Warning: Permanently added '[localhost]:54699' (ECDSA) to the list of known hosts.
2025/09/01 12:00:54 fuzzer started
2025/09/01 12:00:54 dialing manager at localhost:35473
syzkaller login: [   50.731409] cgroup: Unknown subsys name 'net'
[   50.813125] cgroup: Unknown subsys name 'cpuset'
[   50.834551] cgroup: Unknown subsys name 'rlimit'
2025/09/01 12:01:05 syscalls: 2214
2025/09/01 12:01:05 code coverage: enabled
2025/09/01 12:01:05 comparison tracing: enabled
2025/09/01 12:01:05 extra coverage: enabled
2025/09/01 12:01:05 setuid sandbox: enabled
2025/09/01 12:01:05 namespace sandbox: enabled
2025/09/01 12:01:05 Android sandbox: enabled
2025/09/01 12:01:05 fault injection: enabled
2025/09/01 12:01:05 leak checking: enabled
2025/09/01 12:01:05 net packet injection: enabled
2025/09/01 12:01:05 net device setup: enabled
2025/09/01 12:01:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 12:01:05 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 12:01:05 USB emulation: enabled
2025/09/01 12:01:05 hci packet injection: enabled
2025/09/01 12:01:05 wifi device emulation: enabled
2025/09/01 12:01:05 802.15.4 emulation: enabled
2025/09/01 12:01:05 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 12:01:05 fetching corpus: 50, signal 20649/24239 (executing program)
2025/09/01 12:01:05 fetching corpus: 100, signal 32574/37615 (executing program)
2025/09/01 12:01:05 fetching corpus: 150, signal 40352/46760 (executing program)
2025/09/01 12:01:05 fetching corpus: 200, signal 46161/53877 (executing program)
2025/09/01 12:01:05 fetching corpus: 250, signal 50495/59435 (executing program)
2025/09/01 12:01:05 fetching corpus: 300, signal 53015/63232 (executing program)
2025/09/01 12:01:05 fetching corpus: 350, signal 56353/67784 (executing program)
2025/09/01 12:01:05 fetching corpus: 400, signal 59011/71610 (executing program)
2025/09/01 12:01:05 fetching corpus: 450, signal 64312/77748 (executing program)
2025/09/01 12:01:05 fetching corpus: 500, signal 66467/81009 (executing program)
2025/09/01 12:01:06 fetching corpus: 550, signal 69974/85461 (executing program)
2025/09/01 12:01:06 fetching corpus: 600, signal 72647/89069 (executing program)
2025/09/01 12:01:06 fetching corpus: 650, signal 78182/95087 (executing program)
2025/09/01 12:01:06 fetching corpus: 700, signal 80409/98149 (executing program)
2025/09/01 12:01:06 fetching corpus: 750, signal 82966/101452 (executing program)
2025/09/01 12:01:06 fetching corpus: 800, signal 85257/104514 (executing program)
2025/09/01 12:01:06 fetching corpus: 850, signal 87151/107136 (executing program)
2025/09/01 12:01:06 fetching corpus: 900, signal 89080/109775 (executing program)
2025/09/01 12:01:06 fetching corpus: 950, signal 90636/112086 (executing program)
2025/09/01 12:01:06 fetching corpus: 1000, signal 93448/115337 (executing program)
2025/09/01 12:01:07 fetching corpus: 1050, signal 94569/117240 (executing program)
2025/09/01 12:01:07 fetching corpus: 1100, signal 95721/119166 (executing program)
2025/09/01 12:01:07 fetching corpus: 1150, signal 98484/122288 (executing program)
2025/09/01 12:01:07 fetching corpus: 1200, signal 100655/124914 (executing program)
2025/09/01 12:01:07 fetching corpus: 1250, signal 102419/127185 (executing program)
2025/09/01 12:01:07 fetching corpus: 1300, signal 104248/129424 (executing program)
2025/09/01 12:01:07 fetching corpus: 1350, signal 106165/131719 (executing program)
2025/09/01 12:01:07 fetching corpus: 1400, signal 107858/133873 (executing program)
2025/09/01 12:01:07 fetching corpus: 1450, signal 109552/135953 (executing program)
2025/09/01 12:01:07 fetching corpus: 1500, signal 110610/137548 (executing program)
2025/09/01 12:01:07 fetching corpus: 1550, signal 111752/139175 (executing program)
2025/09/01 12:01:08 fetching corpus: 1600, signal 112782/140734 (executing program)
2025/09/01 12:01:08 fetching corpus: 1650, signal 113643/142068 (executing program)
2025/09/01 12:01:08 fetching corpus: 1700, signal 115080/143818 (executing program)
2025/09/01 12:01:08 fetching corpus: 1750, signal 116188/145322 (executing program)
2025/09/01 12:01:08 fetching corpus: 1800, signal 116821/146546 (executing program)
2025/09/01 12:01:08 fetching corpus: 1850, signal 117748/147942 (executing program)
