Warning: Permanently added '[localhost]:4835' (ECDSA) to the list of known hosts.
2025/08/29 09:50:03 fuzzer started
2025/08/29 09:50:03 dialing manager at localhost:43077
syzkaller login: [ 51.488138] cgroup: Unknown subsys name 'net'
[ 51.552379] cgroup: Unknown subsys name 'cpuset'
[ 51.566970] cgroup: Unknown subsys name 'rlimit'
2025/08/29 09:50:14 syscalls: 2214
2025/08/29 09:50:14 code coverage: enabled
2025/08/29 09:50:14 comparison tracing: enabled
2025/08/29 09:50:14 extra coverage: enabled
2025/08/29 09:50:14 setuid sandbox: enabled
2025/08/29 09:50:14 namespace sandbox: enabled
2025/08/29 09:50:14 Android sandbox: enabled
2025/08/29 09:50:14 fault injection: enabled
2025/08/29 09:50:14 leak checking: enabled
2025/08/29 09:50:14 net packet injection: enabled
2025/08/29 09:50:14 net device setup: enabled
2025/08/29 09:50:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 09:50:14 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 09:50:14 USB emulation: enabled
2025/08/29 09:50:14 hci packet injection: enabled
2025/08/29 09:50:14 wifi device emulation: enabled
2025/08/29 09:50:14 802.15.4 emulation: enabled
2025/08/29 09:50:14 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 09:50:14 fetching corpus: 50, signal 31619/34836 (executing program)
2025/08/29 09:50:14 fetching corpus: 100, signal 36855/41517 (executing program)
2025/08/29 09:50:14 fetching corpus: 150, signal 45649/51458 (executing program)
2025/08/29 09:50:14 fetching corpus: 200, signal 51161/58089 (executing program)
2025/08/29 09:50:15 fetching corpus: 250, signal 57703/65537 (executing program)
2025/08/29 09:50:15 fetching corpus: 300, signal 63741/72414 (executing program)
2025/08/29 09:50:15 fetching corpus: 350, signal 66580/76254 (executing program)
2025/08/29 09:50:15 fetching corpus: 400, signal 69962/80510 (executing program)
2025/08/29 09:50:15 fetching corpus: 450, signal 73605/84916 (executing program)
2025/08/29 09:50:15 fetching corpus: 500, signal 75452/87689 (executing program)
2025/08/29 09:50:15 fetching corpus: 550, signal 78753/91622 (executing program)
2025/08/29 09:50:15 fetching corpus: 600, signal 81624/95071 (executing program)
2025/08/29 09:50:15 fetching corpus: 650, signal 84186/98276 (executing program)
2025/08/29 09:50:15 fetching corpus: 700, signal 86290/101013 (executing program)
2025/08/29 09:50:16 fetching corpus: 750, signal 87803/103281 (executing program)
2025/08/29 09:50:16 fetching corpus: 800, signal 88946/105187 (executing program)
2025/08/29 09:50:16 fetching corpus: 850, signal 90308/107186 (executing program)
2025/08/29 09:50:16 fetching corpus: 900, signal 92410/109740 (executing program)
2025/08/29 09:50:16 fetching corpus: 950, signal 94703/112421 (executing program)
2025/08/29 09:50:16 fetching corpus: 1000, signal 97347/115236 (executing program)
2025/08/29 09:50:16 fetching corpus: 1050, signal 99989/118048 (executing program)
2025/08/29 09:50:16 fetching corpus: 1100, signal 102020/120353 (executing program)
2025/08/29 09:50:16 fetching corpus: 1150, signal 104175/122756 (executing program)
2025/08/29 09:50:17 fetching corpus: 1200, signal 105101/124163 (executing program)
2025/08/29 09:50:17 fetching corpus: 1250, signal 106634/126053 (executing program)
2025/08/29 09:50:17 fetching corpus: 1300, signal 107673/127546 (executing program)
2025/08/29 09:50:17 fetching corpus: 1350, signal 109123/129258 (executing program)
2025/08/29 09:50:17 fetching corpus: 1400, signal 110596/130911 (executing program)
2025/08/29 09:50:17 fetching corpus: 1450, signal 112421/132802 (executing program)
2025/08/29 09:50:17 fetching corpus: 1500, signal 114077/134571 (executing program)
2025/08/29 09:50:17 fetching corpus: 1550, signal 116122/136469 (executing program)
2025/08/29 09:50:17 fetching corpus: 1600, signal 117543/138012 (executing program)
2025/08/29 09:50:17 fetching corpus: 1650, signal 118641/139281 (executing program)
2025/08/29 09:50:18 fetching corpus: 1700, signal 119708/140483 (executing program)
2025/08/29 09:50:18 fetching corpus: 1750, signal 120758/141629 (executing program)
2025/08/29 09:50:18 fetching corpus: 1800, signal 121440/142569 (executing program)
2025/08/29 09:50:18 fetching corpus: 1850, signal 122750/143857 (executing program)
2025/08/29 09:50:18 fetching corpus: 1900, signal 123491/144820 (executing program)
2025/08/29 09:50:18 fetching corpus: 1950, signal 124626/145947 (executing program)
2025/08/29 09:50:18 fetching corpus: 2000, signal 125392/146877 (executing program)
2025/08/29 09:50:18 fetching corpus: 2050, signal 126007/147657 (executing program)
2025/08/29 09:50:18 fetching corpus: 2100, signal 127054/148674 (executing program)
2025/08/29 09:50:18 fetching corpus: 2150, signal 128167/149821 (executing program)
2025/08/29 09:50:18 fetching corpus: 2200, signal 128802/150581 (executing program)
2025/08/29 09:50:19 fetching corpus: 2250, signal 129744/151489 (executing program)
2025/08/29 09:50:19 fetching corpus: 2300, signal 130901/152417 (executing program)
2025/08/29 09:50:19 fetching corpus: 2350, signal 131976/153360 (executing program)
2025/08/29 09:50:19 fetching corpus: 2400, signal 132511/154046 (executing program)
2025/08/29 09:50:19 fetching corpus: 2450, signal 133757/155004 (executing program)
2025/08/29 09:50:19 fetching corpus: 2500, signal 134490/155718 (executing program)
2025/08/29 09:50:19 fetching corpus: 2550, signal 135328/156483 (executing program)
