ext4_end_io_end+0x13f/0x4b0 [ 121.946101] ? ext4_end_io_rsv_work+0x1b9/0x310 [ 121.946132] ? process_one_work+0x8e1/0x19c0 [ 121.946156] ? worker_thread+0x67e/0xe90 [ 121.946181] ? kthread+0x3c8/0x740 [ 121.946202] ? ret_from_fork+0x34b/0x430 [ 121.946236] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.946265] perf_trace_run_bpf_submit+0xef/0x180 [ 121.946298] perf_trace_contention_begin+0x235/0x3e0 [ 121.946888] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 121.947654] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 121.948257] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.949259] ? __pick_eevdf+0x326/0x570 [ 121.949850] CR2: 0000001b2d522000 CR3: 0000000038c61000 CR4: 0000000000350ef0 [ 121.950870] ? update_curr+0x71/0x500 [ 121.951465] note: kworker/u9:6[354] exited with preempt_count 2 [ 121.952484] ? lock_acquire+0x18c/0x2f0 [ 121.975032] trace_contention_begin+0xae/0x110 [ 121.975695] __mutex_lock+0x14b/0x1020 [ 121.976265] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.976901] ? cfg80211_wiphy_work+0x7e/0x480 [ 121.977552] ? lock_release+0x1c7/0x290 [ 121.978125] ? lock_release+0x1c7/0x290 [ 121.978707] ? __pfx___mutex_lock+0x10/0x10 [ 121.979332] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.980082] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.980741] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.981498] cfg80211_wiphy_work+0x7e/0x480 [ 121.982115] process_one_work+0x8e1/0x19c0 [ 121.982722] ? __pfx_process_one_work+0x10/0x10 [ 121.983386] ? move_linked_works+0x172/0x270 [ 121.984043] ? assign_work+0x196/0x240 [ 121.984601] worker_thread+0x67e/0xe90 [ 121.985170] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.985916] ? __pfx_worker_thread+0x10/0x10 [ 121.986553] kthread+0x3c8/0x740 [ 121.987049] ? __pfx_kthread+0x10/0x10 [ 121.987616] ? ret_from_fork+0x23/0x430 [ 121.988199] ? lock_release+0xc8/0x290 [ 121.988761] ? __pfx_kthread+0x10/0x10 [ 121.989332] ret_from_fork+0x34b/0x430 [ 121.989899] ? __pfx_kthread+0x10/0x10 [ 121.990455] ret_from_fork_asm+0x1a/0x30 [ 121.991049] [ 121.991380] Modules linked in: [ 121.991846] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#20] SMP KASAN NOPTI [ 121.992652] ---[ end trace 0000000000000000 ]--- [ 121.992758] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 121.993979] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 121.994020] CPU: 0 UID: 0 PID: 113 Comm: systemd-udevd Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.994739] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 121.995661] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 121.995667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.995674] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 121.998204] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 121.998582] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 121.999740] [ 122.000132] RSP: 0018:ffff888016c8f860 EFLAGS: 00010256 [ 122.000143] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.000151] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.000863] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.002330] RBP: ffff888016c8fb30 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.002340] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.002347] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.002586] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.003012] FS: 00007ffbab5c98c0(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.004015] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.004576] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.004585] CR2: 0000001b2d522000 CR3: 000000000e34e000 CR4: 0000000000350ef0 [ 122.004594] Call Trace: [ 122.004597] [ 122.005585] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.006141] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.006159] perf_tp_event+0x8b4/0xe70 [ 122.007162] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.007733] ? lock_acquire+0x18c/0x2f0 [ 122.008738] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.009365] ? __pfx_perf_tp_event+0x10/0x10 [ 122.009383] ? __kernel_text_address+0xd/0x40 [ 122.010377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.010824] ? unwind_get_return_address+0x59/0xa0 [ 122.011833] CR2: 00007fed5fed6718 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 122.012028] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 122.012377] note: kworker/u10:2[49] exited with preempt_count 2 [ 122.012936] ? arch_stack_walk+0x9c/0xf0 [ 122.018842] ? stack_trace_save+0x8e/0xc0 [ 122.019190] ? stack_depot_save_flags+0x2c/0xa20 [ 122.019594] ? kasan_save_stack+0x34/0x50 [ 122.019945] ? kasan_save_stack+0x24/0x50 [ 122.020293] ? kasan_save_track+0x14/0x30 [ 122.020644] ? __kasan_save_free_info+0x3a/0x60 [ 122.021034] ? __kasan_slab_free+0x3f/0x50 [ 122.021389] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.021806] ? map_id_range_up+0x1d5/0x350 [ 122.022159] perf_trace_run_bpf_submit+0xef/0x180 [ 122.022572] perf_trace_contention_begin+0x235/0x3e0 [ 122.022991] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.023452] ? lock_acquire+0x18c/0x2f0 [ 122.023788] trace_contention_begin+0xae/0x110 [ 122.024173] __mutex_lock+0x14b/0x1020 [ 122.024504] ? fdget_pos+0x2a8/0x380 [ 122.024821] ? fdget_pos+0x2a8/0x380 [ 122.025132] ? __pfx___mutex_lock+0x10/0x10 [ 122.025502] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 122.025907] ? vfs_getattr_nosec+0x2bc/0x3e0 [ 122.026277] ? populate_seccomp_data+0x213/0x540 [ 122.026679] ? __seccomp_filter+0x535/0xfa0 [ 122.027045] ? __pfx___do_sys_newfstat+0x10/0x10 [ 122.027445] fdget_pos+0x2a8/0x380 [ 122.027754] __x64_sys_getdents64+0xe0/0x2c0 [ 122.028135] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 122.028557] ? __secure_computing+0x18d/0x290 [ 122.028934] do_syscall_64+0xbf/0x360 [ 122.029250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.029675] RIP: 0033:0x7ffbaba509c7 [ 122.029984] Code: 0f 1f 00 48 8b 47 20 c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 81 fa ff ff ff 7f b8 ff ff ff 7f 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 99 74 0f 00 f7 d8 64 89 02 48 [ 122.031462] RSP: 002b:00007ffe89739698 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 122.032092] RAX: ffffffffffffffda RBX: 000055d99dac9f00 RCX: 00007ffbaba509c7 [ 122.032674] RDX: 0000000000008000 RSI: 000055d99dac9f30 RDI: 0000000000000011 [ 122.033253] RBP: 000055d99dac9f30 R08: 0000000000000030 R09: 00007ffbabb48be0 [ 122.033838] R10: 0000000000000008 R11: 0000000000000293 R12: fffffffffffffe00 [ 122.034428] R13: 000055d99dac9f04 R14: 0000000000000000 R15: 000055d99d1eea80 [ 122.035012] [ 122.035208] Modules linked in: [ 122.035479] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#21] SMP KASAN NOPTI [ 122.035579] ---[ end trace 0000000000000000 ]--- [ 122.037025] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.037435] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.038596] CPU: 1 UID: 0 PID: 23 Comm: kworker/1:0 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.039003] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.040565] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.042039] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.042707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.043147] [ 122.044262] Workqueue: events perf_sched_delayed [ 122.044411] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.044414] [ 122.044424] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.045067] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.046690] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.046854] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.047961] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.048232] RSP: 0018:ffff88800974f6e0 EFLAGS: 00010217 [ 122.049724] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.050691] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.051143] FS: 00007ffbab5c98c0(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.052095] RDX: ffff88800972d280 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.052677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.053745] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.054340] CR2: 0000001b2d522000 CR3: 000000000e34e000 CR4: 0000000000350ef0 [ 122.055099] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.055701] note: systemd-udevd[113] exited with preempt_count 2 [ 122.056649] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.056667] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.060061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.060856] CR2: 00007fed5fed6718 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 122.061823] Call Trace: [ 122.062181] [ 122.062497] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.063181] perf_tp_event+0x8b4/0xe70 [ 122.063742] ? __pfx_perf_tp_event+0x10/0x10 [ 122.064357] ? __lock_acquire+0xc65/0x1b70 [ 122.064952] ? lock_is_held_type+0x9e/0x120 [ 122.065556] ? trace_pelt_se_tp+0xdf/0x130 [ 122.066135] ? __update_load_avg_se+0x428/0xa40 [ 122.066798] ? lock_is_held_type+0x9e/0x120 [ 122.067399] ? __pick_eevdf+0x326/0x570 [ 122.067959] ? update_curr+0x71/0x500 [ 122.068489] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.069177] perf_trace_run_bpf_submit+0xef/0x180 [ 122.069852] perf_trace_contention_begin+0x235/0x3e0 [ 122.070555] ? do_raw_spin_lock+0x123/0x260 [ 122.071152] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.071931] ? lock_acquire+0x18c/0x2f0 [ 122.072484] trace_contention_begin+0xae/0x110 [ 122.073111] __mutex_lock+0x14b/0x1020 [ 122.073653] ? perf_sched_delayed+0x18/0x70 [ 122.074260] ? perf_sched_delayed+0x18/0x70 [ 122.074853] ? __pfx___mutex_lock+0x10/0x10 [ 122.075454] ? clear_pending_if_disabled+0x91/0x1c0 [ 122.076144] ? do_raw_spin_lock+0x123/0x260 [ 122.076740] ? lock_acquire+0x18c/0x2f0 [ 122.077289] ? lock_release+0x1c7/0x290 [ 122.077835] perf_sched_delayed+0x18/0x70 [ 122.078408] process_one_work+0x8e1/0x19c0 [ 122.078989] ? __pfx_process_one_work+0x10/0x10 [ 122.079634] ? move_linked_works+0x172/0x270 [ 122.080255] ? assign_work+0x196/0x240 [ 122.080794] worker_thread+0x67e/0xe90 [ 122.081328] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.082037] ? __pfx_worker_thread+0x10/0x10 [ 122.082646] kthread+0x3c8/0x740 [ 122.083115] ? __pfx_kthread+0x10/0x10 [ 122.083654] ? ret_from_fork+0x23/0x430 [ 122.084206] ? lock_release+0xc8/0x290 [ 122.084742] ? __pfx_kthread+0x10/0x10 [ 122.085274] ret_from_fork+0x34b/0x430 [ 122.085814] ? __pfx_kthread+0x10/0x10 [ 122.086346] ret_from_fork_asm+0x1a/0x30 [ 122.086918] [ 122.087240] Modules linked in: [ 122.087699] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#22] SMP KASAN NOPTI [ 122.088572] ---[ end trace 0000000000000000 ]--- [ 122.088626] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.089817] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.089896] CPU: 0 UID: 0 PID: 285 Comm: syz-executor.1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.090598] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.091532] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.091538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.091546] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.093990] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.094377] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.094391] RSP: 0018:ffff88801b6ff660 EFLAGS: 00010256 [ 122.095487] [ 122.095891] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.096609] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.098074] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.098083] RBP: ffff88801b6ff930 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.098090] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.098098] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.098107] FS: 0000555564a8c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.098801] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.098944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.099907] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.100469] CR2: 0000001b2d522000 CR3: 0000000041cbd000 CR4: 0000000000350ef0 [ 122.100478] Call Trace: [ 122.100482] [ 122.100487] ? stack_depot_save_flags+0x2c/0xa20 [ 122.101440] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.102002] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.102959] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.103520] perf_tp_event+0x8b4/0xe70 [ 122.103539] ? kasan_save_stack+0x34/0x50 [ 122.104609] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.105168] ? __do_wait+0x218/0x8f0 [ 122.105185] ? __pfx_perf_tp_event+0x10/0x10 [ 122.105945] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.106524] ? delete_node+0x20e/0x730 [ 122.106543] ? destroy_inode+0x12b/0x1b0 [ 122.107496] CR2: 00007fed5fed6718 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 122.107699] ? __radix_tree_delete+0x13e/0x380 [ 122.108011] note: kworker/1:0[23] exited with preempt_count 2 [ 122.108389] ? radix_tree_delete_item+0xef/0x230 [ 122.108408] ? lock_acquire+0x18c/0x2f0 [ 122.115447] ? lock_acquire+0x18c/0x2f0 [ 122.115781] ? lock_release+0x1c7/0x290 [ 122.116113] ? __virt_addr_valid+0x100/0x5d0 [ 122.116485] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.116923] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.117337] perf_trace_run_bpf_submit+0xef/0x180 [ 122.117741] perf_trace_contention_begin+0x235/0x3e0 [ 122.118162] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.118622] ? __pfx_release_task+0x10/0x10 [ 122.118979] ? lock_acquire+0x18c/0x2f0 [ 122.119315] ? lock_release+0x1c7/0x290 [ 122.119658] trace_contention_begin+0xae/0x110 [ 122.120033] __mutex_lock+0x14b/0x1020 [ 122.120360] ? anon_pipe_write+0x12a/0x1a80 [ 122.120719] ? anon_pipe_write+0x12a/0x1a80 [ 122.121077] ? avc_has_perm+0x12b/0x1d0 [ 122.121418] ? __pfx___mutex_lock+0x10/0x10 [ 122.121783] ? __pfx_wait_consider_task+0x10/0x10 [ 122.122181] ? lock_acquire+0x18c/0x2f0 [ 122.122517] ? inode_has_perm+0x170/0x1c0 [ 122.122865] anon_pipe_write+0x12a/0x1a80 [ 122.123213] ? lock_release+0x1c7/0x290 [ 122.123542] ? lock_acquire+0x18c/0x2f0 [ 122.123885] ? __pfx_anon_pipe_write+0x10/0x10 [ 122.124265] ? selinux_file_permission+0x99/0x600 [ 122.124670] ? security_file_permission+0x22/0x90 [ 122.125074] vfs_write+0xbe9/0x1150 [ 122.125380] ? __pfx_anon_pipe_write+0x10/0x10 [ 122.125760] ? __pfx_vfs_write+0x10/0x10 [ 122.126108] ? __do_sys_wait4+0xb3/0x150 [ 122.126447] ? common_nsleep+0xaa/0xd0 [ 122.126782] ksys_write+0x1ef/0x240 [ 122.127094] ? __pfx_ksys_write+0x10/0x10 [ 122.127439] do_syscall_64+0xbf/0x360 [ 122.127761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.128188] RIP: 0033:0x7f5a814e85ff [ 122.128498] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 122.129980] RSP: 002b:00007ffef1f5ff60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 122.130600] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f5a814e85ff [ 122.131181] RDX: 000000000000000c RSI: 00007ffef1f60050 RDI: 00000000000000f8 [ 122.131764] RBP: 00007ffef1f5ffec R08: 0000000000000000 R09: 00007f5a81625000 [ 122.132347] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 122.132933] R13: 000000000001d7ba R14: 0000000000000002 R15: 00007ffef1f60050 [ 122.133518] [ 122.133717] Modules linked in: [ 122.134063] ---[ end trace 0000000000000000 ]--- [ 122.134468] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.134895] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.136319] kmemleak: Found object by alias at 0x607f1a63daec [ 122.136339] CPU: 1 UID: 0 PID: 290 Comm: syz-executor.6 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.136372] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.136380] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.136390] Call Trace: [ 122.136396] [ 122.136402] dump_stack_lvl+0xca/0x120 [ 122.136436] __lookup_object+0x94/0xb0 [ 122.136463] delete_object_full+0x27/0x70 [ 122.136489] free_percpu+0x30/0x1160 [ 122.136516] ? arch_uprobe_clear_state+0x16/0x140 [ 122.136546] futex_hash_free+0x38/0xc0 [ 122.136568] mmput+0x2d3/0x390 [ 122.136598] do_exit+0x79d/0x2970 [ 122.136620] ? _printk+0xbe/0xf0 [ 122.136641] ? __pfx__printk+0x10/0x10 [ 122.136663] ? __pfx_do_exit+0x10/0x10 [ 122.136688] make_task_dead+0x174/0x3b0 [ 122.136710] ? do_syscall_64+0xbf/0x360 [ 122.136730] rewind_stack_and_make_dead+0x16/0x20 [ 122.136756] RIP: 0033:0x7f461051a10b [ 122.136770] Code: Unable to access opcode bytes at 0x7f461051a0e1. [ 122.136779] RSP: 002b:00007ffec8b53110 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 122.136797] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f461051a10b [ 122.136810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 122.136821] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555579937400 [ 122.136833] R10: 00005555799376d0 R11: 0000000000000246 R12: 0000000000000001 [ 122.136845] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffec8b531f0 [ 122.136863] [ 122.136869] kmemleak: Object (percpu) 0x607f1a63dae8 (size 8): [ 122.136881] kmemleak: comm "syz-executor.2", pid 3951, jiffies 4294787734 [ 122.136893] kmemleak: min_count = 1 [ 122.136899] kmemleak: count = 0 [ 122.136905] kmemleak: flags = 0x21 [ 122.136912] kmemleak: checksum = 0 [ 122.136918] kmemleak: backtrace: [ 122.136923] pcpu_alloc_noprof+0x87a/0x1170 [ 122.136950] __alloc_workqueue+0x74b/0x1820 [ 122.136979] alloc_workqueue_noprof+0xc7/0x200 [ 122.136995] loop_configure+0xf73/0x1590 [ 122.137019] lo_ioctl+0x66d/0x1c70 [ 122.137041] blkdev_ioctl+0x27c/0x6c0 [ 122.137058] __x64_sys_ioctl+0x18f/0x210 [ 122.137091] do_syscall_64+0xbf/0x360 [ 122.137107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.140173] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#23] SMP KASAN NOPTI [ 122.140331] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.140812] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.141213] [ 122.141712] CPU: 1 UID: 0 PID: 352 Comm: kworker/u9:5 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.141967] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.142428] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.142702] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.143201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.143216] Workqueue: events_unbound cfg80211_wiphy_work [ 122.143526] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.144042] [ 122.144372] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.144979] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.145297] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.146098] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.146732] FS: 0000555564a8c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.147665] RSP: 0018:ffff88800f1076a0 EFLAGS: 00010217 [ 122.147683] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.147697] RDX: ffff888016fbd280 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.147710] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.147723] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.147736] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.147751] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.147770] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.147783] CR2: 00007f5acf167000 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 122.147796] Call Trace: [ 122.147802] [ 122.147810] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.147835] perf_tp_event+0x8b4/0xe70 [ 122.147865] ? __pfx_perf_tp_event+0x10/0x10 [ 122.147894] ? ret_from_fork_asm+0x1a/0x30 [ 122.147922] ? stack_trace_save+0x8e/0xc0 [ 122.147947] ? stack_depot_save_flags+0x2c/0xa20 [ 122.147971] ? kasan_save_stack+0x34/0x50 [ 122.147996] ? kasan_save_stack+0x24/0x50 [ 122.148019] ? kasan_save_track+0x14/0x30 [ 122.148043] ? __kasan_save_free_info+0x3a/0x60 [ 122.148063] ? __kasan_slab_free+0x3f/0x50 [ 122.148091] ? kmem_cache_free+0x2a1/0x540 [ 122.148111] ? kfree_skbmem+0x18a/0x1f0 [ 122.148134] ? sk_skb_reason_drop+0x10e/0x1b0 [ 122.148157] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.148184] perf_trace_run_bpf_submit+0xef/0x180 [ 122.148214] perf_trace_contention_begin+0x235/0x3e0 [ 122.148239] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.148265] ? lock_acquire+0x18c/0x2f0 [ 122.148289] trace_contention_begin+0xae/0x110 [ 122.148314] __mutex_lock+0x14b/0x1020 [ 122.148344] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.148365] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.148386] ? lock_release+0x1c7/0x290 [ 122.148409] ? __pfx___mutex_lock+0x10/0x10 [ 122.148439] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.148469] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.148499] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.148521] cfg80211_wiphy_work+0x7e/0x480 [ 122.148544] process_one_work+0x8e1/0x19c0 [ 122.148572] ? __pfx_process_one_work+0x10/0x10 [ 122.148595] ? move_linked_works+0x172/0x270 [ 122.148626] ? assign_work+0x196/0x240 [ 122.148649] worker_thread+0x67e/0xe90 [ 122.148672] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.148695] ? __pfx_worker_thread+0x10/0x10 [ 122.148719] kthread+0x3c8/0x740 [ 122.148740] ? __pfx_kthread+0x10/0x10 [ 122.150034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.150246] ? ret_from_fork+0x23/0x430 [ 122.150852] CR2: 0000001b2d522000 CR3: 0000000041cbd000 CR4: 0000000000350ef0 [ 122.151783] ? lock_release+0xc8/0x290 [ 122.151995] note: syz-executor.1[285] exited with preempt_count 2 [ 122.152754] ? __pfx_kthread+0x10/0x10 [ 122.209667] ret_from_fork+0x34b/0x430 [ 122.210178] ? __pfx_kthread+0x10/0x10 [ 122.210685] ret_from_fork_asm+0x1a/0x30 [ 122.211220] [ 122.211525] Modules linked in: [ 122.211960] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#24] SMP KASAN NOPTI [ 122.212800] ---[ end trace 0000000000000000 ]--- [ 122.212861] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.214064] CPU: 0 UID: 0 PID: 103 Comm: kworker/u10:3 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.214076] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.215001] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.215660] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.216039] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.218410] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.218975] Workqueue: events_unbound cfg80211_wiphy_work [ 122.219668] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.220082] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.220101] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.220979] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.221378] RSP: 0018:ffff8880166876a0 EFLAGS: 00010256 [ 122.221389] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.221397] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.223676] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.224219] RBP: ffff888016687970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.224229] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.224236] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.224895] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.225450] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.225462] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.226364] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.226913] CR2: 0000001b2d522000 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 122.227820] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.228367] Call Trace: [ 122.228373] [ 122.228378] ? __virt_addr_valid+0x1c6/0x5d0 [ 122.229285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.229822] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.230839] CR2: 00007f5acf167000 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 122.231275] perf_tp_event+0x8b4/0xe70 [ 122.232192] note: kworker/u9:5[352] exited with preempt_count 2 [ 122.232735] ? mark_held_locks+0x49/0x80 [ 122.236950] ? __pfx_perf_tp_event+0x10/0x10 [ 122.237309] ? put_task_struct_rcu_user+0x75/0xc0 [ 122.237696] ? release_task+0xcd4/0x1870 [ 122.238025] ? __pfx_release_task+0x10/0x10 [ 122.238373] ? lock_acquire+0x15e/0x2f0 [ 122.238695] ? kvm_sched_clock_read+0x16/0x30 [ 122.239057] ? sched_clock+0x37/0x60 [ 122.239363] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.239773] ? __update_load_avg_se+0x428/0xa40 [ 122.240157] perf_trace_run_bpf_submit+0xef/0x180 [ 122.240546] perf_trace_contention_begin+0x235/0x3e0 [ 122.240952] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.241399] ? lock_acquire+0x18c/0x2f0 [ 122.241722] trace_contention_begin+0xae/0x110 [ 122.242094] __mutex_lock+0x14b/0x1020 [ 122.242411] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.242773] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.243134] ? lock_release+0x1c7/0x290 [ 122.243461] ? __pfx___mutex_lock+0x10/0x10 [ 122.243821] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.244231] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.244602] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.245022] cfg80211_wiphy_work+0x7e/0x480 [ 122.245370] process_one_work+0x8e1/0x19c0 [ 122.245714] ? __pfx_process_one_work+0x10/0x10 [ 122.246089] ? move_linked_works+0x172/0x270 [ 122.246457] ? assign_work+0x196/0x240 [ 122.246773] worker_thread+0x67e/0xe90 [ 122.247090] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.247510] ? __pfx_worker_thread+0x10/0x10 [ 122.247873] kthread+0x3c8/0x740 [ 122.248152] ? __pfx_kthread+0x10/0x10 [ 122.248468] ? ret_from_fork+0x23/0x430 [ 122.248794] ? lock_release+0xc8/0x290 [ 122.249109] ? __pfx_kthread+0x10/0x10 [ 122.249432] ret_from_fork+0x34b/0x430 [ 122.249766] ? __pfx_kthread+0x10/0x10 [ 122.250090] ret_from_fork_asm+0x1a/0x30 [ 122.250435] [ 122.250634] Modules linked in: [ 122.250906] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#25] SMP KASAN NOPTI [ 122.252017] ---[ end trace 0000000000000000 ]--- [ 122.252311] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.252332] CPU: 1 UID: 0 PID: 304 Comm: kworker/1:3 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.252364] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.252371] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.252383] Workqueue: events bpf_prog_free_deferred [ 122.252407] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.252434] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.252451] RSP: 0018:ffff88801b5ef4e0 EFLAGS: 00010217 [ 122.252466] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.252479] RDX: ffff8880145c3700 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.252492] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.252504] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.252516] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.252531] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.252548] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.252560] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.252573] Call