Warning: Permanently added '[localhost]:8581' (ECDSA) to the list of known hosts. 2025/09/01 08:31:15 fuzzer started 2025/09/01 08:31:15 dialing manager at localhost:35473 syzkaller login: [ 59.954618] cgroup: Unknown subsys name 'net' [ 60.117147] cgroup: Unknown subsys name 'cpuset' [ 60.166895] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:31:26 syscalls: 2214 2025/09/01 08:31:26 code coverage: enabled 2025/09/01 08:31:26 comparison tracing: enabled 2025/09/01 08:31:26 extra coverage: enabled 2025/09/01 08:31:26 setuid sandbox: enabled 2025/09/01 08:31:26 namespace sandbox: enabled 2025/09/01 08:31:26 Android sandbox: enabled 2025/09/01 08:31:26 fault injection: enabled 2025/09/01 08:31:26 leak checking: enabled 2025/09/01 08:31:26 net packet injection: enabled 2025/09/01 08:31:26 net device setup: enabled 2025/09/01 08:31:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:31:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:31:26 USB emulation: enabled 2025/09/01 08:31:26 hci packet injection: enabled 2025/09/01 08:31:26 wifi device emulation: enabled 2025/09/01 08:31:26 802.15.4 emulation: enabled 2025/09/01 08:31:26 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:31:26 fetching corpus: 50, signal 29306/32265 (executing program) 2025/09/01 08:31:26 fetching corpus: 100, signal 40981/44786 (executing program) 2025/09/01 08:31:27 fetching corpus: 150, signal 47630/52207 (executing program) 2025/09/01 08:31:27 fetching corpus: 200, signal 52607/57854 (executing program) 2025/09/01 08:31:27 fetching corpus: 250, signal 57891/63637 (executing program) 2025/09/01 08:31:27 fetching corpus: 300, signal 62514/68643 (executing program) 2025/09/01 08:31:27 fetching corpus: 350, signal 67296/73616 (executing program) 2025/09/01 08:31:27 fetching corpus: 400, signal 71674/78024 (executing program) 2025/09/01 08:31:27 fetching corpus: 450, signal 76505/82709 (executing program) 2025/09/01 08:31:27 fetching corpus: 500, signal 78852/85200 (executing program) 2025/09/01 08:31:28 fetching corpus: 550, signal 80727/87232 (executing program) 2025/09/01 08:31:28 fetching corpus: 600, signal 83371/89720 (executing program) 2025/09/01 08:31:28 fetching corpus: 650, signal 85583/91869 (executing program) 2025/09/01 08:31:28 fetching corpus: 700, signal 87906/94012 (executing program) 2025/09/01 08:31:28 fetching corpus: 750, signal 90733/96392 (executing program) 2025/09/01 08:31:28 fetching corpus: 800, signal 92518/97963 (executing program) 2025/09/01 08:31:28 fetching corpus: 850, signal 93672/99103 (executing program) 2025/09/01 08:31:29 fetching corpus: 900, signal 95188/100404 (executing program) 2025/09/01 08:31:29 fetching corpus: 950, signal 96986/101838 (executing program) 2025/09/01 08:31:29 fetching corpus: 1000, signal 98881/103293 (executing program) 2025/09/01 08:31:29 fetching corpus: 1050, signal 101839/105324 (executing program) 2025/09/01 08:31:29 fetching corpus: 1100, signal 104054/106778 (executing program) 2025/09/01 08:31:29 fetching corpus: 1150, signal 105275/107604 (executing program) 2025/09/01 08:31:29 fetching corpus: 1200, signal 107564/108979 (executing program) 2025/09/01 08:31:29 fetching corpus: 1219, signal 108331/109423 (executing program) 2025/09/01 08:31:29 fetching corpus: 1219, signal 108331/109473 (executing program) 2025/09/01 08:31:29 fetching corpus: 1219, signal 108331/109520 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109557 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109603 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109639 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109688 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109728 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109776 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109818 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109867 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109913 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/109964 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110008 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110055 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110108 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110152 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110197 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110232 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110286 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110318 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110360 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110394 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110431 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110463 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110514 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110563 