Warning: Permanently added '[localhost]:17978' (ECDSA) to the list of known hosts. 2025/08/29 09:51:42 fuzzer started 2025/08/29 09:51:42 dialing manager at localhost:43077 syzkaller login: [ 50.503915] cgroup: Unknown subsys name 'net' [ 50.577053] cgroup: Unknown subsys name 'cpuset' [ 50.593578] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:51:52 syscalls: 2214 2025/08/29 09:51:52 code coverage: enabled 2025/08/29 09:51:52 comparison tracing: enabled 2025/08/29 09:51:52 extra coverage: enabled 2025/08/29 09:51:52 setuid sandbox: enabled 2025/08/29 09:51:52 namespace sandbox: enabled 2025/08/29 09:51:52 Android sandbox: enabled 2025/08/29 09:51:52 fault injection: enabled 2025/08/29 09:51:52 leak checking: enabled 2025/08/29 09:51:52 net packet injection: enabled 2025/08/29 09:51:52 net device setup: enabled 2025/08/29 09:51:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:51:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:51:52 USB emulation: enabled 2025/08/29 09:51:52 hci packet injection: enabled 2025/08/29 09:51:52 wifi device emulation: enabled 2025/08/29 09:51:52 802.15.4 emulation: enabled 2025/08/29 09:51:52 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:51:52 fetching corpus: 50, signal 24097/27566 (executing program) 2025/08/29 09:51:52 fetching corpus: 100, signal 32462/37325 (executing program) 2025/08/29 09:51:52 fetching corpus: 150, signal 41395/47409 (executing program) 2025/08/29 09:51:52 fetching corpus: 200, signal 47285/54448 (executing program) 2025/08/29 09:51:52 fetching corpus: 250, signal 52006/60262 (executing program) 2025/08/29 09:51:52 fetching corpus: 300, signal 59386/68429 (executing program) 2025/08/29 09:51:53 fetching corpus: 350, signal 62972/72996 (executing program) 2025/08/29 09:51:53 fetching corpus: 400, signal 66662/77541 (executing program) 2025/08/29 09:51:53 fetching corpus: 450, signal 69738/81429 (executing program) 2025/08/29 09:51:53 fetching corpus: 500, signal 72248/84779 (executing program) 2025/08/29 09:51:53 fetching corpus: 550, signal 74048/87455 (executing program) 2025/08/29 09:51:53 fetching corpus: 600, signal 75819/90080 (executing program) 2025/08/29 09:51:53 fetching corpus: 650, signal 79229/93942 (executing program) 2025/08/29 09:51:53 fetching corpus: 700, signal 82036/97350 (executing program) 2025/08/29 09:51:53 fetching corpus: 750, signal 85982/101580 (executing program) 2025/08/29 09:51:53 fetching corpus: 800, signal 89259/105186 (executing program) 2025/08/29 09:51:54 fetching corpus: 850, signal 91654/108052 (executing program) 2025/08/29 09:51:54 fetching corpus: 900, signal 93594/110547 (executing program) 2025/08/29 09:51:54 fetching corpus: 950, signal 94901/112451 (executing program) 2025/08/29 09:51:54 fetching corpus: 1000, signal 96902/114891 (executing program) 2025/08/29 09:51:54 fetching corpus: 1050, signal 98701/117077 (executing program) 2025/08/29 09:51:54 fetching corpus: 1100, signal 100573/119303 (executing program) 2025/08/29 09:51:54 fetching corpus: 1150, signal 103144/122016 (executing program) 2025/08/29 09:51:54 fetching corpus: 1200, signal 104278/123616 (executing program) 2025/08/29 09:51:54 fetching corpus: 1250, signal 106117/125641 (executing program) 2025/08/29 09:51:54 fetching corpus: 1300, signal 108978/128373 (executing program) 2025/08/29 09:51:54 fetching corpus: 1350, signal 110219/129911 (executing program) 2025/08/29 09:51:55 fetching corpus: 1400, signal 111190/131246 (executing program) 2025/08/29 09:51:55 fetching corpus: 1450, signal 112332/132678 (executing program) 2025/08/29 09:51:55 fetching corpus: 1500, signal 113459/134032 (executing program) 2025/08/29 09:51:55 fetching corpus: 1550, signal 114267/135147 (executing program) 2025/08/29 09:51:55 fetching corpus: 1600, signal 115560/136585 (executing program) 2025/08/29 09:51:55 fetching corpus: 1650, signal 116438/137775 (executing program) 2025/08/29 09:51:55 fetching corpus: 1700, signal 117976/139265 (executing program) 2025/08/29 09:51:55 fetching corpus: 1750, signal 118858/140411 (executing program) 2025/08/29 09:51:55 fetching corpus: 1800, signal 119733/141508 (executing program) 2025/08/29 09:51:55 fetching corpus: 1850, signal 120642/142566 (executing program) 2025/08/29 09:51:56 fetching corpus: 1900, signal 122418/144196 (executing program) 2025/08/29 09:51:56 fetching corpus: 1950, signal 123221/145225 (executing program) 2025/08/29 09:51:56 fetching corpus: 2000, signal 124145/146228 (executing program) 2025/08/29 09:51:56 fetching corpus: 2050, signal 