Warning: Permanently added '[localhost]:42236' (ECDSA) to the list of known hosts. 2025/08/29 08:35:11 fuzzer started 2025/08/29 08:35:11 dialing manager at localhost:43077 syzkaller login: [ 56.722902] cgroup: Unknown subsys name 'net' [ 56.880943] cgroup: Unknown subsys name 'cpuset' [ 56.901220] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:35:22 syscalls: 2214 2025/08/29 08:35:22 code coverage: enabled 2025/08/29 08:35:22 comparison tracing: enabled 2025/08/29 08:35:22 extra coverage: enabled 2025/08/29 08:35:22 setuid sandbox: enabled 2025/08/29 08:35:22 namespace sandbox: enabled 2025/08/29 08:35:22 Android sandbox: enabled 2025/08/29 08:35:22 fault injection: enabled 2025/08/29 08:35:22 leak checking: enabled 2025/08/29 08:35:22 net packet injection: enabled 2025/08/29 08:35:22 net device setup: enabled 2025/08/29 08:35:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:35:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:35:22 USB emulation: enabled 2025/08/29 08:35:22 hci packet injection: enabled 2025/08/29 08:35:22 wifi device emulation: enabled 2025/08/29 08:35:22 802.15.4 emulation: enabled 2025/08/29 08:35:22 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:35:22 fetching corpus: 50, signal 25659/28654 (executing program) 2025/08/29 08:35:23 fetching corpus: 100, signal 35137/39119 (executing program) 2025/08/29 08:35:23 fetching corpus: 150, signal 41930/46702 (executing program) 2025/08/29 08:35:23 fetching corpus: 200, signal 47095/52556 (executing program) 2025/08/29 08:35:23 fetching corpus: 250, signal 57491/62783 (executing program) 2025/08/29 08:35:23 fetching corpus: 300, signal 61569/67136 (executing program) 2025/08/29 08:35:23 fetching corpus: 350, signal 65562/71260 (executing program) 2025/08/29 08:35:23 fetching corpus: 400, signal 67361/73459 (executing program) 2025/08/29 08:35:24 fetching corpus: 450, signal 70113/76357 (executing program) 2025/08/29 08:35:24 fetching corpus: 500, signal 72116/78628 (executing program) 2025/08/29 08:35:24 fetching corpus: 550, signal 73619/80348 (executing program) 2025/08/29 08:35:24 fetching corpus: 600, signal 77479/83877 (executing program) 2025/08/29 08:35:24 fetching corpus: 650, signal 79564/86048 (executing program) 2025/08/29 08:35:24 fetching corpus: 700, signal 81665/88094 (executing program) 2025/08/29 08:35:24 fetching corpus: 750, signal 83796/90014 (executing program) 2025/08/29 08:35:24 fetching corpus: 800, signal 86602/92311 (executing program) 2025/08/29 08:35:24 fetching corpus: 850, signal 88927/94162 (executing program) 2025/08/29 08:35:25 fetching corpus: 900, signal 91538/96044 (executing program) 2025/08/29 08:35:25 fetching corpus: 950, signal 93639/97549 (executing program) 2025/08/29 08:35:25 fetching corpus: 1000, signal 95382/98873 (executing program) 2025/08/29 08:35:25 fetching corpus: 1050, signal 97311/100135 (executing program) 2025/08/29 08:35:25 fetching corpus: 1100, signal 98919/101143 (executing program) 2025/08/29 08:35:25 fetching corpus: 1150, signal 100936/102292 (executing program) 2025/08/29 08:35:25 fetching corpus: 1190, signal 101616/102713 (executing program) 2025/08/29 08:35:25 fetching corpus: 1190, signal 101616/102756 (executing program) 2025/08/29 08:35:25 fetching corpus: 1190, signal 101616/102798 (executing program) 2025/08/29 08:35:25 fetching corpus: 1190, signal 101616/102841 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/102873 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/102916 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/102973 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103013 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103060 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103119 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103158 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103208 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103248 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103291 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103336 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103387 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103429 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103460 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103490 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103529 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103577 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103625 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103657 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103694 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103742 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103797 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103803 (executing program) 2025/08/29 08:35:26 fetching corpus: 1190, signal 101616/103803 (executing program) 2025/08/29 08:35:28 starting 8 fuzzer processes 08:35:28 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)) 08:35:28 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040)) fchmodat(0xffffffffffffffff, 0x0, 0x0) 