Trace: [ 122.252579] [ 122.252586] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.252610] perf_tp_event+0x8b4/0xe70 [ 122.252637] ? __pfx_perf_tp_event+0x10/0x10 [ 122.252668] ? lock_acquire+0x18c/0x2f0 [ 122.252689] ? lock_acquire+0x18c/0x2f0 [ 122.252710] ? lock_release+0x1c7/0x290 [ 122.252730] ? lock_acquire+0x18c/0x2f0 [ 122.252751] ? static_protections+0x390/0x750 [ 122.252777] ? __pfx_static_protections+0x10/0x10 [ 122.252801] ? pfn_pte+0xde/0x230 [ 122.252823] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.252849] ? do_raw_spin_unlock+0x53/0x220 [ 122.252874] perf_trace_run_bpf_submit+0xef/0x180 [ 122.252902] perf_trace_contention_begin+0x235/0x3e0 [ 122.252927] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.252951] ? lock_acquire+0x18c/0x2f0 [ 122.252974] trace_contention_begin+0xae/0x110 [ 122.252997] __mutex_lock+0x14b/0x1020 [ 122.253025] ? _vm_unmap_aliases+0xc4/0x7c0 [ 122.253046] ? _vm_unmap_aliases+0xc4/0x7c0 [ 122.253065] ? worker_thread+0x67e/0xe90 [ 122.253086] ? kthread+0x3c8/0x740 [ 122.253104] ? ret_from_fork+0x34b/0x430 [ 122.253498] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.254557] ? ret_from_fork_asm+0x1a/0x30 [ 122.254583] ? kthread+0x3c8/0x740 [ 122.254602] ? __pfx___mutex_lock+0x10/0x10 [ 122.255618] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.256179] ? lock_acquire+0x18c/0x2f0 [ 122.256201] ? get_random_u8+0x3ab/0x680 [ 122.256226] ? lock_acquire+0x18c/0x2f0 [ 122.256911] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.257529] ? lock_release+0x1c7/0x290 [ 122.257551] ? lock_release+0x1c7/0x290 [ 122.257574] _vm_unmap_aliases+0xc4/0x7c0 [ 122.257593] ? __pfx_set_direct_map_invalid_noflush+0x10/0x10 [ 122.258022] [ 122.258027] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.260226] ? lock_release+0x1c7/0x290 [ 122.260248] ? __pfx__vm_unmap_aliases+0x10/0x10 [ 122.260273] vfree+0x6c7/0xb60 [ 122.260299] bpf_prog_free_deferred+0x2e5/0x420 [ 122.260731] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.261598] process_one_work+0x8e1/0x19c0 [ 122.261625] ? __pfx_process_one_work+0x10/0x10 [ 122.261647] ? move_linked_works+0x172/0x270 [ 122.261675] ? assign_work+0x196/0x240 [ 122.262349] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.263133] worker_thread+0x67e/0xe90 [ 122.263157] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.263178] ? __pfx_worker_thread+0x10/0x10 [ 122.263201] kthread+0x3c8/0x740 [ 122.263220] ? __pfx_kthread+0x10/0x10 [ 122.263239] ? ret_from_fork+0x23/0x430 [ 122.263266] ? lock_release+0xc8/0x290 [ 122.263287] ? __pfx_kthread+0x10/0x10 [ 122.263306] ret_from_fork+0x34b/0x430 [ 122.263334] ? __pfx_kthread+0x10/0x10 [ 122.263357] ret_from_fork_asm+0x1a/0x30 [ 122.263393] [ 122.263400] Modules linked in: [ 122.264224] ---[ end trace 0000000000000000 ]--- [ 122.264236] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.264264] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.264282] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.264297] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.264310] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.264323] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.264336] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.264916] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.266433] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.266597] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.267386] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.267406] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.267418] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.267432] note: kworker/1:3[304] exited with preempt_count 2 [ 122.269251] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#26] SMP KASAN NOPTI [ 122.269272] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.269290] CPU: 1 UID: 0 PID: 25 Comm: kworker/u9:0 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.269321] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.269328] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.269340] Workqueue: events_unbound cfg80211_wiphy_work [ 122.269362] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.269695] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.270192] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.270211] RSP: 0018:ffff88800976f6a0 EFLAGS: 00010217 [ 122.270226] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.270238] RDX: ffff888009751b80 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.270251] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.270263] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.270275] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.270289] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.270306] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.270633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.271125] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.271139] Call Trace: [ 122.271144] [ 122.271151] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.271174] perf_tp_event+0x8b4/0xe70 [ 122.271547] CR2: 0000001b2d522000 CR3: 00000000448e0000 CR4: 0000000000350ef0 [ 122.272145] ? mark_held_locks+0x49/0x80 [ 122.272168] ? __pfx_perf_tp_event+0x10/0x10 [ 122.272195] ? put_task_struct_rcu_user+0x75/0xc0 [ 122.272217] ? release_task+0xcd4/0x1870 [ 122.272243] ? __lock_acquire+0xc65/0x1b70 [ 122.272527] note: kworker/u10:3[103] exited with preempt_count 2 [ 122.273134] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.336578] perf_trace_run_bpf_submit+0xef/0x180 [ 122.337160] perf_trace_contention_begin+0x235/0x3e0 [ 122.337768] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.338429] ? sched_clock+0x37/0x60 [ 122.338877] ? lock_acquire+0x18c/0x2f0 [ 122.339351] trace_contention_begin+0xae/0x110 [ 122.339930] __mutex_lock+0x14b/0x1020 [ 122.340403] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.340940] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.341475] ? lock_release+0x1c7/0x290 [ 122.341949] ? __pfx___mutex_lock+0x10/0x10 [ 122.342471] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.343075] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.343629] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.344251] cfg80211_wiphy_work+0x7e/0x480 [ 122.344763] process_one_work+0x8e1/0x19c0 [ 122.345273] ? __pfx_process_one_work+0x10/0x10 [ 122.345823] ? move_linked_works+0x172/0x270 [ 122.346350] ? assign_work+0x196/0x240 [ 122.346819] worker_thread+0x67e/0xe90 [ 122.347280] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.347901] ? __pfx_worker_thread+0x10/0x10 [ 122.348426] kthread+0x3c8/0x740 [ 122.348832] ? __pfx_kthread+0x10/0x10 [ 122.349292] ? ret_from_fork+0x23/0x430 [ 122.349770] ? lock_release+0xc8/0x290 [ 122.350232] ? __pfx_kthread+0x10/0x10 [ 122.350699] ret_from_fork+0x34b/0x430 [ 122.351172] ? __pfx_kthread+0x10/0x10 [ 122.351645] ret_from_fork_asm+0x1a/0x30 [ 122.352132] [ 122.352410] Modules linked in: [ 122.352793] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#27] SMP KASAN NOPTI [ 122.353586] ---[ end trace 0000000000000000 ]--- [ 122.353734] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.354859] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.354898] CPU: 0 UID: 0 PID: 3950 Comm: syz-executor.2 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.355885] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.356442] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.356448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.356455] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.356475] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.356486] RSP: 0018:ffff8880171f74e0 EFLAGS: 00010256 [ 122.356496] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.356504] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.356511] RBP: ffff8880171f77b0 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.356519] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.356527] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.358733] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.359018] FS: 000055556a4ca400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.360060] [ 122.360383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.360393] CR2: 00007f5acc5ac718 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 122.360401] Call Trace: [ 122.360405] [ 122.360409] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.360425] perf_tp_event+0x8b4/0xe70 [ 122.360443] ? __pfx_perf_tp_event+0x10/0x10 [ 122.360459] ? __kernel_text_address+0xd/0x40 [ 122.362607] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.362948] ? arch_stack_walk+0x9c/0xf0 [ 122.363848] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.364341] ? stack_trace_save+0x8e/0xc0 [ 122.364359] ? stack_depot_save_flags+0x2c/0xa20 [ 122.364373] ? lock_acquire+0x18c/0x2f0 [ 122.364387] ? lock_release+0x1c7/0x290 [ 122.364400] ? lock_acquire+0x18c/0x2f0 [ 122.364413] ? lock_acquire+0x18c/0x2f0 [ 122.364426] ? lock_release+0x1c7/0x290 [ 122.364440] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.365396] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.365832] perf_trace_run_bpf_submit+0xef/0x180 [ 122.366735] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.367078] perf_trace_contention_begin+0x235/0x3e0 [ 122.368080] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.368604] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.369536] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.369627] ? lock_acquire+0x18c/0x2f0 [ 122.369890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.370293] trace_contention_begin+0xae/0x110 [ 122.370310] __mutex_lock+0x14b/0x1020 [ 122.370328] ? freezer_fork+0xc1/0x500 [ 122.370342] ? freezer_fork+0xc1/0x500 [ 122.370354] ? delete_node+0x20e/0x730 [ 122.370372] ? __pfx___mutex_lock+0x10/0x10 [ 122.370390] ? __radix_tree_replace+0x117/0x300 [ 122.370408] ? lock_acquire+0x18c/0x2f0 [ 122.370851] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.371201] ? do_raw_spin_lock+0x123/0x260 [ 122.371218] ? lock_release+0x1c7/0x290 [ 122.371232] freezer_fork+0xc1/0x500 [ 122.371245] cgroup_post_fork+0x31f/0x9a0 [ 122.371263] ? __pfx_cgroup_post_fork+0x10/0x10 [ 122.371279] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.371295] ? lock_release+0x1c7/0x290 [ 122.371309] copy_process+0x5e31/0x73c0 [ 122.371326] ? __pfx_copy_process+0x10/0x10 [ 122.371852] note: kworker/u9:0[25] exited with preempt_count 2 [ 122.372404] ? lock_acquire+0x18c/0x2f0 [ 122.372419] ? lock_release+0x1c7/0x290 [ 122.372434] kernel_clone+0xea/0x7f0 [ 122.372446] ? __pfx_kernel_clone+0x10/0x10 [ 122.372459] ? vma_start_read+0x304/0x8e0 [ 122.372473] ? __pfx___handle_mm_fault+0x10/0x10 [ 122.372491] ? css_rstat_updated+0x1b8/0x4d0 [ 122.388723] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.389099] __do_sys_clone+0xce/0x120 [ 122.389402] ? __pfx___do_sys_clone+0x10/0x10 [ 122.389754] ? count_memcg_events+0x32b/0x420 [ 122.390116] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.390525] do_syscall_64+0xbf/0x360 [ 122.390826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.391229] RIP: 0033:0x7f5acf058f41 [ 122.391521] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00 [ 122.392917] RSP: 002b:00007ffdce6b9c78 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 122.393499] RAX: ffffffffffffffda RBX: 00007f5acc5ac700 RCX: 00007f5acf058f41 [ 122.394049] RDX: 00007f5acc5ac9d0 RSI: 00007f5acc5ac2f0 RDI: 00000000003d0f00 [ 122.394602] RBP: 00007ffdce6b9eb0 R08: 00007f5acc5ac700 R09: 00007f5acc5ac700 [ 122.395151] R10: 00007f5acc5ac9d0 R11: 0000000000000206 R12: 00007ffdce6b9d2e [ 122.395708] R13: 00007ffdce6b9d2f R14: 00007f5acc5ac300 R15: 0000000000022000 [ 122.396261] [ 122.396445] Modules linked in: [ 122.398793] ---[ end trace 0000000000000000 ]--- [ 122.399254] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#28] SMP KASAN NOPTI [ 122.399274] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.399291] CPU: 1 UID: 0 PID: 30 Comm: rcu_tasks_trace Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.399319] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.399326] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.399336] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.399361] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.399377] RSP: 0018:ffff8880098b77e0 EFLAGS: 00010217 [ 122.399391] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.399402] RDX: ffff8880097ab700 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.399413] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.399425] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.399435] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.399449] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.399464] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.399475] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.399486] Call Trace: [ 122.399491] [ 122.399498] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.399518] perf_tp_event+0x8b4/0xe70 [ 122.399543] ? __pfx_perf_tp_event+0x10/0x10 [ 122.399575] ? stack_depot_save_flags+0x42c/0xa20 [ 122.399595] ? kasan_save_stack+0x34/0x50 [ 122.399616] ? kasan_save_stack+0x24/0x50 [ 122.399636] ? kasan_record_aux_stack+0x89/0xa0 [ 122.399652] ? __call_rcu_common.constprop.0+0x70/0x960 [ 122.399674] ? put_task_struct_rcu_user+0x75/0xc0 [ 