Warning: Permanently added '[localhost]:18150' (ECDSA) to the list of known hosts.
2025/09/01 10:38:15 fuzzer started
2025/09/01 10:38:15 dialing manager at localhost:35473
syzkaller login: [   43.671150] cgroup: Unknown subsys name 'net'
[   43.734338] cgroup: Unknown subsys name 'cpuset'
[   43.744054] cgroup: Unknown subsys name 'rlimit'
2025/09/01 10:38:25 syscalls: 2214
2025/09/01 10:38:25 code coverage: enabled
2025/09/01 10:38:25 comparison tracing: enabled
2025/09/01 10:38:25 extra coverage: enabled
2025/09/01 10:38:25 setuid sandbox: enabled
2025/09/01 10:38:25 namespace sandbox: enabled
2025/09/01 10:38:25 Android sandbox: enabled
2025/09/01 10:38:25 fault injection: enabled
2025/09/01 10:38:25 leak checking: enabled
2025/09/01 10:38:25 net packet injection: enabled
2025/09/01 10:38:25 net device setup: enabled
2025/09/01 10:38:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 10:38:25 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 10:38:25 USB emulation: enabled
2025/09/01 10:38:25 hci packet injection: enabled
2025/09/01 10:38:25 wifi device emulation: enabled
2025/09/01 10:38:25 802.15.4 emulation: enabled
2025/09/01 10:38:25 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 10:38:25 fetching corpus: 50, signal 24527/27962 (executing program)
2025/09/01 10:38:25 fetching corpus: 100, signal 34881/39701 (executing program)
2025/09/01 10:38:25 fetching corpus: 150, signal 39589/45798 (executing program)
2025/09/01 10:38:25 fetching corpus: 200, signal 47797/55144 (executing program)
2025/09/01 10:38:26 fetching corpus: 250, signal 54420/62827 (executing program)
2025/09/01 10:38:26 fetching corpus: 300, signal 59977/69338 (executing program)
2025/09/01 10:38:26 fetching corpus: 350, signal 62982/73395 (executing program)
2025/09/01 10:38:26 fetching corpus: 400, signal 67416/78632 (executing program)
2025/09/01 10:38:26 fetching corpus: 450, signal 70635/82702 (executing program)
2025/09/01 10:38:26 fetching corpus: 500, signal 73647/86545 (executing program)
2025/09/01 10:38:26 fetching corpus: 550, signal 76062/89836 (executing program)
2025/09/01 10:38:26 fetching corpus: 600, signal 77536/92271 (executing program)
2025/09/01 10:38:26 fetching corpus: 650, signal 79448/95078 (executing program)
2025/09/01 10:38:26 fetching corpus: 700, signal 82138/98402 (executing program)
2025/09/01 10:38:27 fetching corpus: 750, signal 84661/101596 (executing program)
2025/09/01 10:38:27 fetching corpus: 800, signal 86594/104260 (executing program)
2025/09/01 10:38:27 fetching corpus: 850, signal 88405/106756 (executing program)
2025/09/01 10:38:27 fetching corpus: 900, signal 89755/108829 (executing program)
2025/09/01 10:38:27 fetching corpus: 950, signal 91139/110984 (executing program)
2025/09/01 10:38:27 fetching corpus: 1000, signal 92714/113168 (executing program)
2025/09/01 10:38:27 fetching corpus: 1050, signal 94102/115245 (executing program)
2025/09/01 10:38:27 fetching corpus: 1100, signal 96403/117917 (executing program)
2025/09/01 10:38:27 fetching corpus: 1150, signal 97896/119965 (executing program)
2025/09/01 10:38:27 fetching corpus: 1200, signal 100047/122457 (executing program)
2025/09/01 10:38:28 fetching corpus: 1250, signal 101276/124211 (executing program)
2025/09/01 10:38:28 fetching corpus: 1300, signal 103517/126720 (executing program)
2025/09/01 10:38:28 fetching corpus: 1350, signal 106286/129477 (executing program)
2025/09/01 10:38:28 fetching corpus: 1400, signal 107492/131159 (executing program)
