Warning: Permanently added '[localhost]:17853' (ECDSA) to the list of known hosts. 2025/09/01 12:30:26 fuzzer started 2025/09/01 12:30:26 dialing manager at localhost:35473 syzkaller login: [ 51.718927] cgroup: Unknown subsys name 'net' [ 51.771215] cgroup: Unknown subsys name 'cpuset' [ 51.780321] cgroup: Unknown subsys name 'rlimit' 2025/09/01 12:30:37 syscalls: 2214 2025/09/01 12:30:37 code coverage: enabled 2025/09/01 12:30:37 comparison tracing: enabled 2025/09/01 12:30:37 extra coverage: enabled 2025/09/01 12:30:37 setuid sandbox: enabled 2025/09/01 12:30:37 namespace sandbox: enabled 2025/09/01 12:30:37 Android sandbox: enabled 2025/09/01 12:30:37 fault injection: enabled 2025/09/01 12:30:37 leak checking: enabled 2025/09/01 12:30:37 net packet injection: enabled 2025/09/01 12:30:37 net device setup: enabled 2025/09/01 12:30:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 12:30:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 12:30:37 USB emulation: enabled 2025/09/01 12:30:37 hci packet injection: enabled 2025/09/01 12:30:37 wifi device emulation: enabled 2025/09/01 12:30:37 802.15.4 emulation: enabled 2025/09/01 12:30:37 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 12:30:37 fetching corpus: 50, signal 27573/30990 (executing program) 2025/09/01 12:30:37 fetching corpus: 100, signal 37749/42612 (executing program) 2025/09/01 12:30:37 fetching corpus: 150, signal 42917/49195 (executing program) 2025/09/01 12:30:37 fetching corpus: 200, signal 48224/55807 (executing program) 2025/09/01 12:30:37 fetching corpus: 250, signal 55913/64481 (executing program) 2025/09/01 12:30:37 fetching corpus: 300, signal 62062/71527 (executing program) 2025/09/01 12:30:38 fetching corpus: 350, signal 66195/76691 (executing program) 2025/09/01 12:30:38 fetching corpus: 400, signal 70445/81921 (executing program) 2025/09/01 12:30:38 fetching corpus: 450, signal 73642/86081 (executing program) 2025/09/01 12:30:38 fetching corpus: 500, signal 77113/90405 (executing program) 2025/09/01 12:30:38 fetching corpus: 550, signal 80309/94445 (executing program) 2025/09/01 12:30:38 fetching corpus: 600, signal 82074/97136 (executing program) 2025/09/01 12:30:38 fetching corpus: 650, signal 83617/99593 (executing program) 2025/09/01 12:30:38 fetching corpus: 700, signal 85130/102064 (executing program) 2025/09/01 12:30:38 fetching corpus: 750, signal 87026/104791 (executing program) 2025/09/01 12:30:38 fetching corpus: 800, signal 88228/106903 (executing program) 2025/09/01 12:30:38 fetching corpus: 850, signal 90260/109690 (executing program) 2025/09/01 12:30:39 fetching corpus: 900, signal 91736/111976 (executing program) 2025/09/01 12:30:39 fetching corpus: 950, signal 92900/114007 (executing program) 2025/09/01 12:30:39 fetching corpus: 1000, signal 95106/116801 (executing program) 2025/09/01 12:30:39 fetching corpus: 1050, signal 96768/119117 (executing program) 2025/09/01 12:30:39 fetching corpus: 1100, signal 98672/121611 (executing program) 2025/09/01 12:30:39 fetching corpus: 1150, signal 100086/123694 (executing program) 2025/09/01 12:30:39 fetching corpus: 1200, signal 103127/126937 (executing program) 2025/09/01 12:30:39 fetching corpus: 1250, signal 104712/129165 (executing program) 2025/09/01 12:30:39 fetching corpus: 1300, signal 105764/130831 (executing program) 2025/09/01 12:30:39 fetching corpus: 1350, signal 106899/132551 (executing program) 2025/09/01 12:30:39 fetching corpus: 1400, signal 108083/134319 (executing program) 2025/09/01 12:30:39 fetching corpus: 1450, signal 109326/136038 (executing program) 2025/09/01 12:30:40 fetching corpus: 1500, signal 110260/137590 (executing program) 2025/09/01 12:30:40 fetching corpus: 1550, signal 110855/138876 (executing program) 2025/09/01 12:30:40 fetching corpus: 1600, signal 111734/140349 (executing program) 2025/09/01 12:30:40 fetching corpus: 1650, signal 113493/142337 (executing program) 2025/09/01 12:30:40 fetching corpus: 1700, signal 114484/143826 (executing program) 2025/09/01 12:30:40 fetching corpus: 1750, signal 