Warning: Permanently added '[localhost]:60128' (ECDSA) to the list of known hosts. 2025/09/01 12:24:19 fuzzer started 2025/09/01 12:24:19 dialing manager at localhost:35473 syzkaller login: [ 58.701915] cgroup: Unknown subsys name 'net' [ 58.785900] cgroup: Unknown subsys name 'cpuset' [ 58.835399] cgroup: Unknown subsys name 'rlimit' 2025/09/01 12:24:30 syscalls: 2214 2025/09/01 12:24:30 code coverage: enabled 2025/09/01 12:24:30 comparison tracing: enabled 2025/09/01 12:24:30 extra coverage: enabled 2025/09/01 12:24:30 setuid sandbox: enabled 2025/09/01 12:24:30 namespace sandbox: enabled 2025/09/01 12:24:30 Android sandbox: enabled 2025/09/01 12:24:30 fault injection: enabled 2025/09/01 12:24:30 leak checking: enabled 2025/09/01 12:24:30 net packet injection: enabled 2025/09/01 12:24:30 net device setup: enabled 2025/09/01 12:24:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 12:24:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 12:24:30 USB emulation: enabled 2025/09/01 12:24:30 hci packet injection: enabled 2025/09/01 12:24:30 wifi device emulation: enabled 2025/09/01 12:24:30 802.15.4 emulation: enabled 2025/09/01 12:24:30 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 12:24:30 fetching corpus: 47, signal 14257/17959 (executing program) 2025/09/01 12:24:30 fetching corpus: 97, signal 23369/28644 (executing program) 2025/09/01 12:24:30 fetching corpus: 147, signal 29827/36628 (executing program) 2025/09/01 12:24:30 fetching corpus: 197, signal 40967/48845 (executing program) 2025/09/01 12:24:30 fetching corpus: 247, signal 46312/55445 (executing program) 2025/09/01 12:24:31 fetching corpus: 297, signal 53298/63430 (executing program) 2025/09/01 12:24:31 fetching corpus: 347, signal 57070/68351 (executing program) 2025/09/01 12:24:31 fetching corpus: 396, signal 62482/74686 (executing program) 2025/09/01 12:24:31 fetching corpus: 446, signal 68809/81715 (executing program) 2025/09/01 12:24:31 fetching corpus: 495, signal 72209/86014 (executing program) 2025/09/01 12:24:31 fetching corpus: 545, signal 74632/89464 (executing program) 2025/09/01 12:24:31 fetching corpus: 595, signal 76997/92779 (executing program) 2025/09/01 12:24:31 fetching corpus: 645, signal 79929/96521 (executing program) 2025/09/01 12:24:31 fetching corpus: 695, signal 81607/99147 (executing program) 2025/09/01 12:24:31 fetching corpus: 745, signal 84703/102931 (executing program) 2025/09/01 12:24:32 fetching corpus: 795, signal 87125/106082 (executing program) 2025/09/01 12:24:32 fetching corpus: 845, signal 88347/108171 (executing program) 2025/09/01 12:24:32 fetching corpus: 895, signal 90241/110828 (executing program) 2025/09/01 12:24:32 fetching corpus: 945, signal 92111/113396 (executing program) 2025/09/01 12:24:32 fetching corpus: 995, signal 94375/116222 (executing program) 2025/09/01 12:24:32 fetching corpus: 1045, signal 96323/118796 (executing program) 2025/09/01 12:24:32 fetching corpus: 1094, signal 98324/121329 (executing program) 2025/09/01 12:24:32 fetching corpus: 1144, signal 100649/124100 (executing program) 2025/09/01 12:24:32 fetching corpus: 1194, signal 102359/126340 (executing program) 2025/09/01 12:24:32 fetching corpus: 1243, signal 104117/128596 (executing program) 2025/09/01 12:24:32 fetching corpus: 1293, signal 105097/130244 (executing program) 2025/09/01 12:24:33 fetching corpus: 1343, signal 106533/132242 (executing program) 2025/09/01 12:24:33 fetching corpus: 1393, signal 107883/134121 (executing program) 2025/09/01 12:24:33 fetching corpus: 1443, signal 108747/135593 (executing program) 2025/09/01 12:24:33 fetching corpus: 1493, signal 110235/137496 (executing program) 2025/09/01 12:24:33 fetching corpus: 1543, signal 111869/139492 (executing program) 2025/09/01 12:24:33 fetching corpus: 1593, signal 112395/140726 (executing program) 2025/09/01 12:24:33 fetching corpus: 1643, signal 113259/142191 (executing program) 2025/09/01 12:24:33 fetching corpus: 1693, signal 114173/143679 (executing program) 2025/09/01 12:24:33 fetching corpus: 1743, signal 115699/145523 (executing program) 2025/09/01 12:24:33 fetching corpus: 1793, signal 116563/146914 (executing program) 2025/09/01 12:24:33 fetching corpus: 1843, signal 117601/148359 (executing program) 2025/09/01 12:24:34 fetching corpus: 1893, signal 118961/150017 (executing program) 2025/09/01 12:24:34 fetching corpus: 1943, signal 120236/151564 (executing program) 2025/09/01 12:24:34 fetching corpus: 1993, signal 121288/152948 (executing program) 2025/09/01 12:24:34 fetching corpus: 2043, signal 122693/154481 (executing program) 2025/09/01 12:24:34 fetching corpus: 2091, signal 123259/155530 (executing program) 2025/09/01 12:24:34 fetching corpus: 2141, signal 125366/157487 (executing program) 2025/09/01 12:24:34 fetching corpus: 2191, signal 126293/158685 (executing program) 2025/09/01 12:24:34 fetching corpus: 