2025/09/01 12:01:08 fetching corpus: 1900, signal 118455/149187 (executing program)
2025/09/01 12:01:08 fetching corpus: 1950, signal 119575/150665 (executing program)
2025/09/01 12:01:08 fetching corpus: 2000, signal 120432/151958 (executing program)
2025/09/01 12:01:08 fetching corpus: 2050, signal 121301/153247 (executing program)
2025/09/01 12:01:08 fetching corpus: 2100, signal 122415/154686 (executing program)
2025/09/01 12:01:08 fetching corpus: 2150, signal 123828/156202 (executing program)
2025/09/01 12:01:09 fetching corpus: 2200, signal 124933/157568 (executing program)
2025/09/01 12:01:09 fetching corpus: 2250, signal 125985/158861 (executing program)
2025/09/01 12:01:09 fetching corpus: 2300, signal 127154/160224 (executing program)
2025/09/01 12:01:09 fetching corpus: 2350, signal 128783/161720 (executing program)
2025/09/01 12:01:09 fetching corpus: 2400, signal 129631/162808 (executing program)
2025/09/01 12:01:09 fetching corpus: 2450, signal 130400/163862 (executing program)
2025/09/01 12:01:09 fetching corpus: 2500, signal 131389/164933 (executing program)
2025/09/01 12:01:09 fetching corpus: 2550, signal 132008/165854 (executing program)
2025/09/01 12:01:09 fetching corpus: 2600, signal 133200/167039 (executing program)
2025/09/01 12:01:09 fetching corpus: 2650, signal 133777/167924 (executing program)
2025/09/01 12:01:09 fetching corpus: 2700, signal 134530/168908 (executing program)
2025/09/01 12:01:10 fetching corpus: 2750, signal 135112/169755 (executing program)
2025/09/01 12:01:10 fetching corpus: 2800, signal 135871/170648 (executing program)
2025/09/01 12:01:10 fetching corpus: 2850, signal 136489/171491 (executing program)
2025/09/01 12:01:10 fetching corpus: 2900, signal 137222/172395 (executing program)
2025/09/01 12:01:10 fetching corpus: 2950, signal 137740/173188 (executing program)
2025/09/01 12:01:10 fetching corpus: 3000, signal 138377/173991 (executing program)
2025/09/01 12:01:10 fetching corpus: 3050, signal 138900/174793 (executing program)
2025/09/01 12:01:10 fetching corpus: 3100, signal 139250/175500 (executing program)
2025/09/01 12:01:10 fetching corpus: 3150, signal 139843/176257 (executing program)
2025/09/01 12:01:10 fetching corpus: 3200, signal 140498/177060 (executing program)
2025/09/01 12:01:10 fetching corpus: 3250, signal 141133/177795 (executing program)
2025/09/01 12:01:11 fetching corpus: 3300, signal 141747/178564 (executing program)
2025/09/01 12:01:11 fetching corpus: 3350, signal 142531/179356 (executing program)
2025/09/01 12:01:11 fetching corpus: 3400, signal 142877/179990 (executing program)
2025/09/01 12:01:11 fetching corpus: 3450, signal 143608/180732 (executing program)
2025/09/01 12:01:11 fetching corpus: 3500, signal 144249/181448 (executing program)
2025/09/01 12:01:11 fetching corpus: 3550, signal 145169/182187 (executing program)
2025/09/01 12:01:11 fetching corpus: 3600, signal 145636/182815 (executing program)
2025/09/01 12:01:11 fetching corpus: 3650, signal 146142/183467 (executing program)
2025/09/01 12:01:11 fetching corpus: 3700, signal 146618/184060 (executing program)
2025/09/01 12:01:11 fetching corpus: 3750, signal 147132/184670 (executing program)
2025/09/01 12:01:11 fetching corpus: 3800, signal 147681/185274 (executing program)
2025/09/01 12:01:11 fetching corpus: 3850, signal 148476/185968 (executing program)
2025/09/01 12:01:12 fetching corpus: 3900, signal 149363/186613 (executing program)
2025/09/01 12:01:12 fetching corpus: 3950, signal 150107/187242 (executing program)
2025/09/01 12:01:12 fetching corpus: 4000, signal 151164/187844 (executing program)
2025/09/01 12:01:12 fetching corpus: 4050, signal 151585/188385 (executing program)
2025/09/01 12:01:12 fetching corpus: 4100, signal 152004/188895 (executing program)
2025/09/01 12:01:12 fetching corpus: 4150, signal 152499/189431 (executing program)
2025/09/01 12:01:12 fetching corpus: 4200, signal 153052/189917 (executing program)
2025/09/01 12:01:12 fetching corpus: 4250, signal 154166/190508 (executing program)
2025/09/01 12:01:12 fetching corpus: 4300, signal 155280/191045 (executing program)
2025/09/01 12:01:12 fetching corpus: 4350, signal 155760/191529 (executing program)