115806/145524 (executing program) 2025/09/01 12:30:40 fetching corpus: 1800, signal 116698/146935 (executing program) 2025/09/01 12:30:40 fetching corpus: 1850, signal 117868/148529 (executing program) 2025/09/01 12:30:40 fetching corpus: 1900, signal 119027/150000 (executing program) 2025/09/01 12:30:40 fetching corpus: 1950, signal 120089/151465 (executing program) 2025/09/01 12:30:40 fetching corpus: 2000, signal 120930/152739 (executing program) 2025/09/01 12:30:41 fetching corpus: 2050, signal 121590/153890 (executing program) 2025/09/01 12:30:41 fetching corpus: 2100, signal 123247/155584 (executing program) 2025/09/01 12:30:41 fetching corpus: 2150, signal 124268/156875 (executing program) 2025/09/01 12:30:41 fetching corpus: 2200, signal 125355/158197 (executing program) 2025/09/01 12:30:41 fetching corpus: 2250, signal 126249/159384 (executing program) 2025/09/01 12:30:41 fetching corpus: 2300, signal 126846/160442 (executing program) 2025/09/01 12:30:41 fetching corpus: 2350, signal 127972/161762 (executing program) 2025/09/01 12:30:41 fetching corpus: 2400, signal 128844/162938 (executing program) 2025/09/01 12:30:41 fetching corpus: 2450, signal 129337/163914 (executing program) 2025/09/01 12:30:41 fetching corpus: 2500, signal 130371/165087 (executing program) 2025/09/01 12:30:41 fetching corpus: 2550, signal 131656/166400 (executing program) 2025/09/01 12:30:41 fetching corpus: 2600, signal 132177/167330 (executing program) 2025/09/01 12:30:42 fetching corpus: 2650, signal 132723/168262 (executing program) 2025/09/01 12:30:42 fetching corpus: 2700, signal 133685/169366 (executing program) 2025/09/01 12:30:42 fetching corpus: 2750, signal 134528/170374 (executing program) 2025/09/01 12:30:42 fetching corpus: 2800, signal 135330/171347 (executing program) 2025/09/01 12:30:42 fetching corpus: 2850, signal 136000/172289 (executing program) 2025/09/01 12:30:42 fetching corpus: 2900, signal 136503/173134 (executing program) 2025/09/01 12:30:42 fetching corpus: 2950, signal 137429/174102 (executing program) 2025/09/01 12:30:42 fetching corpus: 3000, signal 138297/175046 (executing program) 2025/09/01 12:30:42 fetching corpus: 3050, signal 139031/175935 (executing program) 2025/09/01 12:30:42 fetching corpus: 3100, signal 139538/176729 (executing program) 2025/09/01 12:30:42 fetching corpus: 3150, signal 140125/177549 (executing program) 2025/09/01 12:30:43 fetching corpus: 3200, signal 140775/178361 (executing program) 2025/09/01 12:30:43 fetching corpus: 3250, signal 141694/179277 (executing program) 2025/09/01 12:30:43 fetching corpus: 3300, signal 142444/180079 (executing program) 2025/09/01 12:30:43 fetching corpus: 3350, signal 143021/180829 (executing program) 2025/09/01 12:30:43 fetching corpus: 3400, signal 144536/181835 (executing program) 2025/09/01 12:30:43 fetching corpus: 3450, signal 145241/182626 (executing program) 2025/09/01 12:30:43 fetching corpus: 3500, signal 145933/183297 (executing program) 2025/09/01 12:30:43 fetching corpus: 3550, signal 146400/183970 (executing program) 2025/09/01 12:30:43 fetching corpus: 3600, signal 146851/184617 (executing program) 2025/09/01 12:30:43 fetching corpus: 3650, signal 147832/185351 (executing program) 2025/09/01 12:30:43 fetching corpus: 3700, signal 148373/186004 (executing program) 2025/09/01 12:30:44 fetching corpus: 3750, signal 148921/186623 (executing program) 2025/09/01 12:30:44 fetching corpus: 3800, signal 149853/187394 (executing program) 2025/09/01 12:30:44 fetching corpus: 3850, signal 150327/188000 (executing program) 2025/09/01 12:30:44 fetching corpus: 3900, signal 150918/188622 (executing program) 2025/09/01 12:30:44 fetching corpus: 3950, signal 151378/189187 (executing program) 2025/09/01 12:30:44 fetching corpus: 4000, signal 152044/189794 (executing program) 2025/09/01 12:30:44 fetching corpus: 4050, signal 152643/190387 (executing program) 2025/09/01 12:30:44 fetching corpus: 4100, signal 153013/190903 (executing program) 2025/09/01 12:30:44 fetching corpus: 4150, signal 153565/191420 (executing program) 