2241, signal 126904/159744 (executing program) 2025/09/01 12:24:34 fetching corpus: 2291, signal 127868/160957 (executing program) 2025/09/01 12:24:34 fetching corpus: 2341, signal 128623/162108 (executing program) 2025/09/01 12:24:34 fetching corpus: 2391, signal 129254/163116 (executing program) 2025/09/01 12:24:35 fetching corpus: 2441, signal 130500/164379 (executing program) 2025/09/01 12:24:35 fetching corpus: 2491, signal 131089/165373 (executing program) 2025/09/01 12:24:35 fetching corpus: 2541, signal 131874/166446 (executing program) 2025/09/01 12:24:35 fetching corpus: 2591, signal 132511/167429 (executing program) 2025/09/01 12:24:35 fetching corpus: 2640, signal 133303/168385 (executing program) 2025/09/01 12:24:35 fetching corpus: 2690, signal 134219/169402 (executing program) 2025/09/01 12:24:35 fetching corpus: 2740, signal 134918/170317 (executing program) 2025/09/01 12:24:35 fetching corpus: 2790, signal 135459/171174 (executing program) 2025/09/01 12:24:35 fetching corpus: 2840, signal 136103/172069 (executing program) 2025/09/01 12:24:35 fetching corpus: 2890, signal 136602/172888 (executing program) 2025/09/01 12:24:35 fetching corpus: 2940, signal 137053/173679 (executing program) 2025/09/01 12:24:35 fetching corpus: 2989, signal 137583/174469 (executing program) 2025/09/01 12:24:36 fetching corpus: 3039, signal 138347/175354 (executing program) 2025/09/01 12:24:36 fetching corpus: 3089, signal 138903/176169 (executing program) 2025/09/01 12:24:36 fetching corpus: 3139, signal 139621/177011 (executing program) 2025/09/01 12:24:36 fetching corpus: 3189, signal 140302/177789 (executing program) 2025/09/01 12:24:36 fetching corpus: 3239, signal 141008/178545 (executing program) 2025/09/01 12:24:36 fetching corpus: 3288, signal 141464/179263 (executing program) 2025/09/01 12:24:36 fetching corpus: 3338, signal 142319/180108 (executing program) 2025/09/01 12:24:36 fetching corpus: 3388, signal 143151/180937 (executing program) 2025/09/01 12:24:36 fetching corpus: 3438, signal 143833/181710 (executing program) 2025/09/01 12:24:36 fetching corpus: 3488, signal 144240/182388 (executing program) 2025/09/01 12:24:36 fetching corpus: 3538, signal 144739/183019 (executing program) 2025/09/01 12:24:36 fetching corpus: 3588, signal 145210/183636 (executing program) 2025/09/01 12:24:36 fetching corpus: 3638, signal 145954/184338 (executing program) 2025/09/01 12:24:37 fetching corpus: 3688, signal 146510/185022 (executing program) 2025/09/01 12:24:37 fetching corpus: 3738, signal 147197/185758 (executing program) 2025/09/01 12:24:37 fetching corpus: 3788, signal 147990/186418 (executing program) 2025/09/01 12:24:37 fetching corpus: 3837, signal 148697/187064 (executing program) 2025/09/01 12:24:37 fetching corpus: 3887, signal 149824/187816 (executing program) 2025/09/01 12:24:37 fetching corpus: 3937, signal 150309/188408 (executing program) 2025/09/01 12:24:37 fetching corpus: 3987, signal 150719/188929 (executing program) 2025/09/01 12:24:37 fetching corpus: 4037, signal 151219/189514 (executing program) 2025/09/01 12:24:37 fetching corpus: 4087, signal 151793/190091 (executing program) 2025/09/01 12:24:37 fetching corpus: 4137, signal 152910/190724 (executing program) 2025/09/01 12:24:38 fetching corpus: 4187, signal 153891/191310 (executing program) 2025/09/01 12:24:38 fetching corpus: 4237, signal 154340/191801 (executing program) 2025/09/01 12:24:38 fetching corpus: 4286, signal 154772/192313 (executing program) 2025/09/01 12:24:38 fetching corpus: 4336, signal 155132/192820 (executing program) 2025/09/01 12:24:38 fetching corpus: 4386, signal 155609/193254 (executing program) 2025/09/01 12:24:38 fetching corpus: 4436, signal 156058/193724 (executing program) 2025/09/01 12:24:38 fetching corpus: 4486, signal 156441/194198 (executing program) 2025/09/01 12:24:38 fetching corpus: 4536, signal 156951/194699 (executing program) 2025/09/01 12:24:38 fetching corpus: 4586, signal 157250/195116 (executing program) 2025/09/01 12:24:38 fetching corpus: 4634, signal 157641/195566 (executing program) 2025/09/01 12:24:39 fetching corpus: 4683, signal 158135/195972 (executing program) 2025/09/01 12:24:39 fetching corpus: 4732, signal 158581/196396 (executing program) 2025/09/01 12:24:39 fetching corpus: 4782, signal 158968/196819 (executing program) 2025/09/01 12:24:39 fetching corpus: 4832, signal 159521/196852 (executing program) 2025/09/01 12:24:39 fetching corpus: 4882, signal 159889/196874 (executing program) 2025/09/01 12:24:39 fetching corpus: 4932, signal 160336/196891 (executing program) 2025/09/01 12:24:39 fetching corpus: 4982, signal 160658/196909 (executing program) 2025/09/01 12:24:39 fetching corpus: 5031, signal 161005/196919 (executing program) 2025/09/01 12:24:39 fetching corpus: 5081, signal 161440/196920 (executing program) 2025/09/01 12:24:39 fetching corpus: 5131, signal 