122.399693] ? __schedule+0xe86/0x3590 [ 122.399715] ? schedule+0xdb/0x390 [ 122.399736] ? schedule_timeout+0x11a/0x280 [ 122.399755] ? rcu_tasks_kthread+0x19c/0x240 [ 122.399778] ? kthread+0x3c8/0x740 [ 122.399794] ? ret_from_fork+0x34b/0x430 [ 122.399819] ? ret_from_fork_asm+0x1a/0x30 [ 122.399841] ? do_raw_spin_lock+0x123/0x260 [ 122.399863] ? __pfx_sched_clock_cpu+0x10/0x10 [ 122.399887] ? do_raw_spin_lock+0x123/0x260 [ 122.399909] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.399931] ? lock_acquire+0x18c/0x2f0 [ 122.399950] ? lock_acquire+0x18c/0x2f0 [ 122.399969] ? __update_load_avg_se+0x428/0xa40 [ 122.400897] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.401776] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.401802] perf_trace_run_bpf_submit+0xef/0x180 [ 122.401827] perf_trace_contention_begin+0x235/0x3e0 [ 122.402842] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.403293] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.403314] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 122.403336] ? lock_acquire+0x18c/0x2f0 [ 122.403356] trace_contention_begin+0xae/0x110 [ 122.403991] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.404545] __mutex_lock+0x14b/0x1020 [ 122.404575] ? rcu_tasks_one_gp+0x31/0xcf0 [ 122.404599] ? rcu_tasks_one_gp+0x31/0xcf0 [ 122.406057] [ 122.406569] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.406591] ? __pfx___mutex_lock+0x10/0x10 [ 122.406616] ? __timer_delete_sync+0x1e2/0x310 [ 122.406638] ? __pfx___timer_delete_sync+0x10/0x10 [ 122.406663] rcu_tasks_one_gp+0x31/0xcf0 [ 122.407318] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.408009] ? __pfx_process_timeout+0x10/0x10 [ 122.408616] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.409323] rcu_tasks_kthread+0x1a6/0x240 [ 122.409347] ? __pfx_rcu_tasks_kthread+0x10/0x10 [ 122.409371] kthread+0x3c8/0x740 [ 122.409955] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.410825] ? __pfx_kthread+0x10/0x10 [ 122.410844] ? ret_from_fork+0x23/0x430 [ 122.410869] ? lock_release+0xc8/0x290 [ 122.411332] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.412104] ? __pfx_kthread+0x10/0x10 [ 122.412316] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.412565] ret_from_fork+0x34b/0x430 [ 122.412942] FS: 000055556a4ca400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.413358] ? __pfx_kthread+0x10/0x10 [ 122.413710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.414223] ret_from_fork_asm+0x1a/0x30 [ 122.414550] CR2: 00007f5acc5ac718 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 122.414995] [ 122.415358] note: syz-executor.2[3950] exited with preempt_count 2 [ 122.415919] Modules linked in: [ 122.445132] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#29] SMP KASAN NOPTI [ 122.445160] ---[ end trace 0000000000000000 ]--- [ 122.445994] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.446522] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.447087] CPU: 0 UID: 0 PID: 34 Comm: kworker/u9:1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.447645] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.448523] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.448529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.448538] Workqueue: events_unbound cfg80211_wiphy_work [ 122.450475] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.450847] [ 122.450853] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.451755] [ 122.452144] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.452158] RSP: 0018:ffff888009a976a0 EFLAGS: 00010256 [ 122.452720] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.452855] [ 122.452860] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.453398] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.453521] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.456099] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.456374] RBP: ffff888009a97970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.456569] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.457109] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.457118] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.457127] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.457139] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.457147] CR2: 00007f5acc5ac718 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 122.457155] Call Trace: [ 122.457158] [ 122.457163] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.457178] perf_tp_event+0x8b4/0xe70 [ 122.457197] ? __pfx_perf_tp_event+0x10/0x10 [ 122.457213] ? lock_acquire+0x18c/0x2f0 [ 122.457227] ? lock_release+0x1c7/0x290 [ 122.457241] ? unwind_next_frame+0x3bc/0x2540 [ 122.457259] ? ret_from_fork_asm+0x1a/0x30 [ 122.457275] ? ret_from_fork_asm+0x1a/0x30 [ 122.457291] ? kernel_text_address+0x11/0xc0 [ 122.457306] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 122.457322] ? arch_stack_walk+0x86/0xf0 [ 122.457336] ? ret_from_fork_asm+0x1a/0x30 [ 122.457352] ? stack_trace_save+0x8e/0xc0 [ 122.457367] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.457383] ? do_raw_spin_lock+0x123/0x260 [ 122.457398] perf_trace_run_bpf_submit+0xef/0x180 [ 122.457416] perf_trace_contention_begin+0x235/0x3e0 [ 122.457431] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.457446] ? __pick_eevdf+0x326/0x570 [ 122.457458] ? update_curr+0x71/0x500 [ 122.457471] ? lock_acquire+0x18c/0x2f0 [ 122.457485] trace_contention_begin+0xae/0x110 [ 122.457500] __mutex_lock+0x14b/0x1020 [ 122.457518] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.457530] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.457543] ? lock_release+0x1c7/0x290 [ 122.458319] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.458844] ? lock_release+0x1c7/0x290 [ 122.459625] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.460150] ? __pfx___mutex_lock+0x10/0x10 [ 122.460914] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.461453] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.462234] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.462827] ? __virt_addr_valid+0x100/0x5d0 [ 122.463454] note: rcu_tasks_trace[30] exited with preempt_count 2 [ 122.463988] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.477387] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 122.477813] cfg80211_wiphy_work+0x7e/0x480 [ 122.478154] process_one_work+0x8e1/0x19c0 [ 122.478496] ? __pfx_process_one_work+0x10/0x10 [ 122.478868] ? move_linked_works+0x172/0x270 [ 122.479226] ? assign_work+0x196/0x240 [ 122.479537] worker_thread+0x67e/0xe90 [ 122.479860] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.480274] ? __pfx_worker_thread+0x10/0x10 [ 122.480626] kthread+0x3c8/0x740 [ 122.480902] ? __pfx_kthread+0x10/0x10 [ 122.481209] ? ret_from_fork+0x23/0x430 [ 122.481535] ? lock_release+0xc8/0x290 [ 122.481844] ? __pfx_kthread+0x10/0x10 [ 122.482154] ret_from_fork+0x34b/0x430 [ 122.482468] ? __pfx_kthread+0x10/0x10 [ 122.482780] ret_from_fork_asm+0x1a/0x30 [ 122.483107] [ 122.483293] Modules linked in: [ 122.483561] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#30] SMP KASAN NOPTI [ 122.484541] ---[ end trace 0000000000000000 ]--- [ 122.484744] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.485788] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.486010] CPU: 1 UID: 0 PID: 17 Comm: rcu_exp_gp_kthr Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.486416] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.487631] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.489041] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.489556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.489568] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.489979] [ 122.490828] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.491239] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.491412] RSP: 0018:ffff88800963f760 EFLAGS: 00010217 [ 122.492830] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.493546] [ 122.493552] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.493962] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.494690] RDX: ffff888009630000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.494703] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.494837] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.495577] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.495590] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.496148] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.496872] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.497431] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.498148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.498705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.499433] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.499445] Call Trace: [ 122.499998] CR2: 00007f5acc5ac718 CR3: 0000000044f12000 CR4: 0000000000350ef0 [ 122.500817] [ 122.500825] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.501457] note: kworker/u9:1[34] exited with preempt_count 2 [ 122.502039] perf_tp_event+0x8b4/0xe70 [ 122.506012] ? __lock_acquire+0xc65/0x1b70 [ 122.506458] ? __pfx_perf_tp_event+0x10/0x10 [ 122.506927] ? lock_is_held_type+0x9e/0x120 [ 122.507388] ? lock_acquire+0x18c/0x2f0 [ 122.507812] ? __update_load_avg_se+0x428/0xa40 [ 122.508305] ? lock_release+0x1c7/0x290 [ 122.508722] ? __perf_event_task_sched_in+0x235/0x5e0 [ 122.509261] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 122.509830] ? dequeue_entities+0x369/0x2130 [ 122.510298] ? lock_acquire+0x18c/0x2f0 [ 122.510718] ? lock_release+0x1c7/0x290 [ 122.511136] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.511666] perf_trace_run_bpf_submit+0xef/0x180 [ 122.512176] perf_trace_contention_begin+0x235/0x3e0 [ 122.512708] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.513285] ? lock_release+0x1c7/0x290 [ 122.513703] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.514250] ? lock_acquire+0x18c/0x2f0 [ 122.514669] trace_contention_begin+0xae/0x110 [ 122.515153] __mutex_lock+0x14b/0x1020 [ 122.515579] ? rcu_exp_wait_wake+0x129/0x1390 [ 122.516059] ? rcu_exp_wait_wake+0x129/0x1390 [ 122.516538] ? do_raw_spin_lock+0x123/0x260 [ 122.516996] ? __pfx___mutex_lock+0x10/0x10 [ 122.517452] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.517949] ? lock_acquire+0x18c/0x2f0 [ 122.518370] ? lock_acquire+0x18c/0x2f0 [ 122.518788] ? lock_release+0x1c7/0x290 [ 122.519209] ? lock_release+0x1c7/0x290 [ 122.519634] ? finish_swait+0xca/0x230 [ 122.520045] rcu_exp_wait_wake+0x129/0x1390 [ 122.520500] ? _raw_spin_lock_irqsave+0x42/0x60 [ 122.520983] ? __sync_rcu_exp_select_node_cpus+0x739/0xb20 [ 122.521563] ? __sync_rcu_exp_select_node_cpus+0x739/0xb20 [ 122.522141] ? __pfx_rcu_exp_wait_wake+0x10/0x10 [ 122.522640] ? sync_rcu_exp_select_cpus+0x3e3/0x940 [ 122.523161] ? lock_release+0x1c7/0x290 [ 122.523584] kthread_worker_fn+0x2b5/0xad0 [ 122.524020] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 122.524505] ? __pfx_kthread_worker_fn+0x10/0x10 [ 122.524994] kthread+0x3c8/0x740 [ 122.525351] ? __pfx_kthread+0x10/0x10 [ 122.525758] ? ret_from_fork+0x23/0x430 [ 122.526180] ? lock_release+0xc8/0x290 [ 122.526594] ? __pfx_kthread+0x10/0x10 [ 122.526999] ret_from_fork+0x34b/0x430 [ 122.527410] ? __pfx_kthread+0x10/0x10 [ 122.527820] ret_from_fork_asm+0x1a/0x30 [ 122.528250] [ 122.528494] Modules linked in: [ 122.528831] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#31] SMP KASAN NOPTI [ 122.529910] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.529959] ---[ end trace 0000000000000000 ]--- [ 122.530498] CPU: 0 UID: 0 PID: 894 Comm: kworker/u9:7 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.530519] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.530524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.530532] Workqueue: events_unbound cfg80211_wiphy_work [ 122.530547] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.530564] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.530575] RSP: 0018:ffff88801987f6a0 EFLAGS: 00010256 [ 122.530585] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.530593] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.530600] RBP: ffff88801987f970 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.530608] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.530615] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.530625] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.530636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.531266] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.532021] CR2: 000000c00064e000 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 122.532687] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.533166] Call Trace: [ 122.533171] [ 122.533176] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.533191] perf_tp_event+0x8b4/0xe70 [ 122.533208] ? __percpu_counter_sum+0x1b9/0x250 [ 122.533224] ? __pfx_perf_tp_event+0x10/0x10 [ 122.533240] ? lock_acquire+0x18c/0x2f0 [ 122.533254] ? lock_release+0x1c7/0x290 [ 122.533268] ? unwind_next_frame+0x3bc/0x2540 [ 122.533286] ? ret_from_fork_asm+0x1a/0x30 [ 122.533835] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.534221] ? ret_from_fork_asm+0x1a/0x30 [ 122.534238] ? kernel_text_address+0x11/0xc0 [ 122.534253] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 122.534269] ? arch_stack_walk+0x86/0xf0 [ 122.534282] ? ret_from_fork_asm+0x1a/0x30 [ 122.534299] ? stack_trace_save+0x8e/0xc0 [ 122.536230] [ 