2025/08/29 09:50:19 fetching corpus: 2600, signal 136250/157218 (executing program)
2025/08/29 09:50:19 fetching corpus: 2650, signal 137109/157900 (executing program)
2025/08/29 09:50:20 fetching corpus: 2700, signal 137566/158456 (executing program)
2025/08/29 09:50:20 fetching corpus: 2750, signal 138200/159012 (executing program)
2025/08/29 09:50:20 fetching corpus: 2800, signal 139234/159729 (executing program)
2025/08/29 09:50:20 fetching corpus: 2850, signal 139887/160304 (executing program)
2025/08/29 09:50:20 fetching corpus: 2900, signal 140545/160884 (executing program)
2025/08/29 09:50:20 fetching corpus: 2950, signal 141452/161492 (executing program)
2025/08/29 09:50:20 fetching corpus: 3000, signal 142311/162054 (executing program)
2025/08/29 09:50:20 fetching corpus: 3050, signal 142948/162576 (executing program)
2025/08/29 09:50:20 fetching corpus: 3100, signal 143478/163041 (executing program)
2025/08/29 09:50:20 fetching corpus: 3150, signal 144059/163471 (executing program)
2025/08/29 09:50:21 fetching corpus: 3200, signal 144623/163918 (executing program)
2025/08/29 09:50:21 fetching corpus: 3250, signal 145086/164310 (executing program)
2025/08/29 09:50:21 fetching corpus: 3300, signal 145638/164720 (executing program)
2025/08/29 09:50:21 fetching corpus: 3350, signal 145995/165054 (executing program)
2025/08/29 09:50:21 fetching corpus: 3400, signal 146563/165423 (executing program)
2025/08/29 09:50:21 fetching corpus: 3450, signal 147040/165776 (executing program)
2025/08/29 09:50:21 fetching corpus: 3500, signal 147605/166145 (executing program)
2025/08/29 09:50:21 fetching corpus: 3550, signal 148310/166485 (executing program)
2025/08/29 09:50:21 fetching corpus: 3600, signal 148568/166781 (executing program)
2025/08/29 09:50:21 fetching corpus: 3650, signal 149260/167147 (executing program)
2025/08/29 09:50:22 fetching corpus: 3700, signal 150132/167498 (executing program)
2025/08/29 09:50:22 fetching corpus: 3750, signal 150528/167785 (executing program)
2025/08/29 09:50:22 fetching corpus: 3800, signal 150874/168028 (executing program)
2025/08/29 09:50:22 fetching corpus: 3850, signal 151414/168273 (executing program)
2025/08/29 09:50:22 fetching corpus: 3900, signal 151806/168561 (executing program)
2025/08/29 09:50:22 fetching corpus: 3950, signal 152434/168795 (executing program)
2025/08/29 09:50:22 fetching corpus: 4000, signal 152877/169076 (executing program)
2025/08/29 09:50:22 fetching corpus: 4050, signal 153239/169278 (executing program)
2025/08/29 09:50:22 fetching corpus: 4100, signal 153721/169307 (executing program)
2025/08/29 09:50:22 fetching corpus: 4150, signal 154051/169318 (executing program)
2025/08/29 09:50:23 fetching corpus: 4200, signal 154923/169320 (executing program)
2025/08/29 09:50:23 fetching corpus: 4250, signal 155343/169327 (executing program)
2025/08/29 09:50:23 fetching corpus: 4300, signal 156067/169366 (executing program)
2025/08/29 09:50:23 fetching corpus: 4350, signal 156698/169366 (executing program)
2025/08/29 09:50:23 fetching corpus: 4400, signal 157176/169379 (executing program)
2025/08/29 09:50:23 fetching corpus: 4450, signal 157909/169390 (executing program)
2025/08/29 09:50:23 fetching corpus: 4500, signal 158319/169400 (executing program)
2025/08/29 09:50:23 fetching corpus: 4550, signal 159001/169404 (executing program)
2025/08/29 09:50:23 fetching corpus: 4600, signal 159357/169410 (executing program)
2025/08/29 09:50:23 fetching corpus: 4650, signal 159612/169418 (executing program)
2025/08/29 09:50:23 fetching corpus: 4700, signal 160037/169418 (executing program)
2025/08/29 09:50:23 fetching corpus: 4750, signal 160488/169423 (executing program)
2025/08/29 09:50:24 fetching corpus: 4800, signal 161164/169428 (executing program)
2025/08/29 09:50:24 fetching corpus: 4850, signal 161538/169449 (executing program)
2025/08/29 09:50:24 fetching corpus: 4900, signal 161992/169455 (executing program)
2025/08/29 09:50:24 fetching corpus: 4950, signal 162273/169471 (executing program)
2025/08/29 09:50:24 fetching corpus: 5000, signal 162615/169471 (executing program)
2025/08/29 09:50:24 fetching corpus: 5050, signal 162920/169480 (executing program)
2025/08/29 09:50:24 fetching corpus: 5100, signal 163245/169500 (executing program)
2025/08/29 09:50:24 fetching corpus: 5150, signal 164693/169503 (executing program)
2025/08/29 09:50:24 fetching corpus: 5200, signal 165157/169507 (executing program)
2025/08/29 09:50:24 fetching corpus: 5250, signal 165382/169508 (executing program)
2025/08/29 09:50:24 fetching corpus: 5300, signal 165728/169513 (executing program)
2025/08/29 09:50:24 fetching corpus: 5350, signal 166044/169524 (executing program)
2025/08/29 09:50:25 fetching corpus: 5400, signal 166340/169550 (executing program)
2025/08/29 09:50:25 fetching corpus: 5450, signal 166623/169556 (executing program)
2025/08/29 09:50:25 fetching corpus: 5500, signal 166960/169585 (executing program)
2025/08/29 09:50:25 fetching corpus: 5541, signal 167379/169589 (executing program)
2025/08/29 09:50:25 fetching corpus: 5541, signal 167379/169589 (executing program)
2025/08/29 09:50:27 starting 8 fuzzer processes
09:50:27 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1=0xe0000002, @local, @local}, 0xc)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000280)={@multicast1=0xe0000002, @multicast2, @empty}, 0xc)
09:50:27 executing program 0:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x4723, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
