Warning: Permanently added '[localhost]:15988' (ECDSA) to the list of known hosts.
2025/09/01 11:47:38 fuzzer started
2025/09/01 11:47:38 dialing manager at localhost:35473
syzkaller login: [ 51.062574] cgroup: Unknown subsys name 'net'
[ 51.132024] cgroup: Unknown subsys name 'cpuset'
[ 51.159857] cgroup: Unknown subsys name 'rlimit'
2025/09/01 11:47:49 syscalls: 2214
2025/09/01 11:47:49 code coverage: enabled
2025/09/01 11:47:49 comparison tracing: enabled
2025/09/01 11:47:49 extra coverage: enabled
2025/09/01 11:47:49 setuid sandbox: enabled
2025/09/01 11:47:49 namespace sandbox: enabled
2025/09/01 11:47:49 Android sandbox: enabled
2025/09/01 11:47:49 fault injection: enabled
2025/09/01 11:47:49 leak checking: enabled
2025/09/01 11:47:49 net packet injection: enabled
2025/09/01 11:47:49 net device setup: enabled
2025/09/01 11:47:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 11:47:49 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 11:47:49 USB emulation: enabled
2025/09/01 11:47:49 hci packet injection: enabled
2025/09/01 11:47:49 wifi device emulation: enabled
2025/09/01 11:47:49 802.15.4 emulation: enabled
2025/09/01 11:47:49 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 11:47:49 fetching corpus: 50, signal 21354/24918 (executing program)
2025/09/01 11:47:49 fetching corpus: 100, signal 33044/38017 (executing program)
2025/09/01 11:47:49 fetching corpus: 150, signal 40048/46397 (executing program)
2025/09/01 11:47:49 fetching corpus: 200, signal 45885/53549 (executing program)
2025/09/01 11:47:50 fetching corpus: 250, signal 52459/61223 (executing program)
2025/09/01 11:47:50 fetching corpus: 300, signal 57186/67084 (executing program)
2025/09/01 11:47:50 fetching corpus: 350, signal 62688/73589 (executing program)
2025/09/01 11:47:50 fetching corpus: 400, signal 66609/78464 (executing program)
2025/09/01 11:47:50 fetching corpus: 450, signal 68949/81839 (executing program)
2025/09/01 11:47:50 fetching corpus: 500, signal 71045/84972 (executing program)
2025/09/01 11:47:50 fetching corpus: 550, signal 73263/88215 (executing program)
2025/09/01 11:47:50 fetching corpus: 600, signal 76270/92059 (executing program)
2025/09/01 11:47:50 fetching corpus: 650, signal 78685/95316 (executing program)
2025/09/01 11:47:50 fetching corpus: 700, signal 81761/99127 (executing program)
2025/09/01 11:47:51 fetching corpus: 750, signal 83714/101898 (executing program)
2025/09/01 11:47:51 fetching corpus: 800, signal 85990/104970 (executing program)
2025/09/01 11:47:51 fetching corpus: 850, signal 87614/107415 (executing program)
2025/09/01 11:47:51 fetching corpus: 900, signal 90521/110835 (executing program)
2025/09/01 11:47:51 fetching corpus: 950, signal 92303/113320 (executing program)
2025/09/01 11:47:51 fetching corpus: 1000, signal 93486/115338 (executing program)
2025/09/01 11:47:51 fetching corpus: 1050, signal 94958/117482 (executing program)
2025/09/01 11:47:51 fetching corpus: 1100, signal 96584/119723 (executing program)
2025/09/01 11:47:51 fetching corpus: 1150, signal 98801/122428 (executing program)
2025/09/01 11:47:51 fetching corpus: 1200, signal 100903/124955 (executing program)
2025/09/01 11:47:52 fetching corpus: 1250, signal 102019/126672 (executing program)
2025/09/01 11:47:52 fetching corpus: 1300, signal 103203/128531 (executing program)
2025/09/01 11:47:52 fetching corpus: 1350, signal 104513/130416 (executing program)
2025/09/01 11:47:52 fetching corpus: 1400, signal 105378/131964 (executing program)
2025/09/01 11:47:52 fetching corpus: 1450, signal 107333/134246 (executing program)
2025/09/01 11:47:52 fetching corpus: 1500, signal 108907/136184 (executing program)
2025/09/01 11:47:52 fetching corpus: 1550, signal 109832/137709 (executing program)
2025/09/01 11:47:52 fetching corpus: 1600, signal 111267/139557 (executing program)
2025/09/01 11:47:52 fetching corpus: 1650, signal 112007/140937 (executing program)
2025/09/01 11:47:52 fetching corpus: 1700, signal 113250/142558 (executing program)
2025/09/01 11:47:52 fetching corpus: 1750, signal 114042/143868 (executing program)
2025/09/01 11:47:53 fetching corpus: 1800, signal 115051/145284 (executing program)
2025/09/01 11:47:53 fetching corpus: 1850, signal 116416/146942 (executing program)
2025/09/01 11:47:53 fetching corpus: 1900, signal 117256/148230 (executing program)
2025/09/01 11:47:53 fetching corpus: 1950, signal 118126/149537 (executing program)
2025/09/01 11:47:53 fetching corpus: 2000, signal 119613/151159 (executing program)
2025/09/01 11:47:53 fetching corpus: 2050, signal 121895/153152 (executing program)
2025/09/01 11:47:53 fetching corpus: 2100, signal 122832/154412 (executing program)
2025/09/01 11:47:53 fetching corpus: 2150, signal 123902/155711 (executing program)
2025/09/01 11:47:53 fetching corpus: 2200, signal 125133/157044 (executing program)
2025/09/01 11:47:54 fetching corpus: 2250, signal 126163/158255 (executing program)
2025/09/01 11:47:54 fetching corpus: 2300, signal 126780/159255 (executing program)
2025/09/01 11:47:54 fetching corpus: 2350, signal 127483/160295 (executing program)
2025/09/01 11:47:54 fetching corpus: 2400, signal 128761/161620 (executing program)
2025/09/01 11:47:54 fetching corpus: 2450, signal 132046/163849 (executing program)
2025/09/01 11:47:54 fetching corpus: 2500, signal 133380/165110 (executing program)
2025/09/01 11:47:54 fetching corpus: 2550, signal 134551/166250 (executing program)
2025/09/01 11:47:54 fetching corpus: 2600, signal 135582/167297 (executing program)
2025/09/01 11:47:54 fetching corpus: 2650, signal 136338/168262 (executing program)
2025/09/01 11:47:54 fetching corpus: 2700, signal 136869/169093 (executing program)
2025/09/01 11:47:55 fetching corpus: 2750, signal 137475/169957 (executing program)
2025/09/01 11:47:55 fetching corpus: 2800, signal 138450/170946 (executing program)