08:35:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000080)=0x80000000, 0x4) 08:35:28 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x2, 0x0, "ee00"}) 08:35:28 executing program 7: ppoll(&(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x20000000000003c5, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140), 0x8) 08:35:28 executing program 3: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x1, 0xf84e7f3, 0x1000000000}) sendfile(r1, r2, 0x0, 0xa0103) 08:35:28 executing program 6: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c05, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) 08:35:29 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) [ 73.633183] audit: type=1400 audit(1756456529.035:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 74.925195] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.927221] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.928926] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.930901] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.933856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.937736] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.939200] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.941149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.943909] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.947122] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.951126] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.955574] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.956363] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.958810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.962258] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.968854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.973003] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.974682] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.981387] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.989755] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.012374] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.022797] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.027557] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.038066] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.039352] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.045749] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.048293] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.053706] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.071940] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.076797] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.078082] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.080713] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.082652] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.084887] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.092693] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.095663] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 75.097131] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.102947] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.127178] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.150135] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.007966] Bluetooth: hci0: command tx timeout [ 77.009366] Bluetooth: hci3: command tx timeout [ 77.009992] Bluetooth: hci2: command tx timeout [ 77.071507] Bluetooth: hci4: command tx timeout [ 77.072605] Bluetooth: hci1: command tx timeout [ 77.135578] Bluetooth: hci6: command tx timeout [ 77.199910] Bluetooth: hci5: command tx timeout [ 77.200647] Bluetooth: hci7: command tx timeout [ 79.056323] Bluetooth: hci0: command tx timeout [ 79.057548] Bluetooth: hci3: command tx timeout [ 79.057942] Bluetooth: hci2: command tx timeout [ 79.120670] Bluetooth: hci1: command tx timeout [ 79.121108] Bluetooth: hci4: command tx timeout [ 79.184442] Bluetooth: hci6: command tx timeout [ 79.247776] Bluetooth: hci5: command tx timeout [ 79.248221] Bluetooth: hci7: command tx timeout [ 81.103577] Bluetooth: hci2: command tx timeout [ 81.104033] Bluetooth: hci3: command tx timeout [ 81.105385] Bluetooth: hci0: command tx timeout [ 81.168503] Bluetooth: hci1: command tx timeout [ 81.168530] Bluetooth: hci4: command tx timeout [ 81.231506] Bluetooth: hci6: command tx timeout [ 81.296544] Bluetooth: hci7: command tx timeout [ 81.296574] Bluetooth: hci5: command tx timeout [ 83.151548] Bluetooth: hci3: command tx timeout [ 83.151573] Bluetooth: hci0: command tx timeout [ 83.152023] Bluetooth: hci2: command tx timeout [ 83.215591] Bluetooth: hci4: command tx timeout [ 83.216987] Bluetooth: hci1: command tx timeout [ 83.281453] Bluetooth: hci6: command tx timeout [ 83.343514] Bluetooth: hci5: command tx timeout [ 83.343956] Bluetooth: hci7: command tx timeout [ 111.505883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.506726] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.695188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.696062] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.025620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.026207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:36:07 