2025/09/01 10:38:28 fetching corpus: 1450, signal 108299/132496 (executing program)
2025/09/01 10:38:28 fetching corpus: 1500, signal 108979/133766 (executing program)
2025/09/01 10:38:28 fetching corpus: 1550, signal 111018/135940 (executing program)
2025/09/01 10:38:28 fetching corpus: 1600, signal 112058/137340 (executing program)
2025/09/01 10:38:28 fetching corpus: 1650, signal 113088/138691 (executing program)
2025/09/01 10:38:28 fetching corpus: 1700, signal 113978/140004 (executing program)
2025/09/01 10:38:28 fetching corpus: 1750, signal 115282/141559 (executing program)
2025/09/01 10:38:28 fetching corpus: 1800, signal 116073/142775 (executing program)
2025/09/01 10:38:29 fetching corpus: 1850, signal 117002/144044 (executing program)
2025/09/01 10:38:29 fetching corpus: 1900, signal 117870/145212 (executing program)
2025/09/01 10:38:29 fetching corpus: 1950, signal 118738/146379 (executing program)
2025/09/01 10:38:29 fetching corpus: 2000, signal 119738/147663 (executing program)
2025/09/01 10:38:29 fetching corpus: 2050, signal 120985/149027 (executing program)
2025/09/01 10:38:29 fetching corpus: 2100, signal 122144/150274 (executing program)
2025/09/01 10:38:29 fetching corpus: 2150, signal 123024/151393 (executing program)
2025/09/01 10:38:29 fetching corpus: 2200, signal 123817/152444 (executing program)
2025/09/01 10:38:30 fetching corpus: 2250, signal 124689/153471 (executing program)
2025/09/01 10:38:30 fetching corpus: 2300, signal 125883/154687 (executing program)
2025/09/01 10:38:30 fetching corpus: 2350, signal 128376/156529 (executing program)
2025/09/01 10:38:30 fetching corpus: 2400, signal 129159/157463 (executing program)
2025/09/01 10:38:30 fetching corpus: 2450, signal 130260/158483 (executing program)
2025/09/01 10:38:30 fetching corpus: 2500, signal 130982/159398 (executing program)
2025/09/01 10:38:30 fetching corpus: 2550, signal 132144/160501 (executing program)
2025/09/01 10:38:30 fetching corpus: 2600, signal 133131/161465 (executing program)
2025/09/01 10:38:30 fetching corpus: 2650, signal 133913/162308 (executing program)
2025/09/01 10:38:30 fetching corpus: 2700, signal 134641/163212 (executing program)
2025/09/01 10:38:31 fetching corpus: 2750, signal 135562/164128 (executing program)
2025/09/01 10:38:31 fetching corpus: 2800, signal 136620/164998 (executing program)
2025/09/01 10:38:31 fetching corpus: 2850, signal 138054/166021 (executing program)
2025/09/01 10:38:31 fetching corpus: 2900, signal 138733/166762 (executing program)
2025/09/01 10:38:31 fetching corpus: 2950, signal 139654/167584 (executing program)
2025/09/01 10:38:31 fetching corpus: 3000, signal 140326/168233 (executing program)
2025/09/01 10:38:31 fetching corpus: 3050, signal 140784/168826 (executing program)
2025/09/01 10:38:31 fetching corpus: 3100, signal 141506/169516 (executing program)
2025/09/01 10:38:31 fetching corpus: 3150, signal 142053/170130 (executing program)
2025/09/01 10:38:31 fetching corpus: 3200, signal 142536/170711 (executing program)
2025/09/01 10:38:31 fetching corpus: 3250, signal 143191/171289 (executing program)
2025/09/01 10:38:32 fetching corpus: 3300, signal 143725/171865 (executing program)
2025/09/01 10:38:32 fetching corpus: 3350, signal 144296/172512 (executing program)
2025/09/01 10:38:32 fetching corpus: 3400, signal 144867/173153 (executing program)
2025/09/01 10:38:32 fetching corpus: 3450, signal 145791/173862 (executing program)