125558/147495 (executing program) 2025/08/29 09:51:56 fetching corpus: 2100, signal 126556/148500 (executing program) 2025/08/29 09:51:56 fetching corpus: 2150, signal 127143/149308 (executing program) 2025/08/29 09:51:56 fetching corpus: 2200, signal 128958/150620 (executing program) 2025/08/29 09:51:56 fetching corpus: 2250, signal 129713/151483 (executing program) 2025/08/29 09:51:56 fetching corpus: 2300, signal 130521/152291 (executing program) 2025/08/29 09:51:57 fetching corpus: 2350, signal 131572/153205 (executing program) 2025/08/29 09:51:57 fetching corpus: 2400, signal 132437/153971 (executing program) 2025/08/29 09:51:57 fetching corpus: 2450, signal 133446/154802 (executing program) 2025/08/29 09:51:57 fetching corpus: 2500, signal 134265/155521 (executing program) 2025/08/29 09:51:57 fetching corpus: 2550, signal 135473/156386 (executing program) 2025/08/29 09:51:57 fetching corpus: 2600, signal 136111/157022 (executing program) 2025/08/29 09:51:57 fetching corpus: 2650, signal 137014/157755 (executing program) 2025/08/29 09:51:57 fetching corpus: 2700, signal 137819/158417 (executing program) 2025/08/29 09:51:57 fetching corpus: 2750, signal 138669/159098 (executing program) 2025/08/29 09:51:57 fetching corpus: 2800, signal 139386/159709 (executing program) 2025/08/29 09:51:58 fetching corpus: 2850, signal 139801/160174 (executing program) 2025/08/29 09:51:58 fetching corpus: 2900, signal 140464/160746 (executing program) 2025/08/29 09:51:58 fetching corpus: 2950, signal 140957/161201 (executing program) 2025/08/29 09:51:58 fetching corpus: 3000, signal 141633/161746 (executing program) 2025/08/29 09:51:58 fetching corpus: 3050, signal 142120/162229 (executing program) 2025/08/29 09:51:58 fetching corpus: 3100, signal 142465/162627 (executing program) 2025/08/29 09:51:58 fetching corpus: 3150, signal 143130/163125 (executing program) 2025/08/29 09:51:58 fetching corpus: 3200, signal 143714/163549 (executing program) 2025/08/29 09:51:58 fetching corpus: 3250, signal 144314/163984 (executing program) 2025/08/29 09:51:58 fetching corpus: 3300, signal 145009/164420 (executing program) 2025/08/29 09:51:59 fetching corpus: 3350, signal 145352/164787 (executing program) 2025/08/29 09:51:59 fetching corpus: 3400, signal 145956/165209 (executing program) 2025/08/29 09:51:59 fetching corpus: 3450, signal 146992/165680 (executing program) 2025/08/29 09:51:59 fetching corpus: 3500, signal 147359/166023 (executing program) 2025/08/29 09:51:59 fetching corpus: 3550, signal 147957/166369 (executing program) 2025/08/29 09:51:59 fetching corpus: 3600, signal 148329/166662 (executing program) 2025/08/29 09:51:59 fetching corpus: 3650, signal 148776/167001 (executing program) 2025/08/29 09:51:59 fetching corpus: 3700, signal 149438/167313 (executing program) 2025/08/29 09:51:59 fetching corpus: 3750, signal 149880/167648 (executing program) 2025/08/29 09:52:00 fetching corpus: 3800, signal 150367/167914 (executing program) 2025/08/29 09:52:00 fetching corpus: 3850, signal 150801/168165 (executing program) 2025/08/29 09:52:00 fetching corpus: 3900, signal 151125/168414 (executing program) 2025/08/29 09:52:00 fetching corpus: 3950, signal 152084/168778 (executing program) 2025/08/29 09:52:00 fetching corpus: 4000, signal 152663/168997 (executing program) 2025/08/29 09:52:00 fetching corpus: 4050, signal 153462/169251 (executing program) 2025/08/29 09:52:00 fetching corpus: 4100, signal 154065/169292 (executing program) 2025/08/29 09:52:00 fetching corpus: 4150, signal 154616/169313 (executing program) 2025/08/29 09:52:00 fetching corpus: 4200, signal 155378/169316 (executing program) 2025/08/29 09:52:00 fetching corpus: 4250, signal 155854/169326 (executing program) 2025/08/29 09:52:00 fetching corpus: 4300, signal 156479/169330 (executing program) 2025/08/29 09:52:00 fetching corpus: 4350, signal 156931/169336 (executing program) 2025/08/29 09:52:01 fetching corpus: 4400, signal 157164/169344 (executing program) 2025/08/29 09:52:01 fetching corpus: 4450, signal 157688/169346 (executing program) 2025/08/29 09:52:01 fetching corpus: 4500, signal 158168/169420 (executing program) 2025/08/29 09:52:01 fetching corpus: 4550, signal 158850/169425 (executing program) 2025/08/29 09:52:01 fetching corpus: 4600, signal 159295/169450 (executing program) 2025/08/29 09:52:01 fetching corpus: 4650, signal 159708/169458 (executing program) 2025/08/29 09:52:01 fetching corpus: 4700, signal 159999/169470 (executing program) 2025/08/29 09:52:01 fetching corpus: 4750, signal 160374/169474 (executing