Warning: Permanently added '[localhost]:19296' (ECDSA) to the list of known hosts. 2025/09/01 11:24:30 fuzzer started 2025/09/01 11:24:30 dialing manager at localhost:35473 syzkaller login: [ 50.099742] cgroup: Unknown subsys name 'net' [ 50.165351] cgroup: Unknown subsys name 'cpuset' [ 50.192309] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:24:41 syscalls: 2214 2025/09/01 11:24:41 code coverage: enabled 2025/09/01 11:24:41 comparison tracing: enabled 2025/09/01 11:24:41 extra coverage: enabled 2025/09/01 11:24:41 setuid sandbox: enabled 2025/09/01 11:24:41 namespace sandbox: enabled 2025/09/01 11:24:41 Android sandbox: enabled 2025/09/01 11:24:41 fault injection: enabled 2025/09/01 11:24:41 leak checking: enabled 2025/09/01 11:24:41 net packet injection: enabled 2025/09/01 11:24:41 net device setup: enabled 2025/09/01 11:24:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:24:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:24:41 USB emulation: enabled 2025/09/01 11:24:41 hci packet injection: enabled 2025/09/01 11:24:41 wifi device emulation: enabled 2025/09/01 11:24:41 802.15.4 emulation: enabled 2025/09/01 11:24:41 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:24:41 fetching corpus: 50, signal 21293/24866 (executing program) 2025/09/01 11:24:41 fetching corpus: 100, signal 26788/31969 (executing program) 2025/09/01 11:24:41 fetching corpus: 150, signal 31462/38186 (executing program) 2025/09/01 11:24:41 fetching corpus: 200, signal 36943/45023 (executing program) 2025/09/01 11:24:42 fetching corpus: 250, signal 43558/52798 (executing program) 2025/09/01 11:24:42 fetching corpus: 300, signal 49908/60174 (executing program) 2025/09/01 11:24:42 fetching corpus: 350, signal 55048/66348 (executing program) 2025/09/01 11:24:42 fetching corpus: 400, signal 60379/72609 (executing program) 2025/09/01 11:24:42 fetching corpus: 449, signal 65375/78469 (executing program) 2025/09/01 11:24:42 fetching corpus: 499, signal 67330/81501 (executing program) 2025/09/01 11:24:42 fetching corpus: 549, signal 68674/83936 (executing program) 2025/09/01 11:24:42 fetching corpus: 597, signal 71984/88071 (executing program) 2025/09/01 11:24:42 fetching corpus: 647, signal 74890/91790 (executing program) 2025/09/01 11:24:42 fetching corpus: 697, signal 77852/95474 (executing program) 2025/09/01 11:24:42 fetching corpus: 747, signal 81695/99874 (executing program) 2025/09/01 11:24:42 fetching corpus: 797, signal 83925/102863 (executing program) 2025/09/01 11:24:43 fetching corpus: 847, signal 85731/105400 (executing program) 2025/09/01 11:24:43 fetching corpus: 897, signal 88563/108766 (executing program) 2025/09/01 11:24:43 fetching corpus: 946, signal 90895/111678 (executing program) 2025/09/01 11:24:43 fetching corpus: 996, signal 92225/113757 (executing program) 2025/09/01 11:24:43 fetching corpus: 1046, signal 93773/115967 (executing program) 2025/09/01 11:24:43 fetching corpus: 1096, signal 95474/118298 (executing program) 2025/09/01 11:24:43 fetching corpus: 1146, signal 97247/120668 (executing program) 2025/09/01 11:24:43 fetching corpus: 1196, signal 98348/122440 (executing program) 2025/09/01 11:24:43 fetching corpus: 1246, signal 99832/124411 (executing program) 2025/09/01 11:24:43 fetching corpus: 1296, signal 101515/126526 (executing program) 2025/09/01 11:24:43 fetching corpus: 1346, signal 103199/128646 (executing program) 2025/09/01 11:24:43 fetching corpus: 1396, signal 105184/130995 (executing program) 2025/09/01 11:24:43 fetching corpus: 1446, signal 106887/133052 (executing program) 2025/09/01 11:24:44 fetching corpus: 1496, signal 108016/134676 (executing program) 2025/09/01 11:24:44 fetching corpus: 1546, signal 109035/136223 (executing program) 2025/09/01 11:24:44 fetching corpus: 1596, signal 111287/138503 (executing program) 2025/09/01 11:24:44 fetching corpus: 1645, signal 112402/140070 (executing program) 2025/09/01 11:24:44 fetching corpus: 1695, signal 113621/141660 (executing program) 2025/09/01 11:24:44 fetching corpus: 1745, signal 114613/143081 (executing program) 2025/09/01 11:24:44 fetching corpus: 1795, signal 116376/144925 (executing program) 2025/09/01 11:24:44 fetching corpus: 1845, signal 117376/146309 (executing program) 2025/09/01 11:24:44 fetching corpus: 1895, signal 118958/147961 (executing program) 2025/09/01 11:24:44 fetching corpus: 1945, signal 120117/149339 (executing program) 2025/09/01 11:24:44 fetching corpus: 1995, signal 121301/150749 (executing program) 2025/09/01 11:24:45 fetching corpus: 2045, signal 122060/151892 (executing program) 2025/09/01 11:24:45 fetching corpus: 2095, signal 123361/153346 (executing program) 2025/09/01 