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) [ 112.175321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.176183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:36:07 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) 08:36:07 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='\a', 0x1}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x802, 0xf) 08:36:07 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) llistxattr(&(0x7f0000000b40)='./file0\x00', 0x0, 0x0) [ 112.578678] audit: type=1400 audit(1756456567.981:8): avc: denied { open } for pid=3822 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 112.583658] audit: type=1400 audit(1756456567.981:9): avc: denied { kernel } for pid=3822 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:36:08 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) llistxattr(&(0x7f0000000b40)='./file0\x00', 0x0, 0x0) 08:36:08 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) llistxattr(&(0x7f0000000b40)='./file0\x00', 0x0, 0x0) [ 112.818774] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.819435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.003239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.003881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.061475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.062099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.185192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.186019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.287305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.288010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.361931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.362587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.404928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.405572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.496208] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.496861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.555811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.556388] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.709075] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.709888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.772452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.773060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.828292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.828936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:36:09 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)) 08:36:09 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) llistxattr(&(0x7f0000000b40)='./file0\x00', 0x0, 0x0) 08:36:09 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000080)=0x80000000, 0x4) 08:36:09 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040)) fchmodat(0xffffffffffffffff, 0x0, 0x0) 08:36:09 executing program 3: r0 = memfd_create(&(0x7f0000000000)='(\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000100)={0x0, 0xf20}) 08:36:09 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x2, 0x0, "ee00"}) 08:36:09 executing program 6: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c05, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) 08:36:09 executing program 7: ppoll(&(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x20000000000003c5, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140), 0x8) 08:36:09 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040)) fchmodat(0xffffffffffffffff, 0x0, 0x0) 08:36:09 executing program 7: ppoll(&(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x20000000000003c5, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140), 0x8) 08:36:09 executing program 3: r0 = memfd_create(&(0x7f0000000000)='(\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000100)={0x0, 0xf20}) 08:36:09 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000080)=0x80000000, 0x4) 08:36:09 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x2, 0x0, "ee00"}) 08:36:09 executing program 6: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c05, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6cf498c3946d29f0713195d08f25c5228d4a8f96b728207a606675f9df9d971fcd1efeb1943a5d9f80c5c84e5c197633d513aa8e1e7d66b973757ed5563ba177", "ec659863872098cae90d16c9857ce5575761a487998a6f95781bdfbd1275bf97a883bc536f5770a2b3f80400d747c688e27143155ca0c6e2286c87fa09209302", "f2af2e994d8c408523a7cc17fd47da63d762e4a53dec39b4b353b5b248213bca"}) 08:36:09 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)) 08:36:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)) 08:36:09 executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000040)) fchmodat(0xffffffffffffffff, 0x0, 0x0) 08:36:09 executing program 3: r0 = memfd_create(&(0x7f0000000000)='(\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000100)={0x0, 0xf20}) 08:36:09 executing program 7: ppoll(&(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x20000000000003c5, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140), 0x8) [ 114.213095] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 