2025/09/01 11:47:55 fetching corpus: 2850, signal 139094/171767 (executing program)
2025/09/01 11:47:55 fetching corpus: 2900, signal 140007/172675 (executing program)
2025/09/01 11:47:55 fetching corpus: 2950, signal 140558/173418 (executing program)
2025/09/01 11:47:55 fetching corpus: 3000, signal 141592/174343 (executing program)
2025/09/01 11:47:55 fetching corpus: 3050, signal 142281/175169 (executing program)
2025/09/01 11:47:55 fetching corpus: 3100, signal 142941/176020 (executing program)
2025/09/01 11:47:55 fetching corpus: 3150, signal 143806/176850 (executing program)
2025/09/01 11:47:55 fetching corpus: 3200, signal 144385/177594 (executing program)
2025/09/01 11:47:55 fetching corpus: 3250, signal 145216/178420 (executing program)
2025/09/01 11:47:56 fetching corpus: 3300, signal 145718/179081 (executing program)
2025/09/01 11:47:56 fetching corpus: 3350, signal 146495/179864 (executing program)
2025/09/01 11:47:56 fetching corpus: 3400, signal 146966/180491 (executing program)
2025/09/01 11:47:56 fetching corpus: 3450, signal 147728/181209 (executing program)
2025/09/01 11:47:56 fetching corpus: 3500, signal 148306/181850 (executing program)
2025/09/01 11:47:56 fetching corpus: 3550, signal 148843/182463 (executing program)
2025/09/01 11:47:56 fetching corpus: 3600, signal 149474/183117 (executing program)
2025/09/01 11:47:56 fetching corpus: 3650, signal 150008/183740 (executing program)
2025/09/01 11:47:56 fetching corpus: 3700, signal 150539/184329 (executing program)
2025/09/01 11:47:56 fetching corpus: 3750, signal 151398/184943 (executing program)
2025/09/01 11:47:57 fetching corpus: 3800, signal 151777/185469 (executing program)
2025/09/01 11:47:57 fetching corpus: 3850, signal 152610/186056 (executing program)
2025/09/01 11:47:57 fetching corpus: 3900, signal 153131/186584 (executing program)
2025/09/01 11:47:57 fetching corpus: 3950, signal 153822/187128 (executing program)
2025/09/01 11:47:57 fetching corpus: 4000, signal 154260/187623 (executing program)
2025/09/01 11:47:57 fetching corpus: 4050, signal 154689/188159 (executing program)
2025/09/01 11:47:57 fetching corpus: 4100, signal 155444/188687 (executing program)
2025/09/01 11:47:57 fetching corpus: 4150, signal 156064/189179 (executing program)
2025/09/01 11:47:57 fetching corpus: 4200, signal 156840/189661 (executing program)
2025/09/01 11:47:57 fetching corpus: 4250, signal 157203/190083 (executing program)
2025/09/01 11:47:58 fetching corpus: 4300, signal 157559/190502 (executing program)
2025/09/01 11:47:58 fetching corpus: 4350, signal 158073/190897 (executing program)
2025/09/01 11:47:58 fetching corpus: 4400, signal 158762/191346 (executing program)
2025/09/01 11:47:58 fetching corpus: 4450, signal 159309/191722 (executing program)
2025/09/01 11:47:58 fetching corpus: 4500, signal 159631/192108 (executing program)
2025/09/01 11:47:58 fetching corpus: 4550, signal 160090/192487 (executing program)
2025/09/01 11:47:58 fetching corpus: 4600, signal 160544/192857 (executing program)
2025/09/01 11:47:58 fetching corpus: 4650, signal 160979/193236 (executing program)
2025/09/01 11:47:58 fetching corpus: 4700, signal 161443/193585 (executing program)
2025/09/01 11:47:58 fetching corpus: 4750, signal 162290/193813 (executing program)
2025/09/01 11:47:58 fetching corpus: 4800, signal 162696/193818 (executing program)
2025/09/01 11:47:58 fetching corpus: 4850, signal 162964/193825 (executing program)
2025/09/01 11:47:58 fetching corpus: 4900, signal 163399/193846 (executing program)
2025/09/01 11:47:59 fetching corpus: 4950, signal 163885/193856 (executing program)
2025/09/01 11:47:59 fetching corpus: 5000, signal 164296/193857 (executing program)
2025/09/01 11:47:59 fetching corpus: 5050, signal 164683/193862 (executing program)
2025/09/01 11:47:59 fetching corpus: 5100, signal 165099/193868 (executing program)
2025/09/01 11:47:59 fetching corpus: 5150, signal 165562/193877 (executing program)
2025/09/01 11:47:59 fetching corpus: 5200, signal 165940/193878 (executing program)
2025/09/01 11:47:59 fetching corpus: 5250, signal 166384/193958 (executing program)
2025/09/01 11:47:59 fetching corpus: 5300, signal 166731/193958 (executing program)
2025/09/01 11:47:59 fetching corpus: 5350, signal 167127/193965 (executing program)
2025/09/01 11:47:59 fetching corpus: 5400, signal 167589/194072 (executing program)
2025/09/01 11:47:59 fetching corpus: 5450, signal 167970/194086 (executing program)
2025/09/01 11:47:59 fetching corpus: 5500, signal 168205/194101 (executing program)
2025/09/01 11:48:00 fetching corpus: 5550, signal 168703/194112 (executing program)
2025/09/01 11:48:00 fetching corpus: 5600, signal 169067/194112 (executing program)
2025/09/01 11:48:00 fetching corpus: 5650, signal 169452/194118 (executing program)
2025/09/01 11:48:00 fetching corpus: 5700, signal 169732/194124 (executing program)
2025/09/01 11:48:00 fetching corpus: 5750, signal 170108/194124 (executing program)
2025/09/01 11:48:00 fetching corpus: 5800, signal 170380/194126 (executing program)
2025/09/01 11:48:00 fetching corpus: 5850, signal 170705/194127 (executing program)
2025/09/01 11:48:00 fetching corpus: 5900, signal 171022/194131 (executing program)
2025/09/01 11:48:00 fetching corpus: 5950, signal 171409/194137 (executing program)
2025/09/01 11:48:00 fetching corpus: 6000, signal 171677/194138 (executing program)
2025/09/01 11:48:00 fetching corpus: 6050, signal 172094/194171 (executing program)
2025/09/01 11:48:00 fetching corpus: 6100, signal 172433/194173 (executing program)
2025/09/01 11:48:00 fetching corpus: 6150, signal 172844/194185 (executing program)
2025/09/01 11:48:01 fetching corpus: 6200, signal 173295/194218 (executing program)
2025/09/01 11:48:01 fetching corpus: 6250, signal 173595/194252 (executing program)
2025/09/01 11:48:01 fetching corpus: 6300, signal 173859/194265 (executing program)