2025/09/01 12:01:12 fetching corpus: 4400, signal 156069/191967 (executing program)
2025/09/01 12:01:13 fetching corpus: 4450, signal 156506/192409 (executing program)
2025/09/01 12:01:13 fetching corpus: 4500, signal 156889/192836 (executing program)
2025/09/01 12:01:13 fetching corpus: 4550, signal 157386/193329 (executing program)
2025/09/01 12:01:13 fetching corpus: 4600, signal 157861/193727 (executing program)
2025/09/01 12:01:13 fetching corpus: 4650, signal 158338/194137 (executing program)
2025/09/01 12:01:13 fetching corpus: 4700, signal 158623/194548 (executing program)
2025/09/01 12:01:13 fetching corpus: 4750, signal 159035/194922 (executing program)
2025/09/01 12:01:13 fetching corpus: 4800, signal 159501/194972 (executing program)
2025/09/01 12:01:14 fetching corpus: 4850, signal 159938/194981 (executing program)
2025/09/01 12:01:14 fetching corpus: 4900, signal 160402/194988 (executing program)
2025/09/01 12:01:14 fetching corpus: 4950, signal 160891/195005 (executing program)
2025/09/01 12:01:14 fetching corpus: 5000, signal 161307/195013 (executing program)
2025/09/01 12:01:14 fetching corpus: 5050, signal 161636/195033 (executing program)
2025/09/01 12:01:14 fetching corpus: 5100, signal 161983/195047 (executing program)
2025/09/01 12:01:14 fetching corpus: 5150, signal 162340/195047 (executing program)
2025/09/01 12:01:14 fetching corpus: 5200, signal 162868/195050 (executing program)
2025/09/01 12:01:14 fetching corpus: 5250, signal 163171/195064 (executing program)
2025/09/01 12:01:14 fetching corpus: 5300, signal 163624/195074 (executing program)
2025/09/01 12:01:15 fetching corpus: 5350, signal 164060/195078 (executing program)
2025/09/01 12:01:15 fetching corpus: 5400, signal 164605/195099 (executing program)
2025/09/01 12:01:15 fetching corpus: 5450, signal 164871/195119 (executing program)
2025/09/01 12:01:15 fetching corpus: 5500, signal 165385/195128 (executing program)
2025/09/01 12:01:15 fetching corpus: 5550, signal 165652/195148 (executing program)
2025/09/01 12:01:15 fetching corpus: 5600, signal 166112/195148 (executing program)
2025/09/01 12:01:15 fetching corpus: 5650, signal 167622/195158 (executing program)
2025/09/01 12:01:15 fetching corpus: 5700, signal 167901/195173 (executing program)
2025/09/01 12:01:15 fetching corpus: 5750, signal 168533/195184 (executing program)
2025/09/01 12:01:15 fetching corpus: 5800, signal 169065/195214 (executing program)
2025/09/01 12:01:16 fetching corpus: 5850, signal 169506/195221 (executing program)
2025/09/01 12:01:16 fetching corpus: 5900, signal 169823/195240 (executing program)
2025/09/01 12:01:16 fetching corpus: 5950, signal 170458/195263 (executing program)
2025/09/01 12:01:16 fetching corpus: 6000, signal 170988/195307 (executing program)
2025/09/01 12:01:16 fetching corpus: 6050, signal 171356/195309 (executing program)
2025/09/01 12:01:16 fetching corpus: 6100, signal 171781/195309 (executing program)
2025/09/01 12:01:16 fetching corpus: 6150, signal 172088/195317 (executing program)
2025/09/01 12:01:16 fetching corpus: 6200, signal 172533/195325 (executing program)
2025/09/01 12:01:16 fetching corpus: 6250, signal 172884/195334 (executing program)
2025/09/01 12:01:16 fetching corpus: 6300, signal 173246/195349 (executing program)
2025/09/01 12:01:17 fetching corpus: 6350, signal 173578/195358 (executing program)
2025/09/01 12:01:17 fetching corpus: 6400, signal 173870/195361 (executing program)
2025/09/01 12:01:17 fetching corpus: 6450, signal 174302/195362 (executing program)
2025/09/01 12:01:17 fetching corpus: 6500, signal 174714/195366 (executing program)
2025/09/01 12:01:17 fetching corpus: 6550, signal 175039/195366 (executing program)
2025/09/01 12:01:17 fetching corpus: 6600, signal 175349/195368 (executing program)
2025/09/01 12:01:17 fetching corpus: 6650, signal 175707/195370 (executing program)
2025/09/01 12:01:17 fetching corpus: 6700, signal 176302/195372 (executing program)
2025/09/01 12:01:17 fetching corpus: 6750, signal 176512/195378 (executing program)
2025/09/01 12:01:17 fetching corpus: 6800, signal 176743/195383 (executing program)
2025/09/01 12:01:18 fetching corpus: 6850, signal 177180/195395 (executing program)
2025/09/01 12:01:18 fetching corpus: 6900, signal 177594/195395 (executing program)
