Warning: Permanently added '[localhost]:4288' (ECDSA) to the list of known hosts.
2025/08/29 13:36:37 fuzzer started
2025/08/29 13:36:38 dialing manager at localhost:43077
syzkaller login: [   50.241825] cgroup: Unknown subsys name 'net'
[   50.309084] cgroup: Unknown subsys name 'cpuset'
[   50.334964] cgroup: Unknown subsys name 'rlimit'
2025/08/29 13:36:48 syscalls: 2214
2025/08/29 13:36:48 code coverage: enabled
2025/08/29 13:36:48 comparison tracing: enabled
2025/08/29 13:36:48 extra coverage: enabled
2025/08/29 13:36:48 setuid sandbox: enabled
2025/08/29 13:36:48 namespace sandbox: enabled
2025/08/29 13:36:48 Android sandbox: enabled
2025/08/29 13:36:48 fault injection: enabled
2025/08/29 13:36:48 leak checking: enabled
2025/08/29 13:36:48 net packet injection: enabled
2025/08/29 13:36:48 net device setup: enabled
2025/08/29 13:36:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 13:36:48 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 13:36:48 USB emulation: enabled
2025/08/29 13:36:48 hci packet injection: enabled
2025/08/29 13:36:48 wifi device emulation: enabled
2025/08/29 13:36:48 802.15.4 emulation: enabled
2025/08/29 13:36:48 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 13:36:49 fetching corpus: 50, signal 18168/21826 (executing program)
2025/08/29 13:36:49 fetching corpus: 100, signal 28976/34149 (executing program)
2025/08/29 13:36:49 fetching corpus: 150, signal 38861/45296 (executing program)
2025/08/29 13:36:49 fetching corpus: 200, signal 47488/55106 (executing program)
2025/08/29 13:36:49 fetching corpus: 250, signal 54501/63200 (executing program)
2025/08/29 13:36:49 fetching corpus: 300, signal 57765/67720 (executing program)
2025/08/29 13:36:49 fetching corpus: 350, signal 61061/72148 (executing program)
2025/08/29 13:36:49 fetching corpus: 400, signal 63925/76173 (executing program)
2025/08/29 13:36:49 fetching corpus: 450, signal 66765/80111 (executing program)
2025/08/29 13:36:49 fetching corpus: 500, signal 70368/84664 (executing program)
2025/08/29 13:36:49 fetching corpus: 550, signal 73069/88389 (executing program)
2025/08/29 13:36:50 fetching corpus: 600, signal 76971/93067 (executing program)
2025/08/29 13:36:50 fetching corpus: 650, signal 79299/96262 (executing program)
2025/08/29 13:36:50 fetching corpus: 700, signal 82069/99841 (executing program)
2025/08/29 13:36:50 fetching corpus: 750, signal 84255/102906 (executing program)
2025/08/29 13:36:50 fetching corpus: 800, signal 86417/105921 (executing program)
2025/08/29 13:36:50 fetching corpus: 850, signal 88331/108660 (executing program)
2025/08/29 13:36:50 fetching corpus: 900, signal 91198/112124 (executing program)
2025/08/29 13:36:50 fetching corpus: 950, signal 92594/114347 (executing program)
2025/08/29 13:36:50 fetching corpus: 1000, signal 95045/117500 (executing program)
2025/08/29 13:36:50 fetching corpus: 1050, signal 96686/119892 (executing program)
2025/08/29 13:36:50 fetching corpus: 1100, signal 98382/122251 (executing program)
2025/08/29 13:36:50 fetching corpus: 1150, signal 100133/124689 (executing program)
2025/08/29 13:36:51 fetching corpus: 1200, signal 101589/126818 (executing program)
2025/08/29 13:36:51 fetching corpus: 1250, signal 103881/129514 (executing program)
2025/08/29 13:36:51 fetching corpus: 1300, signal 105451/131656 (executing program)
2025/08/29 13:36:51 fetching corpus: 1350, signal 107165/133935 (executing program)
2025/08/29 13:36:51 fetching corpus: 1400, signal 108530/135834 (executing program)
2025/08/29 13:36:51 fetching corpus: 1450, signal 109432/137424 (executing program)
2025/08/29 13:36:51 fetching corpus: 1500, signal 111300/139670 (executing program)
2025/08/29 13:36:51 fetching corpus: 1550, signal 112370/141299 (executing program)
2025/08/29 13:36:51 fetching corpus: 1600, signal 113784/143150 (executing program)
2025/08/29 13:36:51 fetching corpus: 1650, signal 115036/144835 (executing program)
2025/08/29 13:36:51 fetching corpus: 1700, signal 116469/146681 (executing program)
2025/08/29 13:36:52 fetching corpus: 1750, signal 117590/148202 (executing program)
2025/08/29 13:36:52 fetching corpus: 1800, signal 118973/149942 (executing program)
2025/08/29 13:36:52 fetching corpus: 1850, signal 120196/151546 (executing program)
2025/08/29 13:36:52 fetching corpus: 1900, signal 121345/153023 (executing program)
2025/08/29 13:36:52 fetching corpus: 1950, signal 121926/154218 (executing program)
2025/08/29 13:36:52 fetching corpus: 2000, signal 122786/155562 (executing program)
2025/08/29 13:36:52 fetching corpus: 2050, signal 123292/156630 (executing program)
2025/08/29 13:36:52 fetching corpus: 2100, signal 124763/158280 (executing program)
2025/08/29 13:36:52 fetching corpus: 2150, signal 126084/159824 (executing program)
2025/08/29 13:36:52 fetching corpus: 2200, signal 127134/161194 (executing program)
2025/08/29 13:36:53 fetching corpus: 2250, signal 130820/163961 (executing program)
2025/08/29 13:36:53 fetching corpus: 2300, signal 131793/165205 (executing program)
2025/08/29 13:36:53 fetching corpus: 2350, signal 132519/166296 (executing program)
2025/08/29 13:36:53 fetching corpus: 2400, signal 133586/167558 (executing program)
2025/08/29 13:36:53 fetching corpus: 2450, signal 134236/168586 (executing program)
2025/08/29 13:36:53 fetching corpus: 2500, signal 134818/169616 (executing program)
2025/08/29 13:36:53 fetching corpus: 2550, signal 135547/170671 (executing program)
2025/08/29 13:36:53 fetching corpus: 2600, signal 136354/171747 (executing program)
2025/08/29 13:36:53 fetching corpus: 2650, signal 137164/172745 (executing program)
2025/08/29 13:36:53 fetching corpus: 2700, signal 138174/173874 (executing program)
2025/08/29 13:36:53 fetching corpus: 2750, signal 138949/174850 (executing program)
2025/08/29 13:36:54 fetching corpus: 2800, signal 139861/175908 (executing program)
2025/08/29 13:36:54 fetching corpus: 2850, signal 140376/176744 (executing program)
2025/08/29 13:36:54 fetching corpus: 2900, signal 141079/177674 (executing program)
2025/08/29 13:36:54 fetching corpus: 2950, signal 141761/178532 (executing program)
2025/08/29 13:36:54 fetching corpus: 3000, signal 142693/179527 (executing program)
2025/08/29 13:36:54 fetching corpus: 3049, signal 143228/180402 (executing program)
2025/08/29 13:36:54 fetching corpus: 3099, signal 143884/181300 (executing program)
2025/08/29 13:36:54 fetching corpus: 3149, signal 144408/182081 (executing program)
2025/08/29 13:36:54 fetching corpus: 3199, signal 144921/182826 (executing program)
2025/08/29 13:36:54 fetching corpus: 3249, signal 145525/183647 (executing program)
2025/08/29 13:36:54 fetching corpus: 3299, signal 146510/184594 (executing program)