2025/09/01 11:48:01 fetching corpus: 6350, signal 174075/194271 (executing program)
2025/09/01 11:48:01 fetching corpus: 6400, signal 174494/194275 (executing program)
2025/09/01 11:48:01 fetching corpus: 6450, signal 174811/194301 (executing program)
2025/09/01 11:48:01 fetching corpus: 6500, signal 175022/194311 (executing program)
2025/09/01 11:48:01 fetching corpus: 6550, signal 175315/194314 (executing program)
2025/09/01 11:48:01 fetching corpus: 6600, signal 175656/194319 (executing program)
2025/09/01 11:48:01 fetching corpus: 6650, signal 176107/194349 (executing program)
2025/09/01 11:48:01 fetching corpus: 6700, signal 176560/194368 (executing program)
2025/09/01 11:48:01 fetching corpus: 6750, signal 176975/194380 (executing program)
2025/09/01 11:48:02 fetching corpus: 6800, signal 177285/194386 (executing program)
2025/09/01 11:48:02 fetching corpus: 6850, signal 177654/194386 (executing program)
2025/09/01 11:48:02 fetching corpus: 6900, signal 177982/194397 (executing program)
2025/09/01 11:48:02 fetching corpus: 6950, signal 178384/194424 (executing program)
2025/09/01 11:48:02 fetching corpus: 7000, signal 178776/194427 (executing program)
2025/09/01 11:48:02 fetching corpus: 7050, signal 179074/194427 (executing program)
2025/09/01 11:48:02 fetching corpus: 7100, signal 179425/194434 (executing program)
2025/09/01 11:48:02 fetching corpus: 7150, signal 179677/194434 (executing program)
2025/09/01 11:48:02 fetching corpus: 7200, signal 180015/194435 (executing program)
2025/09/01 11:48:02 fetching corpus: 7250, signal 180316/194436 (executing program)
2025/09/01 11:48:02 fetching corpus: 7300, signal 180558/194437 (executing program)
2025/09/01 11:48:02 fetching corpus: 7350, signal 180920/194449 (executing program)
2025/09/01 11:48:02 fetching corpus: 7400, signal 181367/194456 (executing program)
2025/09/01 11:48:03 fetching corpus: 7450, signal 181605/194469 (executing program)
2025/09/01 11:48:03 fetching corpus: 7500, signal 181962/194475 (executing program)
2025/09/01 11:48:03 fetching corpus: 7550, signal 182252/194476 (executing program)
2025/09/01 11:48:03 fetching corpus: 7600, signal 182512/194477 (executing program)
2025/09/01 11:48:03 fetching corpus: 7650, signal 182817/194513 (executing program)
2025/09/01 11:48:03 fetching corpus: 7700, signal 183062/194523 (executing program)
2025/09/01 11:48:03 fetching corpus: 7750, signal 183330/194527 (executing program)
2025/09/01 11:48:03 fetching corpus: 7800, signal 183733/194532 (executing program)
2025/09/01 11:48:03 fetching corpus: 7850, signal 184000/194538 (executing program)
2025/09/01 11:48:03 fetching corpus: 7900, signal 184162/194550 (executing program)
2025/09/01 11:48:03 fetching corpus: 7950, signal 184423/194551 (executing program)
2025/09/01 11:48:03 fetching corpus: 8000, signal 184735/194558 (executing program)
2025/09/01 11:48:03 fetching corpus: 8050, signal 185050/194577 (executing program)
2025/09/01 11:48:04 fetching corpus: 8100, signal 185444/194583 (executing program)
2025/09/01 11:48:04 fetching corpus: 8150, signal 185705/194583 (executing program)
2025/09/01 11:48:04 fetching corpus: 8200, signal 185997/194593 (executing program)
2025/09/01 11:48:04 fetching corpus: 8250, signal 186230/194596 (executing program)
2025/09/01 11:48:04 fetching corpus: 8300, signal 186376/194598 (executing program)
2025/09/01 11:48:04 fetching corpus: 8350, signal 186651/194599 (executing program)
2025/09/01 11:48:04 fetching corpus: 8400, signal 187386/194620 (executing program)
2025/09/01 11:48:04 fetching corpus: 8450, signal 187640/194641 (executing program)
2025/09/01 11:48:04 fetching corpus: 8500, signal 187903/194647 (executing program)
2025/09/01 11:48:04 fetching corpus: 8550, signal 188411/194667 (executing program)
2025/09/01 11:48:05 fetching corpus: 8600, signal 188880/194668 (executing program)
2025/09/01 11:48:05 fetching corpus: 8650, signal 189231/194669 (executing program)
2025/09/01 11:48:05 fetching corpus: 8700, signal 189471/194669 (executing program)
2025/09/01 11:48:05 fetching corpus: 8750, signal 189748/194669 (executing program)
2025/09/01 11:48:05 fetching corpus: 8800, signal 189926/194671 (executing program)
2025/09/01 11:48:05 fetching corpus: 8850, signal 190357/194674 (executing program)
2025/09/01 11:48:05 fetching corpus: 8900, signal 190760/194679 (executing program)
2025/09/01 11:48:05 fetching corpus: 8950, signal 190994/194681 (executing program)
2025/09/01 11:48:05 fetching corpus: 9000, signal 191214/194692 (executing program)
2025/09/01 11:48:05 fetching corpus: 9050, signal 191583/194697 (executing program)
2025/09/01 11:48:05 fetching corpus: 9077, signal 191747/194697 (executing program)
2025/09/01 11:48:05 fetching corpus: 9077, signal 191747/194697 (executing program)
2025/09/01 11:48:07 starting 8 fuzzer processes
11:48:07 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
11:48:07 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000002840)=0xffffffffffffffff, 0x4)
sendmmsg$inet6(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='C', 0xf7d0}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003d00)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)="8e", 0x1}], 0x1, &(0x7f00000004c0)=ANY=[@ANYBLOB="14"], 0x18}}, {{0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000000540)="fe", 0x1}], 0x1}}], 0x2, 0x400c0cc)
11:48:07 executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
11:48:07 executing program 1:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r0, 0x1260, 0x4000000000000)
11:48:07 executing program 2:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
rename(&(0x7f0000001800)='./file1\x00', &(0x7f0000001840)='./file0\x00')
11:48:07 executing program 6:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
