Warning: Permanently added '[localhost]:56665' (ECDSA) to the list of known hosts.
2025/08/29 08:23:39 fuzzer started
2025/08/29 08:23:39 dialing manager at localhost:43077
syzkaller login: [ 51.499686] cgroup: Unknown subsys name 'net'
[ 51.567690] cgroup: Unknown subsys name 'cpuset'
[ 51.595211] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:23:50 syscalls: 2214
2025/08/29 08:23:50 code coverage: enabled
2025/08/29 08:23:50 comparison tracing: enabled
2025/08/29 08:23:50 extra coverage: enabled
2025/08/29 08:23:50 setuid sandbox: enabled
2025/08/29 08:23:50 namespace sandbox: enabled
2025/08/29 08:23:50 Android sandbox: enabled
2025/08/29 08:23:50 fault injection: enabled
2025/08/29 08:23:50 leak checking: enabled
2025/08/29 08:23:50 net packet injection: enabled
2025/08/29 08:23:50 net device setup: enabled
2025/08/29 08:23:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:23:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:23:50 USB emulation: enabled
2025/08/29 08:23:50 hci packet injection: enabled
2025/08/29 08:23:50 wifi device emulation: enabled
2025/08/29 08:23:50 802.15.4 emulation: enabled
2025/08/29 08:23:50 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:23:50 fetching corpus: 50, signal 28538/31168 (executing program)
2025/08/29 08:23:50 fetching corpus: 100, signal 38013/41318 (executing program)
2025/08/29 08:23:51 fetching corpus: 150, signal 45852/49603 (executing program)
2025/08/29 08:23:51 fetching corpus: 200, signal 51709/55855 (executing program)
2025/08/29 08:23:51 fetching corpus: 250, signal 56222/60606 (executing program)
2025/08/29 08:23:51 fetching corpus: 300, signal 59705/64340 (executing program)
2025/08/29 08:23:51 fetching corpus: 350, signal 61908/66817 (executing program)
2025/08/29 08:23:51 fetching corpus: 400, signal 65790/70531 (executing program)
2025/08/29 08:23:51 fetching corpus: 450, signal 67570/72452 (executing program)
2025/08/29 08:23:51 fetching corpus: 500, signal 69862/74755 (executing program)
2025/08/29 08:23:52 fetching corpus: 550, signal 72096/76806 (executing program)
2025/08/29 08:23:52 fetching corpus: 600, signal 76243/80063 (executing program)
2025/08/29 08:23:52 fetching corpus: 650, signal 78605/82010 (executing program)
2025/08/29 08:23:52 fetching corpus: 700, signal 81813/84395 (executing program)
2025/08/29 08:23:52 fetching corpus: 750, signal 84706/86380 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87118 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87217 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87302 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87393 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87474 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87559 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87633 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87726 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87803 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87888 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/87985 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88076 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88148 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88242 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88334 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88422 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88521 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88612 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88705 (executing program)
2025/08/29 08:23:52 fetching corpus: 779, signal 85635/88796 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/88879 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/88971 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89057 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89146 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89231 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89306 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89395 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89440 (executing program)
2025/08/29 08:23:53 fetching corpus: 779, signal 85635/89440 (executing program)
2025/08/29 08:23:55 starting 8 fuzzer processes
08:23:55 executing program 0:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:23:55 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa41024, &(0x7f00000001c0)=ANY=[])
08:23:55 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x2000, 0x0)
08:23:55 executing program 7:
syz_emit_ethernet(0x66, &(0x7f0000000040)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x2c, 0x0, @empty, @mcast2, {[], @time_exceed={0x5, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "887b00", 0x0, 0x0, 0x0, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}}}}}, 0x0)
08:23:55 executing program 2:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:23:55 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
[ 67.585111] audit: type=1400 audit(1756455835.683:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:23:55 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
08:23:55 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, r0, 0x1)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x11, 0x0, 0x0)
[ 68.785147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.791637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.794275] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.801555] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.804926] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.975973] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 68.984511] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 68.986161] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 68.990915] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 68.992389] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 68.994480] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 68.996063] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 68.999344] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 69.001181] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 69.004616] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 69.005194] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 69.008867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 69.010911] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 69.059039] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 69.064277] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 69.080349] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 69.084542] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 69.086374] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 69.090380] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 69.098979] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 69.104696] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 69.106059] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 69.108896] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 69.114083] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 69.115537] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 69.117247] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 69.118862] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 69.119344] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 69.125474] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 69.128795] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 69.130843] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 69.137535] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 69.140232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 69.159599] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 69.168028] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 70.880013] Bluetooth: hci0: command tx timeout