syz_io_uring_submit(r1, 0x0, 0x0, 0x0)
09:50:27 executing program 7:
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f00000001c0))
listen(0xffffffffffffffff, 0x0)
[ 74.913906] audit: type=1400 audit(1756461027.248:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
09:50:27 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getitimer(0x0, &(0x7f0000000140))
09:50:27 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
lseek(r0, 0x8, 0x0)
getdents64(r0, &(0x7f0000000080)=""/127, 0x7f)
09:50:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73661fe41100080101000240002000f801002000400000000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffff07800009a000ffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffff07800009a000ffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e680325132510000e680325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100098e670325132510000e670325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200098e670325132510000e670325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200098e670325132510000e670325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200098e670325132510000e67032510b0064000000", 0x120, 0x1800}, {&(0x7f0000010500)="2e20202020202020202020100098e670325132510000e67032510300000000002e2e202020202020202020100098e670325132510000e670325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200098e670325132510000e670325104001a040000", 0x80, 0x2800}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x3000}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x3800}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x6800}], 0x0, &(0x7f0000010d00))
09:50:27 executing program 5:
io_uring_setup(0x2bd4, &(0x7f0000000080))
09:50:27 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
times(0x0)
[ 76.056068] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 76.061609] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 76.063803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 76.071094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 76.073946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 76.178784] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 76.182701] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 76.184152] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 76.187848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 76.190090] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 76.246946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 76.249471] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 76.251021] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 76.259340] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 76.263079] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 76.313738] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 76.327576] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 76.332527] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 76.366832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 76.369572] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 76.400608] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 76.410723] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 76.416005] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 76.429104] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 76.437516] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 76.439940] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 76.441192] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 76.443283] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 76.447461] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 76.453369] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 76.458047] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 76.462473] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 76.467574] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 76.481393] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 76.482587] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 76.494071] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 76.509686] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 76.511680] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 76.514382] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 76.523706] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 78.151949] Bluetooth: hci0: command tx timeout
[ 78.215434] Bluetooth: hci1: command tx timeout
[ 78.343393] Bluetooth: hci2: command tx timeout
[ 78.535406] Bluetooth: hci5: command tx timeout
[ 78.536434] Bluetooth: hci3: command tx timeout
[ 78.599417] Bluetooth: hci4: command tx timeout
[ 78.599493] Bluetooth: hci7: command tx timeout
[ 78.599988] Bluetooth: hci6: command tx timeout
[ 80.201267] Bluetooth: hci0: command tx timeout
[ 80.263314] Bluetooth: hci1: command tx timeout
[ 80.391391] Bluetooth: hci2: command tx timeout
[ 80.585422] Bluetooth: hci5: command tx timeout
[ 80.585856] Bluetooth: hci3: command tx timeout
[ 80.647336] Bluetooth: hci7: command tx timeout
[ 80.647781] Bluetooth: hci6: command tx timeout
[ 80.647989] Bluetooth: hci4: command tx timeout
[ 82.247369] Bluetooth: hci0: command tx timeout
[ 82.311283] Bluetooth: hci1: command tx timeout
[ 82.440470] Bluetooth: hci2: command tx timeout
[ 82.631305] Bluetooth: hci3: command tx timeout
[ 82.631350] Bluetooth: hci5: command tx timeout
[ 82.695333] Bluetooth: hci7: command tx timeout