[ 80.379360] audit: type=1400 audit(1756727288.005:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:48:08 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup3(r0, r1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x5, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r3, r4, 0x0)
11:48:08 executing program 7:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000840), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x285010}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x2c}}, 0x0)
[ 81.489438] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.494142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.495823] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.501473] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.505544] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 81.641708] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 81.645027] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 81.650819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 81.656371] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 81.663070] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 81.684132] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 81.704512] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 81.719477] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 81.723934] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 81.725553] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 81.727908] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 81.729890] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 81.730396] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 81.734795] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 81.739886] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 81.742694] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 81.744732] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 81.748466] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 81.749891] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 81.751730] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 81.753316] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 81.756371] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 81.756402] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 81.758862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 81.758981] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 81.771779] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 81.775331] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 81.775504] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 81.778601] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 81.783327] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 81.783331] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 81.787094] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 81.788004] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 81.809075] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 81.816460] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 83.587714] Bluetooth: hci0: command tx timeout
[ 83.716235] Bluetooth: hci1: command tx timeout
[ 83.843807] Bluetooth: hci7: command tx timeout
[ 83.845275] Bluetooth: hci2: command tx timeout
[ 83.845381] Bluetooth: hci4: command tx timeout
[ 83.845752] Bluetooth: hci3: command tx timeout
[ 83.847054] Bluetooth: hci5: command tx timeout
[ 83.908319] Bluetooth: hci6: command tx timeout
[ 85.635251] Bluetooth: hci0: command tx timeout
[ 85.763338] Bluetooth: hci1: command tx timeout
[ 85.891426] Bluetooth: hci5: command tx timeout
[ 85.892021] Bluetooth: hci4: command tx timeout
[ 85.892253] Bluetooth: hci3: command tx timeout
[ 85.893135] Bluetooth: hci2: command tx timeout
[ 85.893649] Bluetooth: hci7: command tx timeout
[ 85.955301] Bluetooth: hci6: command tx timeout
[ 87.683241] Bluetooth: hci0: command tx timeout
[ 87.813286] Bluetooth: hci1: command tx timeout
[ 87.939402] Bluetooth: hci2: command tx timeout
[ 87.939817] Bluetooth: hci7: command tx timeout
[ 87.941130] Bluetooth: hci3: command tx timeout
[ 87.941557] Bluetooth: hci5: command tx timeout
[ 87.941598] Bluetooth: hci4: command tx timeout
[ 88.003311] Bluetooth: hci6: command tx timeout
[ 89.732342] Bluetooth: hci0: command tx timeout
[ 89.859322] Bluetooth: hci1: command tx timeout
[ 89.987284] Bluetooth: hci3: command tx timeout
[ 89.987717] Bluetooth: hci5: command tx timeout
[ 89.988071] Bluetooth: hci4: command tx timeout
[ 89.988866] Bluetooth: hci7: command tx timeout
[ 89.989266] Bluetooth: hci2: command tx timeout
[ 90.051370] Bluetooth: hci6: command tx timeout
[ 117.592701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.593779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.752957] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.754569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.975054] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.975704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 117.997226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 117.997816] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.138400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.139017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.247166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.248041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:48:45 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup3(r0, r1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x5, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r3, r4, 0x0)
11:48:45 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup3(r0, r1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x5, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r3, r4, 0x0)
[ 118.377998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.378971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:48:46 executing program 6:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x4, 0x0, "5c2387b3abf58f4f"}}}, 0xe)
