Warning: Permanently added '[localhost]:41349' (ECDSA) to the list of known hosts. 2025/09/01 10:47:58 fuzzer started 2025/09/01 10:47:59 dialing manager at localhost:35473 syzkaller login: [ 51.602518] cgroup: Unknown subsys name 'net' [ 51.672814] cgroup: Unknown subsys name 'cpuset' [ 51.693266] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:48:10 syscalls: 2214 2025/09/01 10:48:10 code coverage: enabled 2025/09/01 10:48:10 comparison tracing: enabled 2025/09/01 10:48:10 extra coverage: enabled 2025/09/01 10:48:10 setuid sandbox: enabled 2025/09/01 10:48:10 namespace sandbox: enabled 2025/09/01 10:48:10 Android sandbox: enabled 2025/09/01 10:48:10 fault injection: enabled 2025/09/01 10:48:10 leak checking: enabled 2025/09/01 10:48:10 net packet injection: enabled 2025/09/01 10:48:10 net device setup: enabled 2025/09/01 10:48:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:48:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:48:10 USB emulation: enabled 2025/09/01 10:48:10 hci packet injection: enabled 2025/09/01 10:48:10 wifi device emulation: enabled 2025/09/01 10:48:10 802.15.4 emulation: enabled 2025/09/01 10:48:10 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:48:10 fetching corpus: 50, signal 17884/21499 (executing program) 2025/09/01 10:48:10 fetching corpus: 100, signal 33025/37967 (executing program) 2025/09/01 10:48:10 fetching corpus: 150, signal 40467/46733 (executing program) 2025/09/01 10:48:10 fetching corpus: 200, signal 47740/55139 (executing program) 2025/09/01 10:48:10 fetching corpus: 250, signal 52724/61302 (executing program) 2025/09/01 10:48:10 fetching corpus: 300, signal 57805/67403 (executing program) 2025/09/01 10:48:11 fetching corpus: 350, signal 63588/74005 (executing program) 2025/09/01 10:48:11 fetching corpus: 400, signal 65741/77277 (executing program) 2025/09/01 10:48:11 fetching corpus: 450, signal 69093/81548 (executing program) 2025/09/01 10:48:11 fetching corpus: 500, signal 71919/85258 (executing program) 2025/09/01 10:48:11 fetching corpus: 550, signal 74328/88544 (executing program) 2025/09/01 10:48:11 fetching corpus: 600, signal 77065/92066 (executing program) 2025/09/01 10:48:11 fetching corpus: 650, signal 79440/95265 (executing program) 2025/09/01 10:48:11 fetching corpus: 700, signal 81137/97815 (executing program) 2025/09/01 10:48:11 fetching corpus: 750, signal 83802/101115 (executing program) 2025/09/01 10:48:11 fetching corpus: 800, signal 86026/104037 (executing program) 2025/09/01 10:48:11 fetching corpus: 850, signal 87695/106458 (executing program) 2025/09/01 10:48:12 fetching corpus: 900, signal 89093/108588 (executing program) 2025/09/01 10:48:12 fetching corpus: 950, signal 90990/111138 (executing program) 2025/09/01 10:48:12 fetching corpus: 1000, signal 92821/113637 (executing program) 2025/09/01 10:48:12 fetching corpus: 1050, signal 94436/115818 (executing program) 2025/09/01 10:48:12 fetching corpus: 1100, signal 96074/118053 (executing program) 2025/09/01 10:48:12 fetching corpus: 1150, signal 97679/120226 (executing program) 2025/09/01 10:48:12 fetching corpus: 1200, signal 99891/122761 (executing program) 2025/09/01 10:48:12 fetching corpus: 1250, signal 101221/124670 (executing program) 2025/09/01 10:48:12 fetching corpus: 1300, signal 102337/126298 (executing program) 2025/09/01 10:48:12 fetching corpus: 1350, signal 103688/128147 (executing program) 2025/09/01 10:48:12 fetching corpus: 1400, signal 105078/129994 (executing program) 2025/09/01 10:48:13 fetching corpus: 1450, signal 105910/131399 (executing program) 2025/09/01 10:48:13 fetching corpus: 1500, signal 107777/133506 (executing program) 2025/09/01 10:48:13 fetching corpus: 1550, signal 108652/134867 (executing program) 2025/09/01 10:48:13 fetching corpus: 1600, signal 109905/136491 (executing program) 2025/09/01 10:48:13 fetching corpus: 1650, signal 111031/137984 (executing program) 2025/09/01 10:48:13 fetching corpus: 1700, signal 111869/139291 (executing program) 2025/09/01 10:48:13 fetching corpus: 1750, signal 113278/140980 (executing program) 2025/09/01 10:48:13 fetching corpus: 1800, signal 115197/142840 (executing program) 2025/09/01 10:48:13 fetching corpus: 1850, signal 116105/144138 (executing program) 2025/09/01 10:48:13 fetching corpus: 1900, signal 117972/145990 (executing program) 2025/09/01 10:48:14 fetching corpus: 1950, signal 118583/147091 (executing program) 2025/09/01 10:48:14 fetching corpus: 2000, signal 119939/148538 (executing program) 2025/09/01 