2025/08/29 13:36:55 fetching corpus: 3349, signal 147035/185330 (executing program)
2025/08/29 13:36:55 fetching corpus: 3399, signal 147805/186135 (executing program)
2025/08/29 13:36:55 fetching corpus: 3449, signal 148263/186875 (executing program)
2025/08/29 13:36:55 fetching corpus: 3499, signal 149082/187721 (executing program)
2025/08/29 13:36:55 fetching corpus: 3549, signal 149576/188446 (executing program)
2025/08/29 13:36:55 fetching corpus: 3599, signal 150416/189198 (executing program)
2025/08/29 13:36:55 fetching corpus: 3649, signal 151444/189967 (executing program)
2025/08/29 13:36:55 fetching corpus: 3699, signal 152146/190671 (executing program)
2025/08/29 13:36:55 fetching corpus: 3749, signal 152669/191329 (executing program)
2025/08/29 13:36:55 fetching corpus: 3799, signal 153193/191967 (executing program)
2025/08/29 13:36:55 fetching corpus: 3849, signal 153638/192583 (executing program)
2025/08/29 13:36:55 fetching corpus: 3899, signal 154072/193158 (executing program)
2025/08/29 13:36:56 fetching corpus: 3949, signal 154705/193799 (executing program)
2025/08/29 13:36:56 fetching corpus: 3999, signal 155145/194380 (executing program)
2025/08/29 13:36:56 fetching corpus: 4049, signal 155721/194934 (executing program)
2025/08/29 13:36:56 fetching corpus: 4099, signal 156085/195522 (executing program)
2025/08/29 13:36:56 fetching corpus: 4149, signal 156553/196108 (executing program)
2025/08/29 13:36:56 fetching corpus: 4199, signal 157065/196649 (executing program)
2025/08/29 13:36:56 fetching corpus: 4249, signal 157558/197179 (executing program)
2025/08/29 13:36:56 fetching corpus: 4299, signal 158283/197754 (executing program)
2025/08/29 13:36:56 fetching corpus: 4349, signal 158700/198294 (executing program)
2025/08/29 13:36:56 fetching corpus: 4399, signal 159404/198805 (executing program)
2025/08/29 13:36:56 fetching corpus: 4449, signal 159715/199310 (executing program)
2025/08/29 13:36:56 fetching corpus: 4499, signal 160291/199824 (executing program)
2025/08/29 13:36:57 fetching corpus: 4549, signal 160925/200306 (executing program)
2025/08/29 13:36:57 fetching corpus: 4599, signal 161346/200794 (executing program)
2025/08/29 13:36:57 fetching corpus: 4649, signal 161642/201220 (executing program)
2025/08/29 13:36:57 fetching corpus: 4699, signal 162085/201650 (executing program)
2025/08/29 13:36:57 fetching corpus: 4749, signal 162553/202107 (executing program)
2025/08/29 13:36:57 fetching corpus: 4799, signal 163020/202548 (executing program)
2025/08/29 13:36:57 fetching corpus: 4849, signal 163729/202973 (executing program)
2025/08/29 13:36:57 fetching corpus: 4899, signal 164218/203439 (executing program)
2025/08/29 13:36:57 fetching corpus: 4949, signal 164520/203565 (executing program)
2025/08/29 13:36:57 fetching corpus: 4999, signal 164795/203572 (executing program)
2025/08/29 13:36:57 fetching corpus: 5049, signal 165341/203772 (executing program)
2025/08/29 13:36:58 fetching corpus: 5099, signal 165816/203778 (executing program)
2025/08/29 13:36:58 fetching corpus: 5149, signal 166271/203780 (executing program)
2025/08/29 13:36:58 fetching corpus: 5199, signal 166697/203833 (executing program)
2025/08/29 13:36:58 fetching corpus: 5249, signal 167040/203844 (executing program)
2025/08/29 13:36:58 fetching corpus: 5299, signal 167452/203851 (executing program)
2025/08/29 13:36:58 fetching corpus: 5349, signal 167829/203869 (executing program)
2025/08/29 13:36:58 fetching corpus: 5399, signal 168227/203891 (executing program)
2025/08/29 13:36:58 fetching corpus: 5449, signal 168578/203892 (executing program)
2025/08/29 13:36:58 fetching corpus: 5499, signal 168963/203901 (executing program)
2025/08/29 13:36:58 fetching corpus: 5549, signal 169379/203902 (executing program)
2025/08/29 13:36:58 fetching corpus: 5599, signal 169709/203928 (executing program)
2025/08/29 13:36:58 fetching corpus: 5649, signal 170067/203932 (executing program)
2025/08/29 13:36:59 fetching corpus: 5699, signal 170281/203943 (executing program)
2025/08/29 13:36:59 fetching corpus: 5749, signal 170635/203950 (executing program)
2025/08/29 13:36:59 fetching corpus: 5799, signal 171029/203954 (executing program)
2025/08/29 13:36:59 fetching corpus: 5849, signal 171319/203978 (executing program)
2025/08/29 13:36:59 fetching corpus: 5899, signal 171643/203994 (executing program)
2025/08/29 13:36:59 fetching corpus: 5949, signal 172086/204001 (executing program)
2025/08/29 13:36:59 fetching corpus: 5999, signal 172641/204114 (executing program)
2025/08/29 13:36:59 fetching corpus: 6049, signal 173057/204117 (executing program)
2025/08/29 13:36:59 fetching corpus: 6099, signal 173332/204128 (executing program)
2025/08/29 13:36:59 fetching corpus: 6149, signal 173650/204149 (executing program)
2025/08/29 13:36:59 fetching corpus: 6199, signal 173981/204166 (executing program)
2025/08/29 13:36:59 fetching corpus: 6249, signal 174247/204167 (executing program)
2025/08/29 13:37:00 fetching corpus: 6299, signal 174495/204167 (executing program)
2025/08/29 13:37:00 fetching corpus: 6349, signal 174923/204169 (executing program)
2025/08/29 13:37:00 fetching corpus: 6399, signal 175442/204171 (executing program)
2025/08/29 13:37:00 fetching corpus: 6449, signal 175708/204193 (executing program)
2025/08/29 13:37:00 fetching corpus: 6499, signal 176073/204249 (executing program)
2025/08/29 13:37:00 fetching corpus: 6549, signal 176475/204257 (executing program)
2025/08/29 13:37:00 fetching corpus: 6599, signal 176829/204281 (executing program)
2025/08/29 13:37:00 fetching corpus: 6649, signal 177126/204290 (executing program)
2025/08/29 13:37:00 fetching corpus: 6699, signal 177574/204322 (executing program)
2025/08/29 13:37:00 fetching corpus: 6749, signal 177887/204330 (executing program)
2025/08/29 13:37:00 fetching corpus: 6799, signal 178246/204332 (executing program)
2025/08/29 13:37:01 fetching corpus: 6849, signal 178523/204341 (executing program)
2025/08/29 13:37:01 fetching corpus: 6899, signal 178763/204349 (executing program)
2025/08/29 13:37:01 fetching corpus: 6949, signal 179090/204352 (executing program)
2025/08/29 13:37:01 fetching corpus: 6999, signal 179505/204376 (executing program)
2025/08/29 13:37:01 fetching corpus: 7049, signal 179719/204386 (executing program)
2025/08/29 13:37:01 fetching corpus: 7099, signal 180057/204386 (executing program)
2025/08/29 13:37:01 fetching corpus: 7149, signal 180461/204435 (executing program)
2025/08/29 13:37:01 fetching corpus: 7199, signal 180720/204447 (executing program)
2025/08/29 13:37:01 fetching corpus: 7249, signal 180950/204449 (executing program)
