Warning: Permanently added '[localhost]:55334' (ECDSA) to the list of known hosts. 2025/08/29 09:27:48 fuzzer started 2025/08/29 09:27:48 dialing manager at localhost:43077 syzkaller login: [ 48.823322] cgroup: Unknown subsys name 'net' [ 48.871142] cgroup: Unknown subsys name 'cpuset' [ 48.885690] cgroup: Unknown subsys name 'rlimit' 2025/08/29 09:27:58 syscalls: 2214 2025/08/29 09:27:58 code coverage: enabled 2025/08/29 09:27:58 comparison tracing: enabled 2025/08/29 09:27:58 extra coverage: enabled 2025/08/29 09:27:58 setuid sandbox: enabled 2025/08/29 09:27:58 namespace sandbox: enabled 2025/08/29 09:27:58 Android sandbox: enabled 2025/08/29 09:27:58 fault injection: enabled 2025/08/29 09:27:58 leak checking: enabled 2025/08/29 09:27:58 net packet injection: enabled 2025/08/29 09:27:58 net device setup: enabled 2025/08/29 09:27:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 09:27:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 09:27:58 USB emulation: enabled 2025/08/29 09:27:58 hci packet injection: enabled 2025/08/29 09:27:58 wifi device emulation: enabled 2025/08/29 09:27:58 802.15.4 emulation: enabled 2025/08/29 09:27:58 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 09:27:58 fetching corpus: 42, signal 15468/19050 (executing program) 2025/08/29 09:27:58 fetching corpus: 91, signal 28793/33664 (executing program) 2025/08/29 09:27:58 fetching corpus: 141, signal 36423/42527 (executing program) 2025/08/29 09:27:58 fetching corpus: 191, signal 48325/55153 (executing program) 2025/08/29 09:27:59 fetching corpus: 241, signal 54689/62367 (executing program) 2025/08/29 09:27:59 fetching corpus: 291, signal 58479/67099 (executing program) 2025/08/29 09:27:59 fetching corpus: 341, signal 63257/72598 (executing program) 2025/08/29 09:27:59 fetching corpus: 391, signal 69649/79393 (executing program) 2025/08/29 09:27:59 fetching corpus: 441, signal 72402/82890 (executing program) 2025/08/29 09:27:59 fetching corpus: 491, signal 74303/85530 (executing program) 2025/08/29 09:27:59 fetching corpus: 541, signal 76937/88737 (executing program) 2025/08/29 09:27:59 fetching corpus: 591, signal 79767/92116 (executing program) 2025/08/29 09:27:59 fetching corpus: 640, signal 82733/95491 (executing program) 2025/08/29 09:27:59 fetching corpus: 690, signal 84473/97829 (executing program) 2025/08/29 09:28:00 fetching corpus: 740, signal 87060/100773 (executing program) 2025/08/29 09:28:00 fetching corpus: 790, signal 89831/103776 (executing program) 2025/08/29 09:28:00 fetching corpus: 840, signal 90954/105451 (executing program) 2025/08/29 09:28:00 fetching corpus: 890, signal 93450/108079 (executing program) 2025/08/29 09:28:00 fetching corpus: 940, signal 95819/110541 (executing program) 2025/08/29 09:28:00 fetching corpus: 990, signal 97259/112309 (executing program) 2025/08/29 09:28:00 fetching corpus: 1040, signal 99287/114481 (executing program) 2025/08/29 09:28:00 fetching corpus: 1090, signal 101046/116405 (executing program) 2025/08/29 09:28:01 fetching corpus: 1140, signal 102907/118351 (executing program) 2025/08/29 09:28:01 fetching corpus: 1189, signal 105246/120543 (executing program) 2025/08/29 09:28:01 fetching corpus: 1239, signal 106121/121760 (executing program) 2025/08/29 09:28:01 fetching corpus: 1289, signal 108051/123660 (executing program) 2025/08/29 09:28:01 fetching corpus: 1339, signal 109339/125050 (executing program) 2025/08/29 09:28:01 fetching corpus: 1388, signal 110214/126169 (executing program) 2025/08/29 09:28:01 fetching corpus: 1438, signal 111742/127647 (executing program) 2025/08/29 09:28:01 fetching corpus: 1488, signal 113084/128987 (executing program) 2025/08/29 09:28:01 fetching corpus: 1538, signal 114521/130342 (executing program) 2025/08/29 09:28:01 fetching corpus: 1588, signal 115548/131445 (executing program) 2025/08/29 09:28:02 fetching corpus: 1638, signal 116887/132678 (executing program) 2025/08/29 09:28:02 fetching corpus: 1688, signal 117709/133570 (executing program) 2025/08/29 09:28:02 fetching corpus: 1738, signal 118415/134421 (executing program) 2025/08/29 09:28:02 fetching corpus: 1788, signal 119569/135472 (executing program) 2025/08/29 09:28:02 fetching corpus: 1838, signal 120705/136448 (executing program) 2025/08/29 09:28:02 fetching corpus: 1888, signal 121447/137240 (executing program) 2025/08/29 09:28:02 fetching corpus: 1938, signal 122267/137979 (executing program) 2025/08/29 09:28:02 fetching corpus: 1988, signal 123689/139043 (executing program) 