10:48:14 fetching corpus: 2050, signal 121957/150351 (executing program) 2025/09/01 10:48:14 fetching corpus: 2100, signal 122782/151504 (executing program) 2025/09/01 10:48:14 fetching corpus: 2150, signal 123654/152618 (executing program) 2025/09/01 10:48:14 fetching corpus: 2200, signal 124857/153927 (executing program) 2025/09/01 10:48:14 fetching corpus: 2250, signal 125533/154972 (executing program) 2025/09/01 10:48:14 fetching corpus: 2300, signal 126387/156048 (executing program) 2025/09/01 10:48:14 fetching corpus: 2350, signal 127177/157078 (executing program) 2025/09/01 10:48:15 fetching corpus: 2400, signal 127769/157982 (executing program) 2025/09/01 10:48:15 fetching corpus: 2450, signal 128536/158944 (executing program) 2025/09/01 10:48:15 fetching corpus: 2500, signal 129262/159877 (executing program) 2025/09/01 10:48:15 fetching corpus: 2550, signal 131094/161235 (executing program) 2025/09/01 10:48:15 fetching corpus: 2600, signal 131689/162044 (executing program) 2025/09/01 10:48:15 fetching corpus: 2650, signal 132781/163053 (executing program) 2025/09/01 10:48:15 fetching corpus: 2700, signal 133491/163906 (executing program) 2025/09/01 10:48:15 fetching corpus: 2750, signal 134335/164779 (executing program) 2025/09/01 10:48:15 fetching corpus: 2800, signal 134980/165559 (executing program) 2025/09/01 10:48:15 fetching corpus: 2850, signal 135886/166469 (executing program) 2025/09/01 10:48:15 fetching corpus: 2900, signal 136541/167278 (executing program) 2025/09/01 10:48:16 fetching corpus: 2950, signal 137241/168049 (executing program) 2025/09/01 10:48:16 fetching corpus: 3000, signal 138757/169105 (executing program) 2025/09/01 10:48:16 fetching corpus: 3050, signal 139617/169891 (executing program) 2025/09/01 10:48:16 fetching corpus: 3100, signal 140352/170617 (executing program) 2025/09/01 10:48:16 fetching corpus: 3150, signal 141134/171333 (executing program) 2025/09/01 10:48:16 fetching corpus: 3200, signal 142058/172120 (executing program) 2025/09/01 10:48:16 fetching corpus: 3250, signal 142433/172693 (executing program) 2025/09/01 10:48:16 fetching corpus: 3300, signal 142761/173245 (executing program) 2025/09/01 10:48:16 fetching corpus: 3350, signal 143364/173855 (executing program) 2025/09/01 10:48:16 fetching corpus: 3400, signal 143975/174486 (executing program) 2025/09/01 10:48:16 fetching corpus: 3450, signal 144609/175084 (executing program) 2025/09/01 10:48:16 fetching corpus: 3500, signal 145523/175754 (executing program) 2025/09/01 10:48:17 fetching corpus: 3550, signal 146053/176302 (executing program) 2025/09/01 10:48:17 fetching corpus: 3600, signal 146583/176888 (executing program) 2025/09/01 10:48:17 fetching corpus: 3650, signal 147067/177405 (executing program) 2025/09/01 10:48:17 fetching corpus: 3700, signal 147733/177969 (executing program) 2025/09/01 10:48:17 fetching corpus: 3750, signal 148509/178520 (executing program) 2025/09/01 10:48:17 fetching corpus: 3800, signal 148934/179013 (executing program) 2025/09/01 10:48:17 fetching corpus: 3850, signal 149401/179486 (executing program) 2025/09/01 10:48:17 fetching corpus: 3900, signal 149962/179947 (executing program) 2025/09/01 10:48:17 fetching corpus: 3950, signal 150662/180389 (executing program) 2025/09/01 10:48:17 fetching corpus: 4000, signal 151040/180816 (executing program) 2025/09/01 10:48:17 fetching corpus: 4050, signal 151706/181311 (executing program) 2025/09/01 10:48:17 fetching corpus: 4100, signal 152228/181793 (executing program) 2025/09/01 10:48:18 fetching corpus: 4150, signal 152670/182195 (executing program) 2025/09/01 10:48:18 fetching corpus: 4200, signal 153309/182600 (executing program) 2025/09/01 10:48:18 fetching corpus: 4250, signal 154349/183105 (executing program) 2025/09/01 10:48:18 fetching corpus: 4300, signal 154776/183484 (executing program) 2025/09/01 10:48:18 fetching corpus: 4350, signal 155074/183834 (executing program) 2025/09/01 10:48:18 fetching corpus: 4400, signal 155761/184287 (executing program) 2025/09/01 10:48:18 fetching corpus: 4450, signal 156293/184630 (executing program) 2025/09/01 10:48:18 fetching corpus: 4500, signal 156883/184938 (executing program) 2025/09/01 10:48:18 fetching corpus: 4550, signal 157296/184978 (executing program) 2025/09/01 10:48:18 fetching corpus: 4600, signal 157685/184982 (executing program) 2025/09/01 10:48:18 fetching corpus: 4650, signal 158329/185008 (executing program) 2025/09/01 10:48:19 fetching corpus: 4700, signal 160310/185038 (executing