2025/09/01 12:01:18 fetching corpus: 6950, signal 177917/195433 (executing program)
2025/09/01 12:01:18 fetching corpus: 7000, signal 178272/195436 (executing program)
2025/09/01 12:01:18 fetching corpus: 7050, signal 178629/195438 (executing program)
2025/09/01 12:01:18 fetching corpus: 7100, signal 178906/195441 (executing program)
2025/09/01 12:01:18 fetching corpus: 7150, signal 179267/195446 (executing program)
2025/09/01 12:01:18 fetching corpus: 7200, signal 179706/195464 (executing program)
2025/09/01 12:01:18 fetching corpus: 7250, signal 179906/195464 (executing program)
2025/09/01 12:01:18 fetching corpus: 7300, signal 180157/195474 (executing program)
2025/09/01 12:01:18 fetching corpus: 7350, signal 180441/195502 (executing program)
2025/09/01 12:01:18 fetching corpus: 7400, signal 180735/195505 (executing program)
2025/09/01 12:01:19 fetching corpus: 7450, signal 180964/195516 (executing program)
2025/09/01 12:01:19 fetching corpus: 7500, signal 181352/195566 (executing program)
2025/09/01 12:01:19 fetching corpus: 7550, signal 181807/195633 (executing program)
2025/09/01 12:01:19 fetching corpus: 7600, signal 182093/195634 (executing program)
2025/09/01 12:01:19 fetching corpus: 7650, signal 183820/195635 (executing program)
2025/09/01 12:01:19 fetching corpus: 7700, signal 184079/195637 (executing program)
2025/09/01 12:01:19 fetching corpus: 7750, signal 184406/195643 (executing program)
2025/09/01 12:01:19 fetching corpus: 7800, signal 184710/195665 (executing program)
2025/09/01 12:01:19 fetching corpus: 7850, signal 185034/195666 (executing program)
2025/09/01 12:01:19 fetching corpus: 7900, signal 185412/195683 (executing program)
2025/09/01 12:01:19 fetching corpus: 7950, signal 185636/195688 (executing program)
2025/09/01 12:01:19 fetching corpus: 8000, signal 185837/195690 (executing program)
2025/09/01 12:01:20 fetching corpus: 8050, signal 186101/195692 (executing program)
2025/09/01 12:01:20 fetching corpus: 8100, signal 186352/195704 (executing program)
2025/09/01 12:01:20 fetching corpus: 8150, signal 186558/195708 (executing program)
2025/09/01 12:01:20 fetching corpus: 8200, signal 186801/195711 (executing program)
2025/09/01 12:01:20 fetching corpus: 8250, signal 187026/195711 (executing program)
2025/09/01 12:01:20 fetching corpus: 8300, signal 187255/195714 (executing program)
2025/09/01 12:01:20 fetching corpus: 8350, signal 187461/195715 (executing program)
2025/09/01 12:01:20 fetching corpus: 8400, signal 187646/195724 (executing program)
2025/09/01 12:01:20 fetching corpus: 8450, signal 187986/195739 (executing program)
2025/09/01 12:01:20 fetching corpus: 8500, signal 188316/195769 (executing program)
2025/09/01 12:01:20 fetching corpus: 8550, signal 188612/195771 (executing program)
2025/09/01 12:01:21 fetching corpus: 8600, signal 188878/195781 (executing program)
2025/09/01 12:01:21 fetching corpus: 8650, signal 189102/195783 (executing program)
2025/09/01 12:01:21 fetching corpus: 8700, signal 189362/195784 (executing program)
2025/09/01 12:01:21 fetching corpus: 8750, signal 189579/195788 (executing program)
2025/09/01 12:01:21 fetching corpus: 8800, signal 189911/195811 (executing program)
2025/09/01 12:01:21 fetching corpus: 8850, signal 190156/195831 (executing program)
2025/09/01 12:01:21 fetching corpus: 8900, signal 190422/195837 (executing program)
2025/09/01 12:01:21 fetching corpus: 8950, signal 190639/195854 (executing program)
2025/09/01 12:01:21 fetching corpus: 9000, signal 190831/195854 (executing program)
2025/09/01 12:01:21 fetching corpus: 9050, signal 191135/195882 (executing program)
2025/09/01 12:01:21 fetching corpus: 9100, signal 191407/195882 (executing program)
2025/09/01 12:01:21 fetching corpus: 9150, signal 192143/195890 (executing program)
2025/09/01 12:01:21 fetching corpus: 9200, signal 192393/195890 (executing program)
2025/09/01 12:01:22 fetching corpus: 9250, signal 192711/195896 (executing program)
2025/09/01 12:01:22 fetching corpus: 9268, signal 192864/195906 (executing program)
2025/09/01 12:01:22 fetching corpus: 9268, signal 192864/195906 (executing program)
2025/09/01 12:01:24 starting 8 fuzzer processes
12:01:24 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0)