[ 71.072540] Bluetooth: hci1: command tx timeout
[ 71.072886] Bluetooth: hci3: command tx timeout
[ 71.134575] Bluetooth: hci2: command tx timeout
[ 71.200086] Bluetooth: hci7: command tx timeout
[ 71.200138] Bluetooth: hci6: command tx timeout
[ 71.200888] Bluetooth: hci4: command tx timeout
[ 71.262539] Bluetooth: hci5: command tx timeout
[ 72.927574] Bluetooth: hci0: command tx timeout
[ 73.119499] Bluetooth: hci1: command tx timeout
[ 73.119526] Bluetooth: hci3: command tx timeout
[ 73.184349] Bluetooth: hci2: command tx timeout
[ 73.247975] Bluetooth: hci6: command tx timeout
[ 73.248000] Bluetooth: hci4: command tx timeout
[ 73.248388] Bluetooth: hci7: command tx timeout
[ 73.310552] Bluetooth: hci5: command tx timeout
[ 74.975487] Bluetooth: hci0: command tx timeout
[ 75.166545] Bluetooth: hci1: command tx timeout
[ 75.167677] Bluetooth: hci3: command tx timeout
[ 75.230473] Bluetooth: hci2: command tx timeout
[ 75.294571] Bluetooth: hci7: command tx timeout
[ 75.295539] Bluetooth: hci4: command tx timeout
[ 75.295929] Bluetooth: hci6: command tx timeout
[ 75.359620] Bluetooth: hci5: command tx timeout
[ 77.023967] Bluetooth: hci0: command tx timeout
[ 77.215498] Bluetooth: hci3: command tx timeout
[ 77.215992] Bluetooth: hci1: command tx timeout
[ 77.279487] Bluetooth: hci2: command tx timeout
[ 77.344498] Bluetooth: hci6: command tx timeout
[ 77.344963] Bluetooth: hci4: command tx timeout
[ 77.345352] Bluetooth: hci7: command tx timeout
[ 77.407636] Bluetooth: hci5: command tx timeout
[ 106.073667] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.074487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.275801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.277480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.513307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.513957] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.626673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.627301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:24:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
08:24:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
[ 106.812497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.813088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:24:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
08:24:35 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
08:24:35 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
[ 106.950626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.951227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.001785] audit: type=1400 audit(1756455875.098:8): avc: denied { open } for pid=3838 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.007139] audit: type=1400 audit(1756455875.098:9): avc: denied { kernel } for pid=3838 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
08:24:35 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
fcntl$addseals(r0, 0x40a, 0x0)
[ 107.022333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.023000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.037479] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 107.038238] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 107.038811] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 107.039332] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 107.039947] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 2
[ 107.041675] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.042204] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.042885] Buffer I/O error on dev sr0, logical block 0, async page read
[ 107.051601] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.052054] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.052711] Buffer I/O error on dev sr0, logical block 1, async page read
[ 107.057935] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.058371] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.059151] Buffer I/O error on dev sr0, logical block 2, async page read
[ 107.062204] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.062747] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.063402] Buffer I/O error on dev sr0, logical block 3, async page read
[ 107.067952] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.068391] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.069871] Buffer I/O error on dev sr0, logical block 4, async page read
[ 107.081846] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.082287] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.083057] Buffer I/O error on dev sr0, logical block 5, async page read
[ 107.095561] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.096004] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.096839] Buffer I/O error on dev sr0, logical block 6, async page read
[ 107.100539] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.100981] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.101734] Buffer I/O error on dev sr0, logical block 7, async page read
08:24:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x4)
[ 107.107679] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.108164] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 107.109005] Buffer I/O error on dev sr0, logical block 0, async page read
[ 107.124535] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.124987] Buffer I/O error on dev sr0, logical block 1, async page read
[ 107.126272] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.140521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.141082] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.141940] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:35 executing program 4:
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x4)
[ 107.152578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.153144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.160730] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.161294] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.162769] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.163491] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.164052] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.168635] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.169181] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.178741] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.179300] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.190541] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.191724] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.192283] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.196072] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.198812] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.199386] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.211546] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.212104] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.212696] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.247099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.247693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.265528] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 107.266269] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 107.266835] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 107.267365] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 