11:24:45 fetching corpus: 2145, signal 123948/154343 (executing program) 2025/09/01 11:24:45 fetching corpus: 2195, signal 124855/155547 (executing program) 2025/09/01 11:24:45 fetching corpus: 2245, signal 125502/156610 (executing program) 2025/09/01 11:24:45 fetching corpus: 2295, signal 126500/157822 (executing program) 2025/09/01 11:24:45 fetching corpus: 2345, signal 127373/158926 (executing program) 2025/09/01 11:24:45 fetching corpus: 2395, signal 128615/160161 (executing program) 2025/09/01 11:24:45 fetching corpus: 2445, signal 129489/161265 (executing program) 2025/09/01 11:24:45 fetching corpus: 2495, signal 130276/162285 (executing program) 2025/09/01 11:24:45 fetching corpus: 2545, signal 131002/163270 (executing program) 2025/09/01 11:24:46 fetching corpus: 2595, signal 132153/164400 (executing program) 2025/09/01 11:24:46 fetching corpus: 2645, signal 132990/165385 (executing program) 2025/09/01 11:24:46 fetching corpus: 2695, signal 133553/166223 (executing program) 2025/09/01 11:24:46 fetching corpus: 2745, signal 134458/167153 (executing program) 2025/09/01 11:24:46 fetching corpus: 2795, signal 137945/169102 (executing program) 2025/09/01 11:24:46 fetching corpus: 2845, signal 138780/169969 (executing program) 2025/09/01 11:24:46 fetching corpus: 2895, signal 139725/170917 (executing program) 2025/09/01 11:24:46 fetching corpus: 2945, signal 140868/171911 (executing program) 2025/09/01 11:24:46 fetching corpus: 2995, signal 142217/172911 (executing program) 2025/09/01 11:24:46 fetching corpus: 3045, signal 142775/173620 (executing program) 2025/09/01 11:24:47 fetching corpus: 3095, signal 143682/174384 (executing program) 2025/09/01 11:24:47 fetching corpus: 3145, signal 144237/175079 (executing program) 2025/09/01 11:24:47 fetching corpus: 3195, signal 144771/175748 (executing program) 2025/09/01 11:24:47 fetching corpus: 3245, signal 145264/176401 (executing program) 2025/09/01 11:24:47 fetching corpus: 3295, signal 145785/177078 (executing program) 2025/09/01 11:24:47 fetching corpus: 3345, signal 146292/177668 (executing program) 2025/09/01 11:24:47 fetching corpus: 3395, signal 146863/178338 (executing program) 2025/09/01 11:24:47 fetching corpus: 3445, signal 147510/179020 (executing program) 2025/09/01 11:24:47 fetching corpus: 3495, signal 148268/179729 (executing program) 2025/09/01 11:24:47 fetching corpus: 3545, signal 148914/180327 (executing program) 2025/09/01 11:24:47 fetching corpus: 3595, signal 149709/180946 (executing program) 2025/09/01 11:24:48 fetching corpus: 3644, signal 150159/181448 (executing program) 2025/09/01 11:24:48 fetching corpus: 3694, signal 150982/182074 (executing program) 2025/09/01 11:24:48 fetching corpus: 3744, signal 151354/182543 (executing program) 2025/09/01 11:24:48 fetching corpus: 3794, signal 151927/183053 (executing program) 2025/09/01 11:24:48 fetching corpus: 3844, signal 152402/183565 (executing program) 2025/09/01 11:24:48 fetching corpus: 3894, signal 152853/184047 (executing program) 2025/09/01 11:24:48 fetching corpus: 3944, signal 153426/184528 (executing program) 2025/09/01 11:24:48 fetching corpus: 3994, signal 153890/185008 (executing program) 2025/09/01 11:24:48 fetching corpus: 4044, signal 154421/185472 (executing program) 2025/09/01 11:24:48 fetching corpus: 4094, signal 154877/185911 (executing program) 2025/09/01 11:24:48 fetching corpus: 4144, signal 155660/186360 (executing program) 2025/09/01 11:24:49 fetching corpus: 4194, signal 156745/186807 (executing program) 2025/09/01 11:24:49 fetching corpus: 4244, signal 157174/187227 (executing program) 2025/09/01 11:24:49 fetching corpus: 4294, signal 157585/187618 (executing program) 2025/09/01 11:24:49 fetching corpus: 4344, signal 158289/188008 (executing program) 2025/09/01 11:24:49 fetching corpus: 4394, signal 158721/188375 (executing program) 2025/09/01 11:24:49 fetching corpus: 4444, signal 159120/188746 (executing program) 2025/09/01 11:24:49 fetching corpus: 4494, signal 159442/189081 (executing program) 2025/09/01 11:24:49 fetching corpus: 4544, signal 159758/189399 (executing program) 2025/09/01 11:24:49 fetching corpus: 4594, signal 160240/189697 (executing program) 2025/09/01 11:24:49 fetching corpus: 4644, signal 160658/189888 (executing program) 2025/09/01 11:24:49 fetching corpus: 4694, signal 161003/189934 (executing program) 2025/09/01 11:24:50 fetching corpus: 4744, signal 161341/189939 (executing program) 2025/09/01 11:24:50 fetching corpus: 4794, signal 161716/189962 (executing program) 2025/09/01 11:24:50 fetching corpus: 4844, signal 162066/189982 (executing program) 2025/09/01 11:24:50 fetching corpus: 4894, signal 