2025/08/29 09:28:02 fetching corpus: 2038, signal 124705/139837 (executing program) 2025/08/29 09:28:02 fetching corpus: 2087, signal 125655/140601 (executing program) 2025/08/29 09:28:03 fetching corpus: 2137, signal 126614/141336 (executing program) 2025/08/29 09:28:03 fetching corpus: 2187, signal 128017/142232 (executing program) 2025/08/29 09:28:03 fetching corpus: 2237, signal 128867/142961 (executing program) 2025/08/29 09:28:03 fetching corpus: 2287, signal 129609/143565 (executing program) 2025/08/29 09:28:03 fetching corpus: 2337, signal 130303/144151 (executing program) 2025/08/29 09:28:03 fetching corpus: 2386, signal 131116/144702 (executing program) 2025/08/29 09:28:03 fetching corpus: 2436, signal 132018/145374 (executing program) 2025/08/29 09:28:03 fetching corpus: 2486, signal 132820/145924 (executing program) 2025/08/29 09:28:03 fetching corpus: 2536, signal 133565/146405 (executing program) 2025/08/29 09:28:04 fetching corpus: 2586, signal 134511/146923 (executing program) 2025/08/29 09:28:04 fetching corpus: 2636, signal 135330/147377 (executing program) 2025/08/29 09:28:04 fetching corpus: 2686, signal 135904/147777 (executing program) 2025/08/29 09:28:04 fetching corpus: 2736, signal 136652/148229 (executing program) 2025/08/29 09:28:04 fetching corpus: 2786, signal 137298/148597 (executing program) 2025/08/29 09:28:04 fetching corpus: 2836, signal 137893/148964 (executing program) 2025/08/29 09:28:04 fetching corpus: 2886, signal 138502/149302 (executing program) 2025/08/29 09:28:04 fetching corpus: 2935, signal 139340/149693 (executing program) 2025/08/29 09:28:04 fetching corpus: 2985, signal 139909/149955 (executing program) 2025/08/29 09:28:05 fetching corpus: 3035, signal 140550/150235 (executing program) 2025/08/29 09:28:05 fetching corpus: 3085, signal 141242/150531 (executing program) 2025/08/29 09:28:05 fetching corpus: 3135, signal 141776/150849 (executing program) 2025/08/29 09:28:05 fetching corpus: 3185, signal 142282/151064 (executing program) 2025/08/29 09:28:05 fetching corpus: 3235, signal 143172/151318 (executing program) 2025/08/29 09:28:05 fetching corpus: 3285, signal 144142/151553 (executing program) 2025/08/29 09:28:05 fetching corpus: 3334, signal 144868/151757 (executing program) 2025/08/29 09:28:05 fetching corpus: 3384, signal 145533/151915 (executing program) 2025/08/29 09:28:05 fetching corpus: 3432, signal 146274/152087 (executing program) 2025/08/29 09:28:06 fetching corpus: 3482, signal 146722/152246 (executing program) 2025/08/29 09:28:06 fetching corpus: 3532, signal 147128/152374 (executing program) 2025/08/29 09:28:06 fetching corpus: 3582, signal 147588/152493 (executing program) 2025/08/29 09:28:06 fetching corpus: 3632, signal 148092/152548 (executing program) 2025/08/29 09:28:06 fetching corpus: 3682, signal 148810/152600 (executing program) 2025/08/29 09:28:06 fetching corpus: 3731, signal 149227/152635 (executing program) 2025/08/29 09:28:06 fetching corpus: 3781, signal 149807/152667 (executing program) 2025/08/29 09:28:06 fetching corpus: 3831, signal 150069/152679 (executing program) 2025/08/29 09:28:06 fetching corpus: 3876, signal 150422/152683 (executing program) 2025/08/29 09:28:06 fetching corpus: 3876, signal 150422/152683 (executing program) 2025/08/29 09:28:08 starting 8 fuzzer processes 09:28:08 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) close(r0) 09:28:08 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semctl$GETALL(0x0, 0x0, 0x11, &(0x7f00000001c0)=""/131) 09:28:08 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000080)=@ethtool_drvinfo={0x3, "0dfa539cb35fbbd0d01a62f894135ee4d0e85def749616978afe2f5b5e713a93", "c16ca7cf8ad10bd9e7fe14111e4278ef6b2ddc68d2ec80c6fc220ade753dcc4a", "1a858d61390674e77883d44122e34f29883ccef64115114d23fc9cf6b400ab3e", "253a87a98329e0b1e91563ac1945346754df12fd91b88aa2372fd83b21b8698f", "b26a66a8cf72e86836c6c413f58db7ec871b1196a420f4c14a3a0272fa3da95f", "d2d873640cca9879f75ef790"}}) 09:28:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getpid() sendmsg$unix(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)="a2", 0x1}], 0x1, &(0x7f0000000640)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}, 0x0) 09:28:08 executing program 7: keyctl$search(0xa, 0x0, &(0x7f0000000000)='.dead\x00', 0x0, 0x0) 09:28:08 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x8, 0x0, &(0x7f0000002500)=0x7fff) 09:28:08 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0) [ 68.613139] audit: type=1400 