Warning: Permanently added '[localhost]:37635' (ECDSA) to the list of known hosts. 2025/08/29 09:58:27 fuzzer started 2025/08/29 09:58:27 dialing manager at localhost:43077 syzkaller login: [ 52.071009] cgroup: Unknown subsys name 'net' [ 52.143695] cgroup: Unknown subsys name 'cpuset' [ 52.156457] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:58:38 syscalls: 2214 2025/08/29 09:58:38 code coverage: enabled 2025/08/29 09:58:38 comparison tracing: enabled 2025/08/29 09:58:38 extra coverage: enabled 2025/08/29 09:58:38 setuid sandbox: enabled 2025/08/29 09:58:38 namespace sandbox: enabled 2025/08/29 09:58:38 Android sandbox: enabled 2025/08/29 09:58:38 fault injection: enabled 2025/08/29 09:58:38 leak checking: enabled 2025/08/29 09:58:38 net packet injection: enabled 2025/08/29 09:58:38 net device setup: enabled 2025/08/29 09:58:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:58:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:58:38 USB emulation: enabled 2025/08/29 09:58:38 hci packet injection: enabled 2025/08/29 09:58:38 wifi device emulation: enabled 2025/08/29 09:58:38 802.15.4 emulation: enabled 2025/08/29 09:58:38 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:58:38 fetching corpus: 40, signal 17519/21080 (executing program) 2025/08/29 09:58:38 fetching corpus: 90, signal 33212/38010 (executing program) 2025/08/29 09:58:39 fetching corpus: 140, signal 41830/47819 (executing program) 2025/08/29 09:58:39 fetching corpus: 190, signal 46901/54105 (executing program) 2025/08/29 09:58:39 fetching corpus: 240, signal 51242/59584 (executing program) 2025/08/29 09:58:39 fetching corpus: 290, signal 58103/67261 (executing program) 2025/08/29 09:58:39 fetching corpus: 340, signal 62332/72390 (executing program) 2025/08/29 09:58:39 fetching corpus: 390, signal 66248/77189 (executing program) 2025/08/29 09:58:39 fetching corpus: 440, signal 72778/84145 (executing program) 2025/08/29 09:58:39 fetching corpus: 490, signal 76271/88288 (executing program) 2025/08/29 09:58:39 fetching corpus: 540, signal 78708/91469 (executing program) 2025/08/29 09:58:39 fetching corpus: 590, signal 81809/95160 (executing program) 2025/08/29 09:58:40 fetching corpus: 640, signal 84196/98204 (executing program) 2025/08/29 09:58:40 fetching corpus: 690, signal 86690/101286 (executing program) 2025/08/29 09:58:40 fetching corpus: 740, signal 88876/104001 (executing program) 2025/08/29 09:58:40 fetching corpus: 790, signal 91962/107381 (executing program) 2025/08/29 09:58:40 fetching corpus: 840, signal 93748/109782 (executing program) 2025/08/29 09:58:40 fetching corpus: 890, signal 95361/111898 (executing program) 2025/08/29 09:58:40 fetching corpus: 940, signal 96885/113929 (executing program) 2025/08/29 09:58:40 fetching corpus: 990, signal 99012/116421 (executing program) 2025/08/29 09:58:40 fetching corpus: 1040, signal 100112/118104 (executing program) 2025/08/29 09:58:41 fetching corpus: 1090, signal 101719/120119 (executing program) 2025/08/29 09:58:41 fetching corpus: 1140, signal 103495/122157 (executing program) 2025/08/29 09:58:41 fetching corpus: 1190, signal 104543/123704 (executing program) 2025/08/29 09:58:41 fetching corpus: 1240, signal 105738/125308 (executing program) 2025/08/29 09:58:41 fetching corpus: 1290, signal 106783/126770 (executing program) 2025/08/29 09:58:41 fetching corpus: 1340, signal 108433/128609 (executing program) 2025/08/29 09:58:41 fetching corpus: 1390, signal 109947/130346 (executing program) 2025/08/29 09:58:41 fetching corpus: 1440, signal 110553/131428 (executing program) 2025/08/29 09:58:41 fetching corpus: 1490, signal 111593/132766 (executing program) 2025/08/29 09:58:42 fetching corpus: 1540, signal 113144/134435 (executing program) 2025/08/29 09:58:42 fetching corpus: 1590, signal 114085/135668 (executing program) 2025/08/29 09:58:42 fetching corpus: 1640, signal 115136/136998 (executing program) 2025/08/29 09:58:42 fetching corpus: 1690, signal 116295/138351 (executing program) 2025/08/29 09:58:42 fetching corpus: 1740, signal 117461/139657 (executing program) 2025/08/29 09:58:42 fetching corpus: 1790, signal 118433/140822 (executing program) 2025/08/29 09:58:42 fetching corpus: 1840, signal 119546/142203 (executing program) 2025/08/29 09:58:42 fetching corpus: 1890, signal 120883/143524 (executing program) 2025/08/29 09:58:42 fetching corpus: 1940, signal 121650/144535 (executing program) 2025/08/29 09:58:42 fetching corpus: 1990, signal 122706/145687 (executing program) 2025/08/29 09:58:43 fetching corpus: 2040, signal 123788/146795 (executing program) 2025/08/29 09:58:43 fetching corpus: 2090, signal 124812/147834 (executing program) 2025/08/29 09:58:43 fetching corpus: 2140, signal 125967/149007 (executing program) 2025/08/29 09:58:43 fetching corpus: 2190, signal 126958/149989 (executing program) 2025/08/29 09:58:43 fetching corpus: 2240, signal 127986/150942 (executing program) 2025/08/29 09:58:43 fetching corpus: 2290, signal 129208/152048 (executing program) 2025/08/29 09:58:43 fetching corpus: 2340, signal 130135/152883 (executing program) 2025/08/29 09:58:43 fetching corpus: 2390, signal 131247/153822 (executing program) 2025/08/29 09:58:43 fetching corpus: 2440, signal 132139/154624 (executing program) 