162609/190007 (executing program) 2025/09/01 11:24:50 fetching corpus: 4944, signal 162936/190009 (executing program) 2025/09/01 11:24:50 fetching corpus: 4994, signal 163553/190076 (executing program) 2025/09/01 11:24:50 fetching corpus: 5044, signal 163937/190094 (executing program) 2025/09/01 11:24:50 fetching corpus: 5094, signal 164262/190110 (executing program) 2025/09/01 11:24:50 fetching corpus: 5144, signal 164792/190110 (executing program) 2025/09/01 11:24:50 fetching corpus: 5194, signal 165307/190126 (executing program) 2025/09/01 11:24:50 fetching corpus: 5244, signal 165579/190130 (executing program) 2025/09/01 11:24:50 fetching corpus: 5293, signal 165934/190151 (executing program) 2025/09/01 11:24:51 fetching corpus: 5343, signal 166348/190154 (executing program) 2025/09/01 11:24:51 fetching corpus: 5393, signal 166746/190165 (executing program) 2025/09/01 11:24:51 fetching corpus: 5443, signal 167279/190245 (executing program) 2025/09/01 11:24:51 fetching corpus: 5493, signal 167605/190247 (executing program) 2025/09/01 11:24:51 fetching corpus: 5543, signal 167867/190264 (executing program) 2025/09/01 11:24:51 fetching corpus: 5593, signal 168324/190264 (executing program) 2025/09/01 11:24:51 fetching corpus: 5643, signal 168769/190264 (executing program) 2025/09/01 11:24:51 fetching corpus: 5693, signal 169135/190265 (executing program) 2025/09/01 11:24:51 fetching corpus: 5743, signal 169761/190272 (executing program) 2025/09/01 11:24:51 fetching corpus: 5793, signal 170052/190286 (executing program) 2025/09/01 11:24:51 fetching corpus: 5843, signal 170507/190308 (executing program) 2025/09/01 11:24:51 fetching corpus: 5893, signal 170846/190311 (executing program) 2025/09/01 11:24:51 fetching corpus: 5943, signal 171152/190326 (executing program) 2025/09/01 11:24:52 fetching corpus: 5993, signal 171512/190329 (executing program) 2025/09/01 11:24:52 fetching corpus: 6043, signal 172011/190342 (executing program) 2025/09/01 11:24:52 fetching corpus: 6093, signal 172256/190347 (executing program) 2025/09/01 11:24:52 fetching corpus: 6143, signal 172780/190348 (executing program) 2025/09/01 11:24:52 fetching corpus: 6193, signal 173162/190353 (executing program) 2025/09/01 11:24:52 fetching corpus: 6243, signal 173591/190361 (executing program) 2025/09/01 11:24:52 fetching corpus: 6293, signal 174043/190366 (executing program) 2025/09/01 11:24:52 fetching corpus: 6343, signal 174296/190401 (executing program) 2025/09/01 11:24:52 fetching corpus: 6393, signal 174629/190431 (executing program) 2025/09/01 11:24:52 fetching corpus: 6443, signal 175131/190436 (executing program) 2025/09/01 11:24:52 fetching corpus: 6493, signal 175405/190462 (executing program) 2025/09/01 11:24:53 fetching corpus: 6543, signal 175796/190471 (executing program) 2025/09/01 11:24:53 fetching corpus: 6593, signal 176152/190482 (executing program) 2025/09/01 11:24:53 fetching corpus: 6643, signal 176457/190490 (executing program) 2025/09/01 11:24:53 fetching corpus: 6693, signal 176754/190493 (executing program) 2025/09/01 11:24:53 fetching corpus: 6743, signal 177077/190497 (executing program) 2025/09/01 11:24:53 fetching corpus: 6793, signal 177578/190528 (executing program) 2025/09/01 11:24:53 fetching corpus: 6843, signal 177782/190531 (executing program) 2025/09/01 11:24:53 fetching corpus: 6893, signal 178446/190539 (executing program) 2025/09/01 11:24:53 fetching corpus: 6943, signal 178713/190544 (executing program) 2025/09/01 11:24:53 fetching corpus: 6993, signal 179034/190570 (executing program) 2025/09/01 11:24:53 fetching corpus: 7043, signal 179323/190578 (executing program) 2025/09/01 11:24:54 fetching corpus: 7093, signal 179708/190638 (executing program) 2025/09/01 11:24:54 fetching corpus: 7143, signal 179908/190642 (executing program) 2025/09/01 11:24:54 fetching corpus: 7193, signal 180128/190684 (executing program) 2025/09/01 11:24:54 fetching corpus: 7243, signal 180455/190686 (executing program) 2025/09/01 11:24:54 fetching corpus: 7293, signal 180840/190727 (executing program) 2025/09/01 11:24:54 fetching corpus: 7343, signal 181081/190730 (executing program) 2025/09/01 11:24:54 fetching corpus: 7393, signal 181299/190732 (executing program) 2025/09/01 11:24:54 fetching corpus: 7443, signal 181579/190732 (executing program) 2025/09/01 11:24:54 fetching corpus: 7493, signal 182114/190740 (executing program) 2025/09/01 11:24:54 fetching corpus: 7543, signal 182426/190741 (executing program) 2025/09/01 11:24:54 fetching corpus: 7593, signal 182860/190750 (executing program) 2025/09/01 11:24:54 fetching corpus: 7643, signal 183150/190752 (executing program) 2025/09/01 11:24:55 