161886/196923 (executing program) 2025/09/01 12:24:40 fetching corpus: 5181, signal 162218/196936 (executing program) 2025/09/01 12:24:40 fetching corpus: 5231, signal 162740/196950 (executing program) 2025/09/01 12:24:40 fetching corpus: 5281, signal 163080/196950 (executing program) 2025/09/01 12:24:40 fetching corpus: 5331, signal 163649/196972 (executing program) 2025/09/01 12:24:40 fetching corpus: 5379, signal 163963/196993 (executing program) 2025/09/01 12:24:40 fetching corpus: 5429, signal 164454/197014 (executing program) 2025/09/01 12:24:40 fetching corpus: 5479, signal 164822/197019 (executing program) 2025/09/01 12:24:40 fetching corpus: 5528, signal 165219/197025 (executing program) 2025/09/01 12:24:40 fetching corpus: 5578, signal 166771/197041 (executing program) 2025/09/01 12:24:40 fetching corpus: 5628, signal 167057/197057 (executing program) 2025/09/01 12:24:40 fetching corpus: 5678, signal 167775/197066 (executing program) 2025/09/01 12:24:41 fetching corpus: 5728, signal 168307/197098 (executing program) 2025/09/01 12:24:41 fetching corpus: 5778, signal 168750/197108 (executing program) 2025/09/01 12:24:41 fetching corpus: 5828, signal 169042/197130 (executing program) 2025/09/01 12:24:41 fetching corpus: 5878, signal 169329/197143 (executing program) 2025/09/01 12:24:41 fetching corpus: 5928, signal 170143/197192 (executing program) 2025/09/01 12:24:41 fetching corpus: 5978, signal 170527/197192 (executing program) 2025/09/01 12:24:41 fetching corpus: 6028, signal 171086/197196 (executing program) 2025/09/01 12:24:41 fetching corpus: 6077, signal 171376/197204 (executing program) 2025/09/01 12:24:41 fetching corpus: 6127, signal 171804/197235 (executing program) 2025/09/01 12:24:41 fetching corpus: 6177, signal 172208/197245 (executing program) 2025/09/01 12:24:41 fetching corpus: 6227, signal 172544/197260 (executing program) 2025/09/01 12:24:42 fetching corpus: 6277, signal 172788/197269 (executing program) 2025/09/01 12:24:42 fetching corpus: 6327, signal 173127/197272 (executing program) 2025/09/01 12:24:42 fetching corpus: 6377, signal 173495/197280 (executing program) 2025/09/01 12:24:42 fetching corpus: 6427, signal 174059/197284 (executing program) 2025/09/01 12:24:42 fetching corpus: 6477, signal 174337/197284 (executing program) 2025/09/01 12:24:42 fetching corpus: 6527, signal 174671/197285 (executing program) 2025/09/01 12:24:42 fetching corpus: 6576, signal 175014/197288 (executing program) 2025/09/01 12:24:42 fetching corpus: 6626, signal 175252/197290 (executing program) 2025/09/01 12:24:42 fetching corpus: 6676, signal 175727/197297 (executing program) 2025/09/01 12:24:42 fetching corpus: 6726, signal 175951/197304 (executing program) 2025/09/01 12:24:42 fetching corpus: 6776, signal 176282/197314 (executing program) 2025/09/01 12:24:42 fetching corpus: 6826, signal 176647/197318 (executing program) 2025/09/01 12:24:42 fetching corpus: 6876, signal 177113/197355 (executing program) 2025/09/01 12:24:43 fetching corpus: 6925, signal 177482/197355 (executing program) 2025/09/01 12:24:43 fetching corpus: 6975, signal 177891/197359 (executing program) 2025/09/01 12:24:43 fetching corpus: 7025, signal 178234/197360 (executing program) 2025/09/01 12:24:43 fetching corpus: 7074, signal 178513/197363 (executing program) 2025/09/01 12:24:43 fetching corpus: 7124, signal 178825/197368 (executing program) 2025/09/01 12:24:43 fetching corpus: 7174, signal 179282/197386 (executing program) 2025/09/01 12:24:43 fetching corpus: 7224, signal 179495/197386 (executing program) 2025/09/01 12:24:43 fetching corpus: 7274, signal 179785/197396 (executing program) 2025/09/01 12:24:43 fetching corpus: 7324, signal 180068/197424 (executing program) 2025/09/01 12:24:43 fetching corpus: 7374, signal 180363/197427 (executing program) 2025/09/01 12:24:43 fetching corpus: 7424, signal 180614/197438 (executing program) 2025/09/01 12:24:43 fetching corpus: 7474, signal 180987/197488 (executing program) 2025/09/01 12:24:44 fetching corpus: 7524, signal 181402/197555 (executing program) 2025/09/01 12:24:44 fetching corpus: 7574, signal 181731/197574 (executing program) 2025/09/01 12:24:44 fetching corpus: 7624, signal 183467/197575 (executing program) 2025/09/01 12:24:44 fetching corpus: 7674, signal 183697/197577 (executing program) 2025/09/01 12:24:44 fetching corpus: 7724, signal 184028/197583 (executing program) 2025/09/01 12:24:44 fetching corpus: 7774, signal 184380/197619 (executing program) 2025/09/01 12:24:44 fetching corpus: 7823, signal 184660/197619 (executing program) 2025/09/01 12:24:44 fetching corpus: 7873, signal 184932/197637 (executing program) 2025/09/01 12:24:44 fetching corpus: 7923, signal 185283/197642 (executing program) 2025/09/01 12:24:44 fetching corpus: 7972, signal 185506/197649 (executing program) 2025/09/01 12:24:44 fetching corpus: 8021, signal 185764/197653 (executing program) 2025/09/01 12:24:44 fetching corpus: 8071, signal 186011/197659 (executing program) 2025/09/01 12:24:45 fetching corpus: 8121, signal 186202/197665 (executing program) 2025/09/01 12:24:45 fetching corpus: 8171, signal 186441/197713 (executing program) 2025/09/01 12:24:45 fetching corpus: 8221, signal 186701/197716 (executing program) 2025/09/01 12:24:45 fetching corpus: 8270, signal 186974/197716 (executing program) 2025/09/01 12:24:45 fetching corpus: 8320, signal 187185/197719 (executing program) 2025/09/01 12:24:45 fetching corpus: 8370, signal 187393/197727 (executing program) 2025/09/01 12:24:45 fetching corpus: 8419, signal 187613/197730 (executing program) 2025/09/01 12:24:45 fetching corpus: 8468, signal 187996/197775 (executing program) 2025/09/01 12:24:45 fetching corpus: 8518, signal 188306/197777 (executing program) 2025/09/01 12:24:45 fetching corpus: 8567, signal 188570/197786 (executing program) 2025/09/01 12:24:45 fetching corpus: 8617, signal 188803/197799 (executing program) 2025/09/01 12:24:45 fetching corpus: 8666, signal 189034/197805 (executing program) 2025/09/01 12:24:45 fetching corpus: 8716, signal 189277/197806 (executing program) 2025/09/01 12:24:46 fetching corpus: 8766, signal 189500/197810 (executing program) 2025/09/01 12:24:46 fetching corpus: 8816, signal 189832/197833 (executing program) 2025/09/01 12:24:46 fetching corpus: 8866, signal 190060/197853 (executing program) 2025/09/01 12:24:46 fetching corpus: 8915, signal 190331/197860 (executing program) 2025/09/01 12:24:46 fetching corpus: 8965, signal 190545/197876 (executing program) 2025/09/01 12:24:46 fetching corpus: 9015, signal 190735/197879 (executing program) 2025/09/01 12:24:46 fetching corpus: 9065, signal 191040/197907 (executing program) 2025/09/01 12:24:46 fetching corpus: 9115, signal 191309/197907 (executing program) 2025/09/01 12:24:46 fetching corpus: 9165, signal 192056/197914 (executing program) 2025/09/01 12:24:46 fetching corpus: 9215, signal 192329/197916 (executing program) 2025/09/01 12:24:46 fetching corpus: 9265, signal 192631/197922 (executing program) 2025/09/01 12:24:47 fetching corpus: 9315, signal 192950/197933 (executing program) 2025/09/01 12:24:47 fetching corpus: 9365, signal 193411/197939 (executing program) 2025/09/01 12:24:47 fetching corpus: 9415, signal 193722/197940 (executing program) 2025/09/01 12:24:47 fetching corpus: 9465, signal 193967/197951 (executing program) 2025/09/01 12:24:47 fetching corpus: 9515, signal 194555/197966 (executing program) 2025/09/01 12:24:47 fetching corpus: 9543, signal 194694/197968 (executing program) 2025/09/01 12:24:47 fetching corpus: 9543, signal 194694/197968 (executing program) 2025/09/01 12:24:49 starting 8 fuzzer processes 12:24:49 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x18, 0x0, 0x1300) 12:24:49 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSERGETLSR(r0, 0x541e, 0x0) 12:24:49 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCGETS2(r0, 0x5457, &(0x7f0000000080)) 12:24:49 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001ec0), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000001f00)) 12:24:49 executing program 3: syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f0000000200)={0x8}, 0x0, 0x0, &(0x7f0000000300), 0x0) 12:24:49 executing program 4: sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000e00), 0x0, 0x0) 12:24:49 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) link(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') 12:24:49 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) [ 88.292188] audit: type=1400 audit(1756729489.539:7): avc: denied { execmem } for pid=274 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 89.542158] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.544649] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.547858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.550148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.557526] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.560660] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.561271] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.562942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.569661] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.570059] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.573300] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.575080] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.577156] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.578260] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.598223] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.599571] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.601098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.602522] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.615162] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