2025/09/01 12:30:44 fetching corpus: 4200, signal 154043/191949 (executing program) 2025/09/01 12:30:44 fetching corpus: 4250, signal 154453/192458 (executing program) 2025/09/01 12:30:44 fetching corpus: 4300, signal 154873/192929 (executing program) 2025/09/01 12:30:44 fetching corpus: 4350, signal 155831/193522 (executing program) 2025/09/01 12:30:45 fetching corpus: 4400, signal 156391/194002 (executing program) 2025/09/01 12:30:45 fetching corpus: 4450, signal 156687/194472 (executing program) 2025/09/01 12:30:45 fetching corpus: 4500, signal 157237/194900 (executing program) 2025/09/01 12:30:45 fetching corpus: 4550, signal 157729/195377 (executing program) 2025/09/01 12:30:45 fetching corpus: 4600, signal 158215/195830 (executing program) 2025/09/01 12:30:45 fetching corpus: 4650, signal 158638/196271 (executing program) 2025/09/01 12:30:45 fetching corpus: 4700, signal 159078/196674 (executing program) 2025/09/01 12:30:45 fetching corpus: 4750, signal 159768/197089 (executing program) 2025/09/01 12:30:45 fetching corpus: 4800, signal 160376/197585 (executing program) 2025/09/01 12:30:45 fetching corpus: 4850, signal 160827/197784 (executing program) 2025/09/01 12:30:46 fetching corpus: 4900, signal 161085/197788 (executing program) 2025/09/01 12:30:46 fetching corpus: 4950, signal 161518/197814 (executing program) 2025/09/01 12:30:46 fetching corpus: 5000, signal 161939/197818 (executing program) 2025/09/01 12:30:46 fetching corpus: 5050, signal 162317/197856 (executing program) 2025/09/01 12:30:46 fetching corpus: 5100, signal 162698/197888 (executing program) 2025/09/01 12:30:46 fetching corpus: 5150, signal 163121/197903 (executing program) 2025/09/01 12:30:46 fetching corpus: 5200, signal 163372/197908 (executing program) 2025/09/01 12:30:46 fetching corpus: 5250, signal 163956/197910 (executing program) 2025/09/01 12:30:46 fetching corpus: 5300, signal 164349/197922 (executing program) 2025/09/01 12:30:46 fetching corpus: 5350, signal 164756/197946 (executing program) 2025/09/01 12:30:46 fetching corpus: 5400, signal 165182/197952 (executing program) 2025/09/01 12:30:46 fetching corpus: 5450, signal 165570/197955 (executing program) 2025/09/01 12:30:46 fetching corpus: 5500, signal 165966/197958 (executing program) 2025/09/01 12:30:47 fetching corpus: 5550, signal 166535/197971 (executing program) 2025/09/01 12:30:47 fetching corpus: 5600, signal 166928/197974 (executing program) 2025/09/01 12:30:47 fetching corpus: 5650, signal 167242/197983 (executing program) 2025/09/01 12:30:47 fetching corpus: 5700, signal 167619/197987 (executing program) 2025/09/01 12:30:47 fetching corpus: 5750, signal 168188/197987 (executing program) 2025/09/01 12:30:47 fetching corpus: 5800, signal 168481/197988 (executing program) 2025/09/01 12:30:47 fetching corpus: 5850, signal 168792/197990 (executing program) 2025/09/01 12:30:47 fetching corpus: 5900, signal 169314/197995 (executing program) 2025/09/01 12:30:47 fetching corpus: 5950, signal 169652/198001 (executing program) 2025/09/01 12:30:47 fetching corpus: 6000, signal 170147/198017 (executing program) 2025/09/01 12:30:47 fetching corpus: 6050, signal 170418/198018 (executing program) 2025/09/01 12:30:48 fetching corpus: 6100, signal 170853/198031 (executing program) 2025/09/01 12:30:48 fetching corpus: 6150, signal 171384/198032 (executing program) 2025/09/01 12:30:48 fetching corpus: 6200, signal 171754/198032 (executing program) 2025/09/01 12:30:48 fetching corpus: 6250, signal 172093/198035 (executing program) 2025/09/01 12:30:48 fetching corpus: 6300, signal 172396/198048 (executing program) 2025/09/01 12:30:48 fetching corpus: 6350, signal 172882/198051 (executing program) 2025/09/01 12:30:48 fetching corpus: 6400, signal 173221/198051 (executing program) 2025/09/01 12:30:48 fetching corpus: 6450, signal 173496/198061 (executing program) 2025/09/01 12:30:48 fetching corpus: 6500, signal 173797/198065 (executing program) 2025/09/01 12:30:48 fetching corpus: 6550, signal 174126/198115 (executing program) 2025/09/01 12:30:48 fetching