[ 82.695756] Bluetooth: hci6: command tx timeout
[ 82.696136] Bluetooth: hci4: command tx timeout
[ 84.296278] Bluetooth: hci0: command tx timeout
[ 84.359364] Bluetooth: hci1: command tx timeout
[ 84.488427] Bluetooth: hci2: command tx timeout
[ 84.679323] Bluetooth: hci5: command tx timeout
[ 84.679367] Bluetooth: hci3: command tx timeout
[ 84.743443] Bluetooth: hci6: command tx timeout
[ 84.743683] Bluetooth: hci4: command tx timeout
[ 84.744099] Bluetooth: hci7: command tx timeout
[ 112.864584] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.865221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.061738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.062371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.348304] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.348912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.473974] loop4: detected capacity change from 0 to 128
[ 113.533915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.535502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:51:05 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000400)={0x40084100, 0x0, 0x0, 0x0, {}, &(0x7f0000000200)=""/174, 0xae, &(0x7f00000002c0)=""/88, &(0x7f00000003c0)=[0x0], 0x1}, 0x58)
[ 113.629174] audit: type=1400 audit(1756461065.963:8): avc: denied { open } for pid=3697 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 113.630965] audit: type=1400 audit(1756461065.963:9): avc: denied { kernel } for pid=3697 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 113.658296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.658910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.859054] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.859968] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:51:06 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000400)={0x40084100, 0x0, 0x0, 0x0, {}, &(0x7f0000000200)=""/174, 0xae, &(0x7f00000002c0)=""/88, &(0x7f00000003c0)=[0x0], 0x1}, 0x58)
[ 114.014294] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.014920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 114.383258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 114.383913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:51:06 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000400)={0x40084100, 0x0, 0x0, 0x0, {}, &(0x7f0000000200)=""/174, 0xae, &(0x7f00000002c0)=""/88, &(0x7f00000003c0)=[0x0], 0x1}, 0x58)
09:51:06 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getitimer(0x0, &(0x7f0000000140))
09:51:06 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x80000000007f})
09:51:06 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getitimer(0x0, &(0x7f0000000140))
09:51:07 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getitimer(0x0, &(0x7f0000000140))
09:51:07 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x80000000007f})
[ 115.766302] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.766922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.864093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.865004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.099647] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 116.100690] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 116.101447] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 116.102146] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 116.102976] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 2
[ 116.104573] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.105124] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.106029] Buffer I/O error on dev sr0, logical block 0, async page read
[ 116.113965] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.114633] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.115477] Buffer I/O error on dev sr0, logical block 1, async page read
[ 116.131473] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.131919] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.132593] Buffer I/O error on dev sr0, logical block 2, async page read
[ 116.144150] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.144861] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.145536] Buffer I/O error on dev sr0, logical block 3, async page read
[ 116.154151] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.154623] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.155292] Buffer I/O error on dev sr0, logical block 4, async page read
[ 116.165323] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.165777] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.166466] Buffer I/O error on dev sr0, logical block 5, async page read
[ 116.174314] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.174761] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.175614] Buffer I/O error on dev sr0, logical block 6, async page read
[ 116.185487] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 116.185940] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 116.186774] Buffer I/O error on dev sr0, logical block 7, async page read
[ 116.561270] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.561895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.602690] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.603565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.678758] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.679553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.729874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.730490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.932296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.933553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.949609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.950450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