.615420] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.618227] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.619090] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.620597] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.632276] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.637688] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.638929] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.640742] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.642474] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.645179] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.647708] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.650405] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.652525] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.654038] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.657508] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.659651] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.661152] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.668032] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.670749] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.688282] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.697605] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 91.630463] Bluetooth: hci0: command tx timeout [ 91.693964] Bluetooth: hci5: command tx timeout [ 91.694942] Bluetooth: hci3: command tx timeout [ 91.694958] Bluetooth: hci2: command tx timeout [ 91.695032] Bluetooth: hci1: command tx timeout [ 91.757936] Bluetooth: hci7: command tx timeout [ 91.758689] Bluetooth: hci6: command tx timeout [ 91.758714] Bluetooth: hci4: command tx timeout [ 93.678981] Bluetooth: hci0: command tx timeout [ 93.741983] Bluetooth: hci1: command tx timeout [ 93.742049] Bluetooth: hci3: command tx timeout [ 93.742370] Bluetooth: hci2: command tx timeout [ 93.742778] Bluetooth: hci5: command tx timeout [ 93.805863] Bluetooth: hci6: command tx timeout [ 93.806278] Bluetooth: hci7: command tx timeout [ 93.806966] Bluetooth: hci4: command tx timeout [ 95.725983] Bluetooth: hci0: command tx timeout [ 95.789941] Bluetooth: hci5: command tx timeout [ 95.790347] Bluetooth: hci2: command tx timeout [ 95.790722] Bluetooth: hci1: command tx timeout [ 95.791404] Bluetooth: hci3: command tx timeout [ 95.853978] Bluetooth: hci4: command tx timeout [ 95.854388] Bluetooth: hci7: command tx timeout [ 95.854420] Bluetooth: hci6: command tx timeout [ 97.773916] Bluetooth: hci0: command tx timeout [ 97.837963] Bluetooth: hci1: command tx timeout [ 97.838064] Bluetooth: hci3: command tx timeout [ 97.838342] Bluetooth: hci2: command tx timeout [ 97.838749] Bluetooth: hci5: command tx timeout [ 97.902980] Bluetooth: hci4: command tx timeout [ 97.903390] Bluetooth: hci6: command tx timeout [ 97.903419] Bluetooth: hci7: command tx timeout [ 126.327900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.328570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.522341] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.523362] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.964562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.965298] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:25:28 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) link(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') [ 127.160376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 12:25:28 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) link(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') [ 127.161159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.267220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.267872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:25:28 executing program 5: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) link(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') 12:25:28 executing program 5: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) [ 127.398354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.398970] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:25:28 executing program 5: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 12:25:28 executing program 3: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 12:25:28 executing program 5: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 12:25:28 executing program 3: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) [ 