syz_emit_vhci(&(0x7f0000000200)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x81, 0xa}, {0x80, 0xf3d, [0x64, 0xc6cf, 0x6]}}}}, 0x17)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_ecred_reconf_req={{0x19, 0x35, 0x4}, {0xff, 0xfff7}}}}, 0x11)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06097204c3d16ca08530b6d73f98b2734c1d2e911118cd20c0aff517f85ded2403fac1fa3aa97c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304457a9055b0f872d9ee733e47e9d7a2279e1649ea2c1b"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
getdents64(r0, &(0x7f00000000c0)=""/107, 0x6b)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8}, "cf25badd48517316638c14f00f5c1f8769e66f87246b71388f813c1886477a3b3da490559083756bec1293cac3b667aac4d6931d3091806a0058d4d81faacc7326bc3c2ca990990b4908a0e8a25ae7466e89a3073d7520d5829e12830d6dc231370ab916b9dfb5f678be1cd505690496238d6d8824ce1bbfb9805c892dc32c4e78af477dcbeeb6c315028e4548a2c0f61eb2b8d9251c1d0ae67150bc92"}, 0x15c)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x1ff, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT, 0x2)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000300)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0x3, 0x8}, {0x5ace, 0x8000, 0x2, 0x200}}}}, 0x15)
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x3, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_conn_param_update_rsp={{0x13, 0x1b, 0x2}, {0x80}}}}, 0xf)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)
11:48:46 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup3(r0, r1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x5, &(0x7f0000000040)={'filter\x00', 0x2, [{}, {}]}, 0x48)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r3, r4, 0x0)
[ 118.481115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.481725] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.508937] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 118.512228] Bluetooth: Unexpected continuation frame (len 16)
11:48:46 executing program 5:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0)
[ 118.569443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.570064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.571895] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 118.576396] Bluetooth: Unexpected continuation frame (len 16)
11:48:46 executing program 5:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r0, 0x2272, 0x0)
[ 118.663327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.664071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:48:46 executing program 6:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x4, 0x0, "5c2387b3abf58f4f"}}}, 0xe)
syz_emit_vhci(&(0x7f0000000200)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x81, 0xa}, {0x80, 0xf3d, [0x64, 0xc6cf, 0x6]}}}}, 0x17)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_ecred_reconf_req={{0x19, 0x35, 0x4}, {0xff, 0xfff7}}}}, 0x11)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06097204c3d16ca08530b6d73f98b2734c1d2e911118cd20c0aff517f85ded2403fac1fa3aa97c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304457a9055b0f872d9ee733e47e9d7a2279e1649ea2c1b"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
getdents64(r0, &(0x7f00000000c0)=""/107, 0x6b)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8}, "cf25badd48517316638c14f00f5c1f8769e66f87246b71388f813c1886477a3b3da490559083756bec1293cac3b667aac4d6931d3091806a0058d4d81faacc7326bc3c2ca990990b4908a0e8a25ae7466e89a3073d7520d5829e12830d6dc231370ab916b9dfb5f678be1cd505690496238d6d8824ce1bbfb9805c892dc32c4e78af477dcbeeb6c315028e4548a2c0f61eb2b8d9251c1d0ae67150bc92"}, 0x15c)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x1ff, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT, 0x2)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000300)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0x3, 0x8}, {0x5ace, 0x8000, 0x2, 0x200}}}}, 0x15)
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x3, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_conn_param_update_rsp={{0x13, 0x1b, 0x2}, {0x80}}}}, 0xf)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)
11:48:46 executing program 5:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r0, 0x2272, 0x0)
[ 118.820245] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 118.829661] Bluetooth: Unexpected continuation frame (len 16)
[ 118.881284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.881893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.961854] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.962534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.111280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.112405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.113228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.113949] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.169165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.170012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.251494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.252080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.283643] audit: type=1400 audit(1756727326.909:8): avc: denied { open } for pid=3906 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 119.304978] audit: type=1400 audit(1756727326.909:9): avc: denied { kernel } for pid=3906 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
11:48:47 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
11:48:47 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x10, 0x0, &(0x7f00000018c0))
11:48:47 executing program 5:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r0, 0x2272, 0x0)
11:48:47 executing program 6:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x4, 0x0, "5c2387b3abf58f4f"}}}, 0xe)