audit(1756459688.685:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:28:08 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb030000001300000023", 0x29, 0x7e0}, {&(0x7f0000010ce0)="00000000000000000000000000000000000000000000000000000000c99b0000ed410000000400009f09c75f9f09c75f9f09c75f000000000000030002000000000008", 0x43, 0x8c60}], 0x0, &(0x7f0000000780)) [ 69.689977] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.693570] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.695582] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.702361] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.707066] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.885059] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.887169] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.890460] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.894158] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.896414] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.935830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.937570] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.941986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.943629] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.949907] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.951838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.958190] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.963243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.969712] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.973635] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.977816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.979646] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.982877] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.985299] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.987598] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.988671] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.993169] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.998788] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.001108] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.005204] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.008942] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.014916] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.019134] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.020765] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.022355] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.029107] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.039242] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 70.041275] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 70.044751] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.096908] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.721857] Bluetooth: hci0: command tx timeout [ 71.977023] Bluetooth: hci2: command tx timeout [ 71.977606] Bluetooth: hci1: command tx timeout [ 72.040615] Bluetooth: hci3: command tx timeout [ 72.104664] Bluetooth: hci5: command tx timeout [ 72.104698] Bluetooth: hci4: command tx timeout [ 72.169686] Bluetooth: hci7: command tx timeout [ 72.169710] Bluetooth: hci6: command tx timeout [ 73.770740] Bluetooth: hci0: command tx timeout [ 74.024662] Bluetooth: hci1: command tx timeout [ 74.025593] Bluetooth: hci2: command tx timeout [ 74.088644] Bluetooth: hci3: command tx timeout [ 74.153630] Bluetooth: hci5: command tx timeout [ 74.153658] Bluetooth: hci4: command tx timeout [ 74.218542] Bluetooth: hci6: command tx timeout [ 74.218567] Bluetooth: hci7: command tx timeout [ 75.817429] Bluetooth: hci0: command tx timeout [ 76.072660] Bluetooth: hci2: command tx timeout [ 76.072780] Bluetooth: hci1: command tx timeout [ 76.136636] Bluetooth: hci3: command tx timeout [ 76.200654] Bluetooth: hci5: command tx timeout [ 76.202066] Bluetooth: hci4: command tx timeout [ 76.264693] Bluetooth: hci7: command tx timeout [ 76.264766] Bluetooth: hci6: command tx timeout [ 77.865555] Bluetooth: hci0: command tx timeout [ 78.120598] Bluetooth: hci2: command tx timeout [ 78.121736] Bluetooth: hci1: command tx timeout [ 78.184588] Bluetooth: hci3: command tx timeout [ 78.250513] Bluetooth: hci4: command tx timeout [ 78.250673] Bluetooth: hci5: command tx timeout [ 78.312606] Bluetooth: hci7: command tx timeout [ 78.312727] Bluetooth: hci6: command tx timeout [ 106.999967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.000774] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.192619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.193241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:28:47 