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110614 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110663 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110681 (executing program) 2025/09/01 08:31:30 fetching corpus: 1219, signal 108331/110681 (executing program) 2025/09/01 08:31:32 starting 8 fuzzer processes 08:31:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0xf0ffffffffffff}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 08:31:32 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000100)=@ethtool_per_queue_op={0x4b, 0xe}}) 08:31:32 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 08:31:32 executing program 2: r0 = syz_io_uring_setup(0x2200, &(0x7f00000012c0)={0x0, 0x0, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001340), &(0x7f0000001380)) syz_io_uring_setup(0x753d, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) 08:31:32 executing program 7: syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4060000}}]}) 08:31:32 executing program 3: futex(&(0x7f00000002c0), 0x8, 0x0, &(0x7f0000000300)={0x77359400}, 0x0, 0x0) 08:31:32 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:31:32 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x12, &(0x7f0000000000)="813e4250", 0x4) [ 76.263151] audit: type=1400 audit(1756715492.610:7): avc: denied { execmem } for pid=281 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 77.534889] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.537533] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.539525] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.541106] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.543289] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.545042] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.549286] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.552869] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.555181] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.556261] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.557651] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.561497] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.562561] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.581043] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.583811] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.651807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.669866] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.676304] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.677998] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.687515] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.689286] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.693494] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.693760] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.696981] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.698236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.699439] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.700973] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.701696] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.705579] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.713456] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.717799] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.719671] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.737731] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.739026] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.741009] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.747766] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.786035] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.793597] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.806612] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.811056] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.621992] Bluetooth: hci2: command tx timeout [ 79.622811] Bluetooth: hci1: command tx timeout [ 79.624854] Bluetooth: hci0: command tx timeout [ 79.749469] Bluetooth: hci4: command tx timeout [ 79.813555] Bluetooth: hci5: command tx timeout [ 79.814140] Bluetooth: hci6: command tx timeout [ 79.814802] Bluetooth: hci3: command tx timeout [ 79.943386] Bluetooth: hci7: command tx timeout [ 81.670692] Bluetooth: hci2: command tx timeout [ 81.670912] Bluetooth: hci1: command tx timeout [ 81.671167] Bluetooth: hci0: command tx timeout [ 81.797798] Bluetooth: hci4: command tx timeout [ 81.861786] Bluetooth: hci3: command tx timeout [ 81.861847] Bluetooth: hci6: command tx timeout [ 81.862255] Bluetooth: hci5: command tx timeout [ 81.989370] Bluetooth: hci7: command tx timeout [ 83.717507] Bluetooth: hci1: command tx timeout [ 83.717522] Bluetooth: hci0: command tx timeout [ 83.717972] Bluetooth: hci2: command tx timeout [ 83.846480] Bluetooth: hci4: command tx timeout [ 83.909537] Bluetooth: hci6: command tx timeout [ 83.910163] Bluetooth: hci3: command tx timeout [ 83.911574] Bluetooth: hci5: command tx timeout [ 84.038396] Bluetooth: hci7: command tx timeout [ 85.765873] Bluetooth: hci1: command tx timeout [ 85.765889] Bluetooth: hci0: command tx timeout [ 85.766412] Bluetooth: hci2: command tx timeout [ 85.894504] Bluetooth: hci4: command tx timeout [ 85.957506] Bluetooth: hci3: command tx timeout [ 85.957552] Bluetooth: hci5: command tx timeout [ 85.957975] Bluetooth: hci6: command tx timeout [ 86.087762] Bluetooth: hci7: command tx timeout [ 113.529210] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.529910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.668445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.669066] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.707003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.707646] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.831204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.831863] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.003561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.004186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:32:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000100)=@ethtool_per_queue_op={0x4b, 0xe}}) [ 114.121812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.122457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.152035] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 114.152142] Bluetooth: Unexpected continuation frame (len 20) [ 114.158259] Bluetooth: hci6: ACL packet for unknown connection handle 1997 08:32:10 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 114.228809] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.229436] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.252139] Bluetooth: hci6: unexpected event for opcode 0x0411 [ 114.254656] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 114.254695] Bluetooth: Unexpected continuation frame (len 20) [ 114.257353] Bluetooth: hci6: ACL packet for unknown connection handle 1997 08:32:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000100)=@ethtool_per_queue_op={0x4b, 0xe}}) 08:32:10 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 114.354221] Bluetooth: hci6: unexpected event for opcode 0x0411 [ 114.359972] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 114.360262] Bluetooth: Unexpected continuation frame (len 20) [ 114.368590] Bluetooth: hci6: ACL packet for unknown connection handle 1997 08:32:10 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 114.428361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 08:32:10 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000100)=@ethtool_per_queue_op={0x4b, 0xe}}) [ 114.428965] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.445605] Bluetooth: hci6: unexpected event for opcode 0x0411 [ 114.449356] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 114.449722] Bluetooth: Unexpected continuation frame (len 20) [ 114.456480] Bluetooth: hci6: ACL packet for unknown connection handle 1997 08:32:10 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 114.493564] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 114.493613] Bluetooth: Unexpected continuation frame (len 20) [ 114.495202] Bluetooth: hci0: ACL packet for unknown connection handle 1997 [ 114.501748] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.502342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:32:10 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 114.567528] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 114.578121] Bluetooth: hci0: unexpected event for opcode 0x0411 [ 114.580077] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 114.580906] Bluetooth: Unexpected continuation frame (len 20) [ 114.584412] Bluetooth: hci0: ACL packet for unknown connection handle 1997 [ 114.670408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.671060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.679957] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.680843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.712096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.712694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.746067] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 114.750543] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 114.782503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.783124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.834863] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.835513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.857728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.858360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.899039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.899786] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.003441] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 