2025/08/29 13:37:01 fetching corpus: 7299, signal 181342/204452 (executing program)
2025/08/29 13:37:01 fetching corpus: 7349, signal 181601/204455 (executing program)
2025/08/29 13:37:02 fetching corpus: 7399, signal 181919/204458 (executing program)
2025/08/29 13:37:02 fetching corpus: 7449, signal 182097/204474 (executing program)
2025/08/29 13:37:02 fetching corpus: 7499, signal 182407/204474 (executing program)
2025/08/29 13:37:02 fetching corpus: 7549, signal 182812/204475 (executing program)
2025/08/29 13:37:02 fetching corpus: 7599, signal 183112/204490 (executing program)
2025/08/29 13:37:02 fetching corpus: 7649, signal 183443/204490 (executing program)
2025/08/29 13:37:02 fetching corpus: 7699, signal 183890/204493 (executing program)
2025/08/29 13:37:02 fetching corpus: 7749, signal 184169/204501 (executing program)
2025/08/29 13:37:02 fetching corpus: 7799, signal 184369/204505 (executing program)
2025/08/29 13:37:02 fetching corpus: 7849, signal 184638/204509 (executing program)
2025/08/29 13:37:02 fetching corpus: 7899, signal 185017/204523 (executing program)
2025/08/29 13:37:02 fetching corpus: 7949, signal 185275/204528 (executing program)
2025/08/29 13:37:03 fetching corpus: 7999, signal 185572/204529 (executing program)
2025/08/29 13:37:03 fetching corpus: 8049, signal 185903/204537 (executing program)
2025/08/29 13:37:03 fetching corpus: 8099, signal 186136/204541 (executing program)
2025/08/29 13:37:03 fetching corpus: 8149, signal 186352/204547 (executing program)
2025/08/29 13:37:03 fetching corpus: 8199, signal 186614/204548 (executing program)
2025/08/29 13:37:03 fetching corpus: 8249, signal 186919/204566 (executing program)
2025/08/29 13:37:03 fetching corpus: 8299, signal 187213/204570 (executing program)
2025/08/29 13:37:03 fetching corpus: 8349, signal 187582/204591 (executing program)
2025/08/29 13:37:03 fetching corpus: 8399, signal 187772/204593 (executing program)
2025/08/29 13:37:03 fetching corpus: 8449, signal 188002/204597 (executing program)
2025/08/29 13:37:03 fetching corpus: 8499, signal 188359/204605 (executing program)
2025/08/29 13:37:04 fetching corpus: 8549, signal 188668/204611 (executing program)
2025/08/29 13:37:04 fetching corpus: 8599, signal 189039/204611 (executing program)
2025/08/29 13:37:04 fetching corpus: 8649, signal 189309/204614 (executing program)
2025/08/29 13:37:04 fetching corpus: 8699, signal 189774/204642 (executing program)
2025/08/29 13:37:04 fetching corpus: 8749, signal 190053/204644 (executing program)
2025/08/29 13:37:04 fetching corpus: 8799, signal 190235/204647 (executing program)
2025/08/29 13:37:04 fetching corpus: 8849, signal 190425/204652 (executing program)
2025/08/29 13:37:04 fetching corpus: 8899, signal 190671/204678 (executing program)
2025/08/29 13:37:04 fetching corpus: 8949, signal 190894/204680 (executing program)
2025/08/29 13:37:04 fetching corpus: 8999, signal 191134/204690 (executing program)
2025/08/29 13:37:04 fetching corpus: 9049, signal 191378/204693 (executing program)
2025/08/29 13:37:04 fetching corpus: 9099, signal 191605/204701 (executing program)
2025/08/29 13:37:05 fetching corpus: 9149, signal 191896/204702 (executing program)
2025/08/29 13:37:05 fetching corpus: 9199, signal 192135/204704 (executing program)
2025/08/29 13:37:05 fetching corpus: 9249, signal 192364/204705 (executing program)
2025/08/29 13:37:05 fetching corpus: 9299, signal 192599/204709 (executing program)
2025/08/29 13:37:05 fetching corpus: 9349, signal 192793/204729 (executing program)
2025/08/29 13:37:05 fetching corpus: 9399, signal 193044/204738 (executing program)
2025/08/29 13:37:05 fetching corpus: 9449, signal 193316/204749 (executing program)
2025/08/29 13:37:05 fetching corpus: 9499, signal 193637/204750 (executing program)
2025/08/29 13:37:05 fetching corpus: 9549, signal 193813/204750 (executing program)
2025/08/29 13:37:05 fetching corpus: 9599, signal 194016/204773 (executing program)
2025/08/29 13:37:05 fetching corpus: 9649, signal 194206/204778 (executing program)
2025/08/29 13:37:06 fetching corpus: 9699, signal 194483/204820 (executing program)
2025/08/29 13:37:06 fetching corpus: 9749, signal 194692/204841 (executing program)
2025/08/29 13:37:06 fetching corpus: 9799, signal 194915/204852 (executing program)
2025/08/29 13:37:06 fetching corpus: 9849, signal 195064/204853 (executing program)
2025/08/29 13:37:06 fetching corpus: 9899, signal 195253/204861 (executing program)
2025/08/29 13:37:06 fetching corpus: 9949, signal 195471/204882 (executing program)
2025/08/29 13:37:06 fetching corpus: 9999, signal 196227/204957 (executing program)
2025/08/29 13:37:06 fetching corpus: 10049, signal 196439/204964 (executing program)
2025/08/29 13:37:06 fetching corpus: 10099, signal 196728/204966 (executing program)
2025/08/29 13:37:06 fetching corpus: 10149, signal 196921/204978 (executing program)
2025/08/29 13:37:06 fetching corpus: 10199, signal 197397/204984 (executing program)
2025/08/29 13:37:07 fetching corpus: 10249, signal 197738/204988 (executing program)
2025/08/29 13:37:07 fetching corpus: 10299, signal 198055/204992 (executing program)
2025/08/29 13:37:07 fetching corpus: 10349, signal 198207/204994 (executing program)
2025/08/29 13:37:07 fetching corpus: 10399, signal 198443/204995 (executing program)
2025/08/29 13:37:07 fetching corpus: 10449, signal 198609/204995 (executing program)
2025/08/29 13:37:07 fetching corpus: 10499, signal 198843/205002 (executing program)
2025/08/29 13:37:07 fetching corpus: 10549, signal 199134/205002 (executing program)
2025/08/29 13:37:07 fetching corpus: 10599, signal 199381/205006 (executing program)
2025/08/29 13:37:07 fetching corpus: 10649, signal 199637/205030 (executing program)
2025/08/29 13:37:07 fetching corpus: 10699, signal 199851/205033 (executing program)
2025/08/29 13:37:07 fetching corpus: 10749, signal 200041/205038 (executing program)
2025/08/29 13:37:08 fetching corpus: 10799, signal 200269/205046 (executing program)
2025/08/29 13:37:08 fetching corpus: 10849, signal 200477/205056 (executing program)
2025/08/29 13:37:08 fetching corpus: 10899, signal 200665/205060 (executing program)
2025/08/29 13:37:08 fetching corpus: 10949, signal 200877/205060 (executing program)
2025/08/29 13:37:08 fetching corpus: 10978, signal 200985/205061 (executing program)
2025/08/29 13:37:08 fetching corpus: 10978, signal 200985/205061 (executing program)
2025/08/29 13:37:10 starting 8 fuzzer processes
13:37:10 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r2})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8936, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r5})