fetching corpus: 7693, signal 183413/190756 (executing program) 2025/09/01 11:24:55 fetching corpus: 7743, signal 183658/190765 (executing program) 2025/09/01 11:24:55 fetching corpus: 7793, signal 183959/190765 (executing program) 2025/09/01 11:24:55 fetching corpus: 7843, signal 184192/190771 (executing program) 2025/09/01 11:24:55 fetching corpus: 7893, signal 184376/190775 (executing program) 2025/09/01 11:24:55 fetching corpus: 7943, signal 184653/190792 (executing program) 2025/09/01 11:24:55 fetching corpus: 7993, signal 184867/190795 (executing program) 2025/09/01 11:24:55 fetching corpus: 8043, signal 185422/190796 (executing program) 2025/09/01 11:24:55 fetching corpus: 8093, signal 185614/190799 (executing program) 2025/09/01 11:24:55 fetching corpus: 8143, signal 185927/190803 (executing program) 2025/09/01 11:24:55 fetching corpus: 8193, signal 186224/190807 (executing program) 2025/09/01 11:24:56 fetching corpus: 8243, signal 186537/190817 (executing program) 2025/09/01 11:24:56 fetching corpus: 8293, signal 186794/190820 (executing program) 2025/09/01 11:24:56 fetching corpus: 8343, signal 187081/190822 (executing program) 2025/09/01 11:24:56 fetching corpus: 8393, signal 187406/190829 (executing program) 2025/09/01 11:24:56 fetching corpus: 8443, signal 187633/190829 (executing program) 2025/09/01 11:24:56 fetching corpus: 8493, signal 187880/190833 (executing program) 2025/09/01 11:24:56 fetching corpus: 8520, signal 188022/190840 (executing program) 2025/09/01 11:24:56 fetching corpus: 8520, signal 188022/190840 (executing program) 2025/09/01 11:24:59 starting 8 fuzzer processes 11:24:59 executing program 0: syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) socket(0x36, 0x0, 0x0) 11:24:59 executing program 1: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PTP_PIN_SETFUNC2(r0, 0x40603d10, 0x0) 11:24:59 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r1, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)) 11:24:59 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) 11:24:59 executing program 7: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @local}, [@dstopts]}}}}}}}, 0x0) 11:24:59 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) fcntl$lock(r0, 0x25, 0x0) 11:24:59 executing program 5: setuid(0x0) add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) [ 78.198642] audit: type=1400 audit(1756725899.190:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:24:59 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) [ 79.462557] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.468176] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.470064] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.475057] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.483301] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.553736] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.556592] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.560711] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.564022] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.569084] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.570850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.573374] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.577490] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.578930] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.581146] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.583722] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.597610] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.599568] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.599913] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.603041] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.609134] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 79.610866] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 79.614729] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.616619] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 79.618820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 79.621877] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.622805] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 79.623785] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.624824] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 79.628900] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 79.631275] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.636586] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.640796] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 79.641981] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 79.646447] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 