08:32:11 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x12, &(0x7f0000000000)="813e4250", 0x4) 08:32:11 executing program 7: syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4060000}}]}) 08:32:11 executing program 2: r0 = syz_io_uring_setup(0x2200, &(0x7f00000012c0)={0x0, 0x0, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001340), &(0x7f0000001380)) syz_io_uring_setup(0x753d, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) 08:32:11 executing program 3: futex(&(0x7f00000002c0), 0x8, 0x0, &(0x7f0000000300)={0x77359400}, 0x0, 0x0) 08:32:11 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 08:32:11 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0xf0ffffffffffff}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) [ 115.074211] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 115.076953] Bluetooth: hci0: unexpected event for opcode 0x0411 [ 115.078002] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 115.078965] Bluetooth: Unexpected continuation frame (len 20) [ 115.082347] Bluetooth: hci0: ACL packet for unknown connection handle 1997 [ 115.084134] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 115.090411] Bluetooth: hci6: unexpected event for opcode 0x0411 [ 115.098262] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 115.100349] Bluetooth: Unexpected continuation frame (len 20) [ 115.105504] Bluetooth: hci6: ACL packet for unknown connection handle 1997 08:32:11 executing program 2: r0 = syz_io_uring_setup(0x2200, &(0x7f00000012c0)={0x0, 0x0, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001340), &(0x7f0000001380)) syz_io_uring_setup(0x753d, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) 08:32:11 executing program 7: syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4060000}}]}) 08:32:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0xf0ffffffffffff}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 08:32:11 executing program 3: futex(&(0x7f00000002c0), 0x8, 0x0, &(0x7f0000000300)={0x77359400}, 0x0, 0x0) 08:32:11 executing program 3: futex(&(0x7f00000002c0), 0x8, 0x0, &(0x7f0000000300)={0x77359400}, 0x0, 0x0) 08:32:11 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 115.211047] Bluetooth: hci0: unexpected event for opcode 0x0411 [ 115.211978] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 115.212015] Bluetooth: Unexpected continuation frame (len 20) [ 115.213250] Bluetooth: hci0: ACL packet for unknown connection handle 1997 [ 115.213720] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 115.225601] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 08:32:11 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x12, &(0x7f0000000000)="813e4250", 0x4) 08:32:11 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000340)=[{&(0x7f0000000100)={0x34, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0xf0ffffffffffff}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x63, 0x0, 0x0, @ipv6=@local}]}]}, 0x34}], 0x1}, 0x0) 08:32:11 executing program 2: r0 = syz_io_uring_setup(0x2200, &(0x7f00000012c0)={0x0, 0x0, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001340), &(0x7f0000001380)) syz_io_uring_setup(0x753d, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000140), &(0x7f0000000180)) 08:32:11 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 7: syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000680)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4060000}}]}) 08:32:11 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, 0x0) [ 115.301328] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 115.301381] Bluetooth: Unexpected continuation frame (len 20) [ 115.306582] Bluetooth: hci5: ACL packet for unknown connection handle 1997 [ 115.333272] Bluetooth: hci0: unexpected event for opcode 0x0411 [ 115.343028] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 115.344227] Bluetooth: Unexpected continuation frame (len 20) 08:32:11 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 115.346924] Bluetooth: hci0: ACL packet for unknown connection handle 1997 [ 115.348193] Bluetooth: hci6: unexpected event for opcode 0x0411 [ 115.351446] Bluetooth: Unexpected continuation frame (len 20) [ 115.360099] Bluetooth: hci6: ACL packet for unknown connection handle 1997 [ 115.385949] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 115.433931] Bluetooth: hci5: unexpected event for opcode 0x0411 08:32:11 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x12, &(0x7f0000000000)="813e4250", 0x4) [ 115.472117] Bluetooth: Unexpected continuation frame (len 20) [ 115.485478] Bluetooth: hci5: ACL packet for unknown connection handle 1997 08:32:11 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 08:32:11 executing program 