corpus: 6600, signal 174565/198116 (executing program) 2025/09/01 12:30:49 fetching corpus: 6650, signal 174978/198143 (executing program) 2025/09/01 12:30:49 fetching corpus: 6700, signal 175273/198146 (executing program) 2025/09/01 12:30:49 fetching corpus: 6750, signal 177154/198157 (executing program) 2025/09/01 12:30:49 fetching corpus: 6800, signal 177542/198185 (executing program) 2025/09/01 12:30:49 fetching corpus: 6850, signal 177939/198185 (executing program) 2025/09/01 12:30:49 fetching corpus: 6900, signal 178204/198195 (executing program) 2025/09/01 12:30:49 fetching corpus: 6950, signal 178478/198195 (executing program) 2025/09/01 12:30:49 fetching corpus: 7000, signal 178756/198199 (executing program) 2025/09/01 12:30:49 fetching corpus: 7050, signal 179536/198200 (executing program) 2025/09/01 12:30:49 fetching corpus: 7100, signal 179862/198224 (executing program) 2025/09/01 12:30:49 fetching corpus: 7150, signal 180182/198232 (executing program) 2025/09/01 12:30:49 fetching corpus: 7200, signal 180540/198254 (executing program) 2025/09/01 12:30:50 fetching corpus: 7250, signal 181095/198267 (executing program) 2025/09/01 12:30:50 fetching corpus: 7300, signal 181573/198269 (executing program) 2025/09/01 12:30:50 fetching corpus: 7350, signal 181921/198322 (executing program) 2025/09/01 12:30:50 fetching corpus: 7400, signal 182139/198324 (executing program) 2025/09/01 12:30:50 fetching corpus: 7450, signal 182457/198334 (executing program) 2025/09/01 12:30:50 fetching corpus: 7500, signal 182809/198334 (executing program) 2025/09/01 12:30:50 fetching corpus: 7550, signal 183148/198343 (executing program) 2025/09/01 12:30:50 fetching corpus: 7600, signal 183427/198347 (executing program) 2025/09/01 12:30:50 fetching corpus: 7650, signal 183710/198358 (executing program) 2025/09/01 12:30:50 fetching corpus: 7700, signal 184050/198360 (executing program) 2025/09/01 12:30:51 fetching corpus: 7750, signal 184283/198377 (executing program) 2025/09/01 12:30:51 fetching corpus: 7800, signal 184583/198382 (executing program) 2025/09/01 12:30:51 fetching corpus: 7850, signal 184878/198384 (executing program) 2025/09/01 12:30:51 fetching corpus: 7900, signal 185098/198393 (executing program) 2025/09/01 12:30:51 fetching corpus: 7950, signal 185414/198393 (executing program) 2025/09/01 12:30:51 fetching corpus: 8000, signal 185702/198404 (executing program) 2025/09/01 12:30:51 fetching corpus: 8050, signal 185919/198405 (executing program) 2025/09/01 12:30:51 fetching corpus: 8100, signal 186277/198412 (executing program) 2025/09/01 12:30:51 fetching corpus: 8150, signal 186622/198413 (executing program) 2025/09/01 12:30:51 fetching corpus: 8200, signal 186838/198415 (executing program) 2025/09/01 12:30:51 fetching corpus: 8250, signal 187067/198428 (executing program) 2025/09/01 12:30:51 fetching corpus: 8300, signal 187319/198429 (executing program) 2025/09/01 12:30:52 fetching corpus: 8350, signal 187546/198442 (executing program) 2025/09/01 12:30:52 fetching corpus: 8400, signal 187939/198442 (executing program) 2025/09/01 12:30:52 fetching corpus: 8450, signal 188192/198445 (executing program) 2025/09/01 12:30:52 fetching corpus: 8500, signal 188401/198449 (executing program) 2025/09/01 12:30:52 fetching corpus: 8550, signal 188590/198451 (executing program) 2025/09/01 12:30:52 fetching corpus: 8600, signal 188814/198451 (executing program) 2025/09/01 12:30:52 fetching corpus: 8650, signal 189020/198457 (executing program) 2025/09/01 12:30:52 fetching corpus: 8700, signal 189278/198458 (executing program) 2025/09/01 12:30:52 fetching corpus: 8750, signal 189577/198462 (executing program) 2025/09/01 12:30:52 fetching corpus: 8800, signal 189897/198476 (executing program) 2025/09/01 12:30:53 fetching corpus: 8850, signal 190170/198478 (executing program) 2025/09/01 12:30:53 fetching corpus: 8900, signal 190541/198490 (executing program) 2025/09/01 12:30:53 fetching corpus: 8950, signal 191055/198491 (executing program) 2025/09/01 12:30:53 fetching corpus: 9000, signal 