program) 2025/09/01 10:48:19 fetching corpus: 4750, signal 160750/185040 (executing program) 2025/09/01 10:48:19 fetching corpus: 4800, signal 161356/185043 (executing program) 2025/09/01 10:48:19 fetching corpus: 4850, signal 161695/185070 (executing program) 2025/09/01 10:48:19 fetching corpus: 4900, signal 162024/185075 (executing program) 2025/09/01 10:48:19 fetching corpus: 4950, signal 162606/185083 (executing program) 2025/09/01 10:48:19 fetching corpus: 5000, signal 162955/185084 (executing program) 2025/09/01 10:48:19 fetching corpus: 5050, signal 163301/185101 (executing program) 2025/09/01 10:48:19 fetching corpus: 5100, signal 163765/185121 (executing program) 2025/09/01 10:48:19 fetching corpus: 5150, signal 164302/185131 (executing program) 2025/09/01 10:48:19 fetching corpus: 5200, signal 164745/185151 (executing program) 2025/09/01 10:48:20 fetching corpus: 5250, signal 165127/185191 (executing program) 2025/09/01 10:48:20 fetching corpus: 5300, signal 165567/185195 (executing program) 2025/09/01 10:48:20 fetching corpus: 5350, signal 165914/185208 (executing program) 2025/09/01 10:48:20 fetching corpus: 5400, signal 166262/185211 (executing program) 2025/09/01 10:48:20 fetching corpus: 5449, signal 166486/185229 (executing program) 2025/09/01 10:48:20 fetching corpus: 5499, signal 167151/185244 (executing program) 2025/09/01 10:48:20 fetching corpus: 5549, signal 167486/185287 (executing program) 2025/09/01 10:48:20 fetching corpus: 5599, signal 167828/185287 (executing program) 2025/09/01 10:48:20 fetching corpus: 5649, signal 168320/185319 (executing program) 2025/09/01 10:48:20 fetching corpus: 5699, signal 168733/185322 (executing program) 2025/09/01 10:48:20 fetching corpus: 5749, signal 169378/185346 (executing program) 2025/09/01 10:48:21 fetching corpus: 5799, signal 169728/185386 (executing program) 2025/09/01 10:48:21 fetching corpus: 5849, signal 170349/185396 (executing program) 2025/09/01 10:48:21 fetching corpus: 5899, signal 170697/185420 (executing program) 2025/09/01 10:48:21 fetching corpus: 5949, signal 170969/185425 (executing program) 2025/09/01 10:48:21 fetching corpus: 5999, signal 171524/185425 (executing program) 2025/09/01 10:48:21 fetching corpus: 6049, signal 172021/185560 (executing program) 2025/09/01 10:48:21 fetching corpus: 6099, signal 172275/185570 (executing program) 2025/09/01 10:48:21 fetching corpus: 6149, signal 172508/185576 (executing program) 2025/09/01 10:48:21 fetching corpus: 6199, signal 172953/185583 (executing program) 2025/09/01 10:48:21 fetching corpus: 6249, signal 173352/185596 (executing program) 2025/09/01 10:48:21 fetching corpus: 6299, signal 173678/185599 (executing program) 2025/09/01 10:48:21 fetching corpus: 6349, signal 174048/185603 (executing program) 2025/09/01 10:48:21 fetching corpus: 6399, signal 174260/185626 (executing program) 2025/09/01 10:48:22 fetching corpus: 6449, signal 174802/185651 (executing program) 2025/09/01 10:48:22 fetching corpus: 6499, signal 175206/185657 (executing program) 2025/09/01 10:48:22 fetching corpus: 6549, signal 175498/185659 (executing program) 2025/09/01 10:48:22 fetching corpus: 6599, signal 175870/185672 (executing program) 2025/09/01 10:48:22 fetching corpus: 6649, signal 176207/185707 (executing program) 2025/09/01 10:48:22 fetching corpus: 6699, signal 176564/185727 (executing program) 2025/09/01 10:48:22 fetching corpus: 6749, signal 176801/185737 (executing program) 2025/09/01 10:48:22 fetching corpus: 6799, signal 177199/185777 (executing program) 2025/09/01 10:48:22 fetching corpus: 6849, signal 177523/185785 (executing program) 2025/09/01 10:48:22 fetching corpus: 6899, signal 177768/185791 (executing program) 2025/09/01 10:48:23 fetching corpus: 6949, signal 178281/185793 (executing program) 2025/09/01 10:48:23 fetching corpus: 6999, signal 178596/185806 (executing program) 2025/09/01 10:48:23 fetching corpus: 7049, signal 178892/185810 (executing program) 2025/09/01 10:48:23 fetching corpus: 7099, signal 179197/185818 (executing program) 2025/09/01 10:48:23 fetching corpus: 7149, signal 179425/185843 (executing program) 2025/09/01 10:48:23 fetching corpus: 7199, signal 179681/185849 (executing program) 2025/09/01 10:48:23 fetching corpus: 7249, signal 179908/185849 (executing program) 2025/09/01 10:48:23 fetching corpus: 7299, signal 180174/185853 (executing program) 2025/09/01 10:48:23 fetching corpus: 7349, signal 180401/185869 (executing program) 2025/09/01 10:48:23 fetching corpus: 7399, signal 