122.536518] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.537397] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.537813] ? do_raw_spin_lock+0x123/0x260 [ 122.538680] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.539099] perf_trace_run_bpf_submit+0xef/0x180 [ 122.539118] perf_trace_contention_begin+0x235/0x3e0 [ 122.539134] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.539148] ? __pick_eevdf+0x326/0x570 [ 122.539160] ? update_curr+0x71/0x500 [ 122.539173] ? lock_acquire+0x18c/0x2f0 [ 122.539187] trace_contention_begin+0xae/0x110 [ 122.539202] __mutex_lock+0x14b/0x1020 [ 122.539220] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.539232] ? cfg80211_wiphy_work+0x7e/0x480 [ 122.539970] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.540599] ? lock_release+0x1c7/0x290 [ 122.540613] ? lock_release+0x1c7/0x290 [ 122.540627] ? __pfx___mutex_lock+0x10/0x10 [ 122.540644] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.540662] ? __virt_addr_valid+0x100/0x5d0 [ 122.540680] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.540698] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 122.540714] cfg80211_wiphy_work+0x7e/0x480 [ 122.540728] process_one_work+0x8e1/0x19c0 [ 122.541464] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.541727] ? __pfx_process_one_work+0x10/0x10 [ 122.542540] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.543892] ? move_linked_works+0x172/0x270 [ 122.543913] ? assign_work+0x196/0x240 [ 122.543927] worker_thread+0x67e/0xe90 [ 122.543941] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.543955] ? __pfx_worker_thread+0x10/0x10 [ 122.543970] kthread+0x3c8/0x740 [ 122.543982] ? __pfx_kthread+0x10/0x10 [ 122.543994] ? ret_from_fork+0x23/0x430 [ 122.544012] ? lock_release+0xc8/0x290 [ 122.544409] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.544471] ? __pfx_kthread+0x10/0x10 [ 122.544976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.545275] ret_from_fork+0x34b/0x430 [ 122.545294] ? __pfx_kthread+0x10/0x10 [ 122.545306] ret_from_fork_asm+0x1a/0x30 [ 122.545325] [ 122.545329] Modules linked in: [ 122.545406] ---[ end trace 0000000000000000 ]--- [ 122.545859] CR2: 00007f5acf167000 CR3: 0000000033f27000 CR4: 0000000000350ef0 [ 122.546404] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.546684] note: rcu_exp_gp_kthr[17] exited with preempt_count 2 [ 122.546996] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.553649] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#32] SMP KASAN NOPTI [ 122.554349] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.554590] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.554911] [ 122.554917] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.555301] CPU: 1 UID: 0 PID: 287 Comm: syz-executor.3 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.555328] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.555334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.555343] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.555367] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.555698] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.556159] RSP: 0018:ffff88801b6ef660 EFLAGS: 00010217 [ 122.556173] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.556183] RDX: ffff88801b561b80 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.556194] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.556204] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.556213] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.556519] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.556976] FS: 000055558e6cc400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.558406] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.558442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.559599] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.559707] CR2: 00007f5acf167000 CR3: 0000000043c4f000 CR4: 0000000000350ef0 [ 122.560054] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.560502] Call Trace: [ 122.560508] [ 122.560514] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.560534] perf_tp_event+0x8b4/0xe70 [ 122.560554] ? kasan_save_stack+0x34/0x50 [ 122.560574] ? __do_wait+0x218/0x8f0 [ 122.560592] ? __pfx_perf_tp_event+0x10/0x10 [ 122.560613] ? delete_node+0x20e/0x730 [ 122.561047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.561475] ? destroy_inode+0x12b/0x1b0 [ 122.561498] ? __radix_tree_delete+0x13e/0x380 [ 122.561520] ? radix_tree_delete_item+0xef/0x230 [ 122.561851] CR2: 000000c00064e000 CR3: 000000001f71d000 CR4: 0000000000350ef0 [ 122.562564] ? lock_acquire+0x18c/0x2f0 [ 122.562951] note: kworker/u9:7[894] exited with preempt_count 2 [ 122.563668] ? lock_acquire+0x18c/0x2f0 [ 122.599671] ? lock_release+0x1c7/0x290 [ 122.600082] ? __virt_addr_valid+0x100/0x5d0 [ 122.600536] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.601069] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.601577] perf_trace_run_bpf_submit+0xef/0x180 [ 122.602074] perf_trace_contention_begin+0x235/0x3e0 [ 122.602591] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.603151] ? __pfx_release_task+0x10/0x10 [ 122.603592] ? lock_acquire+0x18c/0x2f0 [ 122.603997] ? lock_release+0x1c7/0x290 [ 122.604399] trace_contention_begin+0xae/0x110 [ 122.604860] __mutex_lock+0x14b/0x1020 [ 122.605266] ? anon_pipe_write+0x12a/0x1a80 [ 122.605706] ? anon_pipe_write+0x12a/0x1a80 [ 122.606143] ? avc_has_perm+0x12b/0x1d0 [ 122.606566] ? __pfx___mutex_lock+0x10/0x10 [ 122.607010] ? __pfx_wait_consider_task+0x10/0x10 [ 122.607505] ? lock_acquire+0x18c/0x2f0 [ 122.607926] ? inode_has_perm+0x170/0x1c0 [ 122.608347] anon_pipe_write+0x12a/0x1a80 [ 122.608769] ? lock_release+0x1c7/0x290 [ 122.609180] ? lock_acquire+0x18c/0x2f0 [ 122.609580] ? __pfx_anon_pipe_write+0x10/0x10 [ 122.610040] ? selinux_file_permission+0x99/0x600 [ 122.610529] ? security_file_permission+0x22/0x90 [ 122.611018] vfs_write+0xbe9/0x1150 [ 122.611393] ? __pfx_anon_pipe_write+0x10/0x10 [ 122.611861] ? __pfx_vfs_write+0x10/0x10 [ 122.612274] ? __do_sys_wait4+0xb3/0x150 [ 122.612691] ? common_nsleep+0xaa/0xd0 [ 122.613086] ksys_write+0x1ef/0x240 [ 122.613456] ? __pfx_ksys_write+0x10/0x10 [ 122.613885] do_syscall_64+0xbf/0x360 [ 122.614268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.614786] RIP: 0033:0x7f300e0595ff [ 122.615161] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 122.616945] RSP: 002b:00007ffc90f7a8b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 122.617700] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f300e0595ff [ 122.618401] RDX: 000000000000000c RSI: 00007ffc90f7a9a0 RDI: 00000000000000f8 [ 122.619105] RBP: 00007ffc90f7a93c R08: 0000000000000000 R09: 00007f300e196000 [ 122.619811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 122.620512] R13: 000000000001d7b4 R14: 0000000000000002 R15: 00007ffc90f7a9a0 [ 122.621217] [ 122.621452] Modules linked in: [ 122.622527] ---[ end trace 0000000000000000 ]--- [ 122.622999] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.624061] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.626028] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.626632] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.627172] kworker/u10:3 (103) used greatest stack depth: 23824 bytes left [ 122.627409] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.628664] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.629395] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.630118] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.630828] FS: 000055558e6cc400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.631278] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#33] SMP KASAN NOPTI [ 122.631641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.632501] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.632516] CPU: 0 UID: 0 PID: 340 Comm: kworker/u9:4 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.633081] CR2: 00007f5acf167000 CR3: 0000000043c4f000 CR4: 0000000000350ef0 [ 122.633673] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.634799] note: syz-executor.3[287] exited with preempt_count 2 [ 122.635353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.635362] Workqueue: 0x0 (flush-8:0) [ 122.637292] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.637706] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.639144] RSP: 0018:ffff88801674f720 EFLAGS: 00010256 [ 122.639577] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.640141] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.640705] RBP: ffff88801674f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.641274] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.641834] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.642396] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.643029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.643489] CR2: 000000c00064e000 CR3: 00000000207f3000 CR4: 0000000000350ef0 [ 122.644061] Call Trace: [ 122.644270] [ 122.644455] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.644859] perf_tp_event+0x8b4/0xe70 [ 122.645186] ? __pfx_perf_tp_event+0x10/0x10 [ 122.645544] ? kasan_save_stack+0x34/0x50 [ 122.645881] ? kasan_save_stack+0x24/0x50 [ 122.646219] ? kasan_save_track+0x14/0x30 [ 122.646553] ? __kasan_save_free_info+0x3a/0x60 [ 122.646927] ? __kasan_slab_free+0x3f/0x50 [ 122.647268] ? kfree+0x281/0x550 [ 122.647553] ? __kthread_create_on_node+0x29d/0x3c0 [ 122.647968] ? kthread_create_on_node+0xbe/0x100 [ 122.648362] ? create_worker+0x408/0x800 [ 122.648696] ? worker_thread+0x956/0xe90 [ 122.649034] ? kthread+0x3c8/0x740 [ 122.649332] ? ret_from_fork+0x34b/0x430 [ 122.649681] ? ret_from_fork_asm+0x1a/0x30 [ 122.650046] ? kthread_data+0x53/0xc0 [ 122.650358] ? wq_worker_running+0x57/0x250 [ 122.650718] ? schedule_timeout+0x14f/0x280 [ 122.651082] ? __pfx_schedule_timeout+0x10/0x10 [ 122.651469] ? trace_ipi_send_cpu.constprop.0+0x158/0x1c0 [ 122.651931] ? do_raw_spin_lock+0x123/0x260 [ 122.652298] ? lock_acquire+0x18c/0x2f0 [ 122.652626] ? lock_release+0x1c7/0x290 [ 122.652955] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.653373] perf_trace_run_bpf_submit+0xef/0x180 [ 122.653773] perf_trace_contention_begin+0x235/0x3e0 [ 122.654194] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.654653] ? dequeue_entities+0xf4e/0x2130 [ 122.655025] ? lock_acquire+0x18c/0x2f0 [ 122.655356] trace_contention_begin+0xae/0x110 [ 122.655746] __mutex_lock+0x14b/0x1020 [ 122.656076] ? worker_attach_to_pool+0x25/0x3c0 [ 122.656467] ? worker_attach_to_pool+0x25/0x3c0 [ 122.656850] ? wait_task_inactive+0x669/0xa20 [ 122.657226] ? set_cpus_allowed_fair+0xd/0x20 [ 122.657597] ? __do_set_cpus_allowed+0x1a6/0x8d0 [ 122.657995] ? __pfx___mutex_lock+0x10/0x10 [ 122.658357] ? do_set_cpus_allowed+0x7a/0xd0 [ 122.658724] ? __pfx_do_set_cpus_allowed+0x10/0x10 [ 122.659136] ? lock_release+0x1c7/0x290 [ 122.659465] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.659913] worker_attach_to_pool+0x25/0x3c0 [ 122.660297] create_worker+0x2a9/0x800 [ 122.660622] ? __pfx_create_worker+0x10/0x10 [ 122.660987] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.661373] ? lock_release+0x1c7/0x290 [ 122.661704] worker_thread+0x956/0xe90 [ 122.662025] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.662456] ? __pfx_worker_thread+0x10/0x10 [ 122.662819] kthread+0x3c8/0x740 [ 122.663110] ? __pfx_kthread+0x10/0x10 [ 122.663434] ? ret_from_fork+0x23/0x430 [ 122.663779] ? lock_release+0xc8/0x290 [ 122.664103] ? __pfx_kthread+0x10/0x10 [ 122.664426] ret_from_fork+0x34b/0x430 [ 122.664753] ? __pfx_kthread+0x10/0x10 [ 122.665078] ret_from_fork_asm+0x1a/0x30 [ 122.665421] [ 122.665616] Modules linked in: [ 122.665887] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#34] SMP KASAN NOPTI [ 122.666945] ---[ end trace 0000000000000000 ]--- [ 122.666958] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.668078] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.668174] CPU: 1 UID: 0 PID: 3941 Comm: syz-executor.0 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.668583] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.669683] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.669690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.671169] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.671629] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.672306] [ 122.672783] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.673206] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.673358] RSP: 0018:ffff888048a5f820 EFLAGS: 00010217 [ 122.674837] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.675485] [ 122.675490] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.675930] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.676583] RDX: ffff888045e19b80 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.676594] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.676735] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.677398] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.677409] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.677981] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.678642] FS: 0000555587fd7400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.679236] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.679893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.680485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.681130] CR2: 