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0) 09:28:47 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0) 09:28:48 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0) 09:28:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 108.175622] audit: type=1400 audit(1756459728.244:8): avc: denied { open } for pid=3722 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.187709] audit: type=1400 audit(1756459728.245:9): avc: denied { kernel } for pid=3722 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:28:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 108.487606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.488219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:28:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 108.593299] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.593925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:28:48 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 09:28:48 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000001fc0)={'#! ', './file0/file0', [], 0xa, "550331b8899440ea4aacb9cc64c56048166e4667e3f9017bb496b6758cdd1b2842"}, 0x32) [ 108.892379] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.893030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.036534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.037158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.191537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.192141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.338543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.339203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.993762] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.994418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.106160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.107291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.277052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.277692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.351796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.352400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.389591] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.390208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.434083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.434739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.491411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.492074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.530761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.531397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.636650] loop6: detected capacity change from 0 to 140 [ 110.643553] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #2: comm syz-executor.6: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 110.646528] EXT4-fs (loop6): get root inode failed [ 110.646932] EXT4-fs (loop6): mount failed [ 110.655653] loop6: detected capacity change from 0 to 140 [ 110.659966] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #2: comm syz-executor.6: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 110.661880] EXT4-fs (loop6): get root inode failed [ 110.662417] EXT4-fs (loop6): mount failed 09:28:50 executing program 7: keyctl$search(0xa, 0x0, &(0x7f0000000000)='.dead\x00', 0x0, 0x0) 09:28:50 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semctl$GETALL(0x0, 0x0, 0x11, &(0x7f00000001c0)=""/131) 09:28:50 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x8, 0x0, &(0x7f0000002500)=0x7fff) 09:28:50 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000001fc0)={'#! ', './file0/file0', [], 0xa, "550331b8899440ea4aacb9cc64c56048166e4667e3f9017bb496b6758cdd1b2842"}, 0x32) 09:28:50 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) close(r0) 09:28:50 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000080)=@ethtool_drvinfo={0x3, "0dfa539cb35fbbd0d01a62f894135ee4d0e85def749616978afe2f5b5e713a93", "c16ca7cf8ad10bd9e7fe14111e4278ef6b2ddc68d2ec80c6fc220ade753dcc4a", "1a858d61390674e77883d44122e34f29883ccef64115114d23fc9cf6b400ab3e", "253a87a98329e0b1e91563ac1945346754df12fd91b88aa2372fd83b21b8698f", "b26a66a8cf72e86836c6c413f58db7ec871b1196a420f4c14a3a0272fa3da95f", "d2d873640cca9879f75ef790"}}) 09:28:50 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getpid() sendmsg$unix(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)="a2", 0x1}], 