syz_emit_vhci(&(0x7f0000000200)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x81, 0xa}, {0x80, 0xf3d, [0x64, 0xc6cf, 0x6]}}}}, 0x17)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_ecred_reconf_req={{0x19, 0x35, 0x4}, {0xff, 0xfff7}}}}, 0x11)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06097204c3d16ca08530b6d73f98b2734c1d2e911118cd20c0aff517f85ded2403fac1fa3aa97c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304457a9055b0f872d9ee733e47e9d7a2279e1649ea2c1b"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
getdents64(r0, &(0x7f00000000c0)=""/107, 0x6b)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8}, "cf25badd48517316638c14f00f5c1f8769e66f87246b71388f813c1886477a3b3da490559083756bec1293cac3b667aac4d6931d3091806a0058d4d81faacc7326bc3c2ca990990b4908a0e8a25ae7466e89a3073d7520d5829e12830d6dc231370ab916b9dfb5f678be1cd505690496238d6d8824ce1bbfb9805c892dc32c4e78af477dcbeeb6c315028e4548a2c0f61eb2b8d9251c1d0ae67150bc92"}, 0x15c)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x1ff, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT, 0x2)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000300)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0x3, 0x8}, {0x5ace, 0x8000, 0x2, 0x200}}}}, 0x15)
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x3, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_conn_param_update_rsp={{0x13, 0x1b, 0x2}, {0x80}}}}, 0xf)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)
11:48:47 executing program 4:
seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0)
11:48:47 executing program 3:
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f000000ab00), &(0x7f000000ab40)={'enc=', 'pkcs1', ' hash=', {'xcbc(fcrypt)\x00'}}, 0x0, 0x0)
11:48:47 executing program 7:
r0 = socket$inet(0x2, 0x80003, 0xff)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0x80, 0x4)
sendto$inet(r0, &(0x7f0000000040)="60da7056a593ccc8bd2563073c967f6a9af19d7a", 0x14, 0x0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)
11:48:47 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}}, 0x0)
[ 119.448633] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 119.453635] Bluetooth: Unexpected continuation frame (len 16)
[ 119.485678] audit: type=1326 audit(1756727327.111:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3923 comm="syz-executor.4" exe="/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6685c59b19 code=0x0
11:48:47 executing program 3:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x80000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000240000004f80100200040000000000000000000800029d9e437f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ffffffffffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000c1e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000c1e770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000c1e770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000c1e770325132510000e7703251070064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e202020202020202020201000c1e770325132510000e77032510300000000002e2e2020202020202020201000c1e770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000c1e770325132510000e770325104001a040000", 0x80, 0x10e00}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x20e00}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x30e00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x50e00}], 0x0, &(0x7f0000010d00))
11:48:47 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
unshare(0x24000000)
unshare(0x2c020200)
[ 119.587521] loop3: detected capacity change from 0 to 1294
11:48:47 executing program 5:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r0, 0x2272, 0x0)
[ 120.312099] audit: type=1326 audit(1756727327.938:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3923 comm="syz-executor.4" exe="/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6685c59b19 code=0x0
11:48:48 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
11:48:48 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x10, 0x0, &(0x7f00000018c0))
11:48:48 executing program 3:
prctl$PR_SET_MM_MAP(0x4b, 0xe, &(0x7f0000000380)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0xc000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff4000/0x2000)=nil, 0x0}, 0x68)
11:48:48 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
unshare(0x24000000)
unshare(0x2c020200)
11:48:48 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00')
readv(r0, &(0x7f0000001380)=[{&(0x7f00000001c0)=""/160, 0xa0}], 0x1)
11:48:48 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}}, 0x0)
11:48:48 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
unshare(0x24000000)
unshare(0x2c020200)
11:48:48 executing program 6:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x4, 0x0, "5c2387b3abf58f4f"}}}, 0xe)
syz_emit_vhci(&(0x7f0000000200)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_reconf_req={{0x19, 0x81, 0xa}, {0x80, 0xf3d, [0x64, 0xc6cf, 0x6]}}}}, 0x17)
syz_emit_vhci(&(0x7f0000000400)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_ecred_reconf_req={{0x19, 0x35, 0x4}, {0xff, 0xfff7}}}}, 0x11)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040f0404001104a8f502c7f56d7b64e8a8de75506f54588e80ba24a23f7c4f6af9aae09bb6ee1c57875aef328ca137ee37f43c9094fc209f4aa96f25caf67c31735e93fbaf989706d7907a36f7eb24ccea7e1b4a268c1a95efcf9a06097204c3d16ca08530b6d73f98b2734c1d2e911118cd20c0aff517f85ded2403fac1fa3aa97c5f02457cb4f25ecc64299a320843ced0eb76f550382844a67188d025ae6304457a9055b0f872d9ee733e47e9d7a2279e1649ea2c1b"], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
getdents64(r0, &(0x7f00000000c0)=""/107, 0x6b)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8}, "cf25badd48517316638c14f00f5c1f8769e66f87246b71388f813c1886477a3b3da490559083756bec1293cac3b667aac4d6931d3091806a0058d4d81faacc7326bc3c2ca990990b4908a0e8a25ae7466e89a3073d7520d5829e12830d6dc231370ab916b9dfb5f678be1cd505690496238d6d8824ce1bbfb9805c892dc32c4e78af477dcbeeb6c315028e4548a2c0f61eb2b8d9251c1d0ae67150bc92"}, 0x15c)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x1ff, 0x0)