107.269674] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.270252] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.270839] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.271415] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.273731] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.274305] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.277008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.277802] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.281678] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.282314] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.283203] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.285632] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.286194] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.287123] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.291652] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.292220] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.293218] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.294229] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.297633] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.302593] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.303164] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.313589] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.314148] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.316531] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 107.332965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.333554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.426278] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.427073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.489907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.490548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.873004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.873637] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.910800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.911360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.006788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.007411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.058244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.058897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:24:36 executing program 0:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:36 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, r0, 0x1)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x11, 0x0, 0x0)
08:24:36 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x2000, 0x0)
08:24:36 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa41024, &(0x7f00000001c0)=ANY=[])
08:24:36 executing program 4:
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x4)
08:24:36 executing program 2:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:24:36 executing program 7:
syz_emit_ethernet(0x66, &(0x7f0000000040)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x2c, 0x0, @empty, @mcast2, {[], @time_exceed={0x5, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "887b00", 0x0, 0x0, 0x0, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}}}}}, 0x0)
08:24:36 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
08:24:36 executing program 2:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:24:36 executing program 7:
syz_emit_ethernet(0x66, &(0x7f0000000040)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x2c, 0x0, @empty, @mcast2, {[], @time_exceed={0x5, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "887b00", 0x0, 0x0, 0x0, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}}}}}, 0x0)
[ 108.316566] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 108.317554] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 108.318159] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 108.318792] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 108.319833] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.320394] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, r0, 0x1)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x11, 0x0, 0x0)
[ 108.326584] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.327163] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.331539] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 4:
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x4)
08:24:36 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x2000, 0x0)
[ 108.340563] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.341172] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.342458] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.346665] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.347227] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.352928] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.353657] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.362527] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.363112] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.365540] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.366094] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.377887] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.382589] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.383166] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
08:24:36 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa41024, &(0x7f00000001c0)=ANY=[])
[ 108.391817] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.392389] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.395180] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.397336] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.399885] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.404215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.411041] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.413778] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 2:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
[ 108.417544] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.419958] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.425798] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.426391] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.436572] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.438348] kmemleak: Found object by alias at 0x607f1a638c1c
[ 108.438363] CPU: 0 UID: 0 PID: 3932 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.438381] Tainted: [W]=WARN
[ 108.438385] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.438392] Call Trace:
[ 108.438397]
[ 108.438401] dump_stack_lvl+0xca/0x120
[ 108.438434] __lookup_object+0x94/0xb0
[ 108.438452] delete_object_full+0x27/0x70
[ 108.438468] free_percpu+0x30/0x1160
[ 108.438485] ? arch_uprobe_clear_state+0x16/0x140
[ 108.438505] futex_hash_free+0x38/0xc0
[ 108.438521] mmput+0x2d3/0x390
[ 108.438539] do_exit+0x79d/0x2970
[ 108.438553] ? signal_wake_up_state+0x85/0x120
[ 108.438569] ? zap_other_threads+0x2b9/0x3a0
[ 108.438585] ? __pfx_do_exit+0x10/0x10
[ 108.438597] ? do_group_exit+0x1c3/0x2a0
[ 108.438610] ? lock_release+0xc8/0x290
[ 108.438627] do_group_exit+0xd3/0x2a0
[ 108.438642] __x64_sys_exit_group+0x3e/0x50
[ 108.438655] x64_sys_call+0x18c5/0x18d0
[ 108.438671] do_syscall_64+0xbf/0x360
[ 108.438683] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.438694] RIP: 0033:0x7fd357332b19
[ 108.438704] Code: Unable to access opcode bytes at 0x7fd357332aef.
[ 108.438709] RSP: 002b:00007ffe7a0b2278 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 108.438720] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd357332b19
[ 108.438728] RDX: 00007fd3572e572b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 108.438735] RBP: 0000000000000000 R08: 0000001b2d62001c R09: 0000000000000000
[ 108.438742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 108.438749] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe7a0b2360
[ 108.438764]
[ 108.438768] kmemleak: Object (percpu) 0x607f1a638c18 (size 8):
[ 108.438775] kmemleak: comm "syz-executor.6", pid 3933, jiffies 4294775332
[ 108.438782] kmemleak: min_count = 1
[ 108.438786] kmemleak: count = 0
[ 108.438789] kmemleak: flags = 0x21
[ 108.438793] kmemleak: checksum = 0
[ 108.438797] kmemleak: backtrace:
[ 108.438800] pcpu_alloc_noprof+0x87a/0x1170