180562/185904 (executing program) 2025/09/01 10:48:23 fetching corpus: 7449, signal 180846/185909 (executing program) 2025/09/01 10:48:23 fetching corpus: 7499, signal 181176/185916 (executing program) 2025/09/01 10:48:24 fetching corpus: 7549, signal 181516/185949 (executing program) 2025/09/01 10:48:24 fetching corpus: 7599, signal 181770/185951 (executing program) 2025/09/01 10:48:24 fetching corpus: 7649, signal 182136/185951 (executing program) 2025/09/01 10:48:24 fetching corpus: 7699, signal 182377/185955 (executing program) 2025/09/01 10:48:24 fetching corpus: 7749, signal 182661/185962 (executing program) 2025/09/01 10:48:24 fetching corpus: 7799, signal 183014/185969 (executing program) 2025/09/01 10:48:24 fetching corpus: 7846, signal 183253/185991 (executing program) 2025/09/01 10:48:24 fetching corpus: 7846, signal 183253/185991 (executing program) 2025/09/01 10:48:27 starting 8 fuzzer processes 10:48:27 executing program 0: mlockall(0x1) 10:48:27 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000440), 0x4) 10:48:27 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, 0x0) 10:48:27 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080), 0x8) [ 79.517255] audit: type=1400 audit(1756723707.172:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:48:27 executing program 6: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) mq_notify(r0, &(0x7f00000001c0)={0x0, 0x0, 0x1, @tid=0xffffffffffffffff}) 10:48:27 executing program 4: mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001900)={0x77359400}) 10:48:27 executing program 7: r0 = syz_io_uring_setup(0x56a8, &(0x7f0000000080)={0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x21, &(0x7f0000000580)=[{0x0}], 0x1) 10:48:27 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000240)="40008d004900a5bea1b7c5ca110b7021799de00ffb22856a66196c37e455236c89424ae3d9649d227f0a9af9b8365032cfe853c1ca103905d7b66d6e27cfb53bd4799d75ef2aea58c532e405000000ebe8d41e9f091eb1885b8ad83af93f5ef3a3f4d0f8dfa005a77442ac16396384a214a8f7a574e6ebd5ea02d96db3bc87f45049c1151fdfad4ae4bbbde7ba3f5893768472b8eefc59f2da01b619573201730a6e7c9b9459c05c5afe5c6f978e5e09f23948721f212f1c785a9174344feca299e5", 0xc57d4077604cc144) [ 80.710854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.714480] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.716386] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.721206] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.724876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.907149] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.918277] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.920076] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.922921] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.924480] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.928196] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.933829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.935390] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.939983] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.946023] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.947195] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.949418] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.951009] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.975120] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.980052] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.991057] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.006172] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.008744] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.010366] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.012183] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.017206] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.017322] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.019825] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.024162] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.025048] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.026477] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.028465] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.035957] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.038389] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.041015] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.043217] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.046882] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.055691] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.057116] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.063069] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 