127.800127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.800746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.846701] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.847337] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.714294] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.714942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.803484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.804076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.173398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.174098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.225858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.226435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.677648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.678409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.739432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.740500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.741463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.742102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.771124] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.771699] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:25:31 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x18, 0x0, 0x1300) 12:25:31 executing program 5: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 12:25:31 executing program 3: r0 = syz_io_uring_setup(0x3a2d, &(0x7f0000000000), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000000c0), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000300), 0x500) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 12:25:31 executing program 7: socketpair(0xa, 0x3, 0xff, &(0x7f0000000380)) 12:25:31 executing program 4: r0 = syz_io_uring_setup(0x4e0b, &(0x7f0000001780), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000001800), &(0x7f0000001840)) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x19, 0x8, 0x0) 12:25:31 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) 12:25:31 executing program 6: syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) 12:25:31 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001ec0), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000001f00)) [ 129.920100] audit: type=1400 audit(1756729531.163:8): avc: denied { open } for pid=3914 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.927647] audit: type=1400 audit(1756729531.164:9): avc: denied { kernel } for pid=3914 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.951130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.954380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 12:25:31 executing program 7: r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x0) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) rmdir(&(0x7f0000000040)='./file0\x00') [ 130.469123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.472047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 12:25:31 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x18, 0x0, 0x1300) 12:25:31 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001ec0), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000001f00)) 12:25:31 executing program 6: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x14, 0x14, 0x1}, 0x14}}, 0x0) 12:25:31 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) 12:25:31 executing program 3: setgroups(0xfffffffffffffd7b, 0x0) 12:25:31 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/raw\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="b3530000000000000000190000000c00018008000100", @ANYRES32=r0], 0x20}}, 0x0) 12:25:31 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/locks\x00', 0x0, 0x0) pread64(r1, &(0x7f0000000140)=""/187, 0xbb, 0x0) 12:25:31 executing program 7: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='./file1\x00') lchown(&(0x7f0000000140)='./file1\x00', 0xffffffffffffffff, 0xee01) [ 130.528259] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 130.529166] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 130.529820] CPU: 0 UID: 0 PID: 3945 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 130.531078] Tainted: [W]=WARN [ 130.531517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.533051] RIP: 0010:perf_tp_event+0x175/0xe70 [ 130.533872] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 130.537276] RSP: 0018:ffff888048447780 EFLAGS: 00010012 [ 130.538627] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90001092000 [ 130.539151] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 130.539717] RBP: ffff8880484479f0 R08: ffff88806ce31340 R09: ffffe8ffffc15a30 [ 130.540280] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 130.540855] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 130.541416] FS: 00007f9ab671d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 130.542053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.542513] CR2: 00007f9ab92bb018 CR3: 000000000d777000 CR4: 0000000000350ef0 [ 130.543074] Call Trace: [ 130.543282] [ 130.543468] ? __pfx_perf_tp_event+0x10/0x10 [ 130.543830] ? lock_acquire+0x15e/0x2f0 [ 130.544150] ? __is_insn_slot_addr+0x2e/0x290 [ 130.544529] ? find_held_lock+0x2b/0x80 [ 130.544857] ? __is_insn_slot_addr+0x136/0x290 [ 130.545231] ? lock_release+0xc8/0x290 [ 130.545544] ? __is_insn_slot_addr+0x140/0x290 [ 130.545919] ? kernel_text_address+0x5b/0xc0 [ 130.546273] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 130.546716] ? __kernel_text_address+0xd/0x40 [ 130.547078] ? unwind_get_return_address+0x59/0xa0 [ 130.547476] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 130.547910] ? arch_stack_walk+0x9c/0xf0 [ 130.548237] ? perf_trace_run_bpf_submit+0xef/0x180 [ 130.548648] perf_trace_run_bpf_submit+0xef/0x180 [ 130.549042] perf_trace_preemptirq_template+0x259/0x430 [ 130.549471] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 130.549913] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 130.550376] ? __pfx___resched_curr+0x10/0x10 [ 130.550742] ? find_held_lock+0x2b/0x80 [ 130.551070] ? try_to_wake_up+0x8ae/0x11d0 [ 130.551414] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 130.551826] trace_irq_enable.constprop.0+0xa6/0x100 [ 130.552228] trace_hardirqs_on+0x26/0x40 [ 130.552564] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 130.552960] try_to_wake_up+0x8ae/0x11d0 [ 130.553291] ? __pfx_try_to_wake_up+0x10/0x10 [ 130.553653] ? plist_del+0x122/0x270 [ 130.553955] ? find_held_lock+0x2b/0x80 [ 130.554279] ? futex_wake+0x474/0x540 [ 130.554593] wake_up_q+0xa1/0x130 [ 130.554880] futex_wake+0x47e/0x540 [ 130.555175] ? __pfx_futex_wake+0x10/0x10 [ 130.555512] ? kmem_cache_free+0x2a1/0x540 [ 130.555850] ? fd_install+0x1d8/0x660 [ 130.556154] ? putname.part.0+0x11b/0x160 [ 130.556509] do_futex+0x26d/0x370 [ 130.556794] ? __pfx_do_futex+0x10/0x10 [ 130.557116] __x64_sys_futex+0x1c9/0x4d0 [ 130.557448] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 130.557912] ? __x64_sys_openat+0x142/0x200 [ 130.558260] ? __pfx___x64_sys_futex+0x10/0x10 [ 130.558627] do_syscall_64+0xbf/0x360 [ 130.558937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.559344] RIP: 0033:0x7f9ab91a7b19 [ 130.559643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.561078] RSP: 002b:00007f9ab671d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.561678] RAX: ffffffffffffffda RBX: 00007f9ab92baf68 RCX: 00007f9ab91a7b19 [ 130.562238] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9ab92baf6c [ 130.562799] RBP: 00007f9ab92baf60 R08: 000000000000000e R09: 0000000000000000 [ 130.563359] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f9ab92baf6c [ 130.563926] R13: 00007ffd799669ff R14: 00007f9ab671d300 R15: 0000000000022000 [ 130.564497] [ 130.564687] Modules linked in: [ 130.564950] ---[ end trace 0000000000000000 ]--- [ 130.565324] RIP: 0010:perf_tp_event+0x175/0xe70 [ 130.565705] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 130.567126] RSP: 0018:ffff888048447780 EFLAGS: 00010012 [ 130.567547] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90001092000 [ 130.568106] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 12:25:31 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001ec0), 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000001f00)) [ 130.568673] RBP: ffff8880484479f0 R08: ffff88806ce31340 R09: ffffe8ffffc15a30 [ 130.569374] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 130.569940] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 130.570501] FS: 00007f9ab671d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 130.571141] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.571600] CR2: 00007f9ab92bb018 CR3: 000000000d777000 CR4: 0000000000350ef0 [ 130.572162] note: syz-executor.5[3945] exited with irqs disabled [ 130.572704] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 130.573587] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 130.574269] CPU: 0 UID: 0 PID: 3945 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 130.575208] Tainted: [D]=DIE, [W]=WARN [ 130.575513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.576156] RIP: 0010:perf_tp_event+0x175/0xe70 [ 130.576549] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 130.577977] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 130.578396] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 130.578954] RDX: ffff888018570000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 130.579512] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15a30 [ 130.580075] R10: 0000000000000000 R11: ffff88800dfdfc98 R12: dffffc0000000000 [ 130.580640] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 130.581205] FS: 00007f9ab671d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 130.581840] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 12:25:31 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/raw\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="b3530000000000000000190000000c00018008000100", @ANYRES32=r0], 0x20}}, 0x0) [ 130.582339] CR2: 00007f9ab92bb018 CR3: 000000000d777000 CR4: 0000000000350ef0 [ 130.582867] Call Trace: [ 130.583061] [ 130.583230] ? __pfx_perf_tp_event+0x10/0x10 [ 130.583569] ? enqueue_task_fair+0xded/0x1e00 [ 130.583911] ? check_preempt_wakeup_fair+0x6e/0x950 [ 