13:37:10 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000280)="a0fc37e7ba3dda3abf23cdbb4f0192034c9f6323f63b8a121f62c128307c83ae0922e05fa997e5ce300c62789e48a6cf807436f43dcfe3b2964b666f04d2b30982ec16c29064bf808f9a93790c68e6acc6e32a4ad01caffe06465bff544f7c3e70a3427860da81cf34039b592a150fab3a024812b80d09cca24e151f73bec693a3bab4ded6480a8676d8559aecb23167fe91d70fd8946aaad2df804804921ab84d37575d1abf99d00454ea05e6b085e3772ac81253232dcf22c517cd35f8da3517c2b1fddf159a2abd8687fce9aeb341e4104c8ac3335326090983e5f9c657071a012956471b90c8f57c88c73ae179dac1d3931f6e8eeb38ca4b055732f1d582d227be20e5704c7a68d403066aac94090867b7fb851057fc585dffbc91ca834e76bb2f81c103d0399ee8dde41efaeb037cd9acab9762556a3478cb66851763f92b8fa30e9f206f4c39667cad4bc09895f89be5ec82696f5e9f2fb5a7499ea43b12311d18bea0e6e48765b3266fb6ad032950bd6d8d4c480cde3490025059ddb3f8e1d781c184912aa263881bf907a7730aff9380fa5b29f10b6b09fbb335ca3413c335208527e6edf27b4fbfa1843c2e1297afac3afacf15a4017758d8e0375e465ff780e3e75f61a49c551392d36acacdd05d675961fa2f04506e38105adcb05605005d173d638f9944b6fb01b9c1e03eb6b28f46182958e2c0738a8f517b20b772618beaa2935973508902b5acf70e1cf21d62084438b535867fa991cbd28d3835c269e05ae87a44d5d29a8457b4656e9a893f5538c7ca1bd3f34368209e7238bf49c25e6e30bbeca026df0043918464b0c836f62c2811032a7d73cb604339912f829f295ca32e826cea04a9dba1f0db7554135348b30647498ee3a3f365b6260aaf6604731a781941ad2f4bf6295d282ed61551a436277609d28dedac112a6021c223e4badbb88c9ee5156499e290173e0d053c3425ed334e7ba40e1dc3acd154100f86bbc90418405ba26ee78c72618f72b08decb302b0babbc8d158660d8581ae33b063e771075aea5beb41c1da422d15d9f181e7366e198dba8e1b710f189514cc4ee0e82eacccc5593a1534f24b8084b5ae1871b51f8b1dbffa90e20fd0cdeffd77a36ff63bbd836858440cb79d85bf859c3381f183c7bacc60dc5ecf6798f1d05ae501bd46a49b2e25e1fa6046ccdfb85149a6fb07f1f758d0d5c564ab23d1aea642a690e50630e72060694ba0492b08b08159fc8c81297ccf2d2917ac0af61616248251ef242dacde8ef7e28fd2b647c95ade4ff1e4a83246aeef54eccc3d7535c0f0708ef2b61e4e864109c5450d448c54187be841462eb308d5f4c23557cca62319ad53e775eb5bbc21edfc8ec19d5bcec7a838a943abfb4b9b8453381033341f17566538d6b4d079cc710c1801a98fd955f2dc11559d90b576d49d774e9a00d86edab1bdd92f3fca4a83a6c7414ec71ef58d3024259e3a72747a524300689c0e7a1651749eb093655aafdf2e34485e72d27446aaf693c334f462bd9ee2d6c200c21a363ac3bb8522bd9d85192838e8843ee37db92f2b7fa001b2d2a758c95ae4a31a4b91f4ad05c8e3e256c986daf3dff8dc1765afc2b2f3eda28162b20b6298fb9dd15f1baed4849298b2354a4c4fdeee9e25e26896cd7d0130a2d99414b5fa15caef18c3a876d8335405b50334a25dd1f49b0b66827e91bfd33947e537a130839ae7d346f00954f9b0691649aa155a2961f6e1cb18dec07247f8acf5c6117647e0eae5d98ea124a8c4b32a4d61d86b468d5f38c6c461e2a32c92cf3be6636a92e191c226ba3772468e13ab7d8acf26c5a2292c62e84d03771bd8b6d6c80991220ecd8bc69385c6e4d50ac4f38e554f112ad00c3d7009f972df318e61e4ac46e3dace3105e2d5840e3690d277d358aa363034c4f451d7f731d6329ae67619d1b3ebb043136a40b4934d32575c07e2cb99c2a56951ef3de7d7b4af46c7fe7d63d5349a9ace0706beaa8b2740e74f3fe38a7f658c2c7c8b3353fa31a406a531509b3543", 0x5a9}], 0x1, 0x0)
splice(r0, 0x0, r2, 0x0, 0x802, 0x0)