[ 108.438815] perf_trace_event_init+0x366/0xa10
[ 108.438829] perf_trace_init+0x1a4/0x2f0
[ 108.438840] perf_tp_event_init+0xa6/0x120
[ 108.438856] perf_try_init_event+0x140/0x9f0
[ 108.438869] perf_event_alloc.part.0+0x118e/0x45f0
[ 108.438885] __do_sys_perf_event_open+0x719/0x2c20
[ 108.438898] do_syscall_64+0xbf/0x360
[ 108.438906] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.460549] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.465503] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.466070] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.480788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.494640] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.516750] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.517308] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.538683] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 0:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:36 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
08:24:36 executing program 4:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:36 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x2000, 0x0)
08:24:36 executing program 7:
syz_emit_ethernet(0x66, &(0x7f0000000040)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x8, 0x2c, 0x0, @empty, @mcast2, {[], @time_exceed={0x5, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "887b00", 0x0, 0x0, 0x0, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}}}}}, 0x0)
08:24:36 executing program 2:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:36 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa41024, &(0x7f00000001c0)=ANY=[])
08:24:36 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, r0, 0x1)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x11, 0x0, 0x0)
[ 108.673066] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 108.673880] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 108.674478] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 108.675010] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 108.694349] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 108.695257] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 108.695918] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 108.696465] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 02 00
[ 108.730953] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 108.731822] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 108.732364] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 108.732947] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 02 00
08:24:36 executing program 7:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
[ 108.752358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.753037] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.754473] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.755037] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.755765] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.756309] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 1:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:36 executing program 6:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
[ 108.769327] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.769919] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.770694] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.771256] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.772757] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.773321] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.775793] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.776353] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.777008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.792866] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
[ 108.809655] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 108.810617] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 108.811190] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 108.811750] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 02 00
[ 108.819283] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.819983] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.821069] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.823250] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.823893] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.824901] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.825731] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.827596] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.828807] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.829367] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.830730] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.831603] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.832572] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.833123] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:36 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000001180)=[{&(0x7f0000000000)="a20e73f1b1812c8df6967520cdbfb383417a9437ee7abadfd3289b31373b", 0x1e}, {&(0x7f0000000040)='m', 0x1}], 0x2)
[ 108.837071] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.837701] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.838375] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.839180] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.839910] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.840981] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.842593] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.844572] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.845142] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.849636] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.850407] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.851061] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.851724] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.852286] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.853486] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.855645] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.856205] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.857753] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.858592] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.867553] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.871956] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.872903] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.874344] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.874971] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.878536] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.879176] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.887525] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.888129] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.892583] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.893183] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.893764] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.894734] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.895306] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.896366] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.896984] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.897679] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.898324] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.901047] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.901941] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.903019] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.903694] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.905140] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.908699] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.910536] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.912173] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:37 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000001180)=[{&(0x7f0000000000)="a20e73f1b1812c8df6967520cdbfb383417a9437ee7abadfd3289b31373b", 0x1e}, {&(0x7f0000000040)='m', 0x1}], 0x2)