1: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 7: syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup(r0) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x16, 0x0, 0x0) 08:32:11 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000001600)={0x1240580, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f00000015c0)=[0x0], 0x1}, 0x58) 08:32:11 executing program 6: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 3: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:11 executing program 4: syz_emit_ethernet(0x76, &(0x7f00000005c0)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x40, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "ec3ba1", 0x0, 0x0, 0x0, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@dstopts={0x11, 0x0, '\x00', [@generic]}]}}}}}}}, 0x0) [ 115.554248] Bluetooth: hci0: unexpected event for opcode 0x0411 [ 115.555168] Bluetooth: Unexpected continuation frame (len 20) [ 115.556382] Bluetooth: hci0: ACL packet for unknown connection handle 1997 [ 115.561880] audit: type=1400 audit(1756715531.911:8): avc: denied { open } for pid=3972 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 115.564886] Bluetooth: Unexpected continuation frame (len 20) [ 115.565123] audit: type=1400 audit(1756715531.911:9): avc: denied { kernel } for pid=3972 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 115.565653] Bluetooth: hci6: unexpected event for opcode 0x0411 [ 115.573102] Bluetooth: hci1: ACL packet for unknown connection handle 1997 [ 115.574011] Bluetooth: Unexpected continuation frame (len 20) [ 115.583032] Bluetooth: hci6: ACL packet for unknown connection handle 1997 [ 115.598514] Bluetooth: hci5: unexpected event for opcode 0x0411 [ 115.606086] Bluetooth: Unexpected continuation frame (len 20) [ 115.611230] Bluetooth: hci5: ACL packet for unknown connection handle 1997 08:32:11 executing program 1: setresuid(0x0, 0xee01, 0x0) r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) 08:32:11 executing program 4: syz_emit_ethernet(0x76, &(0x7f00000005c0)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x40, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "ec3ba1", 0x0, 0x0, 0x0, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [@dstopts={0x11, 0x0, '\x00', [@generic]}]}}}}}}}, 0x0) 08:32:12 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/14], 0xe) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x4, 0x0, 0x411}}}, 0x7) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x13}, @hci_ev_le_conn_complete={{}, {0x8, 0xc9, 0x40, 0x1, @any, 0x8, 0x7ff, 0x5, 0x9}}}}, 0x16) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x3f, 0xc8, 0x6}}}, 0x7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000005c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x50}, "2bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566b3336d7090da483b85a7eff476ae95f6fe07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c24"}, 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x7, 0xc9}}}, 0x6) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1fb, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="fd6fc138c83356e493c144c7d7a6434e8fc22851ec94962e06e62faf0e62ca749f8ee127bf7eb013c08d9f94cda24fa1706ad88afd8d086d258b889765d6f5bc69c65f433af811fe31dbe3df59e6a0a30b03c95e14f89b322a3c13c4b81c75743e8acd85f038aedeee59549912e767f510670734e9dca059aa"]) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02cda7e00b8da2fc2600131b020080"], 0xf) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="03c9008cb85bd39cdd9c8132caf9a52aaed54f1beac66b0d20609795f390b6e6be884c05ed0745a531794b2f525f129dab6f54a99c60c7e214bf219734e69f08e326aef661b51cb4e9cd7eeb3572dd65d0bb6a60899dde430f28eb92f08f1a14ea87df5dec048a0b787386a6a3b5216632f1f1a8f5be29ffb813b5b0c5905eb9d38e163ef73386531ce3000000000000"], 0x90) clone(0xc11fb00, 0x0, &(0x7f0000000080), 0x0, 0x0) 08:32:12 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000200)="a0", 0x1}, {0x0, 0x2}], 0x2) 08:32:12 executing program 3: semget$private(0x0, 0x4000, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) 08:32:12 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) flistxattr(r0, &(0x7f0000000040)=""/9, 0x9) [ 115.712565] Bluetooth: hci1: unexpected event for opcode 0x0411 [ 115.713427] Bluetooth: Unexpected continuation frame (len 20) [ 115.716214] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 115.717127] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.717767] CPU: 1 UID: 0 PID: 3988 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.718729] Tainted: [W]=WARN [ 115.719433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.721257] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.722345] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.726627] RSP: 0018:ffff88804410f780 EFLAGS: 00010012 [ 