82.745303] Bluetooth: hci0: command tx timeout [ 82.999679] Bluetooth: hci2: command tx timeout [ 83.000453] Bluetooth: hci1: command tx timeout [ 83.064022] Bluetooth: hci3: command tx timeout [ 83.128068] Bluetooth: hci4: command tx timeout [ 83.128556] Bluetooth: hci6: command tx timeout [ 83.129543] Bluetooth: hci5: command tx timeout [ 83.130332] Bluetooth: hci7: command tx timeout [ 84.791648] Bluetooth: hci0: command tx timeout [ 85.048218] Bluetooth: hci1: command tx timeout [ 85.048695] Bluetooth: hci2: command tx timeout [ 85.111702] Bluetooth: hci3: command tx timeout [ 85.176711] Bluetooth: hci7: command tx timeout [ 85.177115] Bluetooth: hci6: command tx timeout [ 85.177499] Bluetooth: hci5: command tx timeout [ 85.178672] Bluetooth: hci4: command tx timeout [ 86.839778] Bluetooth: hci0: command tx timeout [ 87.095771] Bluetooth: hci2: command tx timeout [ 87.096219] Bluetooth: hci1: command tx timeout [ 87.160247] Bluetooth: hci3: command tx timeout [ 87.223721] Bluetooth: hci6: command tx timeout [ 87.224145] Bluetooth: hci7: command tx timeout [ 87.224564] Bluetooth: hci5: command tx timeout [ 87.225247] Bluetooth: hci4: command tx timeout [ 88.888319] Bluetooth: hci0: command tx timeout [ 89.144649] Bluetooth: hci1: command tx timeout [ 89.145099] Bluetooth: hci2: command tx timeout [ 89.207669] Bluetooth: hci3: command tx timeout [ 89.271749] Bluetooth: hci7: command tx timeout [ 89.271779] Bluetooth: hci5: command tx timeout [ 89.274828] Bluetooth: hci4: command tx timeout [ 89.274843] Bluetooth: hci6: command tx timeout [ 115.861777] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.862449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.062408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.063132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.187159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.187807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.265179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.265924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.308372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.308970] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.358982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.359578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.379095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.379700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.406870] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.407447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.438071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.438727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.442025] audit: type=1400 audit(1756723744.096:8): avc: denied { open } for pid=3871 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.447711] audit: type=1400 audit(1756723744.096:9): avc: denied { kernel } for pid=3871 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:49:04 executing program 7: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x1, 0x2, 0x5}, 0x14}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x4, 0x1, 0x101}, 0x14}}, 0x0) [ 116.481043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.481660] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:49:04 executing program 7: name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2400) 10:49:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) [ 116.539021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.539642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:49:04 executing program 7: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00'}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x65d8, &(0x7f0000000b00)={0x0, 0x18f1, 0x20}) [ 116.588903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.589502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:49:04 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpgrp(0xffffffffffffffff) tgkill(r0, r0, 0x0) 10:49:04 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpgrp(0xffffffffffffffff) tgkill(r0, r0, 0x0) [ 116.737520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.738199] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:49:04 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpgrp(0xffffffffffffffff) tgkill(r0, r0, 0x0) 10:49:04 executing program 7: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000001ec0), 0x0, 0x0) r1 = io_uring_setup(0x6aff, &(0x7f0000000140)) close_range(r1, 0xffffffffffffffff, 0x0) pread64(r0, &(0x7f0000000000)=""/30, 0xffffff18, 0x0) [ 116.858492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.859125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.929778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.930362] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.990283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.991495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:49:04 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x25}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) flock(0xffffffffffffffff, 0x0) 10:49:04 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, 0x0) 10:49:04 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0xffffff7f}) 10:49:04 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpgrp(0xffffffffffffffff) tgkill(r0, r0, 0x0) 10:49:04 executing program 7: syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), 0xffffffffffffffff) 10:49:04 executing program 6: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast1}, {0x11, 0x0, 0x0, @dev}}}}}, 0x0) 10:49:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000440), 0x4) 10:49:04 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) fsetxattr$security_ima(r0, &(0x7f0000000140), 0x0, 0x0, 0x0) [ 117.196034] program syz-executor.5 is using a deprecated SCSI ioctl, please convert it to SG_IO 10:49:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000440), 0x4) [ 117.238290] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 117.239247] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 117.240025] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 117.242249] Tainted: [W]=WARN [ 117.242966] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 10:49:04 executing program 7: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) rmdir(&(0x7f0000000140)='./file0/file0\x00') 10:49:04 executing program 6: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast1}, {0x11, 0x0, 0x0, @dev}}}}}, 0x0) 10:49:04 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140), 0x8) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f00000082c0)) [ 117.244630] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.245764] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.249766] RSP: 0018:ffff888045b9f780 EFLAGS: 00010012 [ 117.250193] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002a9f000 [ 117.250755] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 117.251327] RBP: ffff888045b9f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16178 [ 117.251887] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.252448] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 117.253014] FS: 00007f47ef031700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 117.253642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.254101] CR2: 000000c0002b4000 CR3: 0000000044be3000 CR4: 0000000000350ef0 [ 117.254667] Call Trace: [ 117.254877] [ 117.255060] ? __pfx_perf_tp_event+0x10/0x10 [ 117.255433] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 117.255923] ? lock_acquire+0x15e/0x2f0 [ 117.256248] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 117.256754] ? lock_is_held_type+0x9e/0x120 [ 117.257107] ? lock_is_held_type+0x9e/0x120 [ 117.257460] ? ctx_sched_in+0x134/0x9b0 [ 117.257781] ? __pfx_ctx_sched_in+0x10/0x10 [ 117.258123] ? arch_stack_walk+0x9c/0xf0 [ 117.258450] ? find_held_lock+0x2b/0x80 [ 117.258777] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.259183] ? lock_release+0xc8/0x290 [ 117.259510] perf_trace_run_bpf_submit+0xef/0x180 [ 117.259908] perf_trace_preemptirq_template+0x259/0x430 [ 117.260334] ? mark_held_locks+0x49/0x80 [ 117.260657] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.261123] ? _raw_spin_lock_irqsave+0x53/0x60 [ 117.261501] trace_irq_disable.constprop.0+0xa6/0x100 [ 117.261910] _raw_spin_lock_irqsave+0x53/0x60 [ 117.262272] try_to_wake_up+0xa0/0x11d0 [ 117.262601] ? __pfx_try_to_wake_up+0x10/0x10 [ 117.262967] ? plist_del+0x122/0x270 [ 117.263289] ? find_held_lock+0x2b/0x80 [ 117.263614] ? futex_wake+0x474/0x540 [ 117.263925] wake_up_q+0xa1/0x130 [ 117.264214] futex_wake+0x47e/0x540 [ 117.264512] ? __pfx_futex_wake+0x10/0x10 [ 117.264848] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 117.265253] ? lock_release+0xc8/0x290 [ 117.265568] do_futex+0x26d/0x370 [ 117.265852] ? __pfx_do_futex+0x10/0x10 [ 117.266174] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 