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT, 0x2)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xffffffff, 0xffffff85})
syz_emit_vhci(&(0x7f0000000300)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0x3, 0x8}, {0x5ace, 0x8000, 0x2, 0x200}}}}, 0x15)
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x3, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_conn_param_update_rsp={{0x13, 0x1b, 0x2}, {0x80}}}}, 0xf)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)
[ 120.419423] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 120.427278] Bluetooth: Unexpected continuation frame (len 16)
11:48:48 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x5}, 0xe)
[ 120.442188] BUG: unable to handle page fault for address: ffffed10212c94ee
[ 120.442754] #PF: supervisor read access in kernel mode
[ 120.443166] #PF: error_code(0x0000) - not-present page
[ 120.443582] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 120.444040] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[ 120.444432] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 120.447679] Tainted: [W]=WARN
[ 120.448503] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 120.450965] RIP: 0010:perf_tp_event+0x175/0xe70
[ 120.452104] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 120.455048] RSP: 0018:ffff888047487780 EFLAGS: 00010016
[ 120.455485] RAX: 1ffff110212c94ee RBX: ffff88810964a580 RCX: ffffc900030a2000
[ 120.456067] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964a770
[ 120.456629] RBP: ffff8880474879f0 R08: ffff88806ce31340 R09: ffffe8ffffc15bd8
[ 120.457200] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 120.457780] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 120.458365] FS: 00007f66831cf700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 120.459013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 120.459485] CR2: ffffed10212c94ee CR3: 000000000e9f6000 CR4: 0000000000350ef0
[ 120.460045] Call Trace:
[ 120.460255]
[ 120.460446] ? __pfx_perf_tp_event+0x10/0x10
[ 120.460809] ? __asan_memcpy+0x3d/0x60
[ 120.461126] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 120.461615] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 120.462120] ? lock_is_held_type+0x9e/0x120
[ 120.462482] ? ctx_sched_in+0x134/0x9b0
[ 120.462799] ? css_rstat_updated+0x1b8/0x4d0
[ 120.463165] ? __pfx_css_rstat_updated+0x10/0x10
[ 120.463547] ? lock_is_held_type+0x9e/0x120
[ 120.463899] ? trace_pelt_se_tp+0xdf/0x130
[ 120.464256] ? perf_trace_run_bpf_submit+0xef/0x180
[ 120.464668] ? lock_is_held_type+0x9e/0x120
[ 120.465020] perf_trace_run_bpf_submit+0xef/0x180
[ 120.465416] perf_trace_preemptirq_template+0x259/0x430
[ 120.465838] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 120.466304] ? check_preempt_wakeup_fair+0x406/0x950
[ 120.466720] ? find_held_lock+0x2b/0x80
[ 120.467047] ? try_to_wake_up+0x8ae/0x11d0
[ 120.467392] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 120.467803] trace_irq_enable.constprop.0+0xa6/0x100
[ 120.468214] trace_hardirqs_on+0x26/0x40
[ 120.468542] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 120.468936] try_to_wake_up+0x8ae/0x11d0
[ 120.469271] ? __pfx_try_to_wake_up+0x10/0x10
[ 120.469642] ? plist_del+0x122/0x270
[ 120.469943] ? find_held_lock+0x2b/0x80
[ 120.470269] ? futex_wake+0x474/0x540
[ 120.470584] wake_up_q+0xa1/0x130
[ 120.470873] futex_wake+0x47e/0x540
[ 120.471178] ? __pfx_futex_wake+0x10/0x10
[ 120.471517] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 120.471922] ? lock_release+0xc8/0x290
[ 120.472240] do_futex+0x26d/0x370
[ 120.472523] ? __pfx_do_futex+0x10/0x10
[ 120.472844] __x64_sys_futex+0x1c9/0x4d0
[ 120.473176] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 120.473642] ? __pfx___x64_sys_futex+0x10/0x10
[ 120.474018] ? xfd_validate_state+0x55/0x180
[ 120.474389] do_syscall_64+0xbf/0x360
[ 120.474694] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.475112] RIP: 0033:0x7f6685c59b19
[ 120.475420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 120.476862] RSP: 002b:00007f66831cf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 120.477460] RAX: ffffffffffffffda RBX: 00007f6685d6cf68 RCX: 00007f6685c59b19
[ 120.478019] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6685d6cf6c
[ 120.478591] RBP: 00007f6685d6cf60 R08: 000000000000000e R09: 0000000000000000
[ 120.479160] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f6685d6cf6c
[ 120.479730] R13: 00007ffe66c2eaaf R14: 00007f66831cf300 R15: 0000000000022000
[ 120.480314]
[ 120.480504] Modules linked in:
[ 120.480765] CR2: ffffed10212c94ee
[ 120.481040] ---[ end trace 0000000000000000 ]---
[ 120.481439] RIP: 0010:perf_tp_event+0x175/0xe70
[ 120.481846] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 120.483339] RSP: 0018:ffff888047487780 EFLAGS: 00010016
[ 120.483777] RAX: 1ffff110212c94ee RBX: ffff88810964a580 RCX: ffffc900030a2000
[ 120.484381] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964a770
[ 120.484991] RBP: ffff8880474879f0 R08: ffff88806ce31340 R09: ffffe8ffffc15bd8
[ 120.485600] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 120.486217] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 120.486830] FS: 00007f66831cf700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 120.487519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 120.488022] CR2: ffffed10212c94ee CR3: 000000000e9f6000 CR4: 0000000000350ef0
[ 120.488641] note: syz-executor.4[3967] exited with irqs disabled
[ 120.489204] BUG: unable to handle page fault for address: ffffed10212c94ee
[ 120.489783] #PF: supervisor read access in kernel mode
[ 120.490214] #PF: error_code(0x0000) - not-present page
[ 120.490651] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0
[ 120.491113] Oops: Oops: 0000 [#2] SMP KASAN NOPTI