79.648869] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.654631] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 79.665960] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.687252] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 79.698363] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.560948] Bluetooth: hci0: command tx timeout [ 81.625232] Bluetooth: hci1: command tx timeout [ 81.688467] Bluetooth: hci4: command tx timeout [ 81.690484] Bluetooth: hci3: command tx timeout [ 81.690964] Bluetooth: hci2: command tx timeout [ 81.752648] Bluetooth: hci7: command tx timeout [ 81.752845] Bluetooth: hci5: command tx timeout [ 81.753505] Bluetooth: hci6: command tx timeout [ 83.609585] Bluetooth: hci0: command tx timeout [ 83.675425] Bluetooth: hci1: command tx timeout [ 83.736461] Bluetooth: hci3: command tx timeout [ 83.736858] Bluetooth: hci2: command tx timeout [ 83.737216] Bluetooth: hci4: command tx timeout [ 83.800487] Bluetooth: hci5: command tx timeout [ 83.800885] Bluetooth: hci7: command tx timeout [ 83.801250] Bluetooth: hci6: command tx timeout [ 85.656456] Bluetooth: hci0: command tx timeout [ 85.720560] Bluetooth: hci1: command tx timeout [ 85.784508] Bluetooth: hci4: command tx timeout [ 85.784579] Bluetooth: hci2: command tx timeout [ 85.784923] Bluetooth: hci3: command tx timeout [ 85.848525] Bluetooth: hci6: command tx timeout [ 85.848935] Bluetooth: hci7: command tx timeout [ 85.849314] Bluetooth: hci5: command tx timeout [ 87.704580] Bluetooth: hci0: command tx timeout [ 87.769508] Bluetooth: hci1: command tx timeout [ 87.833548] Bluetooth: hci2: command tx timeout [ 87.833571] Bluetooth: hci4: command tx timeout [ 87.833949] Bluetooth: hci3: command tx timeout [ 87.896611] Bluetooth: hci7: command tx timeout [ 87.896716] Bluetooth: hci6: command tx timeout [ 87.897024] Bluetooth: hci5: command tx timeout [ 116.472998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.473942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.700436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.701022] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.034424] audit: type=1400 audit(1756725938.025:8): avc: denied { open } for pid=3771 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 117.041481] audit: type=1400 audit(1756725938.025:9): avc: denied { kernel } for pid=3771 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:25:38 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) [ 117.219254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.219903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:25:38 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) [ 117.264050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.264798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:25:38 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) [ 117.417085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.418015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:25:38 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) [ 117.596230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.596869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:25:38 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 11:25:38 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) [ 117.739239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.740017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.852123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.852874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:25:38 executing program 6: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x1c, 0x1, 0x2, 0x5, 0x0, 0x0, {}, [@CTA_EXPECT_ZONE={0x6}]}, 0x1c}}, 0x0) 11:25:38 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) fcntl$lock(r0, 0x25, 0x0) [ 117.946442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.947050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.074262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.074938] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.313727] program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 118.622326] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.624429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.740865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.741587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.809014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.809641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.837953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.838757] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.857541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.858113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.903621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.904212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:25:40 