2025/09/01 10:38:32 fetching corpus: 3500, signal 146351/174373 (executing program)
2025/09/01 10:38:32 fetching corpus: 3550, signal 146861/174918 (executing program)
2025/09/01 10:38:32 fetching corpus: 3600, signal 147373/175424 (executing program)
2025/09/01 10:38:32 fetching corpus: 3650, signal 148045/175913 (executing program)
2025/09/01 10:38:32 fetching corpus: 3700, signal 148526/176373 (executing program)
2025/09/01 10:38:32 fetching corpus: 3750, signal 149018/176821 (executing program)
2025/09/01 10:38:33 fetching corpus: 3800, signal 149644/177269 (executing program)
2025/09/01 10:38:33 fetching corpus: 3850, signal 150246/177686 (executing program)
2025/09/01 10:38:33 fetching corpus: 3900, signal 150678/178084 (executing program)
2025/09/01 10:38:33 fetching corpus: 3950, signal 151238/178508 (executing program)
2025/09/01 10:38:33 fetching corpus: 4000, signal 151825/178979 (executing program)
2025/09/01 10:38:33 fetching corpus: 4050, signal 152239/179370 (executing program)
2025/09/01 10:38:33 fetching corpus: 4100, signal 152829/179796 (executing program)
2025/09/01 10:38:33 fetching corpus: 4150, signal 153222/180202 (executing program)
2025/09/01 10:38:33 fetching corpus: 4200, signal 153624/180582 (executing program)
2025/09/01 10:38:33 fetching corpus: 4250, signal 153936/180906 (executing program)
2025/09/01 10:38:33 fetching corpus: 4300, signal 154588/181238 (executing program)
2025/09/01 10:38:33 fetching corpus: 4350, signal 155012/181538 (executing program)
2025/09/01 10:38:34 fetching corpus: 4400, signal 155631/181865 (executing program)
2025/09/01 10:38:34 fetching corpus: 4450, signal 155927/182084 (executing program)
2025/09/01 10:38:34 fetching corpus: 4500, signal 156244/182089 (executing program)
2025/09/01 10:38:34 fetching corpus: 4550, signal 156765/182089 (executing program)
2025/09/01 10:38:34 fetching corpus: 4600, signal 157188/182093 (executing program)
2025/09/01 10:38:34 fetching corpus: 4650, signal 157462/182095 (executing program)
2025/09/01 10:38:34 fetching corpus: 4700, signal 157848/182106 (executing program)
2025/09/01 10:38:34 fetching corpus: 4750, signal 158271/182167 (executing program)
2025/09/01 10:38:34 fetching corpus: 4800, signal 158623/182169 (executing program)
2025/09/01 10:38:34 fetching corpus: 4850, signal 158906/182173 (executing program)
2025/09/01 10:38:34 fetching corpus: 4900, signal 159399/182181 (executing program)
2025/09/01 10:38:34 fetching corpus: 4950, signal 159986/182218 (executing program)
2025/09/01 10:38:35 fetching corpus: 5000, signal 160587/182230 (executing program)
2025/09/01 10:38:35 fetching corpus: 5050, signal 161398/182242 (executing program)
2025/09/01 10:38:35 fetching corpus: 5100, signal 161862/182251 (executing program)
2025/09/01 10:38:35 fetching corpus: 5150, signal 162592/182254 (executing program)
2025/09/01 10:38:35 fetching corpus: 5200, signal 162988/182257 (executing program)
2025/09/01 10:38:35 fetching corpus: 5250, signal 163334/182273 (executing program)
2025/09/01 10:38:35 fetching corpus: 5300, signal 163677/182283 (executing program)
2025/09/01 10:38:36 fetching corpus: 5350, signal 164384/182284 (executing program)
2025/09/01 10:38:36 fetching corpus: 5400, signal 164733/182378 (executing program)
2025/09/01 10:38:36 fetching corpus: 5450, signal 165000/182393 (executing program)
2025/09/01 10:38:36 fetching corpus: 5500, signal 165380/182395 (executing program)
2025/09/01 10:38:36 fetching corpus: 5550, signal 165828/182396 (executing program)