2025/08/29 09:58:43 fetching corpus: 2490, signal 132662/155277 (executing program) 2025/08/29 09:58:43 fetching corpus: 2540, signal 133090/155889 (executing program) 2025/08/29 09:58:44 fetching corpus: 2590, signal 134017/156761 (executing program) 2025/08/29 09:58:44 fetching corpus: 2640, signal 134628/157410 (executing program) 2025/08/29 09:58:44 fetching corpus: 2690, signal 135894/158261 (executing program) 2025/08/29 09:58:44 fetching corpus: 2740, signal 136476/158875 (executing program) 2025/08/29 09:58:44 fetching corpus: 2790, signal 137391/159578 (executing program) 2025/08/29 09:58:44 fetching corpus: 2840, signal 137938/160134 (executing program) 2025/08/29 09:58:44 fetching corpus: 2890, signal 138314/160590 (executing program) 2025/08/29 09:58:44 fetching corpus: 2940, signal 138827/161097 (executing program) 2025/08/29 09:58:44 fetching corpus: 2990, signal 140678/161996 (executing program) 2025/08/29 09:58:44 fetching corpus: 3040, signal 141324/162507 (executing program) 2025/08/29 09:58:45 fetching corpus: 3090, signal 141941/162980 (executing program) 2025/08/29 09:58:45 fetching corpus: 3140, signal 142292/163389 (executing program) 2025/08/29 09:58:45 fetching corpus: 3190, signal 142883/163838 (executing program) 2025/08/29 09:58:45 fetching corpus: 3240, signal 143622/164305 (executing program) 2025/08/29 09:58:45 fetching corpus: 3290, signal 144380/164762 (executing program) 2025/08/29 09:58:45 fetching corpus: 3340, signal 144757/165178 (executing program) 2025/08/29 09:58:45 fetching corpus: 3390, signal 145260/165568 (executing program) 2025/08/29 09:58:45 fetching corpus: 3440, signal 145993/165975 (executing program) 2025/08/29 09:58:45 fetching corpus: 3490, signal 146482/166454 (executing program) 2025/08/29 09:58:45 fetching corpus: 3540, signal 146906/166852 (executing program) 2025/08/29 09:58:46 fetching corpus: 3590, signal 147578/167241 (executing program) 2025/08/29 09:58:46 fetching corpus: 3640, signal 148104/167570 (executing program) 2025/08/29 09:58:46 fetching corpus: 3690, signal 148832/167932 (executing program) 2025/08/29 09:58:46 fetching corpus: 3740, signal 149211/168244 (executing program) 2025/08/29 09:58:46 fetching corpus: 3790, signal 149700/168548 (executing program) 2025/08/29 09:58:46 fetching corpus: 3840, signal 150366/168886 (executing program) 2025/08/29 09:58:46 fetching corpus: 3890, signal 150813/169158 (executing program) 2025/08/29 09:58:46 fetching corpus: 3940, signal 151569/169411 (executing program) 2025/08/29 09:58:46 fetching corpus: 3990, signal 152139/169676 (executing program) 2025/08/29 09:58:46 fetching corpus: 4040, signal 152779/169929 (executing program) 2025/08/29 09:58:47 fetching corpus: 4090, signal 153209/170074 (executing program) 2025/08/29 09:58:47 fetching corpus: 4140, signal 153632/170136 (executing program) 2025/08/29 09:58:47 fetching corpus: 4190, signal 154023/170141 (executing program) 2025/08/29 09:58:47 fetching corpus: 4240, signal 154429/170142 (executing program) 2025/08/29 09:58:47 fetching corpus: 4290, signal 154740/170160 (executing program) 2025/08/29 09:58:47 fetching corpus: 4340, signal 155535/170173 (executing program) 2025/08/29 09:58:47 fetching corpus: 4390, signal 156091/170199 (executing program) 2025/08/29 09:58:47 fetching corpus: 4440, signal 157110/170200 (executing program) 2025/08/29 09:58:47 fetching corpus: 4490, signal 157650/170213 (executing program) 2025/08/29 09:58:47 fetching corpus: 4540, signal 158615/170301 (executing program) 2025/08/29 09:58:47 fetching corpus: 4590, signal 159036/170309 (executing program) 2025/08/29 09:58:48 fetching corpus: 4640, signal 159434/170316 (executing program) 2025/08/29 09:58:48 fetching corpus: 4690, signal 159922/170358 (executing program) 2025/08/29 09:58:48 fetching corpus: 4740, signal 160486/170366 (executing program) 2025/08/29 09:58:48 fetching corpus: 4790, signal 160915/170388 (executing program) 2025/08/29 09:58:48 fetching corpus: 4840, signal 161344/170388 (executing program) 2025/08/29 09:58:48 fetching corpus: 4890, signal 161635/170396 (executing program) 2025/08/29 09:58:48 fetching corpus: 4940, signal 162178/170410 (executing program) 2025/08/29 09:58:48 fetching corpus: 4990, signal 163013/170429 (executing program) 2025/08/29 09:58:48 fetching corpus: 5040, signal 163541/170436 (executing program) 2025/08/29 09:58:48 fetching corpus: 5090, signal 163868/170441 (executing program) 2025/08/29 09:58:48 fetching corpus: 5140, signal 164269/170463 (executing program) 2025/08/29 09:58:49 fetching corpus: 5190, signal 164646/170496 (executing program) 2025/08/29 09:58:49 fetching corpus: 5240, signal 165074/170511 (executing program) 2025/08/29 09:58:49 fetching corpus: 5290, signal 165481/170532 (executing program) 2025/08/29 09:58:49 fetching corpus: 5340, signal 165996/170548 (executing program) 2025/08/29 09:58:49 fetching corpus: 5390, signal 166454/170548 (executing program) 2025/08/29 09:58:49 fetching corpus: 5440, signal 166902/170580 (executing program) 2025/08/29 09:58:49 fetching corpus: 5490, signal 167296/170582 (executing program) 2025/08/29 09:58:49 fetching corpus: 5540, signal 167685/170610 (executing program) 2025/08/29 09:58:49 fetching corpus: 5590, signal 