12:01:24 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001a00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a40)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x4}, @NL802154_ATTR_CHANNEL={0x5}]}, 0x2c}}, 0x0)

12:01:24 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/icmp\x00')
pread64(r0, &(0x7f0000000000)=""/107, 0x6b, 0x0)

12:01:24 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
llistxattr(0x0, 0x0, 0x0)

12:01:24 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x6000000)

[   79.743524] audit: type=1400 audit(1756728084.103:7): avc:  denied  { execmem } for  pid=274 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:01:24 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
setresuid(0x0, 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0)

12:01:24 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r1, 0x0)
sigaltstack(&(0x7f0000ffc000/0x3000)=nil, 0x0)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0)

12:01:24 executing program 6:
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40045402, &(0x7f0000000040)={{0x1}})
rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x4afc7bdf})

[   80.868379] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.871166] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.873420] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.883371] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.886850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.930692] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   80.935234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.937741] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.942254] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.951386] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   81.075219] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   81.077132] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   81.079245] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   81.098687] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   81.102433] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   81.105490] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   81.109590] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   81.114832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   81.121330] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   81.125145] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   81.127444] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   81.130441] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   81.132697] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   81.141019] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   81.144882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   81.149622] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   81.157344] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   81.164689] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   81.169897] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   81.171968] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   81.209142] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   81.228999] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   81.264272] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   81.269075] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   81.277214] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   81.282205] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   81.296068] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   81.316569] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   81.379674] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   81.396440] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   82.963416] Bluetooth: hci1: command tx timeout
[   82.963489] Bluetooth: hci0: command tx timeout
[   83.155033] Bluetooth: hci3: command tx timeout
[   83.220973] Bluetooth: hci4: command tx timeout
[   83.283386] Bluetooth: hci5: command tx timeout
[   83.283432] Bluetooth: hci2: command tx timeout
[   83.603041] Bluetooth: hci6: command tx timeout
[   83.603165] Bluetooth: hci7: command tx timeout
[   85.011711] Bluetooth: hci1: command tx timeout
[   85.013009] Bluetooth: hci0: command tx timeout
[   85.205043] Bluetooth: hci3: command tx timeout
[   85.267977] Bluetooth: hci4: command tx timeout
[   85.330995] Bluetooth: hci2: command tx timeout
[   85.331016] Bluetooth: hci5: command tx timeout
[   85.650999] Bluetooth: hci7: command tx timeout
[   85.651090] Bluetooth: hci6: command tx timeout
[   87.059032] Bluetooth: hci0: command tx timeout
[   87.059458] Bluetooth: hci1: command tx timeout
[   87.252981] Bluetooth: hci3: command tx timeout
[   87.315039] Bluetooth: hci4: command tx timeout
[   87.379018] Bluetooth: hci5: command tx timeout
[   87.379038] Bluetooth: hci2: command tx timeout
[   87.698997] Bluetooth: hci6: command tx timeout
[   87.700021] Bluetooth: hci7: command tx timeout
[   89.107711] Bluetooth: hci1: command tx timeout
[   89.107740] Bluetooth: hci0: command tx timeout
[   89.299157] Bluetooth: hci3: command tx timeout
[   89.363074] Bluetooth: hci4: command tx timeout
[   89.427086] Bluetooth: hci2: command tx timeout
[   89.427106] Bluetooth: hci5: command tx timeout
[   89.748194] Bluetooth: hci7: command tx timeout
[   89.748645] Bluetooth: hci6: command tx timeout
[  116.933410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.934105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.158156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.158777] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.657848] audit: type=1400 audit(1756728122.016:8): avc:  denied  { open } for  pid=3643 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  117.666006] audit: type=1400 audit(1756728122.016:9): avc:  denied  { kernel } for  pid=3643 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
12:02:02 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89e1, 0x0)