2025/09/01 10:38:36 fetching corpus: 5600, signal 166222/182407 (executing program)
2025/09/01 10:38:36 fetching corpus: 5650, signal 166815/182509 (executing program)
2025/09/01 10:38:36 fetching corpus: 5700, signal 167235/182519 (executing program)
2025/09/01 10:38:36 fetching corpus: 5750, signal 167921/182522 (executing program)
2025/09/01 10:38:36 fetching corpus: 5800, signal 168242/182533 (executing program)
2025/09/01 10:38:36 fetching corpus: 5850, signal 168677/182546 (executing program)
2025/09/01 10:38:36 fetching corpus: 5900, signal 169216/182550 (executing program)
2025/09/01 10:38:37 fetching corpus: 5950, signal 169549/182554 (executing program)
2025/09/01 10:38:37 fetching corpus: 6000, signal 169883/182569 (executing program)
2025/09/01 10:38:37 fetching corpus: 6050, signal 170213/182583 (executing program)
2025/09/01 10:38:37 fetching corpus: 6100, signal 170500/182590 (executing program)
2025/09/01 10:38:37 fetching corpus: 6150, signal 170814/182595 (executing program)
2025/09/01 10:38:37 fetching corpus: 6200, signal 171106/182608 (executing program)
2025/09/01 10:38:37 fetching corpus: 6250, signal 171350/182609 (executing program)
2025/09/01 10:38:37 fetching corpus: 6300, signal 171627/182612 (executing program)
2025/09/01 10:38:37 fetching corpus: 6350, signal 171924/182622 (executing program)
2025/09/01 10:38:37 fetching corpus: 6400, signal 172238/182624 (executing program)
2025/09/01 10:38:37 fetching corpus: 6450, signal 173202/182633 (executing program)
2025/09/01 10:38:37 fetching corpus: 6500, signal 173774/182634 (executing program)
2025/09/01 10:38:38 fetching corpus: 6550, signal 174088/182637 (executing program)
2025/09/01 10:38:38 fetching corpus: 6600, signal 174638/182646 (executing program)
2025/09/01 10:38:38 fetching corpus: 6650, signal 174944/182650 (executing program)
2025/09/01 10:38:38 fetching corpus: 6700, signal 175286/182653 (executing program)
2025/09/01 10:38:38 fetching corpus: 6750, signal 175513/182676 (executing program)
2025/09/01 10:38:38 fetching corpus: 6800, signal 175882/182682 (executing program)
2025/09/01 10:38:38 fetching corpus: 6850, signal 176146/182704 (executing program)
2025/09/01 10:38:38 fetching corpus: 6900, signal 176394/182707 (executing program)
2025/09/01 10:38:38 fetching corpus: 6950, signal 176669/182715 (executing program)
2025/09/01 10:38:38 fetching corpus: 7000, signal 177029/182718 (executing program)
2025/09/01 10:38:39 fetching corpus: 7050, signal 177244/182722 (executing program)
2025/09/01 10:38:39 fetching corpus: 7100, signal 177548/182728 (executing program)
2025/09/01 10:38:39 fetching corpus: 7150, signal 177847/182734 (executing program)
2025/09/01 10:38:39 fetching corpus: 7200, signal 178112/182735 (executing program)
2025/09/01 10:38:39 fetching corpus: 7250, signal 178366/182739 (executing program)
2025/09/01 10:38:39 fetching corpus: 7300, signal 178668/182753 (executing program)
2025/09/01 10:38:39 fetching corpus: 7350, signal 178821/182758 (executing program)
2025/09/01 10:38:39 fetching corpus: 7400, signal 179409/182762 (executing program)
2025/09/01 10:38:39 fetching corpus: 7450, signal 179813/182768 (executing program)
2025/09/01 10:38:39 fetching corpus: 7495, signal 180037/182773 (executing program)
2025/09/01 10:38:39 fetching corpus: 7495, signal 180037/182773 (executing program)
2025/09/01 10:38:42 starting 8 fuzzer processes
10:38:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000000))
fcntl$getown(r0, 0x9)