168069/170657 (executing program) 2025/08/29 09:58:49 fetching corpus: 5633, signal 168344/170659 (executing program) 2025/08/29 09:58:49 fetching corpus: 5633, signal 168344/170659 (executing program) 2025/08/29 09:58:52 starting 8 fuzzer processes 09:58:52 executing program 0: futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000100), 0x5000000) 09:58:52 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f00000000c0)='sockfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) flock(r2, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 09:58:52 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000fa7000/0x4000)=nil) 09:58:52 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000002100)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001f80)="8567c4c53ff5", 0x0, 0x0, 0x0, 0x0, 0x0}) 09:58:52 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x12, &(0x7f0000000000)={@ipv4}, 0x14) 09:58:52 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0) 09:58:52 executing program 3: prctl$PR_SET_IO_FLUSHER(0x39, 0x8) 09:58:52 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setresuid(0x0, 0xee01, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x4}, 0x6) [ 76.595851] audit: type=1400 audit(1756461532.227:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 77.783463] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.786029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.788050] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.794187] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.800614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.846033] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.854104] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.860498] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.869708] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.872708] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.916513] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.919104] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.921205] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.924675] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.926294] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.930923] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.933742] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.936156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.938095] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.944071] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.947656] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.955712] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.957780] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.965315] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.967417] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.991473] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.997681] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.013896] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.016236] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.017830] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.019689] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.021630] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.024401] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.028437] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.033841] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.034921] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.038826] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.042412] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.044200] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.046463] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.877745] Bluetooth: hci0: command tx timeout [ 79.941355] Bluetooth: hci1: command tx timeout [ 80.005317] Bluetooth: hci2: command tx timeout [ 80.005359] Bluetooth: hci3: command tx timeout [ 80.069386] Bluetooth: hci5: command tx timeout [ 80.069396] Bluetooth: hci4: command tx timeout [ 80.132707] Bluetooth: hci6: command tx timeout [ 80.133942] Bluetooth: hci7: command tx timeout [ 81.927269] Bluetooth: hci0: command tx timeout [ 81.989294] Bluetooth: hci1: command tx timeout [ 82.052328] Bluetooth: hci3: command tx timeout [ 82.053350] Bluetooth: hci2: command tx timeout [ 82.118355] Bluetooth: hci5: command tx timeout [ 82.118773] Bluetooth: hci4: command tx timeout [ 82.182396] Bluetooth: hci6: command tx timeout [ 82.182823] Bluetooth: hci7: command tx timeout [ 83.973388] Bluetooth: hci0: command tx timeout [ 84.037282] Bluetooth: hci1: command tx timeout [ 84.101039] Bluetooth: hci2: command tx timeout [ 84.101605] Bluetooth: hci3: command tx timeout [ 84.164484] Bluetooth: hci5: command tx timeout [ 84.165426] Bluetooth: hci4: command tx timeout [ 84.229508] Bluetooth: hci7: command tx timeout [ 84.230071] Bluetooth: hci6: command tx timeout [ 86.021322] Bluetooth: hci0: command tx timeout [ 86.086273] Bluetooth: hci1: command tx timeout [ 86.150314] Bluetooth: hci2: command tx timeout [ 86.150742] Bluetooth: hci3: command tx timeout [ 86.213322] Bluetooth: hci4: command tx timeout [ 86.213774] Bluetooth: hci5: command tx timeout [ 86.277337] Bluetooth: hci7: command tx timeout [ 86.277795] Bluetooth: hci6: command tx timeout [ 114.891856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.892588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.085283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.085907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.666327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.667700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.888198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.889307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.422292] audit: type=1400 audit(1756461573.051:8): avc: denied { open } for pid=3749 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 117.440515] audit: type=1400 audit(1756461573.051:9): avc: denied { kernel } for pid=3749 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.868319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.869616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.074315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.075478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.294836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.296022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.377667] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.379002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.530603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.532009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.691971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.693165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.840968] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.844079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.937219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.938538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.072732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.073905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.157956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.159621] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.315519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.316684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.323888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.325561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.513727] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 09:59:36 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x12, &(0x7f0000000000)={@ipv4}, 0x14) 09:59:36 executing program 3: prctl$PR_SET_IO_FLUSHER(0x39, 0x8) 09:59:36 executing program 0: futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000100), 0x5000000) 09:59:36 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setresuid(0x0, 0xee01, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x4}, 0x6) 09:59:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f00000000c0)='sockfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) flock(r2, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 09:59:36 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000fa7000/0x4000)=nil) 09:59:36 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000002100)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001f80)="8567c4c53ff5", 0x0, 0x0, 0x0, 0x0, 0x0}) 09:59:36 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0) 09:59:36 executing program 3: prctl$PR_SET_IO_FLUSHER(0x39, 0x8) 09:59:36 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000002100)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001f80)="8567c4c53ff5", 0x0, 0x0, 0x0, 0x0, 0x0}) 09:59:36 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x12, &(0x7f0000000000)={@ipv4}, 0x14) 09:59:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f00000000c0)='sockfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) flock(r2, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 09:59:36 executing program 0: futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000100), 0x5000000) 09:59:36 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setresuid(0x0, 0xee01, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x4}, 0x6) 09:59:36 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000fa7000/0x4000)=nil) 09:59:36 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0) [ 120.839890] kmemleak: Found object by alias at 0x607f1a6394e4 [ 120.839915] CPU: 1 UID: 0 PID: 3908 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.839941] Tainted: [W]=WARN [ 120.839947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.839957] Call Trace: [ 120.839963] [ 120.839969] dump_stack_lvl+0xca/0x120 [ 120.840010] __lookup_object+0x94/0xb0 [ 120.840034] delete_object_full+0x27/0x70 [ 120.840057] free_percpu+0x30/0x1160 [ 120.840080] ? arch_uprobe_clear_state+0x16/0x140 [ 120.840109] futex_hash_free+0x38/0xc0 [ 120.840130] mmput+0x2d3/0x390 [ 120.840156] do_exit+0x79d/0x2970 [ 120.840176] ? signal_wake_up_state+0x85/0x120 [ 120.840199] ? zap_other_threads+0x2b9/0x3a0 [ 120.840222] ? __pfx_do_exit+0x10/0x10 [ 120.840240] ? do_group_exit+0x1c3/0x2a0 [ 120.840260] ? lock_release+0xc8/0x290 [ 120.840284] do_group_exit+0xd3/0x2a0 [ 120.840306] __x64_sys_exit_group+0x3e/0x50 [ 120.840326] x64_sys_call+0x18c5/0x18d0 [ 120.840349] do_syscall_64+0xbf/0x360 [ 120.840365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.840382] RIP: 