12:02:02 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89e1, 0x0)

[  117.932234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.932860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:02:02 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89e1, 0x0)

[  118.106407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.107051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:02:02 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89e1, 0x0)

12:02:02 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
fcntl$setstatus(r1, 0x4, 0x3400)
splice(r0, 0x0, r1, 0x0, 0x802, 0x0)

12:02:02 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000700)='/proc/tty/drivers\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0045878, 0x0)

12:02:02 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r1=>0x0}, &(0x7f0000008600)=0xc)
syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}, {@gid={'gid', 0x3d, r1}}]})

12:02:02 executing program 1:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="21a34ba2d4212dc711d41f19bd7dc2c8e5aad40b7b72b2b1819725047300000000000000d2a9df628b0658a10bc3a7ba08bf8db56976f8533628b0de8c6c597833370077020ab764748333d8f0e66d1debd758e9d1b39516a92af06fd2bbe3858bb51bd33d2e4b35b2ab21e03e0c1930f476d477fe7917f50d8f932eaa709503bbf716a3e07269025b868529c8f72a4dd82b6c3ee0e5a1e2a2e8b01feb0ecb4569447c366fe69141cd4076c2e4049b67", 0xb0}], 0x1)

[  118.682233] tmpfs: Invalid gid '0x00000000ffffffff'
[  118.717326] tmpfs: Invalid gid '0x00000000ffffffff'
[  119.556802] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.557439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.658322] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.659265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.891318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.891943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.985578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.986165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.133963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.134580] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.202114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.202737] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.408040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.408666] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.484500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.486030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.560669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.561406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.574998] process 'syz-executor.7' launched './file1' with NULL argv: empty string added
[  120.616475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.617669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.652396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.653396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.698908] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.699524] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.821750] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
12:02:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0)

12:02:05 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000903000/0x2000)=nil, 0x2000, 0x66)
mlock(&(0x7f0000903000/0x1000)=nil, 0x1000)

12:02:05 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netstat\x00')
pread64(r0, &(0x7f00000001c0)=""/4096, 0x1000, 0x0)

12:02:05 executing program 2:
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440))
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050000000000fddbdf257e0000000800"], 0x1c}}, 0x0)

12:02:05 executing program 5:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180))

12:02:05 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x6000000)

12:02:05 executing program 7:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x1, &(0x7f0000000140))
io_setup(0x4, &(0x7f0000000640))

12:02:05 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001a00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a40)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x4}, @NL802154_ATTR_CHANNEL={0x5}]}, 0x2c}}, 0x0)

[  120.908776] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
12:02:05 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x6000000)

[  120.927058] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  120.933809] syz-executor.2 (3928) used greatest stack depth: 23360 bytes left
12:02:05 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000903000/0x2000)=nil, 0x2000, 0x66)
mlock(&(0x7f0000903000/0x1000)=nil, 0x1000)

12:02:05 executing program 5:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180))

12:02:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0)

12:02:05 executing program 7:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0x890d, 0x0)

12:02:05 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001a00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a40)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x4}, @NL802154_ATTR_CHANNEL={0x5}]}, 0x2c}}, 0x0)

12:02:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000002f00)=0xf, 0x4)

12:02:05 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netstat\x00')
pread64(r0, &(0x7f00000001c0)=""/4096, 0x1000, 0x0)

12:02:05 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00')
pread64(r1, &(0x7f0000000040)=""/156, 0x9c, 0x6000000)

12:02:05 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000903000/0x2000)=nil, 0x2000, 0x66)
mlock(&(0x7f0000903000/0x1000)=nil, 0x1000)

12:02:05 executing program 5:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180))