10:38:42 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0)

10:38:42 executing program 7:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, <r2=>0x0}, &(0x7f0000000040)=0x5)
setuid(r2)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e)

10:38:42 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, <r2=>0x0}, &(0x7f0000000040)=0x5)
setuid(r2)
ioctl$VT_RESIZEX(r0, 0x4b49, &(0x7f00000000c0))

10:38:42 executing program 3:
kexec_load(0x8, 0x1, &(0x7f0000001480)=[{0x0}], 0x1)

10:38:42 executing program 4:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x7)
ftruncate(r0, 0x8800000)
preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/106, 0x6a}], 0x1, 0x0, 0x0)

[   70.712545] audit: type=1400 audit(1756723122.534:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:38:42 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup(r0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='reno\x00', 0x5)
connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e)

10:38:42 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f00000006c0)={&(0x7f0000000040)={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x5}, 0x4}, 0x1c, 0x0}, 0x0)

[   71.945285] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   71.947349] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.949863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   71.952084] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.953195] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   71.957279] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.961047] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   71.963485] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   71.972240] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.985307] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.016604] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.021447] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.027252] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.028479] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   72.031253] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   72.036470] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.037853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   72.044155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   72.046334] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.048703] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.075820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   72.090189] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   72.092644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   72.106165] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   72.112251] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   72.158847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   72.168198] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   72.172194] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   72.175497] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   72.193179] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   72.196368] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   72.199336] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   72.205187] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   72.209699] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   72.212855] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   72.214431] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   72.216708] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   72.226160] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   72.261559] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   72.266507] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   74.038725] Bluetooth: hci0: command tx timeout
[   74.039443] Bluetooth: hci1: command tx timeout
[   74.104284] Bluetooth: hci2: command tx timeout
[   74.104791] Bluetooth: hci3: command tx timeout
[   74.166023] Bluetooth: hci4: command tx timeout
[   74.293976] Bluetooth: hci5: command tx timeout
[   74.294645] Bluetooth: hci7: command tx timeout
[   74.357978] Bluetooth: hci6: command tx timeout
[   76.087929] Bluetooth: hci0: command tx timeout
[   76.088410] Bluetooth: hci1: command tx timeout
[   76.149980] Bluetooth: hci3: command tx timeout
[   76.150451] Bluetooth: hci2: command tx timeout
[   76.213995] Bluetooth: hci4: command tx timeout
[   76.343306] Bluetooth: hci7: command tx timeout
[   76.343784] Bluetooth: hci5: command tx timeout
[   76.405979] Bluetooth: hci6: command tx timeout
[   78.135311] Bluetooth: hci1: command tx timeout
[   78.135755] Bluetooth: hci0: command tx timeout
[   78.199467] Bluetooth: hci3: command tx timeout
[   78.200772] Bluetooth: hci2: command tx timeout
[   78.264918] Bluetooth: hci4: command tx timeout
[   78.391053] Bluetooth: hci7: command tx timeout
[   78.391502] Bluetooth: hci5: command tx timeout
[   78.455432] Bluetooth: hci6: command tx timeout
[   80.183993] Bluetooth: hci1: command tx timeout
[   80.184470] Bluetooth: hci0: command tx timeout
[   80.246500] Bluetooth: hci2: command tx timeout
[   80.246980] Bluetooth: hci3: command tx timeout
[   80.311005] Bluetooth: hci4: command tx timeout
[   80.438958] Bluetooth: hci5: command tx timeout
[   80.439400] Bluetooth: hci7: command tx timeout
[   80.503017] Bluetooth: hci6: command tx timeout
[  108.618175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.618874] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.785069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.785697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.025600] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.026239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.163275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.164249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.330042] audit: type=1400 audit(1756723161.150:8): avc:  denied  { open } for  pid=3826 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  109.337315] audit: type=1400 audit(1756723161.150:9): avc:  denied  { kernel } for  pid=3826 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  109.378243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.378871] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:39:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0xfffffffffffffffd)

[  109.525036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.525655] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:39:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0xfffffffffffffffd)

10:39:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff)
ioprio_get$pid(0x0, 0x0)

10:39:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0xfffffffffffffffd)

10:39:21 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0xfffffffffffffffd)

[  109.828578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.829751] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:39:21 executing program 5:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x11, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000000c0)="45889f7eb7f43a863414ee0dea85a0bd4e", 0x0, 0x0, 0x0, 0x0, 0x0})

10:39:21 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
listen(r0, 0x0)

10:39:21 executing program 4:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x40086806, 0x4000)
pread64(r0, 0x0, 0x0, 0x0)

[  109.959985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.960588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.968970] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  109.969812] sr 1:0:0:0: [sr0] tag#0 CDB: Play audio(10)
[  109.970290] sr 1:0:0:0: [sr0] tag#0 CDB[00]: 45 88 9f 7e b7 f4 3a 86 34 14 ee 0d ea 85 a0 bd
[  109.971000] sr 1:0:0:0: [sr0] tag#0 CDB[10]: 4e
[  110.005496] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  110.006336] sr 1:0:0:0: [sr0] tag#0 CDB: Play audio(10)
[  110.006783] sr 1:0:0:0: [sr0] tag#0 CDB[00]: 45 88 9f 7e b7 f4 3a 86 34 14 ee 0d ea 85 a0 bd
[  110.007496] sr 1:0:0:0: [sr0] tag#0 CDB[10]: 4e
[  110.169036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.170249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.256924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.257560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.320927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.321549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.368396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.369089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.529934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.530531] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.809946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.811269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.866506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.867675] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.934317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.935372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:39:23 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0)

10:39:23 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
listen(r0, 0x0)

10:39:23 executing program 4:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x40086806, 0x4000)
pread64(r0, 0x0, 0x0, 0x0)

10:39:23 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)

10:39:23 executing program 6:
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)

10:39:23 executing program 7:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, <r2=>0x0}, &(0x7f0000000040)=0x5)
setuid(r2)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e)

10:39:23 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x200)

10:39:23 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000000))
fcntl$getown(r0, 0x9)