0033:0x7f8377099b19 [ 120.840395] Code: Unable to access opcode bytes at 0x7f8377099aef. [ 120.840403] RSP: 002b:00007fffd0d6f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 120.840419] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8377099b19 [ 120.840430] RDX: 00007f837704c72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 120.840440] RBP: 0000000000000000 R08: 0000001b2d121624 R09: 0000000000000000 [ 120.840460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.840470] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffd0d6fa90 [ 120.840493] [ 120.840499] kmemleak: Object (percpu) 0x607f1a6394e0 (size 8): [ 120.840508] kmemleak: comm "syz-executor.1", pid 3913, jiffies 4294787620 [ 120.840519] kmemleak: min_count = 1 [ 120.840524] kmemleak: count = 0 [ 120.840530] kmemleak: flags = 0x21 [ 120.840535] kmemleak: checksum = 0 [ 120.840541] kmemleak: backtrace: [ 120.840546] pcpu_alloc_noprof+0x87a/0x1170 [ 120.840568] perf_trace_event_init+0x366/0xa10 [ 120.840587] perf_trace_init+0x1a4/0x2f0 [ 120.840604] perf_tp_event_init+0xa6/0x120 [ 120.840626] perf_try_init_event+0x140/0x9f0 [ 120.840645] perf_event_alloc.part.0+0x118e/0x45f0 [ 120.840669] __do_sys_perf_event_open+0x719/0x2c20 [ 120.840688] do_syscall_64+0xbf/0x360 [ 120.840700] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:59:36 executing program 3: prctl$PR_SET_IO_FLUSHER(0x39, 0x8) 09:59:36 executing program 0: futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000100), 0x5000000) 09:59:36 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setresuid(0x0, 0xee01, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x4}, 0x6) 09:59:36 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000002100)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001f80)="8567c4c53ff5", 0x0, 0x0, 0x0, 0x0, 0x0}) 09:59:36 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0) 09:59:36 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000fa7000/0x4000)=nil) 09:59:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f00000000c0)='sockfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) flock(r2, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 09:59:36 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x12, &(0x7f0000000000)={@ipv4}, 0x14) 09:59:36 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10001, "53c4a403efdac792332bc333cb10711fea3d243d5e88f2ff61d8dfdf2aee2ec1"}) 09:59:36 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x541b, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}}) 09:59:36 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='nfs\x00', 0x0, &(0x7f00000000c0)='\x05') 09:59:36 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$lock(r0, 0x6, &(0x7f00000002c0)={0x0, 0x0, 0xffffffffffff079b}) 09:59:36 executing program 5: r0 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 09:59:36 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) close_range(r0, r1, 0x0) 09:59:36 executing program 6: clone3(&(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001f80)=[0x0], 0x4000}, 0x58) 09:59:36 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 09:59:36 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x2000006, 0x12, r0, 0x0) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3) 09:59:36 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10001, "53c4a403efdac792332bc333cb10711fea3d243d5e88f2ff61d8dfdf2aee2ec1"}) 09:59:36 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='nfs\x00', 0x0, &(0x7f00000000c0)='\x05') [ 121.248318] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 121.249108] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 121.249792] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 121.250331] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 10 00 00 04 00 [ 121.250939] I/O error, dev sr0, sector 64 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 09:59:36 executing program 6: clone3(&(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001f80)=[0x0], 0x4000}, 0x58) 09:59:36 executing program 5: r0 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) [ 121.262566] kmemleak: Found object by alias at 0x607f1a6394e4 [ 121.262588] CPU: 0 UID: 0 PID: 3948 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.262606] Tainted: [W]=WARN [ 121.262610] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.262617] Call Trace: [ 121.262621] [ 121.262625] dump_stack_lvl+0xca/0x120 [ 121.262652] __lookup_object+0x94/0xb0 [ 121.262669] delete_object_full+0x27/0x70 [ 121.262686] free_percpu+0x30/0x1160 [ 121.262706] ? fput+0x6a/0x100 [ 121.262723] futex_hash_free+0x38/0xc0 [ 121.262737] mmput+0x2d3/0x390 [ 121.262755] do_exit+0x79d/0x2970 [ 121.262768] ? signal_wake_up_state+0x85/0x120 [ 121.262784] ? zap_other_threads+0x2b9/0x3a0 [ 121.262799] ? __pfx_do_exit+0x10/0x10 [ 121.262811] ? do_group_exit+0x1c3/0x2a0 [ 121.262824] ? lock_release+0xc8/0x290 [ 121.262841] do_group_exit+0xd3/0x2a0 [ 121.262855] __x64_sys_exit_group+0x3e/0x50 [ 121.262868] x64_sys_call+0x18c5/0x18d0 [ 121.262883] do_syscall_64+0xbf/0x360 [ 121.262895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.262906] RIP: 0033:0x7f8377099b19 [ 121.262915] Code: Unable to access opcode bytes at 0x7f8377099aef. [ 121.262920] RSP: 