114.214746] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 114.216042] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.223484] Tainted: [W]=WARN [ 114.223952] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.225176] RIP: 0010:perf_tp_event+0x175/0xe70 [ 114.225886] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 114.228625] RSP: 0018:ffff88804413f800 EFLAGS: 00010212 [ 114.229415] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 114.230458] RDX: ffff888043cb9b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 114.231521] RBP: ffff88804413fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15a10 [ 114.232569] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 114.233616] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 114.234672] FS: 000055558db27400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 114.235860] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.236721] CR2: 00007f28621c2710 CR3: 0000000045066000 CR4: 0000000000350ef0 [ 114.237767] Call Trace: [ 114.238157] [ 114.238508] ? arch_scale_cpu_capacity+0x17/0xa0 [ 114.239235] ? __pfx_perf_tp_event+0x10/0x10 [ 114.239909] ? __asan_memset+0x24/0x50 [ 114.240516] ? perf_trace_lock+0xb5/0x5d0 [ 114.241143] ? kvm_sched_clock_read+0x16/0x30 [ 114.241841] ? sched_clock+0x37/0x60 [ 114.242416] ? sched_clock_cpu+0x6c/0x4e0 [ 114.243040] ? lock_is_held_type+0x9e/0x120 [ 114.243720] ? perf_trace_run_bpf_submit+0xef/0x180 [ 114.244470] perf_trace_run_bpf_submit+0xef/0x180 [ 114.245209] perf_trace_lock+0x337/0x5d0 [ 114.245829] ? __pfx_perf_trace_lock+0x10/0x10 [ 114.246519] ? lock_acquire+0x15e/0x2f0 [ 114.247139] ? futex_ref_get+0x48/0x300 [ 114.247755] ? futex_ref_get+0x114/0x300 [ 114.248358] ? futex_hash+0x15c/0x390 [ 114.248930] lock_release+0x1ab/0x290 [ 114.249506] ? futex_hash+0x15c/0x390 [ 114.250078] futex_ref_get+0x119/0x300 [ 114.250664] ? futex_hash+0x15c/0x390 [ 114.251245] futex_hash+0x70/0x390 [ 114.251829] futex_wake+0x143/0x540 [ 114.252403] ? put_pid+0x1f/0x30 [ 114.252929] ? kernel_clone+0x204/0x7f0 [ 114.253540] ? __pfx_futex_wake+0x10/0x10 [ 114.254168] ? __pfx_kernel_clone+0x10/0x10 [ 114.254815] ? perf_trace_lock+0xb5/0x5d0 [ 114.255462] do_futex+0x26d/0x370 [ 114.255992] ? __pfx_do_futex+0x10/0x10 [ 114.256591] ? __pfx___do_sys_clone+0x10/0x10 [ 114.257276] ? find_held_lock+0x2b/0x80 [ 114.257900] __x64_sys_futex+0x1c9/0x4d0 [ 114.258516] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.259204] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 114.259993] do_syscall_64+0xbf/0x360 [ 114.260566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.261334] RIP: 0033:0x7f640bc36b19 [ 114.261889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 114.264610] RSP: 002b:00007ffed8650a08 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.265725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f640bc36b19 [ 114.266773] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f640bd49f68 [ 114.267837] RBP: 00007f640bd49f60 R08: 00007f64091ac700 R09: 0000000000000000 [ 114.268877] R10: 00007f64091ac700 R11: 0000000000000246 R12: 00007f640bd4e0b8 [ 114.269924] R13: 00007ffed8650b10 R14: 00007f640bd49f60 R15: 000000000001bdb4 [ 114.271006] [ 114.271385] Modules linked in: [ 114.271886] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 114.272825] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 114.273450] CPU: 0 UID: 0 PID: 3944 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.274412] Tainted: [D]=DIE, [W]=WARN [ 114.274724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.275404] RIP: 0010:perf_tp_event+0x175/0xe70 [ 114.275799] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 114.277258] RSP: 0018:ffff88804624f600 EFLAGS: 00010212 [ 114.277692] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90000c90000 [ 114.278272] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 114.278851] RBP: ffff88804624f870 R08: ffff88806ce31340 R09: ffffe8ffffc15a10 [ 114.279444] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 114.280024] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 114.280598] FS: 00007f83f9d85700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 114.281249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.281728] CR2: 0000555582bb9c18 CR3: 000000000f39f000 CR4: 0000000000350ef0 [ 114.282312] Call Trace: [ 114.282527] [ 114.282723] ? __pfx_perf_tp_event+0x10/0x10 [ 114.283115] ? perf_trace_run_bpf_submit+0xef/0x180 [ 114.283543] perf_trace_run_bpf_submit+0xef/0x180 [ 114.283948] perf_trace_lock+0x337/0x5d0 [ 114.284298] ? __pfx_perf_trace_lock+0x10/0x10 [ 114.284679] ? get_futex_key+0x592/0x14a0 [ 114.285027] ? futex_ref_get+0x114/0x300 [ 114.285360] ? futex_hash+0x15c/0x390 [ 114.285677] lock_release+0x1ab/0x290 [ 114.285998] ? futex_hash+0x15c/0x390 [ 114.286309] futex_ref_get+0x119/0x300 [ 114.286633] ? futex_hash+0x15c/0x390 [ 114.286947] futex_hash+0x70/0x390 [ 114.287243] futex_wait_setup+0xae/0x550 [ 114.287586] __futex_wait+0x151/0x300 [ 114.287898] ? __pfx___futex_wait+0x10/0x10 [ 114.288252] ? __pfx_futex_wake_mark+0x10/0x10 [ 114.288633] futex_wait+0xde/0x380 [ 114.288926] ? __pfx_futex_wait+0x10/0x10 [ 114.289266] ? perf_trace_lock+0xb5/0x5d0 [ 114.289609] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.290023] ? do_vfs_ioctl+0x125/0x1470 [ 114.290341] do_futex+0x2ee/0x370 [ 114.290611] ? __pfx_do_futex+0x10/0x10 [ 114.290913] ? build_sched_domains+0x2744/0x53d0 [ 114.291278] ? do_raw_spin_lock+0x123/0x260 [ 114.291609] __x64_sys_futex+0x1c9/0x4d0 [ 114.291919] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 114.292313] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.292663] ? kcov_ioctl+0x386/0x6c0 [ 114.292955] ? fput+0x6a/0x100 [ 114.293212] do_syscall_64+0xbf/0x360 [ 114.293506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.293895] RIP: 0033:0x7f83fc80fb19 [ 114.294174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 114.295518] RSP: 002b:00007f83f9d85218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.296082] RAX: ffffffffffffffda RBX: 00007f83fc922f68 RCX: 00007f83fc80fb19 [ 114.296607] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f83fc922f68 [ 114.297131] RBP: 00007f83fc922f60 R08: 00007f83f9d85700 R09: 0000000000000000 [ 114.297655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83fc922f6c [ 114.298179] R13: 00007ffefcf8133f R14: 00007f83f9d85300 R15: 0000000000022000 [ 114.298710] [ 114.298891] Modules linked in: [ 114.299139] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 114.300744] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 114.301983] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.303732] Tainted: [D]=DIE, [W]=WARN [ 114.304285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.305467] RIP: 0010:perf_tp_event+0x175/0xe70 [ 114.306148] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 114.308720] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 114.309505] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 114.310554] RDX: ffff888043cb9b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 114.311585] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15a10 [ 114.312621] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 114.313648] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 114.314672] FS: 000055558db27400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 114.315829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.316658] CR2: 00007f28621c2710 CR3: 0000000045066000 CR4: 0000000000350ef0 [ 114.317681] Call Trace: [ 114.318056] [ 114.318391] ? __pfx_perf_tp_event+0x10/0x10 [ 114.319038] ? __pfx_css_rstat_updated+0x10/0x10 [ 114.319744] ? lock_is_held_type+0x9e/0x120 [ 114.320373] ? trace_pelt_se_tp+0xdf/0x130 [ 114.320996] ? __update_load_avg_se+0x428/0xa40 [ 114.321677] ? lock_is_held_type+0x9e/0x120 [ 114.322290] ? update_load_avg+0x17d/0x1ef0 [ 114.322919] ? perf_trace_lock+0xb5/0x5d0 [ 114.323558] ? perf_trace_lock+0xb5/0x5d0 [ 114.324167] ? update_cfs_group+0x11d/0x260 [ 114.324792] ? kvm_sched_clock_read+0x16/0x30 [ 114.325449] ? __pfx_perf_trace_lock+0x10/0x10 [ 114.326120] ? __pfx_perf_trace_lock+0x10/0x10 [ 114.326784] ? lock_is_held_type+0x9e/0x120 [ 114.327454] ? perf_trace_run_bpf_submit+0xef/0x180 [ 114.328182] perf_trace_run_bpf_submit+0xef/0x180 [ 114.328879] perf_trace_lock+0x337/0x5d0 [ 114.329474] ? __pfx_perf_trace_lock+0x10/0x10 [ 114.330142] ? find_held_lock+0x2b/0x80 [ 114.330724] ? hrtimer_interrupt+0x114/0x830 [ 114.331394] lock_release+0x1ab/0x290 [ 114.331949] ktime_get_update_offsets_now+0xab/0x3c0 [ 114.332691] ? hrtimer_interrupt+0x114/0x830 [ 114.333341] ? __pfx_lapic_next_deadline+0x10/0x10 [ 114.334081] hrtimer_interrupt+0x114/0x830 [ 114.334707] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 114.335476] sysvec_apic_timer_interrupt+0x6b/0x80 [ 114.336201] [ 114.336532] [ 114.336865] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 114.337615] RIP: 0010:oops_exit+0x0/0x50 [ 114.338207] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 114.340808] RSP: 0018:ffff88804413f690 EFLAGS: 00000202 [ 114.341579] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 114.342613] RDX: ffff888043cb9b80 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 114.343643] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 114.344677] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804413f758 [ 114.345693] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 114.346719] ? add_taint+0x5f/0xd0 [ 114.347238] ? oops_end+0x4a/0xe0 [ 114.347786] oops_end+0x65/0xe0 [ 114.348283] exc_general_protection+0x1a2/0x330 [ 114.348968] asm_exc_general_protection+0x26/0x30 [ 114.349686] RIP: 0010:perf_tp_event+0x175/0xe70 [ 114.350364] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 114.352954] RSP: 0018:ffff88804413f800 EFLAGS: 00010212 [ 114.353712] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 114.354720] RDX: ffff888043cb9b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 114.355754] RBP: ffff88804413fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15a10 [ 114.356793] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 114.357829] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 114.358856] ? perf_tp_event+0x167/0xe70 [ 114.359474] ? arch_scale_cpu_capacity+0x17/0xa0 [ 114.360181] ? __pfx_perf_tp_event+0x10/0x10 [ 114.360820] ? __asan_memset+0x24/0x50 [ 114.361412] ? perf_trace_lock+0xb5/0x5d0 [ 114.362019] ? kvm_sched_clock_read+0x16/0x30 [ 114.362677] ? sched_clock+0x37/0x60 [ 114.363228] ? sched_clock_cpu+0x6c/0x4e0 [ 114.363843] ? lock_is_held_type+0x9e/0x120 [ 114.364485] ? perf_trace_run_bpf_submit+0xef/0x180 [ 114.365233] perf_trace_run_bpf_submit+0xef/0x180 [ 114.365957] perf_trace_lock+0x337/0x5d0 [ 114.366556] ? __pfx_perf_trace_lock+0x10/0x10 [ 114.367221] ? lock_acquire+0x15e/0x2f0 [ 114.367855] ? futex_ref_get+0x48/0x300 [ 114.368455] ? futex_ref_get+0x114/0x300 [ 114.369065] ? futex_hash+0x15c/0x390 [ 114.369640] lock_release+0x1ab/0x290 [ 114.370220] ? futex_hash+0x15c/0x390 [ 114.370810] futex_ref_get+0x119/0x300 [ 114.371436] ? futex_hash+0x15c/0x390 [ 114.372023] futex_hash+0x70/0x390 [ 114.372567] futex_wake+0x143/0x540 [ 114.373140] ? put_pid+0x1f/0x30 [ 114.373667] ? kernel_clone+0x204/0x7f0 [ 114.374287] ? __pfx_futex_wake+0x10/0x10 [ 114.374910] ? __pfx_kernel_clone+0x10/0x10 [ 114.375573] ? perf_trace_lock+0xb5/0x5d0 [ 114.376203] do_futex+0x26d/0x370 [ 114.376730] ? __pfx_do_futex+0x10/0x10 [ 114.377329] ? __pfx___do_sys_clone+0x10/0x10 [ 114.378000] ? find_held_lock+0x2b/0x80 [ 114.378611] __x64_sys_futex+0x1c9/0x4d0 [ 114.379222] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.379939] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 114.380734] do_syscall_64+0xbf/0x360 [ 114.381334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.382103] RIP: 0033:0x7f640bc36b19 [ 114.382658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 114.385307] RSP: 002b:00007ffed8650a08 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.386415] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f640bc36b19 [ 114.387489] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f640bd49f68 [ 114.388580] RBP: 00007f640bd49f60 R08: 00007f64091ac700 R09: 0000000000000000 [ 114.389636] R10: 00007f64091ac700 R11: 0000000000000246 R12: 00007f640bd4e0b8 [ 114.390689] R13: 00007ffed8650b10 R14: 00007f640bd49f60 R15: 000000000001bdb4 [ 114.391774] [ 114.392129] Modules linked in: [ 114.392618] ---[ end trace 0000000000000000 ]--- [ 114.392619] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 114.393318] RIP: 0010:perf_tp_event+0x175/0xe70 [ 114.394205] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 114.394884] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 114.395505] CPU: 0 UID: 0 PID: 3944 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 114.398221] RSP: 0018:ffff88804413f800 EFLAGS: 00010212 [ 114.399179] Tainted: [D]=DIE, [W]=WARN [ 114.399188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 114.399972] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 114.400284] RIP: 0010:perf_tp_event+0x175/0xe70 [ 114.401489] RDX: ffff888043cb9b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 114.402045] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 114.402722] RBP: ffff88804413fa70 R08: ffff88806cf31340 R09: ffffe8ffffd15a10 [ 114.403308] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 114.406027] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 114.406596] [ 114.406602] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 114.407387] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 114.407960] RDX: ffff888016828000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 114.408220] FS: 000055558db27400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 114.408789] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15a10 [ 114.409842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.410414] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 114.411622] CR2: 00007f28621c2710 CR3: 0000000045066000 CR4: 0000000000350ef0 [ 114.412187] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 114.413046] Kernel panic - not syncing: Fatal exception in interrupt [ 115.509592] Shutting down cpus with NMI [ 115.512603] Kernel Offset: disabled [ 115.513015] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:36:09 Registers: info registers vcpu 0 RAX=1ffff11001c2310c RBX=dffffc0000000000 RCX=ffff88800e118010 RDX=ffff888043f21b80 RSI=ffffffff81aa3a5d RDI=0000000000000004 RBP=ffffea0001034640 RSP=ffff8880461e7560 R8 =0000000000000000 R9 =fffff940002068c8 R10=000000000000010a R11=1ffff1100d9c6f7b R12=ffff88800e118860 R13=0000000000000012 R14=0000000000000011 R15=00000000000001fd RIP=ffffffff81aa3a76 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555582bb9c18 CR3=0000000042a14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804413f160 R8 =0000000000000000 R9 =ffffed100144e046 R10=0000000000000020 R11=552031203a555043 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558db27400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f28621c2710 CR3=0000000045066000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f640bd1d7c000007f640bd1d7c8 XMM02=00007f640bd1d7e000007f640bd1d7c0 XMM03=00007f640bd1d7c800007f640bd1d7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000