[  121.091546] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  121.092517] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  121.093127] CPU: 1 UID: 0 PID: 3954 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.094788] Tainted: [W]=WARN
[  121.095619] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.097365] RIP: 0010:perf_tp_event+0x175/0xe70
[  121.098809] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  121.102448] RSP: 0018:ffff888047437780 EFLAGS: 00010012
[  121.102888] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000520e000
[  121.103480] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  121.104072] RBP: ffff8880474379f0 R08: ffff88806cf31340 R09: ffffe8ffffd16138
[  121.104672] R10: 0000000000000000 R11: ffff8880173f3898 R12: dffffc0000000000
[  121.105262] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  121.105850] FS:  00007fdef3711700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.106498] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.106971] CR2: 00007fdef62af018 CR3: 000000000f960000 CR4: 0000000000350ef0
[  121.107548] Call Trace:
[  121.107760]  <TASK>
[  121.107950]  ? __pfx_perf_tp_event+0x10/0x10
[  121.108325]  ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[  121.108822]  ? lock_acquire+0x15e/0x2f0
[  121.109151]  ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[  121.109672]  ? lock_is_held_type+0x9e/0x120
[  121.110029]  ? lock_is_held_type+0x9e/0x120
[  121.110382]  ? ctx_sched_in+0x134/0x9b0
[  121.110704]  ? __pfx_ctx_sched_in+0x10/0x10
[  121.111052]  ? arch_stack_walk+0x9c/0xf0
[  121.111384]  ? find_held_lock+0x2b/0x80
[  121.111717]  ? perf_trace_run_bpf_submit+0xef/0x180
[  121.112136]  ? native_smp_send_reschedule+0x21/0x60
[  121.112554]  perf_trace_run_bpf_submit+0xef/0x180
[  121.112952]  perf_trace_preemptirq_template+0x259/0x430
[  121.113382]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  121.113854]  ? __pfx___resched_curr+0x10/0x10
[  121.114227]  ? find_held_lock+0x2b/0x80
[  121.114561]  ? try_to_wake_up+0x8ae/0x11d0
[  121.114909]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  121.115323]  trace_irq_enable.constprop.0+0xa6/0x100
[  121.115733]  trace_hardirqs_on+0x26/0x40
[  121.116060]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  121.116467]  try_to_wake_up+0x8ae/0x11d0
[  121.116804]  ? __pfx_try_to_wake_up+0x10/0x10
[  121.117174]  ? plist_del+0x122/0x270
[  121.117483]  ? find_held_lock+0x2b/0x80
[  121.117810]  ? futex_wake+0x474/0x540
[  121.118127]  wake_up_q+0xa1/0x130
[  121.118419]  futex_wake+0x47e/0x540
[  121.118722]  ? __pfx_futex_wake+0x10/0x10
[  121.119066]  ? __do_sys_perf_event_open+0x44d/0x2c20
[  121.119484]  ? lock_release+0xc8/0x290
[  121.119802]  do_futex+0x26d/0x370
[  121.120090]  ? __pfx_do_futex+0x10/0x10
[  121.120425]  ? __pfx___do_sys_perf_event_open+0x10/0x10
[  121.120852]  ? find_held_lock+0x2b/0x80
[  121.121184]  __x64_sys_futex+0x1c9/0x4d0
[  121.121516]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  121.121986]  ? __pfx___x64_sys_futex+0x10/0x10
[  121.122362]  do_syscall_64+0xbf/0x360
[  121.122674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.123091] RIP: 0033:0x7fdef619bb19
[  121.123400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.124854] RSP: 002b:00007fdef3711218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  121.125462] RAX: ffffffffffffffda RBX: 00007fdef62aef68 RCX: 00007fdef619bb19
[  121.126036] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdef62aef6c
[  121.126611] RBP: 00007fdef62aef60 R08: 000000000000000e R09: 0000000000000000
[  121.127180] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fdef62aef6c
[  121.127749] R13: 00007ffdbc392aff R14: 00007fdef3711300 R15: 0000000000022000
[  121.128335]  </TASK>
[  121.128524] Modules linked in:
[  121.128791] ---[ end trace 0000000000000000 ]---
[  121.129168] RIP: 0010:perf_tp_event+0x175/0xe70
[  121.129553] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  121.131007] RSP: 0018:ffff888047437780 EFLAGS: 00010012
[  121.131438] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000520e000
[  121.132014] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  121.132591] RBP: ffff8880474379f0 R08: ffff88806cf31340 R09: ffffe8ffffd16138
[  121.133162] R10: 0000000000000000 R11: ffff8880173f3898 R12: dffffc0000000000
[  121.133737] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  121.134308] FS:  00007fdef3711700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.134955] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.135437] CR2: 00007fdef62af018 CR3: 000000000f960000 CR4: 0000000000350ef0
[  121.136013] note: syz-executor.6[3954] exited with irqs disabled
[  121.136572] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  121.137467] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  121.138075] CPU: 1 UID: 0 PID: 3954 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.139026] Tainted: [D]=DIE, [W]=WARN
[  121.139336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.139994] RIP: 0010:perf_tp_event+0x175/0xe70
[  121.140387] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  121.141830] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  121.142261] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  121.142834] RDX: ffff88800a755280 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  121.143396] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16138