115.727065] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.727654] RDX: ffff888042c3b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.728228] RBP: ffff88804410f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16550 [ 115.728805] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.729394] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.729977] FS: 0000555587ae0400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.730655] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.731126] CR2: 00007fbacf7c1543 CR3: 00000000422c0000 CR4: 0000000000350ef0 [ 115.731698] Call Trace: [ 115.731917] [ 115.732104] ? __pfx_perf_tp_event+0x10/0x10 [ 115.732482] ? __lock_acquire+0x694/0x1b70 [ 115.732835] ? __lock_acquire+0x694/0x1b70 [ 115.733180] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.733593] ? futex_private_hash_put+0x113/0x2d0 [ 115.733973] ? lock_release+0xc8/0x290 [ 115.734299] perf_trace_run_bpf_submit+0xef/0x180 [ 115.734716] perf_trace_preemptirq_template+0x259/0x430 [ 115.735144] ? futex_wait_setup+0x30c/0x550 [ 115.735517] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.735984] ? _raw_spin_lock_irqsave+0x53/0x60 [ 115.736366] trace_irq_disable.constprop.0+0xa6/0x100 [ 115.736799] _raw_spin_lock_irqsave+0x53/0x60 [ 115.737178] try_to_wake_up+0xa0/0x11d0 [ 115.737521] ? __pfx_try_to_wake_up+0x10/0x10 [ 115.737886] ? plist_del+0x122/0x270 [ 115.738193] ? find_held_lock+0x2b/0x80 [ 115.738554] ? futex_wake+0x474/0x540 [ 115.738869] wake_up_q+0xa1/0x130 [ 115.739158] futex_wake+0x47e/0x540 [ 115.739478] ? __pfx_futex_wake+0x10/0x10 [ 115.739822] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 115.740195] ? lock_release+0xc8/0x290 [ 115.740523] do_futex+0x26d/0x370 [ 115.740813] ? __pfx_do_futex+0x10/0x10 [ 115.741141] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 115.741568] ? read_tsc+0x9/0x20 [ 115.741864] __x64_sys_futex+0x1c9/0x4d0 [ 115.742204] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.742666] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.743028] ? lock_release+0xc8/0x290 [ 115.743349] ? xfd_validate_state+0x55/0x180 [ 115.743713] do_syscall_64+0xbf/0x360 [ 115.744021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.744445] RIP: 0033:0x7f5a476bbb19 [ 115.744746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.746187] RSP: 002b:00007fff91c13518 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.746804] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5a476bbb19 [ 115.747376] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5a477cef68 [ 115.747935] RBP: 00007f5a477cef60 R08: 00007f5a477d3a70 R09: 0000000000000000 [ 115.748506] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a477d3b10 [ 115.749070] R13: 00007fff91c13620 R14: 00007f5a477cef60 R15: 000000000001c376 [ 115.749645] [ 115.749835] Modules linked in: [ 115.750096] ---[ end trace 0000000000000000 ]--- [ 115.750484] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.750859] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.752293] RSP: 0018:ffff88804410f780 EFLAGS: 00010012 [ 115.752727] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.753292] RDX: ffff888042c3b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.753859] RBP: ffff88804410f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16550 [ 115.754438] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.754994] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.755562] FS: 0000555587ae0400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.756191] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.756655] CR2: 00007fbacf7c1543 CR3: 00000000422c0000 CR4: 0000000000350ef0 [ 115.757213] note: syz-executor.5[3988] exited with irqs disabled [ 115.757754] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 115.758643] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 115.759241] CPU: 1 UID: 0 PID: 3988 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 115.760201] Tainted: [D]=DIE, [W]=WARN [ 115.760521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 115.761174] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.761564] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.763012] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010012 [ 115.763447] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.764016] RDX: ffff888042c3b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.764585] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd16550 [ 115.765149] R10: 0000000000000000 R11: ffff88801f7cb098 R12: dffffc0000000000 [ 115.765721] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 115.766286] FS: 0000555587ae0400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.766961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.767445] CR2: 00007fbacf7c1543 CR3: 00000000422c0000 CR4: 0000000000350ef0 [ 115.768009] Call Trace: [ 115.768215] [ 