10:39:23 executing program 6:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000480)={0x24, @long}, 0x14)

10:39:23 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000000))
fcntl$getown(r0, 0x9)

10:39:23 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020105090000000000000000000000000800034000000002080019"], 0x24}}, 0x0)

10:39:23 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)

10:39:23 executing program 7:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, <r2=>0x0}, &(0x7f0000000040)=0x5)
setuid(r2)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e)

10:39:23 executing program 4:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setresuid(0x0, r1, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x40086806, 0x4000)
pread64(r0, 0x0, 0x0, 0x0)

10:39:23 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x200)

10:39:23 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
listen(r0, 0x0)

10:39:23 executing program 0:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000000))
fcntl$getown(r0, 0x9)

10:39:23 executing program 6:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000480)={0x24, @long}, 0x14)

[  111.637238] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  111.638822] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  111.640011] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  111.643661] Tainted: [W]=WARN
[  111.644361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  111.646048] RIP: 0010:perf_tp_event+0x175/0xe70
[  111.647057] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  111.651025] RSP: 0018:ffff8880460e7800 EFLAGS: 00010212
[  111.652019] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  111.653368] RDX: ffff888017310000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  111.654734] RBP: ffff8880460e7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16a78
[  111.656146] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  111.657491] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  111.658832] FS:  000055555ae98400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  111.660290] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  111.661608] CR2: 0000001b2d421000 CR3: 000000000d4b3000 CR4: 0000000000350ef0
[  111.662580] Call Trace:
[  111.662941]  <TASK>
[  111.663266]  ? arch_scale_cpu_capacity+0x17/0xa0
[  111.663937]  ? __pfx_perf_tp_event+0x10/0x10
[  111.664556]  ? __asan_memset+0x24/0x50
[  111.665137]  ? perf_trace_lock+0xb5/0x5d0
[  111.665721]  ? kvm_sched_clock_read+0x16/0x30
[  111.666355]  ? sched_clock+0x37/0x60
[  111.666883]  ? sched_clock_cpu+0x6c/0x4e0
[  111.667463]  ? lock_is_held_type+0x9e/0x120
[  111.668071]  ? perf_trace_run_bpf_submit+0xef/0x180
[  111.668780]  perf_trace_run_bpf_submit+0xef/0x180
[  111.669458]  perf_trace_lock+0x337/0x5d0
[  111.670031]  ? __pfx_perf_trace_lock+0x10/0x10
[  111.670678]  ? lock_acquire+0x15e/0x2f0
[  111.671234]  ? futex_ref_get+0x48/0x300
[  111.671786]  ? futex_ref_get+0x114/0x300
[  111.672348]  ? futex_hash+0x15c/0x390
[  111.672883]  lock_release+0x1ab/0x290
[  111.673420]  ? futex_hash+0x15c/0x390
[  111.673947]  futex_ref_get+0x119/0x300
[  111.674489]  ? futex_hash+0x15c/0x390
[  111.675019]  futex_hash+0x70/0x390
[  111.675518]  futex_wake+0x143/0x540
[  111.676041]  ? put_pid+0x1f/0x30
[  111.676518]  ? kernel_clone+0x204/0x7f0
[  111.677081]  ? __pfx_futex_wake+0x10/0x10
[  111.677666]  ? __pfx_kernel_clone+0x10/0x10
[  111.678263]  ? __lock_acquire+0x694/0x1b70
[  111.678853]  do_futex+0x26d/0x370
[  111.679346]  ? __pfx_do_futex+0x10/0x10
[  111.679904]  ? __pfx___do_sys_clone+0x10/0x10
[  111.680525]  ? find_held_lock+0x2b/0x80
[  111.681103]  __x64_sys_futex+0x1c9/0x4d0
[  111.681673]  ? __pfx___x64_sys_futex+0x10/0x10
[  111.682316]  ? xfd_validate_state+0x55/0x180
[  111.682957]  do_syscall_64+0xbf/0x360
[  111.683488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.684196] RIP: 0033:0x7efc43313b19
[  111.684708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  111.687154] RSP: 002b:00007fff3f8546d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  111.688178] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efc43313b19
[  111.689149] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efc43426f68
[  111.690117] RBP: 00007efc43426f60 R08: 00007efc40889700 R09: 0000000000000000