09:51:09 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000400)={0x40084100, 0x0, 0x0, 0x0, {}, &(0x7f0000000200)=""/174, 0xae, &(0x7f00000002c0)=""/88, &(0x7f00000003c0)=[0x0], 0x1}, 0x58)
09:51:09 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0)
09:51:09 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1=0xe0000002, @local, @local}, 0xc)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000280)={@multicast1=0xe0000002, @multicast2, @empty}, 0xc)
09:51:09 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x80000000007f})
09:51:09 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
lseek(r0, 0x8, 0x0)
getdents64(r0, &(0x7f0000000080)=""/127, 0x7f)
09:51:09 executing program 0:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x4723, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
syz_io_uring_submit(r1, 0x0, 0x0, 0x0)
09:51:09 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
times(0x0)
09:51:09 executing program 7:
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f00000001c0))
listen(0xffffffffffffffff, 0x0)
09:51:09 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
times(0x0)
09:51:09 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1=0xe0000002, @local, @local}, 0xc)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000280)={@multicast1=0xe0000002, @multicast2, @empty}, 0xc)
[ 117.189621] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 117.191059] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current]
[ 117.192131] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[ 117.193129] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 06 00
[ 117.194298] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2
[ 117.196688] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.197559] Buffer I/O error on dev sr0, logical block 0, async page read
[ 117.204894] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.205838] Buffer I/O error on dev sr0, logical block 1, async page read
[ 117.213450] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.214639] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.222042] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
09:51:09 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
lseek(r0, 0x8, 0x0)
getdents64(r0, &(0x7f0000000080)=""/127, 0x7f)
[ 117.238009] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
09:51:09 executing program 3:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x4723, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
syz_io_uring_submit(r1, 0x0, 0x0, 0x0)
[ 117.262844] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.270503] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
09:51:09 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000180)='($\x18\xe5=\x11c\x86g\x02\x00\x00\x00?\x00\x00\x00\a\x00\x00\x00S\xc8\xe8*\xcc\xff\x7f\xcb\x9e@G\x96\x1e>\xdb\xa1J\xab\xd0\xb7.k^mq\xc2\xc4Q{\x14J\xb3i\x82\xa18\xf6\x04\x7f\x14RT?\xd2\x01J\xf5E\xc1\xf8\x1f\x80(\x9b?\xb6\xac_l\x17\xd1\f \xbf\xb8\xf8\xfc\xb5\xf8\xf4\x0e\xc3\xd6\xdf\xa3 \x00\x00\x00\n>\xdfm\f\xd5\xc4?\x04\x00\x00\x00\x00\x00\x00\x00\xd6j\xe7\x00-Y\x99\x03\xdf\xcc(\xa7t\xf4)\xf5\xf9s8@U\xca$Jd\xf3G\xcd\xfdAno\xc7\b\x92\xa7\x18\xf09@\x10\xb3\xe4\xdd\x14\xbfoO', 0x5)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x80000000007f})
09:51:09 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
times(0x0)
09:51:09 executing program 7:
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f00000001c0))
listen(0xffffffffffffffff, 0x0)
09:51:09 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1=0xe0000002, @local, @local}, 0xc)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000280)={@multicast1=0xe0000002, @multicast2, @empty}, 0xc)
[ 117.361922] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.368805] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.369386] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.374522] kmemleak: Found object by alias at 0x607f1a639394
[ 117.374552] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 117.374584] Tainted: [W]=WARN
[ 117.374591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.374605] Workqueue: netns cleanup_net
[ 117.374630] Call Trace:
[ 117.374637]
[ 117.374645] dump_stack_lvl+0xca/0x120
[ 117.374681] __lookup_object+0x94/0xb0
[ 117.374709] delete_object_full+0x27/0x70
[ 117.374739] free_percpu+0x30/0x1160
[ 117.374775] percpu_counter_destroy_many+0x188/0x2b0
[ 117.374805] ? __pfx_ip6_route_net_exit+0x10/0x10
[ 117.374832] ops_undo_list+0x2d5/0xa50
[ 117.374869] ? __pfx_ops_undo_list+0x10/0x10
[ 117.374901] ? lock_release+0xc8/0x290
[ 117.374924] ? idr_destroy+0x62/0x2c0
[ 117.374956] cleanup_net+0x38d/0x770
[ 117.374974] ? lock_acquire+0x15e/0x2f0
[ 117.374999] ? __pfx_cleanup_net+0x10/0x10
[ 117.375020] ? lock_release+0xc8/0x290
[ 117.375049] process_one_work+0x8e1/0x19c0
[ 117.375088] ? __pfx_process_one_work+0x10/0x10
[ 117.375113] ? move_linked_works+0x172/0x270
[ 117.375150] ? assign_work+0x196/0x240
[ 117.375177] worker_thread+0x67e/0xe90
[ 117.375203] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 117.375240] ? __pfx_worker_thread+0x10/0x10
[ 117.375267] kthread+0x3c8/0x740
[ 117.375291] ? __pfx_kthread+0x10/0x10