115.768411] ? __pfx_perf_tp_event+0x10/0x10 [ 115.768779] ? sched_clock_cpu+0x6c/0x4e0 [ 115.769118] ? trace_pelt_se_tp+0xdf/0x130 [ 115.769464] ? place_entity+0x300/0x410 [ 115.769788] ? lock_acquire+0x18c/0x2f0 [ 115.770109] ? update_cfs_group+0x11d/0x260 [ 115.770469] ? lock_release+0x1c7/0x290 [ 115.770796] ? run_posix_cpu_timers+0x160/0x7d0 [ 115.771168] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 115.771572] ? sched_balance_trigger+0x1ac/0xcb0 [ 115.771958] ? sched_tick+0x27c/0x6c0 [ 115.772272] ? perf_trace_run_bpf_submit+0xef/0x180 [ 115.772693] ? timerqueue_add+0x1c2/0x330 [ 115.773028] perf_trace_run_bpf_submit+0xef/0x180 [ 115.773429] perf_trace_preemptirq_template+0x259/0x430 [ 115.773851] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 115.774318] ? read_tsc+0x9/0x20 [ 115.774616] ? ktime_get+0x16d/0x270 [ 115.774925] ? __pfx_lapic_next_deadline+0x10/0x10 [ 115.775327] ? clockevents_program_event+0x135/0x360 [ 115.775738] ? _raw_spin_lock_irq+0x42/0x50 [ 115.776083] trace_irq_disable.constprop.0+0xa6/0x100 [ 115.776496] _raw_spin_lock_irq+0x42/0x50 [ 115.776831] run_timer_softirq+0x10f/0x210 [ 115.777176] handle_softirqs+0x1b1/0x770 [ 115.777528] __irq_exit_rcu+0xc4/0x100 [ 115.777850] irq_exit_rcu+0x9/0x20 [ 115.778135] sysvec_apic_timer_interrupt+0x70/0x80 [ 115.778556] [ 115.778745] [ 115.778933] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.779373] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 115.779766] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 115.781253] RSP: 0018:ffff88804410ff28 EFLAGS: 00000246 [ 115.781701] RAX: 0000000000000001 RBX: ffff888042c3b700 RCX: ffffffff817c3ab6 [ 115.782289] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 115.782892] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 115.783482] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888042c3b700 [ 115.784068] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 115.784656] ? trace_irq_enable.constprop.0+0x26/0x100 [ 115.785092] ? make_task_dead+0x214/0x3b0 [ 115.785452] ? make_task_dead+0x214/0x3b0 [ 115.785800] ? do_syscall_64+0xbf/0x360 [ 115.786132] rewind_stack_and_make_dead+0x16/0x20 [ 115.786552] RIP: 0033:0x7f5a476bbb19 [ 115.786864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 115.788359] RSP: 002b:00007fff91c13518 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.788979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5a476bbb19 [ 115.789573] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5a477cef68 [ 115.790150] RBP: 00007f5a477cef60 R08: 00007f5a477d3a70 R09: 0000000000000000 [ 115.790744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a477d3b10 [ 115.791339] R13: 00007fff91c13620 R14: 00007f5a477cef60 R15: 000000000001c376 [ 115.791920] [ 115.792116] Modules linked in: [ 115.792390] ---[ end trace 0000000000000000 ]--- [ 115.792776] RIP: 0010:perf_tp_event+0x175/0xe70 [ 115.793166] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 115.794669] RSP: 0018:ffff88804410f780 EFLAGS: 00010012 [ 115.795107] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 115.795690] RDX: ffff888042c3b700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 115.796269] RBP: ffff88804410f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16550 [ 115.796849] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 115.797439] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 115.798021] FS: 0000555587ae0400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 115.798694] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.799174] CR2: 00007fbacf7c1543 CR3: 00000000422c0000 CR4: 0000000000350ef0 [ 115.799773] Kernel panic - not syncing: Fatal exception in interrupt [ 115.800478] Kernel Offset: disabled [ 115.800779] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:32:12 Registers: info registers vcpu 0 RAX=ffffea0000d12f40 RBX=dffffc0000000000 RCX=ffffffff81aa4ebd RDX=0000000000000000 RSI=0000000000000008 RDI=ffffea0000d12f40 RBP=ffffea0000d12f40 RSP=ffff888042e7f320 R8 =0000000000000000 R9 =fffff940001a25e0 R10=0000000000000000 R11=1ffff1100d9c6bb1 R12=ffff88800e0583f8 R13=ffffea0000d12f40 R14=0000000000000000 R15=00000000000001fd RIP=ffffffff81b00816 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d729000 CR3=0000000041c9d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88804410f070 R8 =0000000000000000 R9 =ffffed10014bb046 R10=0000000000000030 R11=0000000065646f43 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555587ae0400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbacf7c1543 CR3=00000000422c0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000ff0000000000000000000000 XMM01=00000000010000000000000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f5a477a27c800007f5a477a27c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000