117.266598] ? find_held_lock+0x2b/0x80 [ 117.266926] __x64_sys_futex+0x1c9/0x4d0 [ 117.267263] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.267729] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.268098] ? xfd_validate_state+0x55/0x180 [ 117.268464] do_syscall_64+0xbf/0x360 [ 117.268773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.269183] RIP: 0033:0x7f47f1abbb19 [ 117.269481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.270904] RSP: 002b:00007f47ef031218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.271511] RAX: ffffffffffffffda RBX: 00007f47f1bcef68 RCX: 00007f47f1abbb19 [ 117.272071] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f47f1bcef6c [ 117.272628] RBP: 00007f47f1bcef60 R08: 000000000000000e R09: 0000000000000000 [ 117.273184] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f47f1bcef6c [ 117.273740] R13: 00007fff8e24db3f R14: 00007f47ef031300 R15: 0000000000022000 [ 117.274304] [ 117.274495] Modules linked in: [ 117.274758] ---[ end trace 0000000000000000 ]--- [ 117.275131] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.275513] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.276933] RSP: 0018:ffff888045b9f780 EFLAGS: 00010012 [ 117.277357] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002a9f000 [ 117.277921] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 117.278483] RBP: ffff888045b9f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16178 [ 117.279041] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.279606] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 117.280168] FS: 00007f47ef031700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 117.280804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.281261] CR2: 000000c0002b4000 CR3: 0000000044be3000 CR4: 0000000000350ef0 [ 117.281826] note: syz-executor.1[3931] exited with irqs disabled [ 117.282348] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 117.283236] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 117.283919] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 117.284850] Tainted: [D]=DIE, [W]=WARN [ 117.285153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.285798] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.286174] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.287604] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010012 [ 117.288028] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 117.288589] RDX: ffff88804481d280 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 117.289152] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd16178 [ 117.289708] R10: 0000000000000000 R11: ffff88800f608498 R12: dffffc0000000000 [ 117.290262] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 117.290820] FS: 00007f47ef031700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 117.291459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.291919] CR2: 000000c0002b4000 CR3: 0000000044be3000 CR4: 0000000000350ef0 [ 117.292480] Call Trace: [ 117.292685] [ 117.292864] ? __pfx_perf_tp_event+0x10/0x10 [ 117.293218] ? update_load_avg+0x17d/0x1ef0 [ 117.293559] ? update_cfs_group+0x11d/0x260 [ 117.293909] ? kvm_sched_clock_read+0x16/0x30 [ 117.294270] ? enqueue_task_fair+0xded/0x1e00 [ 117.294634] ? check_preempt_wakeup_fair+0x6e/0x950 [ 117.295036] ? wakeup_preempt+0x140/0x2a0 [ 117.295373] ? lock_release+0x1c7/0x290 [ 117.295693] ? lock_release+0x1c7/0x290 [ 117.296013] ? do_raw_spin_unlock+0x53/0x220 [ 117.296368] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 117.296774] ? try_to_wake_up+0x8ae/0x11d0 [ 117.297119] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.297525] ? lock_release+0x1c7/0x290 [ 117.297846] perf_trace_run_bpf_submit+0xef/0x180 [ 117.298234] perf_trace_preemptirq_template+0x259/0x430 [ 117.298655] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 117.299119] ? read_tsc+0x9/0x20 [ 117.299408] ? ktime_get+0x16d/0x270 [ 117.299711] ? __pfx_lapic_next_deadline+0x10/0x10 [ 117.300100] ? clockevents_program_event+0x135/0x360 [ 117.300515] ? _raw_spin_lock_irq+0x42/0x50 [ 117.300864] trace_irq_disable.constprop.0+0xa6/0x100 [ 117.301273] _raw_spin_lock_irq+0x42/0x50 [ 117.301608] run_timer_softirq+0x10f/0x210 [ 117.301952] handle_softirqs+0x1b1/0x770 [ 117.302290] __irq_exit_rcu+0xc4/0x100 [ 117.302609] irq_exit_rcu+0x9/0x20 [ 117.302895] sysvec_apic_timer_interrupt+0x70/0x80 [ 117.303300] [ 117.303482] [ 117.303665] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 117.304085] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 