[ 108.934555] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.935207] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.935984] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.937701] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.938263] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.944027] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.946512] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.947082] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.950701] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.951279] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.952032] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.952643] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.953320] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.954103] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.954981] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.955670] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 108.956535] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:37 executing program 0:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:37 executing program 2:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:37 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
08:24:37 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000001180)=[{&(0x7f0000000000)="a20e73f1b1812c8df6967520cdbfb383417a9437ee7abadfd3289b31373b", 0x1e}, {&(0x7f0000000040)='m', 0x1}], 0x2)
08:24:37 executing program 7:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:37 executing program 6:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:37 executing program 4:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:37 executing program 1:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
[ 109.073262] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 109.074200] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 109.074893] CPU: 0 UID: 0 PID: 3987 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 109.079376] Tainted: [W]=WARN
[ 109.079381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 109.079388] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.079413] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.082156] RSP: 0018:ffff8880435af780 EFLAGS: 00010012
[ 109.082586] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 109.083170] RDX: ffff8880425b0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 109.083740] RBP: ffff8880435af9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15c18
[ 109.084307] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 109.084881] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 109.085455] FS: 0000555588460400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.086100] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.086571] CR2: 00007f759554481c CR3: 000000000dad7000 CR4: 0000000000350ef0
[ 109.087152] Call Trace:
[ 109.087363]
[ 109.087553] ? __pfx_perf_tp_event+0x10/0x10
[ 109.087918] ? arch_scale_cpu_capacity+0x17/0xa0
[ 109.088311] ? cpu_util.constprop.0+0x17d/0x340
[ 109.088698] ? __asan_memset+0x24/0x50
[ 109.089022] ? sched_balance_find_dst_group+0xa9a/0x1c00
[ 109.089455] ? lock_release+0xc8/0x290
[ 109.089776] ? __pfx_sched_balance_find_dst_group+0x10/0x10
[ 109.090227] ? __lock_acquire+0x694/0x1b70
[ 109.090572] ? perf_trace_run_bpf_submit+0xef/0x180
[ 109.090979] perf_trace_run_bpf_submit+0xef/0x180
[ 109.091376] perf_trace_preemptirq_template+0x259/0x430
[ 109.091820] ? __pick_eevdf+0x326/0x570
[ 109.092142] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.092623] ? update_curr+0x39e/0x500
[ 109.092942] ? find_held_lock+0x2b/0x80
[ 109.093274] ? try_to_wake_up+0x8ae/0x11d0
[ 109.093624] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 109.094042] trace_irq_enable.constprop.0+0xa6/0x100
[ 109.094452] trace_hardirqs_on+0x26/0x40
[ 109.094777] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 109.095183] try_to_wake_up+0x8ae/0x11d0
[ 109.095519] ? __pfx_try_to_wake_up+0x10/0x10
[ 109.095889] ? plist_del+0x122/0x270
[ 109.096199] ? find_held_lock+0x2b/0x80
[ 109.096527] ? futex_wake+0x474/0x540
[ 109.096846] wake_up_q+0xa1/0x130
[ 109.097140] futex_wake+0x47e/0x540
[ 109.097445] ? __pfx_futex_wake+0x10/0x10
[ 109.097793] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 109.098214] ? finish_task_switch.isra.0+0x206/0x840
[ 109.098638] do_futex+0x26d/0x370
[ 109.098926] ? __pfx_do_futex+0x10/0x10
[ 109.099268] ? __pfx___schedule+0x10/0x10
[ 109.099611] __x64_sys_futex+0x1c9/0x4d0
[ 109.099942] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 109.100415] ? __pfx___x64_sys_futex+0x10/0x10
[ 109.100797] ? xfd_validate_state+0x55/0x180
[ 109.101162] do_syscall_64+0xbf/0x360
[ 109.101473] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.101893] RIP: 0033:0x7fd357332b19
[ 109.102198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 109.103649] RSP: 002b:00007ffe7a0b20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 109.104256] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd357332b19
[ 109.104833] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd357445f68
[ 109.105402] RBP: 00007fd357445f60 R08: 00007fd3548a8700 R09: 0000000000000000
[ 109.105977] R10: 00007fd3548a8700 R11: 0000000000000246 R12: 00007fd35744a1c8
[ 109.106551] R13: 00007ffe7a0b21d0 R14: 00007fd357445f60 R15: 000000000001a9aa
[ 109.107128]
[ 109.107323] Modules linked in:
[ 109.107592] ---[ end trace 0000000000000000 ]---
[ 109.107971] RIP: 0010:perf_tp_event+0x175/0xe70
[ 109.108354] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 109.109805] RSP: 0018:ffff8880435af780 EFLAGS: 00010012
[ 109.110232] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 109.110806] RDX: ffff8880425b0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 109.111380] RBP: ffff8880435af9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15c18
[ 109.111947] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 109.112513] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 109.113082] FS: 0000555588460400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 109.113721] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.114192] CR2: 00007f759554481c CR3: 000000000dad7000 CR4: 0000000000350ef0
[ 109.114768] note: syz-executor.4[3987] exited with irqs disabled
[ 109.116474] note: syz-executor.4[3987] exited with preempt_count 3
08:24:37 executing program 1:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:37 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000001180)=[{&(0x7f0000000000)="a20e73f1b1812c8df6967520cdbfb383417a9437ee7abadfd3289b31373b", 0x1e}, {&(0x7f0000000040)='m', 0x1}], 0x2)
08:24:37 executing program 7:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
[ 109.199682] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 109.200478] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 109.201018] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 109.201563] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 109.213717] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 109.214483] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 109.215024] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 109.215565] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 02 00
[ 109.249298] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 109.250049] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 109.250596] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 109.251105] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 02 00