[ 117.375311] ? ret_from_fork+0x23/0x430
[ 117.375344] ? lock_release+0xc8/0x290
[ 117.375369] ? __pfx_kthread+0x10/0x10
[ 117.375393] ret_from_fork+0x34b/0x430
[ 117.375423] ? __pfx_kthread+0x10/0x10
[ 117.375445] ret_from_fork_asm+0x1a/0x30
[ 117.375489]
[ 117.375495] kmemleak: Object (percpu) 0x607f1a639390 (size 8):
[ 117.375508] kmemleak: comm "syz-executor.3", pid 3937, jiffies 4294784234
[ 117.375521] kmemleak: min_count = 1
[ 117.375528] kmemleak: count = 0
[ 117.375534] kmemleak: flags = 0x21
[ 117.375541] kmemleak: checksum = 0
[ 117.375548] kmemleak: backtrace:
[ 117.375553] pcpu_alloc_noprof+0x87a/0x1170
[ 117.375580] percpu_ref_init+0x37/0x400
[ 117.375611] blkg_alloc+0xe9/0x7d0
[ 117.375631] blkg_create+0xe08/0x1420
[ 117.375653] bio_associate_blkg_from_css+0xe06/0x1380
[ 117.375677] bio_associate_blkg+0x10e/0x2a0
[ 117.375700] bio_init+0x2dd/0x570
[ 117.375722] bio_alloc_bioset+0x2cf/0x8c0
[ 117.375747] submit_bh_wbc+0x286/0x720
[ 117.375775] block_read_full_folio+0x405/0x760
[ 117.375794] filemap_read_folio+0x4a/0x1e0
[ 117.375823] filemap_fault+0x229d/0x2ca0
[ 117.375840] __do_fault+0x10d/0x480
[ 117.375861] __handle_mm_fault+0x1aba/0x3260
[ 117.375888] handle_mm_fault+0x2c3/0x9b0
[ 117.375916] do_user_addr_fault+0x4fa/0xeb0
[ 117.376074] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.412717] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.426547] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.427995] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.429108] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.429793] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.430420] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.430965] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.432323] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.432867] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.437648] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[ 117.457948] kmemleak: Found object by alias at 0x607f1a639394
[ 117.457964] CPU: 1 UID: 0 PID: 3943 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 117.457981] Tainted: [W]=WARN
[ 117.457985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.457992] Call Trace:
[ 117.457997]
[ 117.458001] dump_stack_lvl+0xca/0x120
[ 117.458026] __lookup_object+0x94/0xb0
[ 117.458043] delete_object_full+0x27/0x70
[ 117.458059] free_percpu+0x30/0x1160
[ 117.458075] ? arch_uprobe_clear_state+0x16/0x140
[ 117.458100] futex_hash_free+0x38/0xc0
[ 117.458114] mmput+0x2d3/0x390
[ 117.458133] do_exit+0x79d/0x2970
[ 117.458146] ? signal_wake_up_state+0x85/0x120
[ 117.458162] ? zap_other_threads+0x2b9/0x3a0
[ 117.458178] ? __pfx_do_exit+0x10/0x10
[ 117.458190] ? do_group_exit+0x1c3/0x2a0
[ 117.458203] ? lock_release+0xc8/0x290
[ 117.458220] do_group_exit+0xd3/0x2a0
[ 117.458235] __x64_sys_exit_group+0x3e/0x50
[ 117.458248] x64_sys_call+0x18c5/0x18d0
[ 117.458264] do_syscall_64+0xbf/0x360
[ 117.458276] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.458287] RIP: 0033:0x7fbb1ddcdb19
[ 117.458296] Code: Unable to access opcode bytes at 0x7fbb1ddcdaef.
[ 117.458301] RSP: 002b:00007ffc75dfd4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 117.458312] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fbb1ddcdb19
[ 117.458320] RDX: 00007fbb1dd8072b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 117.458327] RBP: 0000000000000000 R08: 0000001b2d6200e0 R09: 0000000000000000
[ 117.458334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 117.458340] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc75dfd5c0
[ 117.458356]
[ 117.458359] kmemleak: Object (percpu) 0x607f1a639390 (size 8):
[ 117.458366] kmemleak: comm "syz-executor.3", pid 3937, jiffies 4294784234
[ 117.458373] kmemleak: min_count = 1
[ 117.458377] kmemleak: count = 0
[ 117.458380] kmemleak: flags = 0x21
[ 117.458384] kmemleak: checksum = 0
[ 117.458387] kmemleak: backtrace:
[ 117.458390] pcpu_alloc_noprof+0x87a/0x1170
[ 117.458405] percpu_ref_init+0x37/0x400
[ 117.458423] blkg_alloc+0xe9/0x7d0
[ 117.458435] blkg_create+0xe08/0x1420
[ 117.458447] bio_associate_blkg_from_css+0xe06/0x1380
[ 117.458460] bio_associate_blkg+0x10e/0x2a0
[ 117.458472] bio_init+0x2dd/0x570
[ 117.458485] bio_alloc_bioset+0x2cf/0x8c0
[ 117.458499] submit_bh_wbc+0x286/0x720
[ 117.458515] block_read_full_folio+0x405/0x760
[ 117.458525] filemap_read_folio+0x4a/0x1e0
[ 117.458542] filemap_fault+0x229d/0x2ca0
[ 117.458551] __do_fault+0x10d/0x480
[ 117.458563] __handle_mm_fault+0x1aba/0x3260
[ 117.458578] handle_mm_fault+0x2c3/0x9b0
[ 117.458592] do_user_addr_fault+0x4fa/0xeb0
09:51:09 executing program 3:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x4723, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
syz_io_uring_submit(r1, 0x0, 0x0, 0x0)
09:51:09 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000080)={0x80})
09:51:09 executing program 7:
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f00000001c0))
listen(0xffffffffffffffff, 0x0)
09:51:09 executing program 2:
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f00000001c0))
listen(0xffffffffffffffff, 0x0)
09:51:09 executing program 6:
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f00000001c0))
listen(0xffffffffffffffff, 0x0)
09:51:09 executing program 0:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0x12, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x4723, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r3, 0x0)