program) 2025/08/29 09:52:01 fetching corpus: 4800, signal 160706/169486 (executing program) 2025/08/29 09:52:01 fetching corpus: 4850, signal 161053/169499 (executing program) 2025/08/29 09:52:01 fetching corpus: 4900, signal 162611/169502 (executing program) 2025/08/29 09:52:02 fetching corpus: 4950, signal 163026/169507 (executing program) 2025/08/29 09:52:02 fetching corpus: 5000, signal 163277/169510 (executing program) 2025/08/29 09:52:02 fetching corpus: 5050, signal 163672/169515 (executing program) 2025/08/29 09:52:02 fetching corpus: 5100, signal 163977/169526 (executing program) 2025/08/29 09:52:02 fetching corpus: 5150, signal 164301/169556 (executing program) 2025/08/29 09:52:02 fetching corpus: 5200, signal 164640/169580 (executing program) 2025/08/29 09:52:02 fetching corpus: 5250, signal 164963/169594 (executing program) 2025/08/29 09:52:02 fetching corpus: 5300, signal 165505/169607 (executing program) 2025/08/29 09:52:02 fetching corpus: 5350, signal 165852/169617 (executing program) 2025/08/29 09:52:02 fetching corpus: 5400, signal 166180/169622 (executing program) 2025/08/29 09:52:02 fetching corpus: 5450, signal 166508/169630 (executing program) 2025/08/29 09:52:03 fetching corpus: 5500, signal 166865/169633 (executing program) 2025/08/29 09:52:03 fetching corpus: 5545, signal 167402/169667 (executing program) 2025/08/29 09:52:03 fetching corpus: 5545, signal 167402/169667 (executing program) 2025/08/29 09:52:05 starting 8 fuzzer processes 09:52:05 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x49, &(0x7f0000000000)="a94a128f", 0x4) 09:52:05 executing program 7: madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x16) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000140), 0x0) 09:52:05 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$IPC_INFO(0x0, 0xe, &(0x7f0000000000)=""/165) 09:52:05 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b2f, 0x0) 09:52:05 executing program 3: syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @mcast1}}}}}}, 0x0) 09:52:05 executing program 4: rt_sigaction(0x20, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000000c0)) 09:52:05 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000500)={0xffffffffffffffff}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001480)) [ 73.198341] audit: type=1400 audit(1756461125.477:7): avc: denied { execmem } for pid=273 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:52:05 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x29, 0xd, &(0x7f0000000080), 0x8) [ 74.405454] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.407930] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.410593] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.417913] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.420909] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.424804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.430743] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.438924] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.449825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.452288] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.509035] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.511753] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.513604] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.525969] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.529800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.544837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.552734] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.555014] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.565245] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.566541] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.569579] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.570837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.576014] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.607793] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.610055] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.612906] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.619438] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.624412] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.631141] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.651933] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.672817] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 74.675638] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 74.679459] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 