[ 109.251980] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.252671] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.253163] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.253839] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.254341] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.255005] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.255724] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.256287] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.256930] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.257477] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.258007] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.259078] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.259656] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.261547] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.262050] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.263501] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.264077] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.264618] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.265169] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.266003] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.266886] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.267458] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.268576] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.269527] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.270081] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.270742] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.271240] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.271918] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.272414] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.273075] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.274151] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.275224] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.276319] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.277381] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.278132] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.278715] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.279216] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.281971] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.282775] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.284438] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.285133] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.285717] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.286253] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.286833] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.287371] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.288603] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.289103] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.289884] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.290442] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.291017] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.291555] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.292113] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.292644] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.293184] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.293745] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.294301] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.294964] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.295568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.296074] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.324853] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.325543] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.326063] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.342568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.343112] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.343643] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.344228] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.344844] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.345610] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.346105] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.346765] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.347279] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.364114] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.365110] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.365867] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.366679] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.376203] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.377696] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.378223] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.398730] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.399296] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.403613] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.406658] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.408642] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 109.409167] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
08:24:40 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect(r0, &(0x7f00000001c0)=@nl=@unspec, 0x80)
08:24:40 executing program 2:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:40 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETLED(r0, 0x4b4a, 0x0)
08:24:40 executing program 7:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000003580)={0x53, 0x0, 0xa, 0xd3, @scatter={0x0, 0x0, 0x0}, &(0x7f0000003480)="d3d5caaf14bccc869fb0", &(0x7f00000034c0)=""/103, 0x0, 0x0, 0x0, 0x0})
08:24:40 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x4b, 0x0, 0x0)
08:24:40 executing program 1:
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)
syz_mount_image$tmpfs(&(0x7f00000009c0), &(0x7f0000000a00)='./file0\x00', 0x0, 0x1, &(0x7f0000000e40)=[{&(0x7f0000000a40)="88", 0x1}], 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000001080), &(0x7f00000010c0)='./file0\x00', 0x2, 0x2, &(0x7f0000001280)=[{&(0x7f0000001100)="1ccb09d8d59e142748357e12bebea0f4ed785063032b2e1aca996dfb76a7545f8a2ea5", 0x23, 0xff}, {&(0x7f0000001240)}], 0x108000, &(0x7f0000001300)={[{@huge_never}], [{@subj_user={'subj_user', 0x3d, '\x1f}/.$%\\[$'}}]})
08:24:40 executing program 4:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
08:24:40 executing program 6:
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x4723, 0x4)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
lseek(r0, 0x0, 0x2)
dup2(r3, r1)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
[ 112.117784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 112.123540] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 112.124850] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 112.125864] CPU: 0 UID: 0 PID: 4027 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 112.127262] Tainted: [D]=DIE, [W]=WARN
[ 112.127714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 112.128672] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.129239] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.131355] RSP: 0018:ffff88804582f780 EFLAGS: 00010012
[ 112.131974] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90008ed1000
[ 112.132803] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 112.133626] RBP: ffff88804582f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15c18
[ 112.134463] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 112.135299] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 112.136130] FS: 00007fd3548a8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 112.137066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.137745] CR2: 00007f72266bcf64 CR3: 000000000d750000 CR4: 0000000000350ef0
[ 112.138573] Call Trace:
[ 112.138881]