117.304464] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 117.305884] RSP: 0018:ffff888045b9ff28 EFLAGS: 00000246 [ 117.306303] RAX: 0000000000000001 RBX: ffff88804481d280 RCX: ffffffff817c3ab6 [ 117.306866] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 117.307430] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 117.307990] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88804481d280 [ 117.308547] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 117.309106] ? trace_irq_enable.constprop.0+0x26/0x100 [ 117.309522] ? make_task_dead+0x214/0x3b0 [ 117.309857] ? make_task_dead+0x214/0x3b0 [ 117.310189] ? do_syscall_64+0xbf/0x360 [ 117.310505] rewind_stack_and_make_dead+0x16/0x20 [ 117.310892] RIP: 0033:0x7f47f1abbb19 [ 117.311193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.312619] RSP: 002b:00007f47ef031218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.313216] RAX: ffffffffffffffda RBX: 00007f47f1bcef68 RCX: 00007f47f1abbb19 [ 117.313773] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f47f1bcef6c [ 117.314334] RBP: 00007f47f1bcef60 R08: 000000000000000e R09: 0000000000000000 [ 117.314896] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f47f1bcef6c [ 117.315457] R13: 00007fff8e24db3f R14: 00007f47ef031300 R15: 0000000000022000 [ 117.316062] [ 117.316272] Modules linked in: [ 117.316552] ---[ end trace 0000000000000000 ]--- [ 117.316554] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 117.316931] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.317801] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 117.318165] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.318756] CPU: 0 UID: 0 PID: 3934 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 117.320174] RSP: 0018:ffff888045b9f780 EFLAGS: 00010012 [ 117.321091] Tainted: [D]=DIE, [W]=WARN [ 117.321504] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002a9f000 [ 117.321802] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.322356] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 117.322993] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.323558] RBP: ffff888045b9f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16178 [ 117.323923] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.324473] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.325887] RSP: 0018:ffff8880464af780 EFLAGS: 00010012 [ 117.326436] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 117.326438] [ 117.326448] FS: 00007f47ef031700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 117.326853] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 117.327419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.327557] RDX: ffff888016e53700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 117.328190] CR2: 000000c0002b4000 CR3: 0000000044be3000 CR4: 0000000000350ef0 [ 117.328739] RBP: ffff8880464af9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16178 [ 117.329194] Kernel panic - not syncing: Fatal exception in interrupt [ 117.331618] Kernel Offset: disabled [ 117.331911] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:49:05 Registers: info registers vcpu 0 RAX=00000000000000e2 RBX=ffffc90000663818 RCX=ffffffff8358cc9b RDX=1ffff11001569ca3 RSI=ffffffff8358cd0e RDI=ffff88800ab4e52a RBP=0000000000000000 RSP=ffff888016b7ef78 R8 =0000000000000000 R9 =fffffbfff0c8768a R10=0000000000000000 R11=0000000000000000 R12=0000000000000018 R13=ffff88800c75ce10 R14=ffff88800a278000 R15=ffff88800ab4e500 RIP=ffffffff8358cda3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0d37b58900 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe6000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f650b6483a4 CR3=000000000c027000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=5f7a79730a3a37206d6172676f727020 XMM02=30663778302826202c30783028303636 XMM03=30202c307830202c273030785c30656c XMM04=7830287366706d74246567616d695f74 XMM05=7830202c273030785c73666d6172273d XMM06=26202c273030785c30656c69662f2e27 XMM07=2826202c30783028746e756f6d0a2930 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045b9f070 R8 =0000000000000000 R9 =ffffed1001349046 R10=0000000000000030 R11=0000000065646f43 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f47ef031700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c0002b4000 CR3=0000000044be3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f47f1ba27c000007f47f1ba27c8 XMM02=00007f47f1ba27e000007f47f1ba27c0 XMM03=00007f47f1ba27c800007f47f1ba27c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000