74.681772] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 74.688631] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 74.689847] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 74.695854] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 74.708810] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 74.717179] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 74.722648] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.495356] Bluetooth: hci0: command tx timeout [ 76.558717] Bluetooth: hci2: command tx timeout [ 76.559524] Bluetooth: hci1: command tx timeout [ 76.622589] Bluetooth: hci3: command tx timeout [ 76.687549] Bluetooth: hci4: command tx timeout [ 76.750631] Bluetooth: hci6: command tx timeout [ 76.751530] Bluetooth: hci5: command tx timeout [ 76.814644] Bluetooth: hci7: command tx timeout [ 78.542620] Bluetooth: hci0: command tx timeout [ 78.606826] Bluetooth: hci1: command tx timeout [ 78.606864] Bluetooth: hci2: command tx timeout [ 78.670822] Bluetooth: hci3: command tx timeout [ 78.735570] Bluetooth: hci4: command tx timeout [ 78.799646] Bluetooth: hci5: command tx timeout [ 78.799839] Bluetooth: hci6: command tx timeout [ 78.863741] Bluetooth: hci7: command tx timeout [ 80.591790] Bluetooth: hci0: command tx timeout [ 80.654595] Bluetooth: hci2: command tx timeout [ 80.656664] Bluetooth: hci1: command tx timeout [ 80.718534] Bluetooth: hci3: command tx timeout [ 80.782599] Bluetooth: hci4: command tx timeout [ 80.846703] Bluetooth: hci6: command tx timeout [ 80.847115] Bluetooth: hci5: command tx timeout [ 80.911526] Bluetooth: hci7: command tx timeout [ 82.638528] Bluetooth: hci0: command tx timeout [ 82.703548] Bluetooth: hci1: command tx timeout [ 82.703577] Bluetooth: hci2: command tx timeout [ 82.768591] Bluetooth: hci3: command tx timeout [ 82.831570] Bluetooth: hci4: command tx timeout [ 82.895534] Bluetooth: hci5: command tx timeout [ 82.895939] Bluetooth: hci6: command tx timeout [ 82.959588] Bluetooth: hci7: command tx timeout [ 116.275287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.275931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.501570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.502183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.864883] audit: type=1400 audit(1756461169.142:8): avc: denied { open } for pid=3698 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.873318] audit: type=1400 audit(1756461169.142:9): avc: denied { kernel } for pid=3698 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:52:49 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$IPC_INFO(0x0, 0xe, &(0x7f0000000000)=""/165) 09:52:49 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$IPC_INFO(0x0, 0xe, &(0x7f0000000000)=""/165) 09:52:49 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$IPC_INFO(0x0, 0xe, &(0x7f0000000000)=""/165) 09:52:49 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80}) 09:52:49 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80}) 09:52:49 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80}) 09:52:50 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80}) 09:52:50 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r0) [ 118.180004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.180641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.314278] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.315546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.474586] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.475200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.573948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.574582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.662218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.663566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.756627] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.757255] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.850032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.850664] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.950585] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.951180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.066549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.067189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.134376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.135038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.189802] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.190420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.254142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.255323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.317465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.319073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.398521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.399154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:52:51 