[ 112.139161] ? lock_acquire+0x18c/0x2f0
[ 112.139649] ? __pfx_perf_tp_event+0x10/0x10
[ 112.140195] ? kernel_text_address+0x5b/0xc0
[ 112.140725] ? __kernel_text_address+0xd/0x40
[ 112.141262] ? unwind_get_return_address+0x59/0xa0
[ 112.141845] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 112.142482] ? arch_stack_walk+0x9c/0xf0
[ 112.142966] ? stack_trace_save+0x8e/0xc0
[ 112.143467] ? stack_depot_save_flags+0x2c/0xa20
[ 112.144025] ? css_rstat_updated+0x1b8/0x4d0
[ 112.144558] ? __pfx_css_rstat_updated+0x10/0x10
[ 112.145126] ? trace_pelt_se_tp+0xdf/0x130
[ 112.145628] ? perf_trace_run_bpf_submit+0xef/0x180
[ 112.146227] perf_trace_run_bpf_submit+0xef/0x180
[ 112.146800] perf_trace_preemptirq_template+0x259/0x430
[ 112.147450] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 112.148149] ? check_preempt_wakeup_fair+0x406/0x950
[ 112.148752] ? wakeup_preempt+0x140/0x2a0
[ 112.149243] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 112.149842] trace_irq_enable.constprop.0+0xa6/0x100
[ 112.150440] trace_hardirqs_on+0x26/0x40
[ 112.150920] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 112.151514] try_to_wake_up+0x8ae/0x11d0
[ 112.152009] ? __pfx_try_to_wake_up+0x10/0x10
[ 112.152545] ? plist_del+0x122/0x270
[ 112.152996] ? __futex_unqueue+0xda/0x1c0
[ 112.153490] wake_up_q+0xa1/0x130
[ 112.153917] futex_wake+0x47e/0x540
[ 112.154360] ? __pfx_futex_wake+0x10/0x10
[ 112.154858] ? lock_release+0x1c7/0x290
[ 112.155342] ? lock_release+0x1c7/0x290
[ 112.155820] do_futex+0x26d/0x370
[ 112.156249] ? __pfx_do_futex+0x10/0x10
[ 112.156728] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 112.157359] __x64_sys_futex+0x1c9/0x4d0
[ 112.157843] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 112.158540] ? __pfx___x64_sys_futex+0x10/0x10
[ 112.159094] ? xfd_validate_state+0x55/0x180
[ 112.159635] do_syscall_64+0xbf/0x360
[ 112.160091] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.160697] RIP: 0033:0x7fd357332b19
[ 112.161138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 112.163259] RSP: 002b:00007fd3548a8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 112.164148] RAX: ffffffffffffffda RBX: 00007fd357445f68 RCX: 00007fd357332b19
[ 112.164980] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd357445f6c
[ 112.165809] RBP: 00007fd357445f60 R08: 0000000000000016 R09: 0000000000000000
[ 112.166644] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fd357445f6c
[ 112.167484] R13: 00007ffe7a0b204f R14: 00007fd3548a8300 R15: 0000000000022000
[ 112.168320]
[ 112.168602] Modules linked in:
[ 112.168990] ---[ end trace 0000000000000000 ]---
[ 112.168994] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[ 112.169540] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.171151] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 112.171687] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.172730] CPU: 1 UID: 0 PID: 4028 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 112.174805] RSP: 0018:ffff8880435af780 EFLAGS: 00010012
[ 112.176448] Tainted: [D]=DIE, [W]=WARN
[ 112.177059] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 112.177595] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 112.178409] RDX: ffff8880425b0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 112.179562] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.180381] RBP: ffff8880435af9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15c18
[ 112.181023] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.181843] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 112.184382] RSP: 0018:ffff88804304f780 EFLAGS: 00010012
[ 112.185202] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 112.185219] FS: 00007fd3548a8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 112.185961] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 112.186777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.187905] RDX: ffff88804292b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 112.188726] CR2: 00007f72266bcf64 CR3: 000000000d750000 CR4: 0000000000350ef0
[ 112.189525] RBP: ffff88804304f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15c18
[ 112.190345] note: syz-executor.4[4027] exited with irqs disabled
[ 112.191338] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 112.193972] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 112.194969] FS: 0000555558121400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 112.196100] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.196920] CR2: 00007f759554b018 CR3: 000000004223a000 CR4: 0000000000350ef0
[ 112.197919] Call Trace:
[ 112.198289]
[ 112.198613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.199383] ? __pfx_perf_tp_event+0x10/0x10
[ 112.200021] ? __mutex_trylock_common+0xf9/0x260
[ 112.200700] ? arch_scale_cpu_capacity+0x17/0xa0
[ 112.201385] ? cpu_util.constprop.0+0x17d/0x340
[ 112.202068] ? __asan_memset+0x24/0x50
[ 112.202632] ? sched_balance_find_dst_group+0xa9a/0x1c00
[ 112.203408] ? lock_release+0x1c7/0x290
[ 112.203981] ? __pfx___mutex_lock+0x10/0x10
[ 112.204600] ? __pfx_sched_balance_find_dst_group+0x10/0x10
[ 112.205387] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 112.206142] ? perf_trace_run_bpf_submit+0xef/0x180
[ 112.206855] ? sched_clock+0x37/0x60
[ 112.207406] ? sched_clock_cpu+0x6c/0x4e0
[ 112.208004] perf_trace_run_bpf_submit+0xef/0x180
[ 112.208703] perf_trace_preemptirq_template+0x259/0x430
[ 112.209468] ? __pick_eevdf+0x326/0x570
[ 112.210034] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 112.210876] ? update_curr+0x39e/0x500
[ 112.211439] ? check_preempt_wakeup_fair+0x406/0x950
[ 112.212160] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 112.212884] trace_irq_enable.constprop.0+0xa6/0x100
[ 112.213599] trace_hardirqs_on+0x26/0x40
[ 112.214177] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 112.214874] try_to_wake_up+0x8ae/0x11d0
[ 112.215472] ? __pfx_try_to_wake_up+0x10/0x10
[ 112.216120] ? plist_del+0x122/0x270
[ 112.216668] ? __futex_unqueue+0xda/0x1c0
[ 112.217266] wake_up_q+0xa1/0x130
[ 112.217776] futex_wake+0x47e/0x540
[ 112.218308] ? __pfx_futex_wake+0x10/0x10
[ 112.218901] ? xfd_validate_state+0x55/0x180
[ 112.219548] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 112.220298] ? finish_task_switch.isra.0+0x206/0x840
[ 112.221044] do_futex+0x26d/0x370
[ 112.221549] ? __pfx_do_futex+0x10/0x10
[ 112.222119] ? __pfx___schedule+0x10/0x10
[ 112.222715] __x64_sys_futex+0x1c9/0x4d0
[ 112.223308] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 112.224151] ? __pfx___x64_sys_futex+0x10/0x10
[ 112.224809] ? xfd_validate_state+0x55/0x180
[ 112.225467] do_syscall_64+0xbf/0x360
[ 112.226015] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.226740] RIP: 0033:0x7f1400b2fb19
[ 112.227276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 112.229790] RSP: 002b:00007ffdf58836e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 112.230865] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1400b2fb19
[ 112.231862] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1400c42f68
[ 112.232853] RBP: 00007f1400c42f60 R08: 00007f13fe0a5700 R09: 0000000000000000
[ 112.233846] R10: 00007f13fe0a5700 R11: 0000000000000246 R12: 00007f1400c471c8
[ 112.234842] R13: 00007ffdf58837f0 R14: 00007f1400c42f60 R15: 000000000001b5a1
[ 112.235847]
[ 112.236184] Modules linked in:
[ 112.236646] ---[ end trace 0000000000000000 ]---
[ 112.236648] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[ 112.237302] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.238584] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 112.239229] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.240231] CPU: 0 UID: 0 PID: 4027 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 112.242742] RSP: 0018:ffff8880435af780 EFLAGS: 00010012