0x1, &(0x7f0000000640)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}, 0x0) 09:28:50 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb030000001300000023", 0x29, 0x7e0}, {&(0x7f0000010ce0)="00000000000000000000000000000000000000000000000000000000c99b0000ed410000000400009f09c75f9f09c75f9f09c75f000000000000030002000000000008", 0x43, 0x8c60}], 0x0, &(0x7f0000000780)) 09:28:50 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000080)=@ethtool_drvinfo={0x3, "0dfa539cb35fbbd0d01a62f894135ee4d0e85def749616978afe2f5b5e713a93", "c16ca7cf8ad10bd9e7fe14111e4278ef6b2ddc68d2ec80c6fc220ade753dcc4a", "1a858d61390674e77883d44122e34f29883ccef64115114d23fc9cf6b400ab3e", "253a87a98329e0b1e91563ac1945346754df12fd91b88aa2372fd83b21b8698f", "b26a66a8cf72e86836c6c413f58db7ec871b1196a420f4c14a3a0272fa3da95f", "d2d873640cca9879f75ef790"}}) 09:28:50 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) close(r0) 09:28:50 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb030000001300000023", 0x29, 0x7e0}, {&(0x7f0000010ce0)="00000000000000000000000000000000000000000000000000000000c99b0000ed410000000400009f09c75f9f09c75f9f09c75f000000000000030002000000000008", 0x43, 0x8c60}], 0x0, &(0x7f0000000780)) 09:28:50 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000001fc0)={'#! ', './file0/file0', [], 0xa, "550331b8899440ea4aacb9cc64c56048166e4667e3f9017bb496b6758cdd1b2842"}, 0x32) 09:28:50 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semctl$GETALL(0x0, 0x0, 0x11, &(0x7f00000001c0)=""/131) 09:28:51 executing program 7: keyctl$search(0xa, 0x0, &(0x7f0000000000)='.dead\x00', 0x0, 0x0) 09:28:51 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semctl$GETALL(0x0, 0x0, 0x11, &(0x7f00000001c0)=""/131) 09:28:51 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_script(r0, &(0x7f0000001fc0)={'#! ', './file0/file0', [], 0xa, "550331b8899440ea4aacb9cc64c56048166e4667e3f9017bb496b6758cdd1b2842"}, 0x32) 09:28:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getpid() sendmsg$unix(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)="a2", 0x1}], 0x1, &(0x7f0000000640)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}, 0x0) 09:28:51 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000080)=@ethtool_drvinfo={0x3, "0dfa539cb35fbbd0d01a62f894135ee4d0e85def749616978afe2f5b5e713a93", "c16ca7cf8ad10bd9e7fe14111e4278ef6b2ddc68d2ec80c6fc220ade753dcc4a", "1a858d61390674e77883d44122e34f29883ccef64115114d23fc9cf6b400ab3e", "253a87a98329e0b1e91563ac1945346754df12fd91b88aa2372fd83b21b8698f", "b26a66a8cf72e86836c6c413f58db7ec871b1196a420f4c14a3a0272fa3da95f", "d2d873640cca9879f75ef790"}}) 09:28:51 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) close(r0) 09:28:51 executing program 6: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb030000001300000023", 0x29, 0x7e0}, {&(0x7f0000010ce0)="00000000000000000000000000000000000000000000000000000000c99b0000ed410000000400009f09c75f9f09c75f9f09c75f000000000000030002000000000008", 0x43, 0x8c60}], 0x0, &(0x7f0000000780)) 09:28:51 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x8, 0x0, &(0x7f0000002500)=0x7fff) [ 111.031817] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 111.033565] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 111.034734] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.038419] Tainted: [W]=WARN [ 111.039347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.042215] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.043822] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.048755] RSP: 0018:ffff888044aa7780 EFLAGS: 00010012 [ 111.049915] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900050b2000 [ 111.051033] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 111.052147] RBP: ffff888044aa79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16978 [ 111.053276] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.054400] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 111.055526] FS: 00007f488d773700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.056807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.057726] CR2: 00007f12dc71d018 CR3: 000000000cea1000 CR4: 0000000000350ef0 [ 111.058861] Call Trace: [ 111.059279] [ 111.059656] ? find_held_lock+0x2b/0x80 [ 111.060313] ? __pfx_perf_tp_event+0x10/0x10 [ 111.061030] ? __lock_acquire+0x694/0x1b70 [ 111.061713] ? __lock_acquire+0x694/0x1b70 [ 111.062395] ? lock_release+0x42/0x290 [ 111.063023] ? perf_trace_run_bpf_submit+0xef/0x180 [ 111.063833] ? find_held_lock+0x2b/0x80 [ 