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x49, &(0x7f0000000000)="a94a128f", 0x4) 09:52:51 executing program 3: syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @mcast1}}}}}}, 0x0) 09:52:51 executing program 7: madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x16) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000140), 0x0) 09:52:51 executing program 4: rt_sigaction(0x20, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000000c0)) 09:52:51 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000500)={0xffffffffffffffff}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001480)) 09:52:51 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r0) 09:52:51 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x29, 0xd, &(0x7f0000000080), 0x8) 09:52:51 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b2f, 0x0) 09:52:51 executing program 7: madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x16) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000140), 0x0) 09:52:52 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x49, &(0x7f0000000000)="a94a128f", 0x4) 09:52:52 executing program 3: syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @mcast1}}}}}}, 0x0) 09:52:52 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x29, 0xd, &(0x7f0000000080), 0x8) 09:52:52 executing program 4: rt_sigaction(0x20, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000000c0)) 09:52:52 executing program 7: madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x16) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000fff000/0x1000)=nil], 0x0, &(0x7f0000000140), 0x0) 09:52:52 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000500)={0xffffffffffffffff}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001480)) 09:52:52 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) syncfs(r0) 09:52:52 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b2f, 0x0) 09:52:52 executing program 3: syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1, @mcast1}}}}}}, 0x0) 09:52:52 executing program 4: rt_sigaction(0x20, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000000c0)) 09:52:52 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x49, &(0x7f0000000000)="a94a128f", 0x4) 09:52:52 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000013500)=ANY=[]) 09:52:52 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000500)={0xffffffffffffffff}, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001480)) 09:52:52 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x29, 0xd, &(0x7f0000000080), 0x8) [ 120.040035] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 120.041758] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 120.043108] CPU: 1 UID: 0 PID: 3946 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.050206] Tainted: [W]=WARN [ 120.050674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.051847] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.052563] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.055160] RSP: 0018:ffff88804432f780 EFLAGS: 00010012 [ 120.055935] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a16000 [ 120.056957] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.057978] RBP: ffff88804432f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c88 [ 120.058995] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.060021] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.061048] FS: 00007f7546834700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.062217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.063050] CR2: 00007f75493d2018 CR3: 000000001eee7000 CR4: 0000000000350ef0 [ 120.064070] Call Trace: [ 120.064449] [ 120.064804] ? __pfx_perf_tp_event+0x10/0x10 [ 120.065481] ? mark_held_locks+0x49/0x80 [ 120.066078] ? __pfx_flush_tlb_func+0x10/0x10 [ 120.066762] ? __pfx_flush_tlb_func+0x10/0x10 [ 120.067419] ? smp_call_function_many_cond+0x332/0x1110 [ 120.068204] ? __pfx_should_flush_tlb+0x10/0x10 [ 120.068901] ? __pfx_flush_tlb_func+0x10/0x10 [ 120.069566] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 120.070382] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.071115] ? __lock_acquire+0xc65/0x1b70 [ 120.071737] perf_trace_run_bpf_submit+0xef/0x180 [ 120.072444] perf_trace_preemptirq_template+0x259/0x430 [ 120.073240] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.074119] ? _raw_spin_lock_irqsave+0x53/0x60 [ 120.074807] trace_irq_disable.constprop.0+0xa6/0x100 [ 120.075580] _raw_spin_lock_irqsave+0x53/0x60 [ 120.076243] try_to_wake_up+0xa0/0x11d0 [ 120.076850] ? __pfx_try_to_wake_up+0x10/0x10 [ 120.077532] ? plist_del+0x122/0x270 [ 120.078087] ? find_held_lock+0x2b/0x80 [ 120.078677] ? futex_wake+0x474/0x540 [ 120.079247] wake_up_q+0xa1/0x130 [ 120.079770] futex_wake+0x47e/0x540 [ 120.080326] ? __pfx_futex_wake+0x10/0x10 [ 120.080946] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 120.081696] ? _raw_spin_unlock_irq+0x23/0x40 [ 120.082354] do_futex+0x26d/0x370 [ 120.082878] ? __pfx_do_futex+0x10/0x10 [ 120.083468] __x64_sys_futex+0x1c9/0x4d0 [ 120.084068] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.084933] ? __pfx___x64_sys_futex+0x10/0x10 [ 120.085602] do_syscall_64+0xbf/0x360 [ 120.086162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.086922] RIP: 0033:0x7f75492beb19 [ 120.087461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.090050] RSP: 002b:00007f7546834218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.091151] RAX: ffffffffffffffda RBX: 00007f75493d1f68 RCX: 00007f75492beb19 [ 120.092172] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75493d1f6c [ 120.093198] RBP: 00007f75493d1f60 R08: 000000000000000e R09: 0000000000000000 [ 120.094213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75493d1f6c [ 120.095234] R13: 00007ffd3c68280f R14: 00007f7546834300 R15: 0000000000022000 [ 120.096256] [ 120.096601] Modules linked in: [ 120.097098] ---[ end trace 0000000000000000 ]--- [ 120.097772] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.098457] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.101052] RSP: 0018:ffff88804432f780 EFLAGS: 00010012 [ 120.101812] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a16000 [ 120.102849] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.103889] RBP: ffff88804432f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c88 [ 120.104918] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.105940] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.106959] FS: 00007f7546834700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.108102] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.108947] CR2: 00007f75493d2018 CR3: 000000001eee7000 CR4: 0000000000350ef0 [ 120.109982] note: syz-executor.4[3946] exited with irqs disabled [ 120.110966] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 120.112575] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 120.113673] CPU: 1 UID: 0 PID: 3946 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.115402] Tainted: [D]=DIE, [W]=WARN [ 120.115962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.117155] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.117841] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.120409] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012 [ 120.121175] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 120.122199] RDX: ffff888016abd280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.123215] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd16c88 [ 120.124230] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 120.125256] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 120.126271] FS: 00007f7546834700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.127430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.128263] CR2: 00007f75493d2018 CR3: 000000001eee7000 CR4: 0000000000350ef0 [ 120.129285] Call Trace: [ 120.129662] [ 120.129985] ? enqueue_task_fair+0x43a/0x1e00 [ 120.130654] ? __pfx_perf_tp_event+0x10/0x10 [ 120.131304] ? timerqueue_add+0x1c2/0x330 [ 120.131911] ? kvm_sched_clock_read+0x16/0x30 [ 120.132569] ? sched_clock+0x37/0x60 [ 120.133130] ? sched_clock_cpu+0x6c/0x4e0 [ 120.133743] ? trace_pelt_se_tp+0xdf/0x130 [ 120.134353] ? place_entity+0x300/0x410 [ 120.134946] ? lock_acquire+0x18c/0x2f0 [ 120.135537] ? update_cfs_group+0x11d/0x260 [ 120.136164] ? lock_release+0x1c7/0x290 [ 120.136744] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.137477] ? sched_balance_trigger+0x1ac/0xcb0 [ 120.138177] perf_trace_run_bpf_submit+0xef/0x180 [ 120.138893] perf_trace_preemptirq_template+0x259/0x430 [ 120.139682] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.140534] ? lock_acquire+0x18c/0x2f0 [ 120.141129] ? irqentry_enter+0x2a/0x60 [ 120.141716] trace_irq_disable.constprop.0+0xa6/0x100 [ 