[ 112.244109] Tainted: [D]=DIE, [W]=WARN
[ 112.244117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 112.244838] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 112.245207] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.246343] RDX: ffff8880425b0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 112.247034] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.247684] RBP: ffff8880435af9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15c18
[ 112.248377] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[ 112.250898] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 112.251592]
[ 112.252332] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 112.253020] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 112.253267] FS: 0000555558121400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 112.253949] RDX: ffff88800f0a3700 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 112.254933] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.255709] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15c18
[ 112.256691] CR2: 00007f759554b018 CR3: 000000004223a000 CR4: 0000000000350ef0
[ 112.257247] R10: 0000000000000000 R11: ffff88801ba12c98 R12: dffffc0000000000
[ 112.258238] note: syz-executor.2[4028] exited with irqs disabled
[ 112.258925] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 112.261229] FS: 00007fd3548a8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 112.262024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.262606] CR2: 00007f72266bcf64 CR3: 000000000d750000 CR4: 0000000000350ef0
[ 112.263319] Call Trace:
[ 112.263579]
[ 112.263808] ? __pfx_perf_tp_event+0x10/0x10
[ 112.264264] ? enqueue_task_fair+0xded/0x1e00
[ 112.264729] ? do_raw_spin_lock+0x123/0x260
[ 112.265172] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 112.265644] ? lock_acquire+0x18c/0x2f0
[ 112.266049] ? lock_release+0x1c7/0x290
[ 112.266451] ? do_raw_spin_unlock+0x53/0x220
[ 112.266903] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 112.267429] ? try_to_wake_up+0x128/0x11d0
[ 112.267870] ? do_raw_spin_lock+0x123/0x260
[ 112.268312] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 112.268795] ? perf_trace_run_bpf_submit+0xef/0x180
[ 112.269307] perf_trace_run_bpf_submit+0xef/0x180
[ 112.269796] perf_trace_preemptirq_template+0x259/0x430
[ 112.270345] ? read_tsc+0x9/0x20
[ 112.270704] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 112.271309] ? clockevents_program_event+0x135/0x360
[ 112.271828] ? tick_program_event+0xac/0x140
[ 112.272278] ? handle_softirqs+0x16e/0x770
[ 112.272716] trace_irq_enable.constprop.0+0xa6/0x100
[ 112.273224] trace_hardirqs_on+0x26/0x40
[ 112.273630] handle_softirqs+0x16e/0x770
[ 112.274050] __irq_exit_rcu+0xc4/0x100
[ 112.274451] irq_exit_rcu+0x9/0x20
[ 112.274813] sysvec_apic_timer_interrupt+0x70/0x80
[ 112.275328]
[ 112.275562]
[ 112.275793] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 112.276318] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 112.276795] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 112.278594] RSP: 0018:ffff88804582ff28 EFLAGS: 00000246
[ 112.279134] RAX: 0000000000000001 RBX: ffff88800f0a3700 RCX: ffffffff817c2b86
[ 112.279844] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 112.280547] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 112.281255] R10: ffffffff8643ac57 R11: 3838666666662052 R12: ffff88800f0a3700
[ 112.281970] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 112.282686] ? trace_irq_enable.constprop.0+0x26/0x100
[ 112.283225] ? make_task_dead+0x214/0x3b0
[ 112.283650] ? make_task_dead+0x214/0x3b0
[ 112.284074] ? do_syscall_64+0xbf/0x360
[ 112.284482] rewind_stack_and_make_dead+0x16/0x20
[ 112.284975] RIP: 0033:0x7fd357332b19
[ 112.285350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 112.287164] RSP: 002b:00007fd3548a8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 112.287922] RAX: ffffffffffffffda RBX: 00007fd357445f68 RCX: 00007fd357332b19
[ 112.288624] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd357445f6c
[ 112.289333] RBP: 00007fd357445f60 R08: 0000000000000016 R09: 0000000000000000
[ 112.290049] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fd357445f6c
[ 112.290758] R13: 00007ffe7a0b204f R14: 00007fd3548a8300 R15: 0000000000022000
[ 112.291473]
[ 112.291709] Modules linked in:
[ 112.292041] ---[ end trace 0000000000000000 ]---
[ 112.292043] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#5] SMP KASAN NOPTI
[ 112.292514] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.294072] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 112.294526] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.295582] CPU: 1 UID: 0 PID: 4028 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 112.297361] RSP: 0018:ffff8880435af780 EFLAGS: 00010012
[ 112.299013] Tainted: [D]=DIE, [W]=WARN
[ 112.299538] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 112.300092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 112.300791] RDX: ffff8880425b0000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 112.301933] RIP: 0010:perf_tp_event+0x175/0xe70
[ 112.302625] RBP: ffff8880435af9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15c18
[ 112.303277] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 112.303978] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 112.306504] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[ 112.307208] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 112.307212]
[ 112.307224] FS: 00007fd3548a8700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 112.307951] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 112.308660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.308905] RDX: ffff88804292b700 RSI: ffffffff818995b7 RDI: 0000000000000191
[ 112.309694] CR2: 00007f72266bcf64 CR3: 000000000d750000 CR4: 0000000000350ef0
[ 112.310684] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd15c18
[ 112.311263] Kernel panic - not syncing: Fatal exception in interrupt
[ 113.357941] Shutting down cpus with NMI
[ 113.360153] Kernel Offset: disabled
[ 113.360441] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:24:37 Registers:
info registers vcpu 0
RAX=0000000000000047 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880435af0e0
R8 =0000000000000000 R9 =ffffed1001844046 R10=0000000000000047 R11=552030203a555043
R12=0000000000000047 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555588460400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe3d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f759554481c CR3=000000000dad7000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fd3574197c000007fd3574197c8
XMM02=00007fd3574197e000007fd3574197c0 XMM03=00007fd3574197c800007fd3574197c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=00007f2a6160d000 RCX=000000000000001f RDX=00007f2a6120d840
RSI=0000000080000000 RDI=00007fffdb3fa9f8 RBP=00007fffdb3fa9f8 RSP=00007fffdb3fa938
R8 =00007f2a6160d000 R9 =0000000000000001 R10=0000000000000008 R11=00000000343bca89
R12=000000000001a9b2 R13=00000000000003e8 R14=00007f2a61208f60 R15=000000000001a9b1
RIP=00007f2a61096189 RFL=00000283 [--S---C] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055557d770400 00000000 00000000
GS =0000 0000000000000000 00000000 00000000
LDT=0000 fffffe2800000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2a61205000 CR3=0000000043a69000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff812c82b4ffffffff812c82a8 XMM01=ffffffff812c8387ffffffff812c835e
XMM02=ffffffff81be5193ffffffff81be514d XMM03=ffffffff81be5308ffffffff81be51be
XMM04=ffffffff83bd86f0ffffffff81be575d XMM05=ffffffff81be5747ffffffff81be55c9
XMM06=ffffffff81be5325ffffffff81be5308 XMM07=ffffffff81be51beffffffff81be5193
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000