syz_io_uring_submit(r1, 0x0, 0x0, 0x0)
09:51:09 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
lseek(r0, 0x8, 0x0)
getdents64(r0, &(0x7f0000000080)=""/127, 0x7f)
[ 117.577611] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 117.578523] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 117.579217] CPU: 1 UID: 0 PID: 3950 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 117.580483] Tainted: [W]=WARN
[ 117.581152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.583064] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.584140] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.588618] RSP: 0018:ffff888046bf7780 EFLAGS: 00010012
[ 117.589048] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000e262000
[ 117.589623] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 117.590189] RBP: ffff888046bf79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16390
[ 117.590753] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.591319] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.591884] FS: 00007fbb1b343700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 117.592520] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.592980] CR2: 00007fbb1dee1018 CR3: 000000000e37d000 CR4: 0000000000350ef0
[ 117.593551] Call Trace:
[ 117.593761]
[ 117.593949] ? __pfx_perf_tp_event+0x10/0x10
[ 117.594313] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 117.594806] ? lock_acquire+0x15e/0x2f0
[ 117.595131] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 117.595642] ? lock_is_held_type+0x9e/0x120
[ 117.595996] ? lock_is_held_type+0x9e/0x120
[ 117.596347] ? ctx_sched_in+0x134/0x9b0
[ 117.596670] ? __pfx_ctx_sched_in+0x10/0x10
[ 117.597014] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.597499] ? find_held_lock+0x2b/0x80
[ 117.597828] ? perf_trace_run_bpf_submit+0xef/0x180
[ 117.598234] perf_trace_run_bpf_submit+0xef/0x180
[ 117.598627] perf_trace_preemptirq_template+0x259/0x430
[ 117.599062] ? __pick_eevdf+0x100/0x570
[ 117.599385] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.599864] ? update_curr+0x39e/0x500
[ 117.600179] ? find_held_lock+0x2b/0x80
[ 117.600501] ? try_to_wake_up+0x8ae/0x11d0
[ 117.600846] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 117.601262] trace_irq_enable.constprop.0+0xa6/0x100
[ 117.601682] trace_hardirqs_on+0x26/0x40
[ 117.602006] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 117.602404] try_to_wake_up+0x8ae/0x11d0
[ 117.602735] ? __pfx_try_to_wake_up+0x10/0x10
[ 117.603105] ? plist_del+0x122/0x270
[ 117.603413] ? find_held_lock+0x2b/0x80
[ 117.603740] ? futex_wake+0x474/0x540
[ 117.604055] wake_up_q+0xa1/0x130
[ 117.604345] futex_wake+0x47e/0x540
[ 117.604646] ? __pfx_futex_wake+0x10/0x10
[ 117.604985] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 117.605391] ? lock_release+0xc8/0x290
[ 117.605722] do_futex+0x26d/0x370
[ 117.606010] ? __pfx_do_futex+0x10/0x10
[ 117.606329] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 117.606754] ? find_held_lock+0x2b/0x80
[ 117.607080] __x64_sys_futex+0x1c9/0x4d0
[ 117.607414] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.607887] ? __pfx___x64_sys_futex+0x10/0x10
[ 117.608261] do_syscall_64+0xbf/0x360
[ 117.608571] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.608985] RIP: 0033:0x7fbb1ddcdb19
[ 117.609285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 117.610729] RSP: 002b:00007fbb1b343218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 117.611332] RAX: ffffffffffffffda RBX: 00007fbb1dee0f68 RCX: 00007fbb1ddcdb19
[ 117.611899] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbb1dee0f6c
[ 117.612464] RBP: 00007fbb1dee0f60 R08: 000000000000000e R09: 0000000000000000
[ 117.613034] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbb1dee0f6c
[ 117.613609] R13: 00007ffc75dfd2af R14: 00007fbb1b343300 R15: 0000000000022000
[ 117.614175]
[ 117.614362] Modules linked in:
[ 117.614624] ---[ end trace 0000000000000000 ]---
[ 117.614998] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.615380] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.616812] RSP: 0018:ffff888046bf7780 EFLAGS: 00010012
[ 117.617235] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000e262000
[ 117.617810] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 117.618371] RBP: ffff888046bf79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16390
[ 117.618931] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.619497] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.620056] FS: 00007fbb1b343700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 117.620692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.621153] CR2: 00007fbb1dee1018 CR3: 000000000e37d000 CR4: 0000000000350ef0
[ 117.621730] note: syz-executor.6[3950] exited with irqs disabled
[ 117.622258] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 117.623131] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 117.623813] CPU: 1 UID: 0 PID: 3950 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 117.624743] Tainted: [D]=DIE, [W]=WARN
[ 117.625043] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 117.625697] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.626075] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.627500] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[ 117.627920] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 117.628479] RDX: ffff888045959b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 117.629037] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16390