111.064479] perf_trace_run_bpf_submit+0xef/0x180 [ 111.065275] perf_trace_preemptirq_template+0x259/0x430 [ 111.066159] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 111.067114] ? __pfx___smp_call_single_queue+0x10/0x10 [ 111.067970] ? find_held_lock+0x2b/0x80 [ 111.068626] ? try_to_wake_up+0x8ae/0x11d0 [ 111.069318] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 111.070161] trace_irq_enable.constprop.0+0xa6/0x100 [ 111.070974] trace_hardirqs_on+0x26/0x40 [ 111.071629] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 111.072432] try_to_wake_up+0x8ae/0x11d0 [ 111.073103] ? __pfx_try_to_wake_up+0x10/0x10 [ 111.073842] ? plist_del+0x122/0x270 [ 111.074464] ? find_held_lock+0x2b/0x80 [ 111.075134] ? futex_wake+0x474/0x540 [ 111.075764] wake_up_q+0xa1/0x130 [ 111.076359] futex_wake+0x47e/0x540 [ 111.076967] ? __pfx_futex_wake+0x10/0x10 [ 111.077658] ? __fget_files+0x34/0x3b0 [ 111.078303] ? __fget_files+0x203/0x3b0 [ 111.078963] ? lock_release+0xc8/0x290 [ 111.079610] do_futex+0x26d/0x370 [ 111.080190] ? __pfx_do_futex+0x10/0x10 [ 111.080841] ? fput+0x6a/0x100 [ 111.081388] __x64_sys_futex+0x1c9/0x4d0 [ 111.082069] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 111.083040] ? __pfx___x64_sys_futex+0x10/0x10 [ 111.083817] do_syscall_64+0xbf/0x360 [ 111.084451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.085313] RIP: 0033:0x7f48901fdb19 [ 111.085933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.088895] RSP: 002b:00007f488d773218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.090181] RAX: ffffffffffffffda RBX: 00007f4890310f68 RCX: 00007f48901fdb19 [ 111.091363] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4890310f6c [ 111.092543] RBP: 00007f4890310f60 R08: 000000000000000e R09: 0000000000000000 [ 111.093710] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f4890310f6c [ 111.094887] R13: 00007ffdb624163f R14: 00007f488d773300 R15: 0000000000022000 [ 111.096076] [ 111.096467] Modules linked in: [ 111.097004] ---[ end trace 0000000000000000 ]--- [ 111.097671] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.098364] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.100922] RSP: 0018:ffff888044aa7780 EFLAGS: 00010012 [ 111.101676] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900050b2000 [ 111.102694] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 111.103708] RBP: ffff888044aa79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16978 [ 111.104723] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.105737] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 111.106759] FS: 00007f488d773700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.107905] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.108738] CR2: 00007f12dc71d018 CR3: 000000000cea1000 CR4: 0000000000350ef0 [ 111.109759] note: syz-executor.1[3946] exited with irqs disabled [ 111.110758] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 111.112373] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 111.113468] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 111.115199] Tainted: [D]=DIE, [W]=WARN [ 111.115757] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 111.116950] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.117652] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.120688] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 111.121473] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 111.122538] RDX: ffff88800e30b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 111.123600] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16978 [ 111.124730] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 111.125768] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 111.126821] FS: 00007f488d773700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.127989] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.128851] CR2: 00007f12dc71d018 CR3: 000000000cea1000 CR4: 0000000000350ef0 [ 111.129898] Call Trace: [ 111.130296] [ 111.130629] ? __pfx_perf_tp_event+0x10/0x10 [ 111.131299] ? __virt_addr_valid+0x100/0x5d0 [ 111.131972] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 111.132744] ? do_raw_spin_lock+0x123/0x260 [ 111.133392] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.134099] ? lock_acquire+0x18c/0x2f0 [ 111.134704] ? __pfx_task_work_add+0x10/0x10 [ 111.135365] ? update_cfs_group+0x11d/0x260 [ 111.136008] ? lock_release+0x1c7/0x290 [ 111.136602] ? do_raw_spin_unlock+0x53/0x220 [ 111.137267] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 