13:37:10 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d4, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)

13:37:10 executing program 7:
io_setup(0xff, &(0x7f0000000000))
r0 = io_uring_setup(0x5053, &(0x7f0000000140))
io_uring_register$IORING_REGISTER_FILES(r0, 0x1b, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)

[   82.275054] audit: type=1400 audit(1756474630.405:7): avc:  denied  { execmem } for  pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
13:37:10 executing program 2:
timer_create(0x4ebc6b1ae97d038, 0x0, &(0x7f0000000040))

13:37:10 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
getpid()
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$SG_IO(r0, 0x2270, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

13:37:10 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@loopback, 0x0, 0x3c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2, 0x3}, [@coaddr={0x14, 0xe, @in6=@ipv4={'\x00', '\xff\xff', @dev}}]}, 0x104}}, 0x0)

13:37:10 executing program 5:
r0 = getpid()
r1 = getpid()
kcmp(r0, r1, 0x8, 0xffffffffffffffff, 0xffffffffffffffff)

[   83.374202] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   83.377043] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   83.379076] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   83.383364] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   83.386173] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.504574] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   83.507246] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   83.513031] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   83.518991] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   83.522412] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   83.566246] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   83.577022] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   83.587057] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   83.602007] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   83.608000] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   83.649294] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   83.657327] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   83.667976] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   83.670588] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   83.675167] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   83.686316] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   83.687863] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   83.689482] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   83.691314] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   83.697012] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   83.698580] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   83.699249] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   83.704487] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   83.707480] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   83.709968] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   83.713643] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   83.715242] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   83.724941] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   83.726732] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   83.732507] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   83.734916] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   83.752114] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   83.757491] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   83.758981] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   83.792962] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.406605] Bluetooth: hci0: command tx timeout
[   85.597859] Bluetooth: hci1: command tx timeout
[   85.663207] Bluetooth: hci2: command tx timeout
[   85.791287] Bluetooth: hci5: command tx timeout
[   85.792768] Bluetooth: hci4: command tx timeout
[   85.854119] Bluetooth: hci7: command tx timeout
[   85.855293] Bluetooth: hci6: command tx timeout
[   85.918777] Bluetooth: hci3: command tx timeout
[   87.455405] Bluetooth: hci0: command tx timeout
[   87.645819] Bluetooth: hci1: command tx timeout
[   87.712748] Bluetooth: hci2: command tx timeout
[   87.838774] Bluetooth: hci4: command tx timeout
[   87.838809] Bluetooth: hci5: command tx timeout
[   87.901987] Bluetooth: hci6: command tx timeout
[   87.902749] Bluetooth: hci7: command tx timeout
[   87.966881] Bluetooth: hci3: command tx timeout
[   89.501955] Bluetooth: hci0: command tx timeout
[   89.693921] Bluetooth: hci1: command tx timeout
[   89.758800] Bluetooth: hci2: command tx timeout
[   89.885862] Bluetooth: hci5: command tx timeout
[   89.886747] Bluetooth: hci4: command tx timeout
[   89.949918] Bluetooth: hci6: command tx timeout
[   89.950030] Bluetooth: hci7: command tx timeout
[   90.013801] Bluetooth: hci3: command tx timeout
[   91.550060] Bluetooth: hci0: command tx timeout
[   91.741743] Bluetooth: hci1: command tx timeout
[   91.805792] Bluetooth: hci2: command tx timeout
[   91.935668] Bluetooth: hci4: command tx timeout
[   91.936188] Bluetooth: hci5: command tx timeout
[   92.000733] Bluetooth: hci6: command tx timeout
[   92.000747] Bluetooth: hci7: command tx timeout
[   92.061826] Bluetooth: hci3: command tx timeout
[  121.715140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.715988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.856723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.857346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:50 executing program 1:
socket$packet(0x11, 0x2, 0x300)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)

[  122.495732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.496364] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:50 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x1, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/53, 0x35}], 0x1)

[  122.575494] audit: type=1400 audit(1756474670.702:8): avc:  denied  { open } for  pid=3839 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  122.578762] audit: type=1400 audit(1756474670.702:9): avc:  denied  { kernel } for  pid=3839 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  122.607083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.607719] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:50 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x1, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/53, 0x35}], 0x1)