002b:00007fffd0d6f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 121.262931] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8377099b19 [ 121.262938] RDX: 00007f837704c72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 121.262945] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 121.262952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.262958] R13: 0000000000000001 R14: 0000000000000001 R15: 00007fffd0d6fa90 [ 121.262974] [ 121.262977] kmemleak: Object (percpu) 0x607f1a6394e0 (size 8): [ 121.262984] kmemleak: comm "syz-executor.1", pid 3957, jiffies 4294788067 [ 121.262991] kmemleak: min_count = 1 [ 121.262994] kmemleak: count = 0 [ 121.262998] kmemleak: flags = 0x21 [ 121.263001] kmemleak: checksum = 0 [ 121.263005] kmemleak: backtrace: [ 121.263008] pcpu_alloc_noprof+0x87a/0x1170 [ 121.263023] perf_trace_event_init+0x366/0xa10 [ 121.263036] perf_trace_init+0x1a4/0x2f0 [ 121.263047] perf_tp_event_init+0xa6/0x120 [ 121.263062] perf_try_init_event+0x140/0x9f0 [ 121.263075] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.263091] __do_sys_perf_event_open+0x719/0x2c20 [ 121.263103] do_syscall_64+0xbf/0x360 [ 121.263111] entry_SYSCALL_64_after_hwframe+0x77/0x7f 09:59:36 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 09:59:36 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$lock(r0, 0x6, &(0x7f00000002c0)={0x0, 0x0, 0xffffffffffff079b}) 09:59:36 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) close_range(r0, r1, 0x0) 09:59:36 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x2000006, 0x12, r0, 0x0) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3) 09:59:36 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='nfs\x00', 0x0, &(0x7f00000000c0)='\x05') 09:59:37 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 09:59:37 executing program 5: r0 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 09:59:37 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10001, "53c4a403efdac792332bc333cb10711fea3d243d5e88f2ff61d8dfdf2aee2ec1"}) 09:59:37 executing program 6: clone3(&(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001f80)=[0x0], 0x4000}, 0x58) 09:59:37 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$lock(r0, 0x6, &(0x7f00000002c0)={0x0, 0x0, 0xffffffffffff079b}) [ 121.426876] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 121.427699] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 121.428279] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 121.428825] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 10 00 00 04 00 [ 121.429492] I/O error, dev sr0, sector 64 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 09:59:37 executing program 5: r0 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 09:59:37 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='nfs\x00', 0x0, &(0x7f00000000c0)='\x05') 09:59:37 executing program 6: clone3(&(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001f80)=[0x0], 0x4000}, 0x58) 09:59:37 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x2000006, 0x12, r0, 0x0) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3) 09:59:37 executing program 0: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) fcntl$lock(r0, 0x6, &(0x7f00000002c0)={0x0, 0x0, 0xffffffffffff079b}) 09:59:37 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 09:59:37 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) close_range(r0, r1, 0x0) 09:59:37 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10001, "53c4a403efdac792332bc333cb10711fea3d243d5e88f2ff61d8dfdf2aee2ec1"}) 09:59:37 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 09:59:37 executing program 2: perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 121.664341] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 121.665143] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 121.665735] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 121.666309] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 10 00 00 04 00 [ 121.666904] I/O error, dev sr0, sector 64 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 09:59:37 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) pselect6(0x40, &(0x7f0000001d80)={0xb3}, 0x0, 0x0, 0x0, 0x0) 09:59:37 executing program 2: perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:59:37 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000100)=0x3, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 09:59:37 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x2000006, 0x12, r0, 0x0) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3) 09:59:37 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) pselect6(0x40, &(0x7f0000001d80)={0xb3}, 0x0, 0x0, 0x0, 0x0) 09:59:37 executing program 4: syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {0x0, 0x0, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[]) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1) 09:59:37 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000980)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000040)='T\f', 0x2}], 0x1}, 0x20008000) sendmmsg$inet(r0, &(0x7f0000001fc0)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000240)="06d5", 0x2}], 0x1, &(0x7f0000000a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}}, {{&(0x7f0000000a40)={0x2, 0x0, @dev}, 