111.138033] ? try_to_wake_up+0x128/0x11d0 [ 111.138673] ? do_raw_spin_lock+0x123/0x260 [ 111.139373] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 111.140137] ? perf_trace_run_bpf_submit+0xef/0x180 [ 111.140911] perf_trace_run_bpf_submit+0xef/0x180 [ 111.141666] perf_trace_preemptirq_template+0x259/0x430 [ 111.142490] ? read_tsc+0x9/0x20 [ 111.143027] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 111.143965] ? clockevents_program_event+0x135/0x360 [ 111.144749] ? tick_program_event+0xac/0x140 [ 111.145412] ? handle_softirqs+0x16e/0x770 [ 111.146089] trace_irq_enable.constprop.0+0xa6/0x100 [ 111.146868] trace_hardirqs_on+0x26/0x40 [ 111.147476] handle_softirqs+0x16e/0x770 [ 111.148121] __irq_exit_rcu+0xc4/0x100 [ 111.148720] irq_exit_rcu+0x9/0x20 [ 111.149260] sysvec_apic_timer_interrupt+0x70/0x80 [ 111.150017] [ 111.150359] [ 111.150700] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.151473] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 111.152184] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 111.154846] RSP: 0018:ffff888044aa7f28 EFLAGS: 00000246 [ 111.155629] RAX: 0000000000000001 RBX: ffff88800e30b700 RCX: ffffffff817c2b86 [ 111.156671] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 111.157732] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 111.158788] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800e30b700 [ 111.159833] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 111.160887] ? trace_irq_enable.constprop.0+0x26/0x100 [ 111.161659] ? make_task_dead+0x214/0x3b0 [ 111.162303] ? make_task_dead+0x214/0x3b0 [ 111.162926] ? do_syscall_64+0xbf/0x360 [ 111.163519] rewind_stack_and_make_dead+0x16/0x20 [ 111.164255] RIP: 0033:0x7f48901fdb19 [ 111.164809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.167460] RSP: 002b:00007f488d773218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.168575] RAX: ffffffffffffffda RBX: 00007f4890310f68 RCX: 00007f48901fdb19 [ 111.169625] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4890310f6c [ 111.170673] RBP: 00007f4890310f60 R08: 000000000000000e R09: 0000000000000000 [ 111.171715] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f4890310f6c [ 111.172753] R13: 00007ffdb624163f R14: 00007f488d773300 R15: 0000000000022000 [ 111.173803] [ 111.174167] Modules linked in: [ 111.174659] ---[ end trace 0000000000000000 ]--- [ 111.175353] RIP: 0010:perf_tp_event+0x175/0xe70 [ 111.176052] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 111.178714] RSP: 0018:ffff888044aa7780 EFLAGS: 00010012 [ 111.179495] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc900050b2000 [ 111.180539] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 111.181585] RBP: ffff888044aa79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16978 [ 111.182651] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 111.183704] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 111.184760] FS: 00007f488d773700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 111.185946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.186814] CR2: 00007f12dc71d018 CR3: 000000000cea1000 CR4: 0000000000350ef0 [ 111.187861] Kernel panic - not syncing: Fatal exception in interrupt [ 111.189012] Kernel Offset: disabled [ 111.189556] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:28:51 Registers: info registers vcpu 0 RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888044aa7118 R8 =0000000000000000 R9 =ffffed10014fd046 R10=0000000000000000 R11=6572617764726148 R12=0000000000000005 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f488d773700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f12dc71d018 CR3=000000000cea1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f48902e47c000007f48902e47c8 XMM02=00007f48902e47e000007f48902e47c0 XMM03=00007f48902e47c800007f48902e47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000024523 RBX=ffff88806ce3de00 RCX=ffffc900066bd000 RDX=0000000000040000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880457df5a8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1 R12=ffffed100d9c7bc1 R13=ffff88806ce3de08 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7861ce1700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe2800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f786487f018 CR3=000000000e967000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f78648527c000007f78648527c8 XMM02=00007f78648527e000007f78648527c0 XMM03=00007f78648527c800007f78648527c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000