130.584284] ? wakeup_preempt+0x140/0x2a0 [ 130.584603] ? lock_release+0x1c7/0x290 [ 130.584904] ? lock_release+0x1c7/0x290 [ 130.585204] ? do_raw_spin_unlock+0x53/0x220 [ 130.585542] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 130.585925] ? try_to_wake_up+0x8ae/0x11d0 [ 130.586247] ? do_raw_spin_lock+0x123/0x260 [ 130.586574] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 130.586930] ? perf_trace_run_bpf_submit+0xef/0x180 [ 130.587307] perf_trace_run_bpf_submit+0xef/0x180 [ 130.587679] perf_trace_preemptirq_template+0x259/0x430 [ 130.588075] ? read_tsc+0x9/0x20 [ 130.588339] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 130.588776] ? clockevents_program_event+0x135/0x360 [ 130.589160] ? tick_program_event+0xac/0x140 [ 130.589490] ? handle_softirqs+0x16e/0x770 [ 130.589814] trace_irq_enable.constprop.0+0xa6/0x100 [ 130.590191] trace_hardirqs_on+0x26/0x40 [ 130.590495] handle_softirqs+0x16e/0x770 [ 130.590807] __irq_exit_rcu+0xc4/0x100 [ 130.591108] irq_exit_rcu+0x9/0x20 [ 130.591376] sysvec_apic_timer_interrupt+0x70/0x80 [ 130.591749] [ 130.591921] [ 130.592093] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 130.592494] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 130.592845] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 130.594171] RSP: 0018:ffff888048447f28 EFLAGS: 00000246 [ 130.594564] RAX: 0000000000000001 RBX: ffff888018570000 RCX: ffffffff817c3ab6 [ 130.595088] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 130.595611] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 130.596134] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888018570000 [ 130.596661] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 130.597186] ? trace_irq_enable.constprop.0+0x26/0x100 [ 130.597574] ? make_task_dead+0x214/0x3b0 [ 130.597888] ? make_task_dead+0x214/0x3b0 [ 130.598200] ? do_syscall_64+0xbf/0x360 [ 130.598498] rewind_stack_and_make_dead+0x16/0x20 [ 130.598865] RIP: 0033:0x7f9ab91a7b19 [ 130.599141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.600473] RSP: 002b:00007f9ab671d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.601035] RAX: ffffffffffffffda RBX: 00007f9ab92baf68 RCX: 00007f9ab91a7b19 [ 130.601558] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9ab92baf6c [ 130.602081] RBP: 00007f9ab92baf60 R08: 000000000000000e R09: 0000000000000000 [ 130.602604] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f9ab92baf6c [ 130.603126] R13: 00007ffd799669ff R14: 00007f9ab671d300 R15: 0000000000022000 [ 130.603657] [ 130.603836] Modules linked in: [ 130.604078] ---[ end trace 0000000000000000 ]--- [ 130.604430] RIP: 0010:perf_tp_event+0x175/0xe70 [ 130.604787] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 130.606108] RSP: 0018:ffff888048447780 EFLAGS: 00010012 [ 130.606500] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90001092000 [ 130.607029] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 130.607550] RBP: ffff8880484479f0 R08: ffff88806ce31340 R09: ffffe8ffffc15a30 [ 130.608074] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 130.608600] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 130.609123] FS: 00007f9ab671d700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 130.609712] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.610142] CR2: 00007f9ab92bb018 CR3: 000000000d777000 CR4: 0000000000350ef0 [ 130.610667] Kernel panic - not syncing: Fatal exception in interrupt [ 130.611334] Kernel Offset: disabled [ 130.611606] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:25:31 Registers: info registers vcpu 0 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888048447070 R8 =0000000000000000 R9 =ffffed10015fd046 R10=0000000000000035 R11=0000000065646f43 R12=0000000000000035 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f9ab671d700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f9ab92bb018 CR3=000000000d777000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f9ab928e7c000007f9ab928e7c8 XMM02=00007f9ab928e7e000007f9ab928e7c0 XMM03=00007f9ab928e7c800007f9ab928e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff88800d7a0780 RBX=ffff88800c0d23e0 RCX=ffff88800d59f520 RDX=ffff88800d4023e8 RSI=ffff88800d59f500 RDI=0000000000000000 RBP=ffff888046b2c6f0 RSP=ffff888016147cb8 R8 =0000000000000000 R9 =ffffed1002c28f89 R10=0000000000000003 R11=0000000000000000 R12=ffff88800d59f500 R13=0000000000000020 R14=0000000000000001 R15=0000000000000286 RIP=ffffffff81b36256 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa2b31728c0 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ce23000 CR3=000000000c3e5000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffff00000000000000000000 XMM02=000000000000307570632f302f716d2f XMM03=7269762f736563697665642f7379732f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00005612307e345000000002ffffffff XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000