00007f5acf167000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 122.681140] Call Trace: [ 122.681717] CR2: 000000c00064e000 CR3: 00000000207f3000 CR4: 0000000000350ef0 [ 122.682452] [ 122.682459] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.683120] note: kworker/u9:4[340] exited with preempt_count 2 [ 122.683653] perf_tp_event+0x8b4/0xe70 [ 122.687218] ? __pfx_perf_tp_event+0x10/0x10 [ 122.687645] ? stack_depot_save_flags+0x2c/0xa20 [ 122.688099] ? lock_acquire+0x18c/0x2f0 [ 122.688482] ? lock_release+0x1c7/0x290 [ 122.688859] ? lock_acquire+0x18c/0x2f0 [ 122.689239] ? lock_acquire+0x18c/0x2f0 [ 122.689616] ? lock_release+0x1c7/0x290 [ 122.689995] ? __is_insn_slot_addr+0x140/0x290 [ 122.690439] ? kernel_text_address+0x5b/0xc0 [ 122.690860] ? __kernel_text_address+0xd/0x40 [ 122.691289] ? unwind_get_return_address+0x59/0xa0 [ 122.691770] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 122.692286] ? arch_stack_walk+0x9c/0xf0 [ 122.692668] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.693142] perf_trace_run_bpf_submit+0xef/0x180 [ 122.693600] perf_trace_contention_begin+0x235/0x3e0 [ 122.694076] ? stack_depot_save_flags+0x2c/0xa20 [ 122.694516] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.695036] ? do_raw_spin_lock+0x123/0x260 [ 122.695440] ? lock_acquire+0x18c/0x2f0 [ 122.695823] ? lock_acquire+0x18c/0x2f0 [ 122.696196] trace_contention_begin+0xae/0x110 [ 122.696631] __mutex_lock+0x14b/0x1020 [ 122.696999] ? perf_event_exit_task+0x46/0x510 [ 122.697430] ? perf_event_exit_task+0x46/0x510 [ 122.697863] ? do_raw_spin_lock+0x123/0x260 [ 122.698266] ? lock_acquire+0x18c/0x2f0 [ 122.698639] ? __pfx___mutex_lock+0x10/0x10 [ 122.699046] ? _raw_spin_unlock_irq+0x23/0x40 [ 122.699470] ? lock_release+0x1c7/0x290 [ 122.699853] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.700341] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.700819] ? taskstats_exit+0x8c/0xba0 [ 122.701198] perf_event_exit_task+0x46/0x510 [ 122.701617] do_exit+0x626/0x2970 [ 122.701947] ? signal_wake_up_state+0x85/0x120 [ 122.702381] ? zap_other_threads+0x2b9/0x3a0 [ 122.702802] ? __pfx_do_exit+0x10/0x10 [ 122.703166] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.703612] ? lock_release+0x1c7/0x290 [ 122.703989] do_group_exit+0xd3/0x2a0 [ 122.704350] __x64_sys_exit_group+0x3e/0x50 [ 122.704757] x64_sys_call+0x18c5/0x18d0 [ 122.705134] do_syscall_64+0xbf/0x360 [ 122.705491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.705965] RIP: 0033:0x7f6207457b19 [ 122.706313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.707986] RSP: 002b:00007ffd8b0507c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 122.708678] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f6207457b19 [ 122.709327] RDX: 00007f620740a72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 122.709979] RBP: 0000000000000000 R08: 0000001b2cf219a8 R09: 0000000000000000 [ 122.710635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.711291] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd8b0508b0 [ 122.711950] [ 122.712170] Modules linked in: [ 122.712471] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#35] SMP KASAN NOPTI [ 122.713197] ---[ end trace 0000000000000000 ]--- [ 122.713396] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.713826] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.714442] CPU: 0 UID: 0 PID: 6 Comm: kworker/R-kvfre Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.714463] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.714468] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.714476] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.714495] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.714506] RSP: 0018:ffff8880095c7760 EFLAGS: 00010256 [ 122.714516] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.714524] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.714532] RBP: ffff8880095c7a30 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.714540] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.714548] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.714557] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.714568] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.714576] CR2: 000000c00064e000 CR3: 0000000038c61000 CR4: 0000000000350ef0 [ 122.714584] Call Trace: [ 122.714588] [ 122.714592] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.714607] perf_tp_event+0x8b4/0xe70 [ 122.714625] ? __pfx_perf_tp_event+0x10/0x10 [ 122.714648] ? lock_is_held_type+0x9e/0x120 [ 122.714668] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.714684] ? lock_acquire+0x18c/0x2f0 [ 122.714698] perf_trace_run_bpf_submit+0xef/0x180 [ 122.714715] perf_trace_contention_begin+0x235/0x3e0 [ 122.714730] ? __pfx___perf_event_task_sched_in+0x10/0x10 [ 122.714743] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.714759] ? lock_acquire+0x18c/0x2f0 [ 122.714773] trace_contention_begin+0xae/0x110 [ 122.714788] __mutex_lock+0x14b/0x1020 [ 122.714805] ? worker_attach_to_pool+0x25/0x3c0 [ 122.714823] ? worker_attach_to_pool+0x25/0x3c0 [ 122.714842] ? __pfx___mutex_lock+0x10/0x10 [ 122.714859] ? __pfx___schedule+0x10/0x10 [ 122.714876] ? lock_acquire+0x15e/0x2f0 [ 122.714890] ? do_raw_spin_lock+0x123/0x260 [ 122.714905] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.714922] worker_attach_to_pool+0x25/0x3c0 [ 122.714939] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.714952] rescuer_thread+0x367/0xd60 [ 122.714967] ? find_held_lock+0x2b/0x80 [ 122.714986] ? __pfx_rescuer_thread+0x10/0x10 [ 122.715000] ? __kthread_parkme+0x1a7/0x250 [ 122.715018] ? __pfx_rescuer_thread+0x10/0x10 [ 122.715033] kthread+0x3c8/0x740 [ 122.715045] ? __pfx_kthread+0x10/0x10 [ 122.715057] ? ret_from_fork+0x23/0x430 [ 122.715074] ? lock_release+0xc8/0x290 [ 122.715088] ? __pfx_kthread+0x10/0x10 [ 122.715100] ret_from_fork+0x34b/0x430 [ 122.715117] ? __pfx_kthread+0x10/0x10 [ 122.715130] ret_from_fork_asm+0x1a/0x30 [ 122.715148] [ 122.715152] Modules linked in: [ 122.715302] ---[ end trace 0000000000000000 ]--- [ 122.715308] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.715326] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.715337] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.715347] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.715355] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.715363] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.715371] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.715379] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.715388] FS: 0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.715399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.715407] CR2: 000000c00064e000 CR3: 0000000038c61000 CR4: 0000000000350ef0 [ 122.715416] note: kworker/R-kvfre[6] exited with preempt_count 2 [ 122.715883] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.717523] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#36] SMP KASAN NOPTI [ 122.718331] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.718669] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.720443] [ 122.720792] CPU: 0 UID: 0 PID: 3786 Comm: systemd-udevd Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.721504] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.722012] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.722725] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.723234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.723242] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.723260] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.723272] RSP: 0018:ffff888017ab7660 EFLAGS: 00010256 [ 122.723282] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.723290] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.723297] RBP: ffff888017ab7930 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.723305] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.723964] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.724622] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.724633] FS: 00007ffbab5c98c0(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.724644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.724652] CR2: 000000c00064e000 CR3: 0000000046d0a000 CR4: 0000000000350ef0 [ 122.724660] Call Trace: [ 122.724664] [ 122.724668] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.724683] perf_tp_event+0x8b4/0xe70 [ 122.725291] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.725802] ? __pfx_perf_tp_event+0x10/0x10 [ 122.726038] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.726225] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.726244] ? stack_depot_save_flags+0x42c/0xa20 [ 122.726259] ? kasan_save_stack+0x34/0x50 [ 122.726273] ? kasan_save_stack+0x24/0x50 [ 122.726287] ? kasan_record_aux_stack+0x89/0xa0 [ 122.726298] ? __call_rcu_common.constprop.0+0x70/0x960 [ 122.726314] ? put_task_struct_rcu_user+0x75/0xc0 [ 122.726760] FS: 0000555587fd7400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.727074] ? __schedule+0xe86/0x3590 [ 122.727624] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.727827] ? schedule+0xdb/0x390 [ 122.728428] CR2: 00007f5acf167000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 122.728591] ? schedule_hrtimeout_range_clock+0x2d0/0x310 [ 122.729025] note: syz-executor.0[3941] exited with preempt_count 2 [ 122.729426] ? do_epoll_wait+0xc8d/0xee0 [ 122.729446] ? __x64_sys_epoll_wait+0x15b/0x280 [ 122.729461] ? do_syscall_64+0xbf/0x360 [ 122.729473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.729485] ? css_rstat_updated+0x1b8/0x4d0 [ 122.729502] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.729519] ? lock_is_held_type+0x9e/0x120 [ 122.730006] Fixing recursive fault but reboot is needed! [ 122.730457] ? do_raw_spin_lock+0x123/0x260 [ 122.730474] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.771885] ? lock_acquire+0x18c/0x2f0 [ 122.772205] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.772597] perf_trace_run_bpf_submit+0xef/0x180 [ 122.772994] perf_trace_contention_begin+0x235/0x3e0 [ 122.773408] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.773843] ? __call_rcu_common.constprop.0+0x4c1/0x960 [ 122.774263] ? lock_acquire+0x18c/0x2f0 [ 122.774578] trace_contention_begin+0xae/0x110 [ 122.774941] __mutex_lock+0x14b/0x1020 [ 122.775253] ? ep_send_events+0xff/0xaa0 [ 122.775580] ? ep_send_events+0xff/0xaa0 [ 122.775902] ? __pfx___mutex_lock+0x10/0x10 [ 122.776243] ? lock_acquire+0x15e/0x2f0 [ 122.776556] ? find_held_lock+0x2b/0x80 [ 122.776872] ? schedule+0x2c7/0x390 [ 122.777162] ? lock_release+0xc8/0x290 [ 122.777475] ep_send_events+0xff/0xaa0 [ 122.777782] ? schedule_hrtimeout_range_clock+0x1c0/0x310 [ 122.778213] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 122.778668] ? __pfx_ep_send_events+0x10/0x10 [ 122.779023] ? lock_release+0xc8/0x290 [ 122.779331] do_epoll_wait+0x42e/0xee0 [ 122.779646] ? __pfx_sock_write_iter+0x10/0x10 [ 122.780008] ? __pfx_do_epoll_wait+0x10/0x10 [ 122.780361] ? populate_seccomp_data+0x213/0x540 [ 122.780736] ? __pfx_ep_autoremove_wake_function+0x10/0x10 [ 122.781169] ? __pfx___seccomp_filter+0x10/0x10 [ 122.781536] __x64_sys_epoll_wait+0x15b/0x280 [ 122.781893] ? __pfx___x64_sys_epoll_wait+0x10/0x10 [ 122.782286] ? ksys_write+0x1a3/0x240 [ 122.782590] ? __secure_computing+0x18d/0x290 [ 122.782947] do_syscall_64+0xbf/0x360 [ 122.783246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.783651] RIP: 0033:0x7ffbaba880d6 [ 122.783945] Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 e8 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 18 48 89 74 24 [ 122.785334] RSP: 002b:00007ffe89739718 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 122.785915] RAX: ffffffffffffffda RBX: 000055d99da82520 RCX: 00007ffbaba880d6 [ 122.786462] RDX: 0000000000000002 RSI: 000055d99daa1ed0 RDI: 0000000000000003 [ 122.787011] RBP: ffffffffffffffff R08: 0000000000000002 R09: 0000000000000000 [ 122.787570] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 122.788118] R13: 0000000000000002 R14: 000055d97ebb82e6 R15: 0000000000000000 [ 122.788669] [ 122.788854] Modules linked in: [ 122.789113] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#37] SMP KASAN NOPTI [ 122.790081] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.790175] ---[ end trace 0000000000000000 ]--- [ 122.790794] CPU: 1 UID: 0 PID: 39 Comm: kworker/1:1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.791862] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.792099] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.792106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.792502] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.792912] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.793554] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.795005] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.795409] [ 122.795846] RSP: 0018:ffff888009ce7720 EFLAGS: 00010217 [ 122.797247] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.797378] [ 122.797777] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.798357] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.798368] RDX: ffff888009895280 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.798502] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.799080] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.799090] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.799644] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.800220] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.800232] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.800244] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.800253] CR2: 