[  122.694909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.695500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:50 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x1, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/53, 0x35}], 0x1)

[  122.801789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.802385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.891545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.892255] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:51 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x1, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/53, 0x35}], 0x1)

13:37:51 executing program 1:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setresuid(0x0, r0, 0x0)
pipe(&(0x7f0000000880)={<r1=>0xffffffffffffffff})
fcntl$setstatus(r1, 0x407, 0x1002000)

[  122.989311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.989934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.074435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.075977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:51 executing program 1:
setresuid(0x0, 0xee01, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000180), 0x4)

[  123.112000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.112608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:51 executing program 1:
setresuid(0x0, 0xee01, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000180), 0x4)

[  123.195940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.196573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.273040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.273666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.343221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.343843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.386195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.386811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.443901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.444491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.504315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.504942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:37:51 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d4, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)

13:37:51 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r2})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8936, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r5})

13:37:51 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@acquire={0x16c, 0x17, 0x101, 0x0, 0x0, {{@in6=@private1}, @in=@private, {@in6=@mcast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x44, 0x5, [{{}, 0x2, @in6=@private2}]}]}, 0x16c}}, 0x0)

13:37:51 executing program 4:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000001300)={0x0, 0x1f, 0xe})

13:37:51 executing program 1:
setresuid(0x0, 0xee01, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000180), 0x4)

13:37:51 executing program 2:
timer_create(0x4ebc6b1ae97d038, 0x0, &(0x7f0000000040))

13:37:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
getpid()
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$SG_IO(r0, 0x2270, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

13:37:51 executing program 5:
keyctl$KEYCTL_PKEY_ENCRYPT(0xc, 0x0, &(0x7f0000000280)={'enc=', 'raw', ' hash=', {'cbcmac(aes)\x00'}}, 0x0, 0x0)

13:37:51 executing program 2:
timer_create(0x4ebc6b1ae97d038, 0x0, &(0x7f0000000040))

13:37:51 executing program 4:
openat$nvram(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0, 0x0)

13:37:51 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d4, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)

13:37:51 executing program 2:
timer_create(0x4ebc6b1ae97d038, 0x0, &(0x7f0000000040))

13:37:51 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r2})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8936, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x3}}, 0x0, r5})

13:37:51 executing program 5:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c)
dup2(r0, r1)

13:37:51 executing program 1:
setresuid(0x0, 0xee01, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000180), 0x4)

13:37:51 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
getpid()
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$SG_IO(r0, 0x2270, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

13:37:51 executing program 4:
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x458, 0x501a, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)

13:37:51 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@acquire={0x16c, 0x17, 0x101, 0x0, 0x0, {{@in6=@private1}, @in=@private, {@in6=@mcast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x44, 0x5, [{{}, 0x2, @in6=@private2}]}]}, 0x16c}}, 0x0)