[  111.691077] R10: 00007efc40889700 R11: 0000000000000246 R12: 00007efc4342b060
[  111.692048] R13: 00007fff3f8547e0 R14: 00007efc43426f60 R15: 000000000001b39d
[  111.693033]  </TASK>
[  111.693360] Modules linked in:
[  111.693862] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  111.695367] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  111.696532] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  111.698144] Tainted: [D]=DIE, [W]=WARN
[  111.698668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  111.699777] RIP: 0010:perf_tp_event+0x175/0xe70
[  111.700429] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  111.702886] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[  111.703620] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  111.704582] RDX: ffff888017310000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  111.705549] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16a78
[  111.706510] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000
[  111.707479] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000
[  111.708446] FS:  000055555ae98400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  111.709536] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  111.710324] CR2: 0000001b2d421000 CR3: 000000000d4b3000 CR4: 0000000000350ef0
[  111.711286] Call Trace:
[  111.711643]  <IRQ>
[  111.711958]  ? __pfx_perf_tp_event+0x10/0x10
[  111.712581]  ? trace_pelt_se_tp+0xdf/0x130
[  111.713170]  ? __update_load_avg_se+0x428/0xa40
[  111.713822]  ? lock_is_held_type+0x9e/0x120
[  111.714425]  ? perf_trace_lock+0xb5/0x5d0
[  111.714997]  ? perf_trace_lock+0xb5/0x5d0
[  111.715571]  ? __pfx_perf_trace_lock+0x10/0x10
[  111.716205]  ? kvm_sched_clock_read+0x16/0x30
[  111.716838]  ? sched_clock+0x37/0x60
[  111.717359]  ? sched_clock_cpu+0x6c/0x4e0
[  111.717937]  ? perf_trace_run_bpf_submit+0xef/0x180
[  111.718635]  perf_trace_run_bpf_submit+0xef/0x180
[  111.719309]  perf_trace_lock+0x337/0x5d0
[  111.719871]  ? place_entity+0x300/0x410
[  111.720420]  ? kvm_sched_clock_read+0x16/0x30
[  111.721061]  ? __pfx_perf_trace_lock+0x10/0x10
[  111.721699]  ? check_preempt_wakeup_fair+0x6e/0x950
[  111.722388]  ? sched_ttwu_pending+0x2e0/0x4a0
[  111.723016]  lock_release+0x1ab/0x290
[  111.723543]  ? ttwu_do_activate+0x1a4/0x8a0
[  111.724144]  _raw_spin_unlock+0x16/0x40
[  111.724697]  sched_ttwu_pending+0x2e0/0x4a0
[  111.725308]  ? __pfx_sched_ttwu_pending+0x10/0x10
[  111.725977]  ? flush_tlb_func+0x24d/0x560
[  111.726552]  __flush_smp_call_function_queue+0x434/0x740
[  111.727306]  __sysvec_call_function_single+0x6d/0x370
[  111.728022]  sysvec_call_function_single+0xa1/0xc0
[  111.728702]  </IRQ>
[  111.729028]  <TASK>
[  111.729343]  asm_sysvec_call_function_single+0x1a/0x20
[  111.730073] RIP: 0010:oops_exit+0x0/0x50
[  111.730636] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57
[  111.733080] RSP: 0018:ffff8880460e7690 EFLAGS: 00000202
[  111.733804] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f
[  111.734777] RDX: ffff888017310000 RSI: ffffffff812a3dca RDI: 0000000000000007
[  111.735736] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690
[  111.736695] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880460e7758
[  111.737672] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  111.738642]  ? add_taint+0x5f/0xd0
[  111.739141]  ? oops_end+0x4a/0xe0
[  111.739640]  oops_end+0x65/0xe0
[  111.740111]  exc_general_protection+0x1a2/0x330
[  111.740778]  asm_exc_general_protection+0x26/0x30
[  111.741444] RIP: 0010:perf_tp_event+0x175/0xe70
[  111.742090] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  111.744572] RSP: 0018:ffff8880460e7800 EFLAGS: 00010212
[  111.745321] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  111.746312] RDX: ffff888017310000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  111.747302] RBP: ffff8880460e7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16a78
[  111.748298] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  111.749295] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  111.750297]  ? perf_tp_event+0x167/0xe70
[  111.750887]  ? arch_scale_cpu_capacity+0x17/0xa0
[  111.751566]  ? __pfx_perf_tp_event+0x10/0x10
[  111.752194]  ? __asan_memset+0x24/0x50