[  121.143970] R10: 0000000000000000 R11: ffff88800f056898 R12: dffffc0000000000
[  121.144542] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[  121.145119] FS:  00007fdef3711700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.145768] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.146234] CR2: 00007fdef62af018 CR3: 000000000f960000 CR4: 0000000000350ef0
[  121.146809] Call Trace:
[  121.147023]  <IRQ>
[  121.147206]  ? __pfx_perf_tp_event+0x10/0x10
[  121.147573]  ? trace_pelt_se_tp+0xdf/0x130
[  121.147916]  ? place_entity+0x300/0x410
[  121.148251]  ? lock_acquire+0x18c/0x2f0
[  121.148587]  ? update_cfs_group+0x11d/0x260
[  121.148933]  ? lock_release+0x1c7/0x290
[  121.149256]  ? trace_softirq_raise+0xbe/0x100
[  121.149634]  ? run_posix_cpu_timers+0x160/0x7d0
[  121.150012]  ? __raise_softirq_irqoff+0x5f/0x90
[  121.150390]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[  121.150790]  ? sched_balance_trigger+0x1ac/0xcb0
[  121.151183]  ? sched_tick+0x27c/0x6c0
[  121.151502]  ? do_raw_spin_lock+0x123/0x260
[  121.151857]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  121.152254]  ? perf_trace_run_bpf_submit+0xef/0x180
[  121.152670]  perf_trace_run_bpf_submit+0xef/0x180
[  121.153069]  perf_trace_preemptirq_template+0x259/0x430
[  121.153497]  ? read_tsc+0x9/0x20
[  121.153782]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  121.154250]  ? clockevents_program_event+0x135/0x360
[  121.154661]  ? tick_program_event+0xac/0x140
[  121.155020]  ? handle_softirqs+0x16e/0x770
[  121.155371]  trace_irq_enable.constprop.0+0xa6/0x100
[  121.155781]  trace_hardirqs_on+0x26/0x40
[  121.156111]  handle_softirqs+0x16e/0x770
[  121.156458]  __irq_exit_rcu+0xc4/0x100
[  121.156781]  irq_exit_rcu+0x9/0x20
[  121.157073]  sysvec_apic_timer_interrupt+0x70/0x80
[  121.157473]  </IRQ>
[  121.157657]  <TASK>
[  121.157844]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  121.158275] RIP: 0010:make_task_dead+0xa2/0x3b0
[  121.158658] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 <e8> e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[  121.160103] RSP: 0018:ffff888047437f28 EFLAGS: 00000246
[  121.160538] RAX: 0000000000000001 RBX: ffff88800a755280 RCX: ffffffff817c3ab6
[  121.161108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  121.161677] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  121.162248] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88800a755280
[  121.162817] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  121.163389]  ? trace_irq_enable.constprop.0+0x26/0x100
[  121.163813]  ? make_task_dead+0x214/0x3b0
[  121.164162]  ? make_task_dead+0x214/0x3b0
[  121.164504]  ? do_syscall_64+0xbf/0x360
[  121.164828]  rewind_stack_and_make_dead+0x16/0x20
[  121.165229] RIP: 0033:0x7fdef619bb19
[  121.165528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  121.166968] RSP: 002b:00007fdef3711218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  121.167585] RAX: ffffffffffffffda RBX: 00007fdef62aef68 RCX: 00007fdef619bb19
[  121.168169] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdef62aef6c
[  121.168744] RBP: 00007fdef62aef60 R08: 000000000000000e R09: 0000000000000000
[  121.169326] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fdef62aef6c
[  121.169891] R13: 00007ffdbc392aff R14: 00007fdef3711300 R15: 0000000000022000
[  121.170470]  </TASK>
[  121.170661] Modules linked in:
[  121.170930] ---[ end trace 0000000000000000 ]---
[  121.171305] RIP: 0010:perf_tp_event+0x175/0xe70
[  121.171688] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  121.173147] RSP: 0018:ffff888047437780 EFLAGS: 00010012
[  121.173568] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000520e000
[  121.174140] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  121.174712] RBP: ffff8880474379f0 R08: ffff88806cf31340 R09: ffffe8ffffd16138
[  121.175284] R10: 0000000000000000 R11: ffff8880173f3898 R12: dffffc0000000000
[  121.175855] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  121.176435] FS:  00007fdef3711700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  121.177077] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.177543] CR2: 00007fdef62af018 CR3: 000000000f960000 CR4: 0000000000350ef0
[  121.178118] Kernel panic - not syncing: Fatal exception in interrupt
[  121.178709] Kernel Offset: disabled
[  121.179003] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
12:02:05  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888045aa0000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880472278d8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1
R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555562786400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe2f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdef62a68ac CR3=000000000f960000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fdef62827c000007fdef62827c8
XMM02=00007fdef62827e000007fdef62827c0 XMM03=00007fdef62827c800007fdef62827c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047437070
R8 =0000000000000000 R9 =ffffed1001490046 R10=0000000000000063 R11=0000000065646f43
R12=0000000000000063 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fdef3711700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdef62af018 CR3=000000000f960000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fdef62827c000007fdef62827c8
XMM02=00007fdef62827e000007fdef62827c0 XMM03=00007fdef62827c800007fdef62827c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000