[ 120.491510] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 120.492481] Tainted: [D]=DIE, [W]=WARN
[ 120.492799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 120.493457] RIP: 0010:perf_tp_event+0x175/0xe70
[ 120.493840] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 120.495317] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010016
[ 120.495743] RAX: 1ffff110212c94ee RBX: ffff88810964a580 RCX: 0000000000000002
[ 120.496309] RDX: ffff88800f7a1b80 RSI: ffffffff8189a4e7 RDI: ffff88810964a770
[ 120.496890] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15bd8
[ 120.497466] R10: 0000000000000000 R11: 00000000000218a1 R12: dffffc0000000000
[ 120.498044] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 120.498631] FS: 00007f66831cf700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 120.499276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 120.499743] CR2: ffffed10212c94ee CR3: 000000000e9f6000 CR4: 0000000000350ef0
[ 120.500313] Call Trace:
[ 120.500520]
[ 120.500699] ? css_rstat_updated+0x1b8/0x4d0
[ 120.501059] ? __pfx_perf_tp_event+0x10/0x10
[ 120.501419] ? kvm_sched_clock_read+0x16/0x30
[ 120.501785] ? sched_clock+0x37/0x60
[ 120.502098] ? __cgroup_account_cputime+0x88/0xc0
[ 120.502515] ? lock_acquire+0x18c/0x2f0
[ 120.502846] ? update_cfs_group+0x11d/0x260
[ 120.503204] ? lock_release+0x1c7/0x290
[ 120.503536] ? run_posix_cpu_timers+0x160/0x7d0
[ 120.503923] ? __pfx_run_posix_cpu_timers+0x10/0x10
[ 120.504340] ? sched_balance_trigger+0x1ac/0xcb0
[ 120.504734] ? sched_tick+0x27c/0x6c0
[ 120.505061] ? do_raw_spin_lock+0x123/0x260
[ 120.505420] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 120.505812] ? perf_trace_run_bpf_submit+0xef/0x180
[ 120.506224] perf_trace_run_bpf_submit+0xef/0x180
[ 120.506635] perf_trace_preemptirq_template+0x259/0x430
[ 120.507076] ? read_tsc+0x9/0x20
[ 120.507369] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 120.507851] ? clockevents_program_event+0x135/0x360
[ 120.508275] ? tick_program_event+0xac/0x140
[ 120.508654] ? handle_softirqs+0x16e/0x770
[ 120.509014] trace_irq_enable.constprop.0+0xa6/0x100
[ 120.509442] trace_hardirqs_on+0x26/0x40
[ 120.509779] handle_softirqs+0x16e/0x770
[ 120.510129] __irq_exit_rcu+0xc4/0x100
[ 120.510469] irq_exit_rcu+0x9/0x20
[ 120.510764] sysvec_apic_timer_interrupt+0x70/0x80
[ 120.511171]
[ 120.511356]
[ 120.511546] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 120.511980] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 120.512373] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[ 120.513846] RSP: 0018:ffff888047487f28 EFLAGS: 00000246
[ 120.514282] RAX: 0000000000000001 RBX: ffff88800f7a1b80 RCX: ffffffff817c3ab6
[ 120.514877] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 120.515472] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 120.516032] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88800f7a1b80
[ 120.516626] R13: 0000000000000009 R14: ffff888047487760 R15: 0000000000000000
[ 120.517216] ? trace_irq_enable.constprop.0+0x26/0x100
[ 120.517651] ? make_task_dead+0x214/0x3b0
[ 120.517994] ? make_task_dead+0x214/0x3b0
[ 120.518353] ? do_syscall_64+0xbf/0x360
[ 120.518695] rewind_stack_and_make_dead+0x16/0x20
[ 120.519102] RIP: 0033:0x7f6685c59b19
[ 120.519412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 120.520906] RSP: 002b:00007f66831cf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 120.521543] RAX: ffffffffffffffda RBX: 00007f6685d6cf68 RCX: 00007f6685c59b19
[ 120.522130] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6685d6cf6c
[ 120.522718] RBP: 00007f6685d6cf60 R08: 000000000000000e R09: 0000000000000000
[ 120.523302] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f6685d6cf6c
[ 120.523889] R13: 00007ffe66c2eaaf R14: 00007f66831cf300 R15: 0000000000022000
[ 120.524492]
[ 120.524694] Modules linked in:
[ 120.524970] CR2: ffffed10212c94ee
[ 120.525262] ---[ end trace 0000000000000000 ]---
[ 120.525645] RIP: 0010:perf_tp_event+0x175/0xe70
[ 120.526043] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 120.527539] RSP: 0018:ffff888047487780 EFLAGS: 00010016
[ 120.527980] RAX: 1ffff110212c94ee RBX: ffff88810964a580 RCX: ffffc900030a2000
[ 120.528571] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964a770
[ 120.529159] RBP: ffff8880474879f0 R08: ffff88806ce31340 R09: ffffe8ffffc15bd8
[ 120.529753] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 120.530338] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 120.530930] FS: 00007f66831cf700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 120.531604] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 120.532090] CR2: ffffed10212c94ee CR3: 000000000e9f6000 CR4: 0000000000350ef0
[ 120.532682] Kernel panic - not syncing: Fatal exception in interrupt
[ 120.533397] Kernel Offset: disabled
[ 120.533701] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
11:48:48 Registers:
info registers vcpu 0
RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047486fc8
R8 =0000000000000000 R9 =ffffed1001727046 R10=0000000000000049 R11=6572617764726148
R12=0000000000000049 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f66831cf700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed10212c94ee CR3=000000000e9f6000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f6685d407c000007f6685d407c8
XMM02=00007f6685d407e000007f6685d407c0 XMM03=00007f6685d407c800007f6685d407c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000003f3e1 RBX=ffff88806ce3de20 RCX=ffffc900066bd000 RDX=0000000000040000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880483175a8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f9e3ed45700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe3a00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000555563103c58 CR3=000000001f5f1000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000