[  111.752777]  ? perf_trace_lock+0xb5/0x5d0
[  111.753374]  ? kvm_sched_clock_read+0x16/0x30
[  111.754015]  ? sched_clock+0x37/0x60
[  111.754552]  ? sched_clock_cpu+0x6c/0x4e0
[  111.755141]  ? lock_is_held_type+0x9e/0x120
[  111.755758]  ? perf_trace_run_bpf_submit+0xef/0x180
[  111.756467]  perf_trace_run_bpf_submit+0xef/0x180
[  111.757167]  perf_trace_lock+0x337/0x5d0
[  111.757751]  ? __pfx_perf_trace_lock+0x10/0x10
[  111.758405]  ? lock_acquire+0x15e/0x2f0
[  111.758969]  ? futex_ref_get+0x48/0x300
[  111.759531]  ? futex_ref_get+0x114/0x300
[  111.760103]  ? futex_hash+0x15c/0x390
[  111.760645]  lock_release+0x1ab/0x290
[  111.761202]  ? futex_hash+0x15c/0x390
[  111.761742]  futex_ref_get+0x119/0x300
[  111.762293]  ? futex_hash+0x15c/0x390
[  111.762833]  futex_hash+0x70/0x390
[  111.763344]  futex_wake+0x143/0x540
[  111.763871]  ? put_pid+0x1f/0x30
[  111.764356]  ? kernel_clone+0x204/0x7f0
[  111.764933]  ? __pfx_futex_wake+0x10/0x10
[  111.765527]  ? __pfx_kernel_clone+0x10/0x10
[  111.766137]  ? __lock_acquire+0x694/0x1b70
[  111.766743]  do_futex+0x26d/0x370
[  111.767244]  ? __pfx_do_futex+0x10/0x10
[  111.767810]  ? __pfx___do_sys_clone+0x10/0x10
[  111.768441]  ? find_held_lock+0x2b/0x80
[  111.769030]  __x64_sys_futex+0x1c9/0x4d0
[  111.769611]  ? __pfx___x64_sys_futex+0x10/0x10
[  111.770256]  ? xfd_validate_state+0x55/0x180
[  111.770897]  do_syscall_64+0xbf/0x360
[  111.771441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.772166] RIP: 0033:0x7efc43313b19
[  111.772689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  111.775198] RSP: 002b:00007fff3f8546d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  111.776251] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efc43313b19
[  111.777247] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efc43426f68
[  111.778233] RBP: 00007efc43426f60 R08: 00007efc40889700 R09: 0000000000000000
[  111.779214] R10: 00007efc40889700 R11: 0000000000000246 R12: 00007efc4342b060
[  111.780196] R13: 00007fff3f8547e0 R14: 00007efc43426f60 R15: 000000000001b39d
[  111.781207]  </TASK>
[  111.781541] Modules linked in:
[  111.781999] ---[ end trace 0000000000000000 ]---
[  111.782653] RIP: 0010:perf_tp_event+0x175/0xe70
[  111.783313] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  111.785827] RSP: 0018:ffff8880460e7800 EFLAGS: 00010212
[  111.786568] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  111.787553] RDX: ffff888017310000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  111.788541] RBP: ffff8880460e7a70 R08: ffff88806ce31340 R09: ffffe8ffffc16a78
[  111.789539] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  111.790533] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  111.791518] FS:  000055555ae98400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  111.792630] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  111.793450] CR2: 0000001b2d421000 CR3: 000000000d4b3000 CR4: 0000000000350ef0
[  111.794446] Kernel panic - not syncing: Fatal exception in interrupt
[  112.895137] Shutting down cpus with NMI
[  112.895926] Kernel Offset: disabled
[  112.896394] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
10:39:23  Registers:
info registers vcpu 0
RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880460e70f0
R8 =0000000000000000 R9 =ffffed10016c6046 R10=0000000000000062 R11=0000000065646f43
R12=0000000000000062 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555ae98400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe6000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d421000 CR3=000000000d4b3000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007efc433fa7c000007efc433fa7c8
XMM02=00007efc433fa7e000007efc433fa7c0 XMM03=00007efc433fa7c800007efc433fa7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffffea0000cf7280 RCX=ffffffff819d036a RDX=ffff8880457c0000
RSI=0000000000000000 RDI=0000000000000007 RBP=0000000000000137 RSP=ffff88801b9bf668
R8 =0000000000000000 R9 =fffff9400019ee50 R10=0000000000000000 R11=ffff888017312038
R12=0000000000000000 R13=00007f6bd0ec9000 R14=ffff88801b9bfad0 R15=8000000033dca007
RIP=ffffffff8173f6b0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe0600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d522000 CR3=000000003ac8d000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000