[ 117.629911] R10: 0000000000000000 R11: 0000000000021a41 R12: dffffc0000000000
[ 117.630504] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[ 117.631228] FS: 00007fbb1b343700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 117.631859] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.632318] CR2: 00007fbb1dee1018 CR3: 000000000e37d000 CR4: 0000000000350ef0
[ 117.632875] Call Trace:
[ 117.633088]
[ 117.633268] ? trace_softirq_raise+0xbe/0x100
[ 117.633649] ? css_rstat_updated+0x1b8/0x4d0
[ 117.634011] ? __pfx_perf_tp_event+0x10/0x10
[ 117.634373] ? kvm_sched_clock_read+0x16/0x30
[ 117.634733] ? sched_clock+0x37/0x60
[ 117.635044] ? __cgroup_account_cputime+0x88/0xc0
[ 117.635435] ? lock_acquire+0x18c/0x2f0
[ 117.635754] ? update_cfs_group+0x11d/0x260
[ 117.636098] ? lock_release+0x1c7/0x290
[ 117.636419] ? run_posix_cpu_timers+0x160/0x7d0
[ 117.636796] ? __pfx_run_posix_cpu_timers+0x10/0x10
[ 117.637190] ? sched_balance_trigger+0x1ac/0xcb0
[ 117.637583] ? sched_tick+0x27c/0x6c0
[ 117.637895] ? do_raw_spin_lock+0x123/0x260
[ 117.638246] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 117.638625] ? perf_trace_run_bpf_submit+0xef/0x180
[ 117.639027] perf_trace_run_bpf_submit+0xef/0x180
[ 117.639420] perf_trace_preemptirq_template+0x259/0x430
[ 117.639849] ? read_tsc+0x9/0x20
[ 117.640131] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 117.640610] ? clockevents_program_event+0x135/0x360
[ 117.641017] ? tick_program_event+0xac/0x140
[ 117.641373] ? handle_softirqs+0x16e/0x770
[ 117.641727] trace_irq_enable.constprop.0+0xa6/0x100
[ 117.642132] trace_hardirqs_on+0x26/0x40
[ 117.642457] handle_softirqs+0x16e/0x770
[ 117.642791] __irq_exit_rcu+0xc4/0x100
[ 117.643110] irq_exit_rcu+0x9/0x20
[ 117.643398] sysvec_apic_timer_interrupt+0x70/0x80
[ 117.643795]
[ 117.643978]
[ 117.644161] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 117.644577] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 117.644952] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 117.646388] RSP: 0018:ffff888046bf7f28 EFLAGS: 00000246
[ 117.646808] RAX: 0000000000000001 RBX: ffff888045959b80 RCX: ffffffff817c2b86
[ 117.647370] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 117.647930] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 117.648490] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888045959b80
[ 117.649053] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 117.649624] ? trace_irq_enable.constprop.0+0x26/0x100
[ 117.650041] ? make_task_dead+0x214/0x3b0
[ 117.650378] ? make_task_dead+0x214/0x3b0
[ 117.650712] ? do_syscall_64+0xbf/0x360
[ 117.651028] rewind_stack_and_make_dead+0x16/0x20
[ 117.651415] RIP: 0033:0x7fbb1ddcdb19
[ 117.651708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 117.653126] RSP: 002b:00007fbb1b343218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 117.653731] RAX: ffffffffffffffda RBX: 00007fbb1dee0f68 RCX: 00007fbb1ddcdb19
[ 117.654294] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbb1dee0f6c
[ 117.654856] RBP: 00007fbb1dee0f60 R08: 000000000000000e R09: 0000000000000000
[ 117.655416] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbb1dee0f6c
[ 117.655979] R13: 00007ffc75dfd2af R14: 00007fbb1b343300 R15: 0000000000022000
[ 117.656539]
[ 117.656729] Modules linked in:
[ 117.656991] ---[ end trace 0000000000000000 ]---
[ 117.657364] RIP: 0010:perf_tp_event+0x175/0xe70
[ 117.657745] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 117.659165] RSP: 0018:ffff888046bf7780 EFLAGS: 00010012
[ 117.659585] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000e262000
[ 117.660144] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 117.660706] RBP: ffff888046bf79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16390
[ 117.661266] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 117.661830] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 117.662391] FS: 00007fbb1b343700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 117.663021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.663482] CR2: 00007fbb1dee1018 CR3: 000000000e37d000 CR4: 0000000000350ef0
[ 117.664045] Kernel panic - not syncing: Fatal exception in interrupt
[ 117.664798] Kernel Offset: disabled
[ 117.665090] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
09:51:10 Registers:
info registers vcpu 0
RAX=ffff88806ce36ec0 RBX=0000000000155cc0 RCX=0000000000000000 RDX=1ffff1100d9c6de0
RSI=0000000000000000 RDI=ffff88801f90cc98 RBP=ffff88806ce36f00 RSP=ffff888017007b48
R8 =0000000000000000 R9 =ffffed1008b8bc68 R10=ffff888045c5e347 R11=0000000000000400
R12=dffffc0000000000 R13=ffff88801f90cc00 R14=0000000000000000 R15=ffff888015fc6c00
RIP=ffffffff814a466f RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00005555922ab400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe5300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055d49d04e000 CR3=0000000040443000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888046bf7070
R8 =0000000000000000 R9 =ffffed10016cd046 R10=0000000000000063 R11=0000000065646f43
R12=0000000000000063 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fbb1b343700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbb1dee1018 CR3=000000000e37d000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fbb1deb47c000007fbb1deb47c8
XMM02=00007fbb1deb47e000007fbb1deb47c0 XMM03=00007fbb1deb47c800007fbb1deb47c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000