120.142463] irqentry_enter+0x2a/0x60 [ 120.143027] sysvec_call_function_single+0x18/0xc0 [ 120.143744] asm_sysvec_call_function_single+0x1a/0x20 [ 120.144498] RIP: 0010:handle_softirqs+0x174/0x770 [ 120.145212] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f 84 48 06 00 00 e8 42 80 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d [ 120.147804] RSP: 0018:ffff88806cf08f78 EFLAGS: 00000246 [ 120.148565] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c2b86 [ 120.149588] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e [ 120.150604] RBP: ffff88804432fe78 R08: 0000000000000000 R09: 0000000000000000 [ 120.151629] R10: ffffffff8643ac57 R11: ffff8880159e1898 R12: 0000000000000000 [ 120.152643] R13: 0000000000000000 R14: 0000000000000382 R15: 0000000000000000 [ 120.153662] ? trace_irq_enable.constprop.0+0x26/0x100 [ 120.154422] ? handle_softirqs+0x16e/0x770 [ 120.155049] ? handle_softirqs+0x16e/0x770 [ 120.155677] __irq_exit_rcu+0xc4/0x100 [ 120.156257] irq_exit_rcu+0x9/0x20 [ 120.156795] sysvec_apic_timer_interrupt+0x70/0x80 [ 120.157511] [ 120.157848] [ 120.158187] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 120.158941] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 120.159622] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 120.162212] RSP: 0018:ffff88804432ff28 EFLAGS: 00000246 [ 120.162981] RAX: 0000000000000001 RBX: ffff888016abd280 RCX: ffffffff817c2b86 [ 120.164002] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 120.165033] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 120.166054] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016abd280 [ 120.167078] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 120.168098] ? trace_irq_enable.constprop.0+0x26/0x100 [ 120.168864] ? make_task_dead+0x214/0x3b0 [ 120.169471] ? make_task_dead+0x214/0x3b0 [ 120.170074] ? do_syscall_64+0xbf/0x360 [ 120.170656] rewind_stack_and_make_dead+0x16/0x20 [ 120.171364] RIP: 0033:0x7f75492beb19 [ 120.171916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.174520] RSP: 002b:00007f7546834218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.175610] RAX: ffffffffffffffda RBX: 00007f75493d1f68 RCX: 00007f75492beb19 [ 120.176650] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f75493d1f6c [ 120.177689] RBP: 00007f75493d1f60 R08: 000000000000000e R09: 0000000000000000 [ 120.178707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75493d1f6c [ 120.179721] R13: 00007ffd3c68280f R14: 00007f7546834300 R15: 0000000000022000 [ 120.180746] [ 120.181103] Modules linked in: [ 120.181578] ---[ end trace 0000000000000000 ]--- [ 120.182257] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.182941] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.185556] RSP: 0018:ffff88804432f780 EFLAGS: 00010012 [ 120.186329] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90006a16000 [ 120.187360] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.188377] RBP: ffff88804432f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16c88 [ 120.189402] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.190417] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.191435] FS: 00007f7546834700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.192580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.193419] CR2: 00007f75493d2018 CR3: 000000001eee7000 CR4: 0000000000350ef0 [ 120.194445] Kernel panic - not syncing: Fatal exception in interrupt [ 120.195577] Kernel Offset: disabled [ 120.196102] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:52:52 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000002 RCX=0000000000000002 RDX=1ffff1100d9c1102 RSI=0000000000000000 RDI=ffff88806ce31850 RBP=ffff88806ce08828 RSP=ffff88806ce08760 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003be53 R11=0000000000008817 R12=ffff88806ce08830 R13=ffff88806ce08818 R14=ffff88806ce08811 R15=ffff88806ce087d0 RIP=ffffffff813584a2 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555579617400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=000000004337a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804432f0e0 R8 =0000000000000000 R9 =ffffed10014ea046 R10=000000000000002d R11=552031203a555043 R12=000000000000002d R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7546834700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f75493d2018 CR3=000000001eee7000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f75493a57c000007f75493a57c8 XMM02=00007f75493a57e000007f75493a57c0 XMM03=00007f75493a57c800007f75493a57c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000