191332/198495 (executing program) 2025/09/01 12:30:53 fetching corpus: 9050, signal 191636/198498 (executing program) 2025/09/01 12:30:53 fetching corpus: 9100, signal 192016/198498 (executing program) 2025/09/01 12:30:53 fetching corpus: 9150, signal 192412/198555 (executing program) 2025/09/01 12:30:53 fetching corpus: 9200, signal 192635/198561 (executing program) 2025/09/01 12:30:53 fetching corpus: 9250, signal 192909/198586 (executing program) 2025/09/01 12:30:53 fetching corpus: 9300, signal 193236/198586 (executing program) 2025/09/01 12:30:53 fetching corpus: 9350, signal 193478/198593 (executing program) 2025/09/01 12:30:54 fetching corpus: 9400, signal 193700/198600 (executing program) 2025/09/01 12:30:54 fetching corpus: 9450, signal 193980/198617 (executing program) 2025/09/01 12:30:54 fetching corpus: 9500, signal 194546/198617 (executing program) 2025/09/01 12:30:54 fetching corpus: 9550, signal 194739/198637 (executing program) 2025/09/01 12:30:54 fetching corpus: 9600, signal 195035/198649 (executing program) 2025/09/01 12:30:54 fetching corpus: 9650, signal 195294/198652 (executing program) 2025/09/01 12:30:54 fetching corpus: 9660, signal 195332/198654 (executing program) 2025/09/01 12:30:54 fetching corpus: 9660, signal 195332/198654 (executing program) 2025/09/01 12:30:57 starting 8 fuzzer processes 12:30:57 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002900), 0x0) open_by_handle_at(r0, &(0x7f0000000080)=@reiserfs_2={0x8}, 0x0) 12:30:57 executing program 2: syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0xfffffffffffffe5f, 0x0, 0x0, 0x0) setresuid(0x0, 0xee01, 0x0) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) 12:30:57 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00') writev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)="a0", 0x1}], 0x1) 12:30:57 executing program 3: syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$SEG6(&(0x7f0000000ec0), 0xffffffffffffffff) 12:30:57 executing program 4: fspick(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x0) 12:30:57 executing program 7: setresuid(0x0, 0xee01, 0x0) r0 = memfd_create(&(0x7f0000001a80)='\x00', 0x6) fchown(r0, 0x0, 0xffffffffffffffff) 12:30:57 executing program 5: keyctl$restrict_keyring(0x1d, 0xfffffffffffffffe, 0x0, 0x0) 12:30:57 executing program 6: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00') [ 82.040854] audit: type=1400 audit(1756729857.308:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 83.219668] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.222037] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.223863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.231465] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.234687] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.359733] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.365428] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.367003] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.371241] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.373193] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.422709] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.423957] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.429609] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.431416] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.434490] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.436806] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.441176] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 83.442878] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.446325] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 83.448911] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.454437] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 83.455902] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 83.458944] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 83.462430] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 83.468409] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.470429] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 