executing program 0: syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) socket(0x36, 0x0, 0x0) 11:25:40 executing program 7: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @local}, [@dstopts]}}}}}}}, 0x0) 11:25:40 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='gid_map\x00') preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 11:25:40 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) 11:25:40 executing program 5: sched_rr_get_interval(0xffffffffffffffff, &(0x7f00000000c0)) setresgid(0x0, 0xee01, 0xffffffffffffffff) ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000080)=0x1) setresgid(0x0, 0x0, 0x0) setresgid(0x0, 0x0, 0x0) fork() getgid() setresgid(0x0, 0x0, 0x0) 11:25:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3}, 0x8) 11:25:40 executing program 6: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x8) 11:25:40 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) fcntl$lock(r0, 0x25, 0x0) 11:25:40 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) fcntl$lock(r0, 0x25, 0x0) 11:25:40 executing program 7: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @local}, [@dstopts]}}}}}}}, 0x0) 11:25:40 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@hopopts_2292={{0x18, 0x29, 0x2}}], 0x18}}], 0x2, 0x0) 11:25:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3}, 0x8) 11:25:40 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x40e5, &(0x7f0000000100), &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) r2 = fcntl$dupfd(r1, 0x0, r0) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x14, &(0x7f0000001480)=[{0x0, 0x6}], 0x1) 11:25:40 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) 11:25:40 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ppoll(&(0x7f0000000240)=[{r0}], 0x1, &(0x7f0000000280)={0x0, 0x989680}, 0x0, 0x0) 11:25:40 executing program 7: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @local}, [@dstopts]}}}}}}}, 0x0) 11:25:40 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000006140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@hopopts_2292={{0x18, 0x29, 0x2}}], 0x18}}], 0x2, 0x0) 11:25:40 executing program 2: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) 11:25:40 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3}, 0x8) 11:25:40 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create(0x9) r2 = socket$inet6_udp(0xa, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0x5}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) 11:25:40 executing program 5: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) memfd_secret(0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0) getpid() pidfd_open(0x0, 0x0) pidfd_open(0x0, 0x0) mq_notify(0xffffffffffffffff, 0x0) 11:25:40 executing program 0: syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) socket(0x36, 0x0, 0x0) [ 119.420017] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 119.420959] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.421561] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.424961] Tainted: [W]=WARN [ 119.426630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.428444] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.428830] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.430276] RSP: 0018:ffff888047b7f780 EFLAGS: 00010012 [ 119.430697] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001896000 [ 119.431263] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.431819] RBP: ffff888047b7f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc10a08 [ 119.432375] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.432931] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.433499] FS: 00007f461fd53700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.434131] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.434590] CR2: 00007f46228f1018 CR3: 000000000ce18000 CR4: 0000000000350ef0 [ 119.435152] Call Trace: [ 119.435359] [ 119.435544] ? __pfx_perf_tp_event+0x10/0x10 [ 119.435901] ? __lock_acquire+0x694/0x1b70 [ 119.436243] ? lock_acquire+0x15e/0x2f0 [ 119.436564] ? __is_insn_slot_addr+0x2e/0x290 [ 119.436930] ? find_held_lock+0x2b/0x80 [ 119.437262] ? __is_insn_slot_addr+0x136/0x290 [ 119.437639] ? lock_release+0xc8/0x290 [ 119.437954] ? __is_insn_slot_addr+0x140/0x290 [ 119.438325] ? kernel_text_address+0x5b/0xc0 [ 119.438682] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 119.439116] ? __kernel_text_address+0xd/0x40 [ 119.439478] ? unwind_get_return_address+0x59/0xa0 [ 119.439883] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 