0x10, 0x0}}], 0x2, 0x0) 09:59:37 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'}) close_range(r0, r1, 0x0) 09:59:37 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_linger(r0, 0x1, 0x2b, &(0x7f0000000080), 0x8) [ 121.801853] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 121.802737] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.803324] CPU: 1 UID: 0 PID: 4020 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.805548] Tainted: [W]=WARN [ 121.806231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.807919] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.809383] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.812674] RSP: 0018:ffff888046eb7780 EFLAGS: 00010012 [ 121.813079] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008c33000 [ 121.813616] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.814152] RBP: ffff888046eb79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16938 [ 121.814687] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.815221] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.815759] FS: 00007fa660494700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.816365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.816813] CR2: 0000001b2ce22000 CR3: 000000000d5e7000 CR4: 0000000000350ef0 [ 121.817351] Call Trace: [ 121.817551] [ 121.817729] ? __pfx_perf_tp_event+0x10/0x10 [ 121.818075] ? lock_acquire+0x15e/0x2f0 [ 121.818386] ? __is_insn_slot_addr+0x2e/0x290 [ 121.818737] ? find_held_lock+0x2b/0x80 [ 121.819050] ? __is_insn_slot_addr+0x136/0x290 [ 121.819409] ? lock_release+0xc8/0x290 [ 121.819715] ? __is_insn_slot_addr+0x140/0x290 [ 121.820073] ? kernel_text_address+0x5b/0xc0 [ 121.820416] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.820840] ? __kernel_text_address+0xd/0x40 [ 121.821191] ? unwind_get_return_address+0x59/0xa0 [ 121.821575] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 121.821991] ? arch_stack_walk+0x9c/0xf0 [ 121.822306] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.822694] perf_trace_run_bpf_submit+0xef/0x180 [ 121.823071] perf_trace_preemptirq_template+0x259/0x430 [ 121.823488] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.823944] ? _raw_spin_lock_irqsave+0x53/0x60 [ 121.824306] trace_irq_disable.constprop.0+0xa6/0x100 [ 121.824709] _raw_spin_lock_irqsave+0x53/0x60 [ 121.825061] try_to_wake_up+0xa0/0x11d0 [ 121.825374] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.825722] ? plist_del+0x122/0x270 [ 121.826015] ? find_held_lock+0x2b/0x80 [ 121.826327] ? futex_wake+0x474/0x540 [ 121.826626] wake_up_q+0xa1/0x130 [ 121.826904] futex_wake+0x47e/0x540 [ 121.827193] ? __pfx_futex_wake+0x10/0x10 [ 121.827513] ? kmem_cache_free+0x2a1/0x540 [ 121.827841] ? fd_install+0x1d8/0x660 [ 121.828138] ? putname.part.0+0x11b/0x160 [ 121.828471] do_futex+0x26d/0x370 [ 121.828743] ? __pfx_do_futex+0x10/0x10 [ 121.829050] ? __pfx___schedule+0x10/0x10 [ 121.829372] __x64_sys_futex+0x1c9/0x4d0 [ 121.829688] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.830140] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.830493] ? lock_mm_and_find_vma+0xaa/0x6f0 [ 121.830850] do_syscall_64+0xbf/0x360 [ 121.831147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.831544] RIP: 0033:0x7fa662f1eb19 [ 121.831831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.833204] RSP: 002b:00007fa660494218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.833780] RAX: ffffffffffffffda RBX: 00007fa663031f68 RCX: 00007fa662f1eb19 [ 121.834318] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa663031f6c [ 121.834856] RBP: 00007fa663031f60 R08: 000000000000000e R09: 0000000000000000 [ 121.835392] R10: 0000000000000005 R11: 0000000000000246 R12: 00007fa663031f6c [ 121.835928] R13: 00007fffa848e4ff R14: 00007fa660494300 R15: 0000000000022000 [ 121.836478] [ 121.836663] Modules linked in: [ 121.836914] ---[ end trace 0000000000000000 ]--- [ 121.837273] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.837635] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.839002] RSP: 0018:ffff888046eb7780 EFLAGS: 00010012 [ 121.839405] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008c33000 [ 121.839947] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.840491] RBP: ffff888046eb79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16938 [ 121.841030] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.841569] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.842111] FS: 00007fa660494700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.842721] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.843162] CR2: 0000001b2ce22000 CR3: 000000000d5e7000 CR4: 0000000000350ef0 [ 121.843703] note: syz-executor.5[4020] exited with irqs disabled [ 121.844224] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 121.845069] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.845639] CPU: 1 UID: 0 PID: 4020 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.846534] Tainted: [D]=DIE, [W]=WARN [ 121.846832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.847447] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.847818] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.849186] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010012 [ 