[  123.812564] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  123.813437] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  123.814134] CPU: 0 UID: 0 PID: 3941 Comm: syz-executor.0 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  123.815506] Tainted: [W]=WARN
[  123.816201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  123.817854] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.818883] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.822324] RSP: 0018:ffff888047ddf800 EFLAGS: 00010212
[  123.822734] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90003ea9000
[  123.823262] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.823790] RBP: ffff888047ddfa70 R08: ffff88806ce31340 R09: ffffe8ffffc15ae0
[  123.824318] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  123.824843] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  123.825369] FS:  00007f6ceaf68700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  123.825961] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.826391] CR2: 00005555576dec18 CR3: 0000000047d62000 CR4: 0000000000350ef0
[  123.826923] Call Trace:
[  123.827119]  <TASK>
[  123.827291]  ? kernel_text_address+0x5b/0xc0
[  123.827635]  ? __pfx_perf_tp_event+0x10/0x10
[  123.827976]  ? perf_trace_lock+0xb5/0x5d0
[  123.828293]  ? __mutex_add_waiter+0x202/0x220
[  123.828633]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.828980]  ? lock_acquire+0x15e/0x2f0
[  123.829281]  ? __is_insn_slot_addr+0x2e/0x290
[  123.829627]  ? find_held_lock+0x2b/0x80
[  123.829933]  ? __is_insn_slot_addr+0x136/0x290
[  123.830287]  ? lock_release+0xc8/0x290
[  123.830591]  ? __is_insn_slot_addr+0x140/0x290
[  123.830948]  ? perf_trace_run_bpf_submit+0xef/0x180
[  123.831327]  perf_trace_run_bpf_submit+0xef/0x180
[  123.831698]  perf_trace_lock+0x337/0x5d0
[  123.832010]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.832362]  ? lock_acquire+0x15e/0x2f0
[  123.832666]  ? futex_ref_get+0x48/0x300
[  123.832968]  ? futex_ref_get+0x114/0x300
[  123.833271]  ? futex_hash+0x15c/0x390
[  123.833562]  lock_release+0x1ab/0x290
[  123.833855]  ? futex_hash+0x15c/0x390
[  123.834143]  futex_ref_get+0x119/0x300
[  123.834440]  ? futex_hash+0x15c/0x390
[  123.834734]  futex_hash+0x70/0x390
[  123.835008]  futex_wake+0x143/0x540
[  123.835289]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  123.835641]  ? kmem_cache_alloc_noprof+0x264/0x690
[  123.836012]  ? __pfx_futex_wake+0x10/0x10
[  123.836331]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.836681]  do_futex+0x26d/0x370
[  123.836952]  ? __pfx_do_futex+0x10/0x10
[  123.837254]  ? lock_release+0xc8/0x290
[  123.837552]  __x64_sys_futex+0x1c9/0x4d0
[  123.837877]  ? __sys_socket+0x9f/0x260
[  123.838238]  ? __pfx___x64_sys_futex+0x10/0x10
[  123.838662]  ? xfd_validate_state+0x55/0x180
[  123.839050]  do_syscall_64+0xbf/0x360
[  123.839341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.839725] RIP: 0033:0x7f6ced9f2b19
[  123.840003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  123.841331] RSP: 002b:00007f6ceaf68218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  123.841893] RAX: ffffffffffffffda RBX: 00007f6cedb05f68 RCX: 00007f6ced9f2b19
[  123.842420] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6cedb05f6c
[  123.842956] RBP: 00007f6cedb05f60 R08: 000000000000000e R09: 0000000000000000
[  123.843483] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f6cedb05f6c
[  123.844009] R13: 00007ffe0eca969f R14: 00007f6ceaf68300 R15: 0000000000022000
[  123.844547]  </TASK>
[  123.844737] Modules linked in:
[  123.845002] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  123.845934] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  123.846529] CPU: 1 UID: 0 PID: 3944 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  123.847476] Tainted: [D]=DIE, [W]=WARN
[  123.847780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  123.848425] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.848806] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.850226] RSP: 0018:ffff8880170a7800 EFLAGS: 00010212
[  123.850652] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  123.851208] RDX: ffff88800f438000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  123.851767] RBP: ffff8880170a7a70 R08: ffff88806cf31340 R09: ffffe8ffffd15ae0
[  123.852330] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  123.852884] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  123.853444] FS:  000055556b32c400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  123.854077] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.854534] CR2: 000055556b32dc18 CR3: 0000000044ae4000 CR4: 0000000000350ef0
[  123.855099] Call Trace:
[  123.855305]  <TASK>
[  123.855493]  ? arch_scale_cpu_capacity+0x17/0xa0
[  123.855882]  ? __pfx_perf_tp_event+0x10/0x10
[  123.856240]  ? __asan_memset+0x24/0x50
[  123.856564]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.856930]  ? __pfx___mutex_lock+0x10/0x10
[  123.857281]  ? perf_trace_lock+0xb5/0x5d0
[  123.857615]  ? kvm_sched_clock_read+0x16/0x30
[  123.857979]  ? sched_clock+0x37/0x60
[  123.858290]  ? sched_clock_cpu+0x6c/0x4e0
[  123.858637]  ? perf_trace_run_bpf_submit+0xef/0x180
[  123.859034]  perf_trace_run_bpf_submit+0xef/0x180
[  123.859425]  perf_trace_lock+0x337/0x5d0
[  123.859752]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.860120]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.860490]  ? get_futex_key+0x592/0x14a0
[  123.860822]  ? futex_ref_get+0x114/0x300
[  123.861144]  ? futex_hash+0x15c/0x390
[  123.861453]  lock_release+0x1ab/0x290
[  123.861765]  ? futex_hash+0x15c/0x390
[  123.862068]  futex_ref_get+0x119/0x300
[  123.862381]  ? futex_hash+0x15c/0x390
[  123.862698]  futex_hash+0x70/0x390
[  123.862986]  futex_wake+0x143/0x540
[  123.863284]  ? put_pid+0x1f/0x30
[  123.863559]  ? kernel_clone+0x204/0x7f0
[  123.863878]  ? __pfx_futex_wake+0x10/0x10
[  123.864212]  ? __pfx_kernel_clone+0x10/0x10
[  123.864561]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  123.864980]  ? finish_task_switch.isra.0+0x206/0x840
[  123.865392]  do_futex+0x26d/0x370
[  123.865675]  ? __pfx_do_futex+0x10/0x10
[  123.865996]  ? __pfx___do_sys_clone+0x10/0x10
[  123.866354]  ? __pfx___schedule+0x10/0x10
[  123.866698]  __x64_sys_futex+0x1c9/0x4d0
[  123.867027]  ? __pfx___x64_sys_futex+0x10/0x10
[  123.867401]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  123.867817]  do_syscall_64+0xbf/0x360
[  123.868124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.868532] RIP: 0033:0x7f98dfddeb19
[  123.868826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  123.870244] RSP: 002b:00007ffc74cf7558 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  123.870846] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f98dfddeb19
[  123.871408] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f98dfef1f68
[  123.871969] RBP: 00007f98dfef1f60 R08: 00007f98dd354700 R09: 00000000000001f4
[  123.872527] R10: 00007f98dd354700 R11: 0000000000000246 R12: 00007f98dfef67a8
[  123.873083] R13: 00007ffc74cf7660 R14: 00007f98dfef1f60 R15: 000000000001e345
[  123.873657]  </TASK>
[  123.873849] Modules linked in:
[  123.874110] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[  123.874988] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  123.875662] CPU: 0 UID: 0 PID: 3941 Comm: syz-executor.0 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  123.876585] Tainted: [D]=DIE, [W]=WARN
[  123.876885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  123.877523] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.877895] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.879314] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[  123.879730] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  123.880283] RDX: ffff88801cbd3700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.880836] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15ae0
[  123.881389] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[  123.881944] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[  123.882506] FS:  00007f6ceaf68700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  123.883141] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.883599] CR2: 00005555576dec18 CR3: 0000000047d62000 CR4: 0000000000350ef0