119.440311] ? arch_stack_walk+0x9c/0xf0 [ 119.440641] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.441050] perf_trace_run_bpf_submit+0xef/0x180 [ 119.441446] perf_trace_preemptirq_template+0x259/0x430 [ 119.441866] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 119.442310] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.442773] ? __pfx___resched_curr+0x10/0x10 [ 119.443139] ? find_held_lock+0x2b/0x80 [ 119.443464] ? try_to_wake_up+0x8ae/0x11d0 [ 119.443807] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 119.444213] trace_irq_enable.constprop.0+0xa6/0x100 [ 119.444618] trace_hardirqs_on+0x26/0x40 [ 119.444942] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 119.445340] try_to_wake_up+0x8ae/0x11d0 [ 119.445669] ? __pfx_try_to_wake_up+0x10/0x10 [ 119.446034] ? plist_del+0x122/0x270 [ 119.446340] ? find_held_lock+0x2b/0x80 [ 119.446665] ? futex_wake+0x474/0x540 [ 119.446975] wake_up_q+0xa1/0x130 [ 119.447263] futex_wake+0x47e/0x540 [ 119.447563] ? __pfx_futex_wake+0x10/0x10 [ 119.447908] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 119.448306] ? kasan_quarantine_put+0x84/0x1e0 [ 119.448655] ? kmem_cache_free+0x2a1/0x540 [ 119.448972] ? putname.part.0+0x11b/0x160 [ 119.449297] do_futex+0x26d/0x370 [ 119.449565] ? __pfx_do_futex+0x10/0x10 [ 119.449872] ? __pfx_do_sys_openat2+0x10/0x10 [ 119.450220] ? find_held_lock+0x2b/0x80 [ 119.450526] __x64_sys_futex+0x1c9/0x4d0 [ 119.450834] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.451270] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.451616] ? xfd_validate_state+0x55/0x180 [ 119.451965] do_syscall_64+0xbf/0x360 [ 119.452254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.452640] RIP: 0033:0x7f46227ddb19 [ 119.452918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.454244] RSP: 002b:00007f461fd53218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.454800] RAX: ffffffffffffffda RBX: 00007f46228f0f68 RCX: 00007f46227ddb19 [ 119.455362] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f46228f0f6c [ 119.455921] RBP: 00007f46228f0f60 R08: 000000000000000e R09: 0000000000000000 [ 119.456477] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f46228f0f6c [ 119.457036] R13: 00007ffc8a676c4f R14: 00007f461fd53300 R15: 0000000000022000 [ 119.457598] [ 119.457788] Modules linked in: [ 119.458047] ---[ end trace 0000000000000000 ]--- [ 119.458419] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.458793] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.460218] RSP: 0018:ffff888047b7f780 EFLAGS: 00010012 [ 119.460637] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001896000 [ 119.461201] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.461759] RBP: ffff888047b7f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc10a08 [ 119.462315] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.462876] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.463433] FS: 00007f461fd53700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.464064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.464525] CR2: 00007f46228f1018 CR3: 000000000ce18000 CR4: 0000000000350ef0 [ 119.465102] note: syz-executor.2[3967] exited with irqs disabled [ 119.465631] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 119.466506] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.467098] CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 119.468033] Tainted: [D]=DIE, [W]=WARN [ 119.468338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.468981] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.469366] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.470783] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 119.471206] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.471768] RDX: ffff888016ded280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.472335] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc10a08 [ 119.472899] R10: 0000000000000000 R11: ffff88801b7d4498 R12: dffffc0000000000 [ 119.473464] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 119.474026] FS: 00007f461fd53700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.474658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.475118] CR2: 00007f46228f1018 CR3: 000000000ce18000 CR4: 0000000000350ef0 [ 119.475677] Call Trace: [ 119.475886] [ 119.476066] ? __pfx_perf_tp_event+0x10/0x10 [ 119.476423] ? enqueue_task_fair+0xded/0x1e00 [ 119.476789] ? check_preempt_wakeup_fair+0x6e/0x950 [ 119.477202] ? wakeup_preempt+0x140/0x2a0 [ 119.477535] ? lock_release+0x1c7/0x290 [ 119.477856] ? lock_release+0x1c7/0x290 [ 119.478175] ? do_raw_spin_unlock+0x53/0x220 [ 