00007f5acf167000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 122.800795] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.801378] Call Trace: [ 122.801384] [ 122.801390] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.801929] FS: 00007ffbab5c98c0(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.802504] perf_tp_event+0x8b4/0xe70 [ 122.803052] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.803721] ? __pfx_perf_tp_event+0x10/0x10 [ 122.804185] CR2: 000000c00064e000 CR3: 0000000046d0a000 CR4: 0000000000350ef0 [ 122.804749] ? kasan_save_stack+0x34/0x50 [ 122.805304] note: systemd-udevd[3786] exited with preempt_count 2 [ 122.805509] ? kasan_save_stack+0x24/0x50 [ 122.809569] ? kasan_save_track+0x14/0x30 [ 122.809910] ? __kasan_save_free_info+0x3a/0x60 [ 122.810294] ? __kasan_slab_free+0x3f/0x50 [ 122.810646] ? kfree+0x281/0x550 [ 122.810938] ? __kthread_create_on_node+0x29d/0x3c0 [ 122.811355] ? kthread_create_on_node+0xbe/0x100 [ 122.811777] ? create_worker+0x408/0x800 [ 122.812117] ? worker_thread+0x956/0xe90 [ 122.812460] ? kthread+0x3c8/0x740 [ 122.812755] ? ret_from_fork+0x34b/0x430 [ 122.813100] ? ret_from_fork_asm+0x1a/0x30 [ 122.813457] ? kthread_data+0x53/0xc0 [ 122.813773] ? wq_worker_running+0x57/0x250 [ 122.814136] ? schedule_timeout+0x14f/0x280 [ 122.814498] ? __pfx_schedule_timeout+0x10/0x10 [ 122.814882] ? do_raw_spin_lock+0x123/0x260 [ 122.815240] ? lock_acquire+0x18c/0x2f0 [ 122.815575] ? lock_release+0x1c7/0x290 [ 122.815919] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.816330] ? __virt_addr_valid+0x100/0x5d0 [ 122.816700] perf_trace_run_bpf_submit+0xef/0x180 [ 122.817099] perf_trace_contention_begin+0x235/0x3e0 [ 122.817522] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.817974] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.818362] ? lock_acquire+0x18c/0x2f0 [ 122.818689] trace_contention_begin+0xae/0x110 [ 122.819068] __mutex_lock+0x14b/0x1020 [ 122.819397] ? worker_attach_to_pool+0x25/0x3c0 [ 122.819809] ? worker_attach_to_pool+0x25/0x3c0 [ 122.820196] ? wait_task_inactive+0x669/0xa20 [ 122.820572] ? set_cpus_allowed_fair+0xd/0x20 [ 122.820942] ? __do_set_cpus_allowed+0x1a6/0x8d0 [ 122.821336] ? __pfx___mutex_lock+0x10/0x10 [ 122.821695] ? do_set_cpus_allowed+0x7a/0xd0 [ 122.822057] ? __pfx_do_set_cpus_allowed+0x10/0x10 [ 122.822460] ? lock_release+0x1c7/0x290 [ 122.822790] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.823224] worker_attach_to_pool+0x25/0x3c0 [ 122.823620] create_worker+0x2a9/0x800 [ 122.823943] ? __pfx_create_worker+0x10/0x10 [ 122.824307] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.824692] ? lock_release+0x1c7/0x290 [ 122.825020] worker_thread+0x956/0xe90 [ 122.825342] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.825770] ? __pfx_worker_thread+0x10/0x10 [ 122.826133] kthread+0x3c8/0x740 [ 122.826413] ? __pfx_kthread+0x10/0x10 [ 122.826730] ? ret_from_fork+0x23/0x430 [ 122.827060] ? lock_release+0xc8/0x290 [ 122.827385] ? __pfx_kthread+0x10/0x10 [ 122.827722] ret_from_fork+0x34b/0x430 [ 122.828047] ? __pfx_kthread+0x10/0x10 [ 122.828368] ret_from_fork_asm+0x1a/0x30 [ 122.828705] [ 122.828898] Modules linked in: [ 122.831572] ---[ end trace 0000000000000000 ]--- [ 122.831974] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.835256] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.836747] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.837189] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.837760] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.838349] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.838916] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.839505] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.840109] FS: 0000000000000000(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.840754] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.841231] CR2: 00007f5acf167000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 122.841802] note: kworker/1:1[39] exited with preempt_count 2 [ 122.842398] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#38] SMP KASAN NOPTI [ 122.843326] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.844038] CPU: 1 UID: 0 PID: 3946 Comm: syz-executor.0 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.844985] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.845384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.846034] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.846453] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.847894] RSP: 0018:ffff88801b5b75e0 EFLAGS: 00010217 [ 122.848315] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.848880] RDX: ffff888046213700 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.849439] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.850005] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.850568] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.851128] FS: 00007f62049cd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.851785] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.852248] CR2: 00007f5acf167000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 122.852810] Call Trace: [ 122.853017] [ 122.853203] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.853606] perf_tp_event+0x8b4/0xe70 [ 122.853925] ? search_extable+0x82/0xb0 [ 122.854264] ? __pfx_perf_tp_event+0x10/0x10 [ 122.854625] ? kernelmode_fixup_or_oops.constprop.0+0x77/0xe0 [ 122.855094] ? __bad_area_nosemaphore+0x389/0x620 [ 122.855488] ? css_rstat_updated+0x1b8/0x4d0 [ 122.855871] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.856262] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 122.856707] ? __resched_curr+0x2a2/0x330 [ 122.857044] ? lock_acquire+0x18c/0x2f0 [ 122.857365] ? __update_load_avg_se+0x428/0xa40 [ 122.857750] ? lock_release+0x1c7/0x290 [ 122.858071] ? __perf_event_task_sched_in+0x235/0x5e0 [ 122.858490] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.858890] ? xfd_validate_state+0x55/0x180 [ 122.859249] ? lock_release+0x1c7/0x290 [ 122.859580] perf_trace_run_bpf_submit+0xef/0x180 [ 122.859981] perf_trace_contention_begin+0x235/0x3e0 [ 122.860390] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.860833] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 122.861246] ? lock_acquire+0x18c/0x2f0 [ 122.861576] trace_contention_begin+0xae/0x110 [ 122.861962] __mutex_lock+0x14b/0x1020 [ 122.862285] ? perf_event_exit_task+0x46/0x510 [ 122.862657] ? perf_event_exit_task+0x46/0x510 [ 122.863026] ? do_raw_spin_lock+0x123/0x260 [ 122.863374] ? lock_acquire+0x18c/0x2f0 [ 122.863715] ? __pfx___mutex_lock+0x10/0x10 [ 122.864064] ? _raw_spin_unlock_irq+0x23/0x40 [ 122.864175] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 122.864429] ? lock_release+0x1c7/0x290 [ 122.864446] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.864460] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.864477] ? taskstats_exit+0x8c/0xba0 [ 122.864490] perf_event_exit_task+0x46/0x510 [ 122.864509] do_exit+0x626/0x2970 [ 122.864524] ? lock_release+0x1c7/0x290 [ 122.864538] ? __pfx_do_exit+0x10/0x10 [ 122.864552] ? do_raw_spin_lock+0x123/0x260 [ 122.864568] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.864586] do_group_exit+0xd3/0x2a0 [ 122.864600] get_signal+0x2315/0x2340 [ 122.864622] ? __pfx_get_signal+0x10/0x10 [ 122.864639] ? do_futex+0x135/0x370 [ 122.864654] ? __pfx_do_futex+0x10/0x10 [ 122.864668] arch_do_signal_or_restart+0x80/0x790 [ 122.864686] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.864703] ? __x64_sys_futex+0x1c9/0x4d0 [ 122.864717] ? __x64_sys_futex+0x1d2/0x4d0 [ 122.864731] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.864745] ? xfd_validate_state+0x55/0x180 [ 122.864762] ? __pfx_do_readv+0x10/0x10 [ 122.864776] exit_to_user_mode_loop+0x8b/0x110 [ 122.864790] do_syscall_64+0x2f7/0x360 [ 122.864803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.864816] RIP: 0033:0x7f6207457b19 [ 122.864825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.864837] RSP: 002b:00007f62049cd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.864849] RAX: fffffffffffffe00 RBX: 00007f620756af68 RCX: 00007f6207457b19 [ 122.864857] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f620756af68 [ 122.864864] RBP: 00007f620756af60 R08: 0000000000000000 R09: 0000000000000000 [ 122.864872] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f620756af6c [ 122.864880] R13: 00007ffd8b05059f R14: 00007f62049cd300 R15: 0000000000022000 [ 122.864891] [ 122.864895] Modules linked in: [ 122.865466] ---[ end trace 0000000000000000 ]--- [ 122.865474] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.865492] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.865503] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.865513] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.865521] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.865529] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.865538] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.865545] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.865556] FS: 00007f62049cd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.865567] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.865576] CR2: 00007f5acf167000 CR3: 0000000020529000 CR4: 0000000000350ef0 [ 122.865585] note: syz-executor.0[3946] exited with preempt_count 2 [ 122.865593] Fixing recursive fault but reboot is needed! [ 122.865598] BUG: scheduling while atomic: syz-executor.0/3946/0x00000000 [ 122.865606] INFO: lockdep is turned off. [ 122.865609] Modules linked in: [ 122.865619] CPU: 1 UID: 0 PID: 3946 Comm: syz-executor.0 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.865639] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.865643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.865650] Call Trace: [ 122.865653] [ 122.865657] dump_stack_lvl+0xfa/0x120 [ 122.865676] __schedule_bug+0xb9/0x100 [ 122.865689] __schedule+0x24f3/0x3590 [ 122.865705] ? __pfx_vprintk_emit+0x10/0x10 [ 122.865725] ? arch_do_signal_or_restart+0x80/0x790 [ 122.865741] ? __pfx___schedule+0x10/0x10 [ 122.865757] ? do_raw_spin_lock+0x123/0x260 [ 122.865772] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.865788] ? lock_acquire+0x18c/0x2f0 [ 122.865801] ? lock_release+0x1c7/0x290 [ 122.865814] ? do_task_dead+0x3e/0x110 [ 122.865829] do_task_dead+0xdc/0x110 [ 122.865842] make_task_dead+0x373/0x3b0 [ 122.865855] ? do_syscall_64+0x2f7/0x360 [ 122.865867] rewind_stack_and_make_dead+0x16/0x20 [ 122.865883] RIP: 0033:0x7f6207457b19 [ 122.865891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.865902] RSP: 002b:00007f62049cd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.865913] RAX: fffffffffffffe00 RBX: 00007f620756af68 RCX: 00007f6207457b19 [ 122.865920] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f620756af68 [ 122.865928] RBP: 00007f620756af60 R08: 0000000000000000 R09: 0000000000000000 [ 122.865935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f620756af6c [ 122.865942] R13: 00007ffd8b05059f R14: 00007f62049cd300 R15: 0000000000022000 [ 122.865953] [ 122.866306] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000005: 0000 [#39] SMP KASAN NOPTI [ 122.902834] KASAN: probably user-memory-access in range [0x0000000100000028-0x000000010000002f] [ 122.903529] CPU: 1 UID: 0 PID: 1 Comm: systemd Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.904425] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.904819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.905461] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.905877] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.907301] RSP: 0018:ffff888009547660 EFLAGS: 00010217 [ 122.907740] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffffff8189b0f8 [ 122.908300] RDX: ffff8880094f8000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.908861] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.909420] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.909983] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.910543] FS: 00007f3224d7e900(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.911173] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.911653] CR2: 00007f5acf167000 CR3: 000000000fbab000 CR4: 0000000000350ef0 [ 122.912214] Call Trace: [ 122.912425] [ 122.912609] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.913009] perf_tp_event+0x8b4/0xe70 [ 122.913329] ? kasan_save_stack+0x34/0x50 [ 122.913666] ? __pfx_perf_tp_event+0x10/0x10 [ 122.914023] ? kfree_skbmem+0x18a/0x1f0 [ 122.914344] ? ___sys_recvmsg+0xf1/0x190 [ 122.914677] ? __sys_recvmsg+0x14d/0x200 [ 122.915006] ? do_syscall_64+0xbf/0x360 [ 122.915327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.915766] ? __lock_acquire+0x694/0x1b70 [ 122.916107] ? map_id_range_up+0x1d5/0x350 [ 122.916446] ? __pfx_map_id_range_up+0x10/0x10 [ 122.916812] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 122.917223] ? css_rstat_updated+0x1b8/0x4d0 [ 122.917583] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.917974] ? lock_is_held_type+0x9e/0x120 [ 122.918325] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.918722] perf_trace_run_bpf_submit+0xef/0x180 [ 122.919115] perf_trace_contention_begin+0x235/0x3e0 [ 