121.849594] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.850135] RDX: ffff888045573700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.850669] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd16938 [ 121.851205] R10: 0000000000000000 R11: ffff88801dd3bc98 R12: dffffc0000000000 [ 121.851741] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 121.852276] FS: 00007fa660494700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.852889] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.853327] CR2: 0000001b2ce22000 CR3: 000000000d5e7000 CR4: 0000000000350ef0 [ 121.853864] Call Trace: [ 121.854063] [ 121.854238] ? __pfx_perf_tp_event+0x10/0x10 [ 121.854583] ? update_load_avg+0x17d/0x1ef0 [ 121.854914] ? update_cfs_group+0x11d/0x260 [ 121.855246] ? kvm_sched_clock_read+0x16/0x30 [ 121.855597] ? enqueue_task_fair+0xded/0x1e00 [ 121.855943] ? check_preempt_wakeup_fair+0x6e/0x950 [ 121.856329] ? wakeup_preempt+0x140/0x2a0 [ 121.856653] ? lock_release+0x1c7/0x290 [ 121.856961] ? lock_release+0x1c7/0x290 [ 121.857268] ? do_raw_spin_unlock+0x53/0x220 [ 121.857611] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.857998] ? try_to_wake_up+0x8ae/0x11d0 [ 121.858327] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.858713] ? lock_release+0x1c7/0x290 [ 121.859019] perf_trace_run_bpf_submit+0xef/0x180 [ 121.859395] perf_trace_preemptirq_template+0x259/0x430 [ 121.859807] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.860260] ? read_tsc+0x9/0x20 [ 121.860536] ? ktime_get+0x16d/0x270 [ 121.860829] ? __pfx_lapic_next_deadline+0x10/0x10 [ 121.861208] ? clockevents_program_event+0x135/0x360 [ 121.861601] ? _raw_spin_lock_irq+0x42/0x50 [ 121.861931] trace_irq_disable.constprop.0+0xa6/0x100 [ 121.862325] _raw_spin_lock_irq+0x42/0x50 [ 121.862645] run_timer_softirq+0x10f/0x210 [ 121.862975] handle_softirqs+0x1b1/0x770 [ 121.863295] __irq_exit_rcu+0xc4/0x100 [ 121.863602] irq_exit_rcu+0x9/0x20 [ 121.863877] sysvec_apic_timer_interrupt+0x70/0x80 [ 121.864260] [ 121.864436] [ 121.864619] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 121.865024] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 121.865387] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 121.866745] RSP: 0018:ffff888046eb7f28 EFLAGS: 00000246 [ 121.867146] RAX: 0000000000000001 RBX: ffff888045573700 RCX: ffffffff817c2b86 [ 121.867681] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 121.868217] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 121.868766] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888045573700 [ 121.869302] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 121.869839] ? trace_irq_enable.constprop.0+0x26/0x100 [ 121.870240] ? make_task_dead+0x214/0x3b0 [ 121.870564] ? make_task_dead+0x214/0x3b0 [ 121.870883] ? do_syscall_64+0xbf/0x360 [ 121.871186] rewind_stack_and_make_dead+0x16/0x20 [ 121.871558] RIP: 0033:0x7fa662f1eb19 [ 121.871842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.873211] RSP: 002b:00007fa660494218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.873780] RAX: ffffffffffffffda RBX: 00007fa663031f68 RCX: 00007fa662f1eb19 [ 121.874315] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa663031f6c [ 121.874849] RBP: 00007fa663031f60 R08: 000000000000000e R09: 0000000000000000 [ 121.875382] R10: 0000000000000005 R11: 0000000000000246 R12: 00007fa663031f6c [ 121.875920] R13: 00007fffa848e4ff R14: 00007fa660494300 R15: 0000000000022000 [ 121.876459] [ 121.876648] Modules linked in: [ 121.876896] ---[ end trace 0000000000000000 ]--- [ 121.877253] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.877615] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.878973] RSP: 0018:ffff888046eb7780 EFLAGS: 00010012 [ 121.879377] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008c33000 [ 121.879915] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.880450] RBP: ffff888046eb79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16938 [ 121.880996] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.881534] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.882075] FS: 00007fa660494700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.882681] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.883121] CR2: 0000001b2ce22000 CR3: 000000000d5e7000 CR4: 0000000000350ef0 [ 121.883661] Kernel panic - not syncing: Fatal exception in interrupt [ 121.884338] Kernel Offset: disabled [ 121.884627] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:59:37 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888016541b80 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880147876f8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555714d4400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe0600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f83771ad018 CR3=0000000035f47000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f83771807c000007f83771807c8 XMM02=00007f83771807e000007f83771807c0 XMM03=00007f83771807c800007f83771807c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888046eb7070 R8 =0000000000000000 R9 =ffffed100172d046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa660494700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ce22000 CR3=000000000d5e7000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000