119.478535] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 119.478941] ? try_to_wake_up+0x8ae/0x11d0 [ 119.479282] ? do_raw_spin_lock+0x123/0x260 [ 119.479627] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 119.480006] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.480410] perf_trace_run_bpf_submit+0xef/0x180 [ 119.480801] perf_trace_preemptirq_template+0x259/0x430 [ 119.481230] ? read_tsc+0x9/0x20 [ 119.481509] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.481973] ? clockevents_program_event+0x135/0x360 [ 119.482380] ? tick_program_event+0xac/0x140 [ 119.482732] ? handle_softirqs+0x16e/0x770 [ 119.483080] trace_irq_enable.constprop.0+0xa6/0x100 [ 119.483480] trace_hardirqs_on+0x26/0x40 [ 119.483802] handle_softirqs+0x16e/0x770 [ 119.484137] __irq_exit_rcu+0xc4/0x100 [ 119.484455] irq_exit_rcu+0x9/0x20 [ 119.484738] sysvec_apic_timer_interrupt+0x70/0x80 [ 119.485137] [ 119.485321] [ 119.485505] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 119.485925] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 119.486302] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 119.487718] RSP: 0018:ffff888047b7ff28 EFLAGS: 00000246 [ 119.488140] RAX: 0000000000000001 RBX: ffff888016ded280 RCX: ffffffff817c3ab6 [ 119.488703] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 119.489264] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 119.489815] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888016ded280 [ 119.490374] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 119.490937] ? trace_irq_enable.constprop.0+0x26/0x100 [ 119.491352] ? make_task_dead+0x214/0x3b0 [ 119.491687] ? make_task_dead+0x214/0x3b0 [ 119.492017] ? do_syscall_64+0xbf/0x360 [ 119.492332] rewind_stack_and_make_dead+0x16/0x20 [ 119.492726] RIP: 0033:0x7f46227ddb19 [ 119.493021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.494446] RSP: 002b:00007f461fd53218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.495047] RAX: ffffffffffffffda RBX: 00007f46228f0f68 RCX: 00007f46227ddb19 [ 119.495604] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f46228f0f6c [ 119.496160] RBP: 00007f46228f0f60 R08: 000000000000000e R09: 0000000000000000 [ 119.496716] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f46228f0f6c [ 119.497281] R13: 00007ffc8a676c4f R14: 00007f461fd53300 R15: 0000000000022000 [ 119.497841] [ 119.498030] Modules linked in: [ 119.498288] ---[ end trace 0000000000000000 ]--- [ 119.498659] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.499035] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.500447] RSP: 0018:ffff888047b7f780 EFLAGS: 00010012 [ 119.500865] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001896000 [ 119.501426] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 119.501981] RBP: ffff888047b7f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc10a08 [ 119.502540] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.503100] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.503663] FS: 00007f461fd53700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 119.504290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.504748] CR2: 00007f46228f1018 CR3: 000000000ce18000 CR4: 0000000000350ef0 [ 119.505315] Kernel panic - not syncing: Fatal exception in interrupt [ 119.506011] Kernel Offset: disabled [ 119.506300] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:25:40 Registers: info registers vcpu 0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047b7f118 R8 =0000000000000000 R9 =ffffed1001751046 R10=0000000000000031 R11=3a6465746e696154 R12=0000000000000031 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f461fd53700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f46228f1018 CR3=000000000ce18000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f46228c47c000007f46228c47c8 XMM02=00007f46228c47e000007f46228c47c0 XMM03=00007f46228c47c800007f46228c47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff8689d669 RBX=0000000000000001 RCX=ffffffff8689d666 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8689d668 RBP=ffff8880185ef828 RSP=ffff8880185ef760 R8 =1ffffffff0d13acd R9 =ffff8880185ef810 R10=000000000003bea3 R11=0000000000025c63 R12=ffff8880185ef830 R13=ffff8880185ef818 R14=ffff8880185ef9f0 R15=ffff8880185ef7d0 RIP=ffffffff81359a39 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa5dd1368c0 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ce23000 CR3=000000000d622000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=30706f6f6c2f6b636f6c622f6c617574 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000563934d29fa00000563934d10400 XMM06=0000563934d123000000000000000003 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000