83.472850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.474578] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.476461] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 83.480111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.482113] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 83.486855] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 83.499730] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.504604] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.506548] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 83.509356] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 83.510444] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 83.519108] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.532829] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 83.555640] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 85.312711] Bluetooth: hci0: command tx timeout [ 85.441210] Bluetooth: hci1: command tx timeout [ 85.568389] Bluetooth: hci2: command tx timeout [ 85.569059] Bluetooth: hci5: command tx timeout [ 85.570312] Bluetooth: hci4: command tx timeout [ 85.570761] Bluetooth: hci3: command tx timeout [ 85.571199] Bluetooth: hci7: command tx timeout [ 85.633323] Bluetooth: hci6: command tx timeout [ 87.361220] Bluetooth: hci0: command tx timeout [ 87.491062] Bluetooth: hci1: command tx timeout [ 87.618242] Bluetooth: hci7: command tx timeout [ 87.618789] Bluetooth: hci4: command tx timeout [ 87.619927] Bluetooth: hci2: command tx timeout [ 87.620460] Bluetooth: hci3: command tx timeout [ 87.620857] Bluetooth: hci5: command tx timeout [ 87.681184] Bluetooth: hci6: command tx timeout [ 89.408335] Bluetooth: hci0: command tx timeout [ 89.537220] Bluetooth: hci1: command tx timeout [ 89.665289] Bluetooth: hci2: command tx timeout [ 89.665696] Bluetooth: hci5: command tx timeout [ 89.666081] Bluetooth: hci3: command tx timeout [ 89.666912] Bluetooth: hci4: command tx timeout [ 89.667317] Bluetooth: hci7: command tx timeout [ 89.728292] Bluetooth: hci6: command tx timeout [ 91.457285] Bluetooth: hci0: command tx timeout [ 91.584255] Bluetooth: hci1: command tx timeout [ 91.712209] Bluetooth: hci4: command tx timeout [ 91.712694] Bluetooth: hci7: command tx timeout [ 91.713129] Bluetooth: hci3: command tx timeout [ 91.713601] Bluetooth: hci5: command tx timeout [ 91.714048] Bluetooth: hci2: command tx timeout [ 91.777174] Bluetooth: hci6: command tx timeout [ 120.089612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.090295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.257124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.258119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.346342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.346923] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.442075] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.442693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.532762] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.533952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:31:35 executing program 6: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00') [ 120.662983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.663585] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:31:35 executing program 6: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00') [ 120.705962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.706791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.710767] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.711431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:31:36 executing program 6: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00') 12:31:36 executing program 4: fspick(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x0) [ 120.761823] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.762397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:31:36 executing program 4: fspick(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x0) 12:31:36 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x19, 