[  123.884152] Call Trace:
[  123.884359]  <IRQ>
[  123.884538]  ? __pfx_perf_tp_event+0x10/0x10
[  123.884891]  ? __pfx_css_rstat_updated+0x10/0x10
[  123.885271]  ? lock_is_held_type+0x9e/0x120
[  123.885618]  ? trace_pelt_se_tp+0xdf/0x130
[  123.885955]  ? __update_load_avg_se+0x428/0xa40
[  123.886328]  ? lock_is_held_type+0x9e/0x120
[  123.886684]  ? perf_trace_lock+0xb5/0x5d0
[  123.887010]  ? perf_trace_lock+0xb5/0x5d0
[  123.887338]  ? __resched_curr+0x2a2/0x330
[  123.887669]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.888031]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.888396]  ? lock_is_held_type+0x9e/0x120
[  123.888742]  ? perf_trace_run_bpf_submit+0xef/0x180
[  123.889138]  perf_trace_run_bpf_submit+0xef/0x180
[  123.889527]  perf_trace_lock+0x337/0x5d0
[  123.889889]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.890349]  ? find_held_lock+0x2b/0x80
[  123.890752]  ? hrtimer_interrupt+0x114/0x830
[  123.891183]  lock_release+0x1ab/0x290
[  123.891549]  ktime_get_update_offsets_now+0xab/0x3c0
[  123.891954]  ? hrtimer_interrupt+0x114/0x830
[  123.892300]  ? __pfx_lapic_next_deadline+0x10/0x10
[  123.892693]  hrtimer_interrupt+0x114/0x830
[  123.893031]  __sysvec_apic_timer_interrupt+0xbb/0x330
[  123.893437]  sysvec_apic_timer_interrupt+0x6b/0x80
[  123.893828]  </IRQ>
[  123.894008]  <TASK>
[  123.894188]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  123.894612] RIP: 0010:oops_exit+0x0/0x50
[  123.894937] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[  123.896350] RSP: 0018:ffff888047ddf690 EFLAGS: 00000202
[  123.896766] RAX: 000000000002a2cf RBX: 0000000000000212 RCX: ffffc90003ea9000
[  123.897319] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[  123.897877] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[  123.898434] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888047ddf758
[  123.898994] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  123.899549]  ? oops_end+0x4a/0xe0
[  123.899837]  oops_end+0x65/0xe0
[  123.900108]  exc_general_protection+0x1a2/0x330
[  123.900486]  asm_exc_general_protection+0x26/0x30
[  123.900867] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.901234] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.902647] RSP: 0018:ffff888047ddf800 EFLAGS: 00010212
[  123.903062] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90003ea9000
[  123.903617] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.904169] RBP: ffff888047ddfa70 R08: ffff88806ce31340 R09: ffffe8ffffc15ae0
[  123.904719] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  123.905274] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  123.905833]  ? perf_tp_event+0x167/0xe70
[  123.906159]  ? kernel_text_address+0x5b/0xc0
[  123.906517]  ? __pfx_perf_tp_event+0x10/0x10
[  123.906877]  ? perf_trace_lock+0xb5/0x5d0
[  123.907204]  ? __mutex_add_waiter+0x202/0x220
[  123.907562]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.907927]  ? lock_acquire+0x15e/0x2f0
[  123.908242]  ? __is_insn_slot_addr+0x2e/0x290
[  123.908603]  ? find_held_lock+0x2b/0x80
[  123.908921]  ? __is_insn_slot_addr+0x136/0x290
[  123.909289]  ? lock_release+0xc8/0x290
[  123.909600]  ? __is_insn_slot_addr+0x140/0x290
[  123.909970]  ? perf_trace_run_bpf_submit+0xef/0x180
[  123.910368]  perf_trace_run_bpf_submit+0xef/0x180
[  123.910762]  perf_trace_lock+0x337/0x5d0
[  123.911089]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.911452]  ? lock_acquire+0x15e/0x2f0
[  123.911767]  ? futex_ref_get+0x48/0x300
[  123.912078]  ? futex_ref_get+0x114/0x300
[  123.912398]  ? futex_hash+0x15c/0x390
[  123.912697]  lock_release+0x1ab/0x290
[  123.913000]  ? futex_hash+0x15c/0x390
[  123.913305]  futex_ref_get+0x119/0x300
[  123.913611]  ? futex_hash+0x15c/0x390
[  123.913910]  futex_hash+0x70/0x390
[  123.914198]  futex_wake+0x143/0x540
[  123.914492]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  123.914867]  ? kmem_cache_alloc_noprof+0x264/0x690
[  123.915256]  ? __pfx_futex_wake+0x10/0x10
[  123.915593]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.915961]  do_futex+0x26d/0x370
[  123.916241]  ? __pfx_do_futex+0x10/0x10
[  123.916562]  ? lock_release+0xc8/0x290
[  123.916875]  __x64_sys_futex+0x1c9/0x4d0
[  123.917198]  ? __sys_socket+0x9f/0x260
[  123.917508]  ? __pfx___x64_sys_futex+0x10/0x10
[  123.917872]  ? xfd_validate_state+0x55/0x180
[  123.918229]  do_syscall_64+0xbf/0x360
[  123.918529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.918940] RIP: 0033:0x7f6ced9f2b19
[  123.919233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  123.920635] RSP: 002b:00007f6ceaf68218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  123.921222] RAX: ffffffffffffffda RBX: 00007f6cedb05f68 RCX: 00007f6ced9f2b19
[  123.921776] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6cedb05f6c
[  123.922333] RBP: 00007f6cedb05f60 R08: 000000000000000e R09: 0000000000000000
[  123.922896] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f6cedb05f6c
[  123.923452] R13: 00007ffe0eca969f R14: 00007f6ceaf68300 R15: 0000000000022000
[  123.924012]  </TASK>
[  123.924199] Modules linked in:
[  123.924458] ---[ end trace 0000000000000000 ]---
[  123.924459] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI
[  123.924823] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.925678] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  123.926035] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.926624] CPU: 1 UID: 0 PID: 3944 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  123.928026] RSP: 0018:ffff888047ddf800 EFLAGS: 00010212
[  123.928936] Tainted: [D]=DIE, [W]=WARN
[  123.929321] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90003ea9000
[  123.929619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  123.930135] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.930775] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.931287] RBP: ffff888047ddfa70 R08: ffff88806ce31340 R09: ffffe8ffffc15ae0
[  123.931641] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.932156] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  123.933545] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[  123.934065] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  123.934474] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  123.935000] FS:  00007f6ceaf68700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  123.935541] RDX: ffff88800f438000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  123.936122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.936667] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd15ae0
[  123.937087] CR2: 00005555576dec18 CR3: 0000000047d62000 CR4: 0000000000350ef0
[  123.937629] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[  123.938148] Kernel panic - not syncing: Fatal exception in interrupt
[  124.982866] Shutting down cpus with NMI
[  124.983892] Kernel Offset: disabled
[  124.984181] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
13:37:52  Registers:
info registers vcpu 0
RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888047ddf158
R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000000 R11=30376578302f4952
R12=0000000000000005 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f6ceaf68700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe3b00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005555576dec18 CR3=0000000047d62000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f6cedad97c000007f6cedad97c8
XMM02=00007f6cedad97e000007f6cedad97c0 XMM03=00007f6cedad97c800007f6cedad97c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffffea0000d00e18 RBX=ffffea0000d00e00 RCX=ffffffff819cea41 RDX=ffff888016810000
RSI=0000000000000000 RDI=0000000000000001 RBP=00000000000000a8 RSP=ffff888015c97878
R8 =0000000000000000 R9 =fffff940001a01be R10=0000000000000001 R11=ffff88806cf3c540
R12=0000000000000001 R13=00007f6047958000 R14=ffff888015c97ce0 R15=8000000034038007
RIP=ffffffff8173e780 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055556b32dc18 CR3=0000000005a88000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff812c8387ffffffff812c8313 XMM01=ffffffff812c8387ffffffff812c8313
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f60496287c800007f60496287c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000