122.919522] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.919982] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.920400] ? lock_acquire+0x18c/0x2f0 [ 122.920722] trace_contention_begin+0xae/0x110 [ 122.921090] __mutex_lock+0x14b/0x1020 [ 122.921407] ? ep_send_events+0xff/0xaa0 [ 122.921744] ? ep_send_events+0xff/0xaa0 [ 122.922067] ? __pfx___mutex_lock+0x10/0x10 [ 122.922413] ? lock_acquire+0x15e/0x2f0 [ 122.922733] ? find_held_lock+0x2b/0x80 [ 122.923056] ? schedule+0x2c7/0x390 [ 122.923354] ? lock_release+0xc8/0x290 [ 122.923688] ep_send_events+0xff/0xaa0 [ 122.923999] ? schedule_hrtimeout_range_clock+0x1c0/0x310 [ 122.924435] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 122.924899] ? __pfx_ep_send_events+0x10/0x10 [ 122.925261] ? lock_release+0xc8/0x290 [ 122.925573] do_epoll_wait+0x42e/0xee0 [ 122.925887] ? __pfx_do_epoll_wait+0x10/0x10 [ 122.926241] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.926625] ? __pfx_ep_autoremove_wake_function+0x10/0x10 [ 122.927069] ? handle_mm_fault+0x590/0x9b0 [ 122.927411] __x64_sys_epoll_wait+0x15b/0x280 [ 122.927789] ? __task_pid_nr_ns+0x2e/0x4f0 [ 122.928126] ? __pfx___x64_sys_epoll_wait+0x10/0x10 [ 122.928527] ? __task_pid_nr_ns+0x1a6/0x4f0 [ 122.928870] ? lock_release+0xc8/0x290 [ 122.929180] ? lock_is_held_type+0x9e/0x120 [ 122.929529] do_syscall_64+0xbf/0x360 [ 122.929832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.930243] RIP: 0033:0x7f322555b116 [ 122.930537] Code: 10 89 7c 24 0c 89 4c 24 1c e8 86 6c f8 ff 44 8b 54 24 1c 8b 54 24 18 41 89 c0 48 8b 74 24 10 8b 7c 24 0c b8 e8 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 32 44 89 c7 89 44 24 0c e8 b6 6c f8 ff 8b 44 [ 122.931973] RSP: 002b:00007ffdc8d25a90 EFLAGS: 00000293 ORIG_RAX: 00000000000000e8 [ 122.932568] RAX: ffffffffffffffda RBX: 000055b210f08b70 RCX: 00007f322555b116 [ 122.933129] RDX: 000000000000002f RSI: 000055b2118120c0 RDI: 0000000000000005 [ 122.933686] RBP: ffffffffffffffff R08: 0000000000000000 R09: a4d7157631312052 [ 122.934250] R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001 [ 122.934808] R13: 000000000000002f R14: 0000000000000000 R15: 000055b1f297bb4e [ 122.935373] [ 122.935568] Modules linked in: [ 122.935844] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#40] SMP KASAN NOPTI [ 122.935979] ---[ end trace 0000000000000000 ]--- [ 122.936749] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 122.936766] CPU: 0 UID: 0 PID: 274 Comm: syz-fuzzer Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.936787] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.936792] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.936800] RIP: 0010:filter_match_preds+0x3d/0x3220 [ 122.937285] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.937767] Code: ec 28 48 89 34 24 e8 72 9b f5 ff 48 85 db 0f 84 59 0d 00 00 e8 64 9b f5 ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 35 29 00 00 4c 8b 33 4d 85 f6 0f 84 2d 0d 00 00 [ 122.938776] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.939044] RSP: 0018:ffff8880161d7620 EFLAGS: 00010256 [ 122.939824] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.940095] [ 122.940101] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8189b0f8 [ 122.940109] RDX: 0000000000000000 RSI: ffffffff817e5b4c RDI: 0000000000000001 [ 122.940117] RBP: ffff8880161d78f0 R08: ffff88806ce31340 R09: ffffe8ffffc15ae8 [ 122.940125] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.940132] R13: 0000000000000001 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.940142] FS: 000000c00009cb10(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.940154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.940162] CR2: 000000c00064e000 CR3: 000000001bdad000 CR4: 0000000000350ef0 [ 122.940169] Call Trace: [ 122.940175] [ 122.940180] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 122.940196] perf_tp_event+0x8b4/0xe70 [ 122.940214] ? __mod_timer+0x874/0xcc0 [ 122.940618] [ 122.942038] ? __pfx_perf_tp_event+0x10/0x10 [ 122.942057] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 122.942076] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.942096] ? sk_reset_timer+0x2e/0xd0 [ 122.942115] ? tcp_schedule_loss_probe.part.0+0x185/0xb70 [ 122.942134] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 122.942155] ? __resched_curr+0x2a2/0x330 [ 122.943676] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.943990] ? kvm_sched_clock_read+0x16/0x30 [ 122.944483] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.944541] ? sched_clock+0x37/0x60 [ 122.945161] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.945650] ? sched_clock_cpu+0x6c/0x4e0 [ 122.946336] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.946761] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.947435] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.947993] perf_trace_run_bpf_submit+0xef/0x180 [ 122.948580] FS: 00007f3224d7e900(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 122.949007] perf_trace_contention_begin+0x235/0x3e0 [ 122.949284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.949396] ? __pfx_perf_trace_contention_begin+0x10/0x10 [ 122.949783] CR2: 00007f5acf167000 CR3: 000000000fbab000 CR4: 0000000000350ef0 [ 122.950085] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.950101] ? lock_acquire+0x18c/0x2f0 [ 122.950115] trace_contention_begin+0xae/0x110 [ 122.950131] __mutex_lock+0x14b/0x1020 [ 122.950150] ? ep_send_events+0xff/0xaa0 [ 122.950166] ? ep_send_events+0xff/0xaa0 [ 122.950480] note: systemd[1] exited with preempt_count 2 [ 122.950616] ? __pfx___mutex_lock+0x10/0x10 [ 122.962809] ? lock_acquire+0x18c/0x2f0 [ 122.963130] ? hrtimer_active+0x199/0x220 [ 122.963469] ep_send_events+0xff/0xaa0 [ 122.963796] ? schedule_hrtimeout_range_clock+0x1c0/0x310 [ 122.964238] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 122.964701] ? __pfx_ep_send_events+0x10/0x10 [ 122.965063] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 122.965429] ? read_tsc+0x9/0x20 [ 122.965708] ? ktime_get+0x16d/0x270 [ 122.966016] do_epoll_wait+0x42e/0xee0 [ 122.966329] ? security_file_permission+0x22/0x90 [ 122.966725] ? __pfx_do_epoll_wait+0x10/0x10 [ 122.967081] ? __pfx_ep_autoremove_wake_function+0x10/0x10 [ 122.967528] ? __pfx_timespec64_add_safe+0x10/0x10 [ 122.967934] ? lock_release+0x1c7/0x290 [ 122.968254] ? set_user_sigmask+0x213/0x2a0 [ 122.968606] ? __pfx_set_user_sigmask+0x10/0x10 [ 122.968985] do_compat_epoll_pwait.part.0+0x29/0x1d0 [ 122.969393] __x64_sys_epoll_pwait+0x1de/0x320 [ 122.969767] ? __pfx___x64_sys_epoll_pwait+0x10/0x10 [ 122.970176] ? __pfx_ksys_write+0x10/0x10 [ 122.970517] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 122.970938] do_syscall_64+0xbf/0x360 [ 122.971248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.971664] RIP: 0033:0x4666e0 [ 122.971927] Code: 0f 05 89 44 24 20 c3 cc cc cc 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 44 8b 54 24 1c 49 c7 c0 00 00 00 00 b8 19 01 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 c7 [ 122.973345] RSP: 002b:000000c0003d97f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000119 [ 122.973947] RAX: ffffffffffffffda RBX: 0000000000000037 RCX: 00000000004666e0 [ 122.974510] RDX: 0000000000000080 RSI: 000000c0003d9840 RDI: 0000000000000003 [ 122.975066] RBP: 000000c0003d9e40 R08: 0000000000000000 R09: 00007f20475b0000 [ 122.975633] R10: 0000000000000037 R11: 0000000000000246 R12: 000000000000011e [ 122.976195] R13: 000000c0003ae000 R14: 000000000000000f R15: 00000000000036e9 [ 122.976758] [ 122.976950] Modules linked in: [ 122.978354] ---[ end trace 0000000000000000 ]--- [ 122.978738] RIP: 0010:filter_match_preds+0xb7/0x3220 [ 122.979322] BUG: Bad page state in process ksoftirqd/1 pfn:48a59 [ 122.979341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48a59 [ 122.979356] flags: 0x100000000000000(node=0|zone=1) [ 122.979367] page_type: f9(unknown) [ 122.979380] raw: 0100000000000000 ffffea0001229648 ffffea0001229648 0000000000000000 [ 122.979392] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000 [ 122.979399] page dumped because: nonzero mapcount [ 122.979405] Modules linked in: [ 122.979419] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.979442] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.979447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.979455] Call Trace: [ 122.979459] [ 122.979464] dump_stack_lvl+0xfa/0x120 [ 122.979488] bad_page+0x8c/0x1c0 [ 122.979502] __free_frozen_pages+0xaf9/0xe10 [ 122.979521] ? rcu_core+0x7c3/0x1800 [ 122.979537] rcu_core+0x7c8/0x1800 [ 122.979553] ? __pfx_rcu_core+0x10/0x10 [ 122.979578] ? __pfx___schedule+0x10/0x10 [ 122.979602] ? tasklet_action_common+0x274/0x3b0 [ 122.979621] handle_softirqs+0x1b1/0x770 [ 122.979648] ? __pfx_run_ksoftirqd+0x10/0x10 [ 122.979668] ? smpboot_thread_fn+0x371/0x9d0 [ 122.979688] run_ksoftirqd+0x2e/0x60 [ 122.979706] smpboot_thread_fn+0x41d/0x9d0 [ 122.979726] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 122.979746] kthread+0x3c8/0x740 [ 122.979759] ? __pfx_kthread+0x10/0x10 [ 122.979772] ? ret_from_fork+0x23/0x430 [ 122.979792] ? lock_release+0xc8/0x290 [ 122.979807] ? __pfx_kthread+0x10/0x10 [ 122.979820] ret_from_fork+0x34b/0x430 [ 122.979839] ? __pfx_kthread+0x10/0x10 [ 122.979851] ret_from_fork_asm+0x1a/0x30 [ 122.979872] [ 122.979877] BUG: Bad page state in process ksoftirqd/1 pfn:48a5a [ 122.979885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48a5a [ 122.979896] flags: 0x100000000000000(node=0|zone=1) [ 122.979905] page_type: f9(unknown) [ 122.979916] raw: 0100000000000000 ffffea0001229688 ffffea0001229688 0000000000000000 [ 122.980416] Code: 86 45 31 ed 48 bd 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 e8 48 89 44 24 08 e8 e4 9a f5 ff 49 8d 7f 30 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 80 28 00 00 41 8b 7f 30 48 c7 [ 122.981055] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000 [ 122.981457] RSP: 0018:ffff888048ac7160 EFLAGS: 00010217 [ 122.981734] page dumped because: nonzero mapcount [ 122.982349] [ 122.982948] Modules linked in: [ 122.983339] RAX: 0000000020000005 RBX: ffff888008cd0000 RCX: ffffc900029fe000 [ 122.983607] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G B D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.983635] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN [ 122.983642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.983650] Call Trace: [ 122.983654] [ 122.983658] dump_stack_lvl+0xfa/0x120 [ 122.983678] bad_page+0x8c/0x1c0 [ 122.983690] __free_frozen_pages+0xaf9/0xe10 [ 122.983707] ? rcu_core+0x7c3/0x1800 [ 122.983722] rcu_core+0x7c8/0x1800 [ 122.983738] ? __pfx_rcu_core+0x10/0x10 [ 122.983753] ? __pfx___schedule+0x10/0x10 [ 122.983770] ? tasklet_action_common+0x274/0x3b0 [ 122.983783] handle_softirqs+0x1b1/0x770 [ 122.983804] ? __pfx_run_ksoftirqd+0x10/0x10 [ 122.983823] ? smpboot_thread_fn+0x371/0x9d0 [ 122.983842] run_ksoftirqd+0x2e/0x60 [ 122.983860] smpboot_thread_fn+0x41d/0x9d0 [ 122.983880] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 122.983900] kthread+0x3c8/0x740 [ 122.983913] ? __pfx_kthread+0x10/0x10 [ 122.983925] ? ret_from_fork+0x23/0x430 [ 122.983944] ? lock_release+0xc8/0x290 [ 122.983958] ? __pfx_kthread+0x10/0x10 [ 122.983971] ret_from_fork+0x34b/0x430 [ 122.983990] ? __pfx_kthread+0x10/0x10 [ 122.984003] ret_from_fork_asm+0x1a/0x30 [ 122.984022] [ 122.984027] BUG: Bad page state in process ksoftirqd/1 pfn:48a5b [ 122.984510] RDX: 0000000000040000 RSI: ffffffff817e5bcc RDI: 000000010000002f [ 122.984904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48a5b [ 122.985564] RBP: dffffc0000000000 R08: ffff88806cf31340 R09: ffffe8ffffd15ae8 [ 122.985767] flags: 0x100000000000000(node=0|zone=1) [ 122.985948] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 122.986264] page_type: f9(unknown) [ 122.986530] R13: 0000000000000000 R14: ffff888008cd0000 R15: 00000000ffffffff [ 122.986879] raw: 0100000000000000 ffffea00012296c8 ffffea00012296c8 0000000000000000 [ 122.987180] FS: 000000c00009cb10(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 122.987461] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000 [ 122.987779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.988112] page dumped because: nonzero mapcount [ 122.988486] CR2: 000000c00064e000 CR3: 000000001bdad000 CR4: 0000000000350ef0 [ 122.988796] Modules linked in: [ 122.989154] note: syz-fuzzer[274] exited with preempt_count 2 [ 122.989490] [ 123.005127] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 123.005351] Kernel Offset: disabled [ 123.018502] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- VM DIAGNOSIS: 11:19:32 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=1ffff11002c5ee4c RCX=ffffffff8154bebf RDX=ffff88800ddc1b80 RSI=ffffffff8154bead RDI=0000000000000001 RBP=0000000000000001 RSP=ffff8880162f7258 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=ffff888017b51b80 R15=ffff8880162f7318 RIP=ffffffff8154beaf RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555579937400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f46115683a4 CR3=0000000044b67000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888048ac6b38 R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000020 R11=552030203a555043 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f5acc5cd700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff762fe0000 CR3=0000000044f12000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000