0x0, 0x0) 12:31:36 executing program 4: fspick(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x0) [ 120.841797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.842761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:31:36 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000240)=0x1, 0x4) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000040)) [ 120.890688] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.891411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.938031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.938739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.007456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.008021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.047494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.048084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.091531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.092386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.162838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.163443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.306066] audit: type=1400 audit(1756729896.573:8): avc: denied { open } for pid=3910 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.309161] audit: type=1400 audit(1756729896.573:9): avc: denied { kernel } for pid=3910 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 12:31:49 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00') writev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)="a0", 0x1}], 0x1) 12:31:49 executing program 4: syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) 12:31:49 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000240)=0x1, 0x4) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000040)) 12:31:49 executing program 3: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/pid\x00') mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x100000, 0x0, 0x0, {r0}}, 0x20) 12:31:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 12:31:49 executing program 7: setresuid(0x0, 0xee01, 0x0) r0 = memfd_create(&(0x7f0000001a80)='\x00', 0x6) fchown(r0, 0x0, 0xffffffffffffffff) 12:31:49 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002900), 0x0) open_by_handle_at(r0, &(0x7f0000000080)=@reiserfs_2={0x8}, 0x0) 12:31:49 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x10}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0) [ 134.325843] serio: Serial port ptm0 12:31:49 executing program 7: setresuid(0x0, 0xee01, 0x0) r0 = memfd_create(&(0x7f0000001a80)='\x00', 0x6) fchown(r0, 0x0, 0xffffffffffffffff) 12:31:49 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x400301, 0x0) mount_setattr(r0, &(0x7f0000000100)='./file0\x00', 0x1100, &(0x7f0000000140)={0x10000a, 0x84, 0x20000}, 0x20) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00') 12:31:49 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000010a00)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000004f0200000000024f252f4500000000000000000000000000000000000000000000000000000000000100000101000001000808001c0000000000001c18000000000000000000001a0000000022001e", 0x9f, 0x5471}, {&(0x7f0000002880)="ea", 0x1, 0xf000}, {&(0x7f0000000240)="eff614c35f9cd39349897ea9d20ace8b028dcd6a18c8ba9b030869e200365d704b270185ebbda029551afaae4010495e179a4626781da8e7ce130a8e988384cd91f5d9125959bd7ab153c1b941a5d5698d4c9ba5821224fc30070dd613ce3b82889f027dc447459de5f57cfff626542a843d835ac4af32f6c347d091544a84806a1fc7d2e36d9be11d337c3d979754cf654589ffd5493d1ade7b40c23e435abd331c39e426eccee23f0c1b0f1313ff582f9dfa6846ab8313ba46bd63bfe9c1a71e5b1622d2c68f8f870d1e3a90ffbc2a4f9340", 0xd3, 0x2}, {&(0x7f0000000340)="affab5ffe54696202fbebebf81f8c75e3cca69954c22cb3685f9c58066af20e177e30e84ad6a4a83f3b6b9625821915c2c5023b1f3aa1206c58aa1d49f9b677e080701e268bec38675a5b6b7c0af79d6091b82b59d4e36f08cb7c1dc220645714225f0056675990913ed1c9d79df9d1260d9378922bf6e48f6c7e40fb2f3990aad3beef031a7786a92a3d1bceab106a8efb063da5f1fc79dd5cd12c94521605734d1332fd9b28fb06249dca0ae8dd7ad78127fbb027fa817d1a8b090847e7ad92609231321791196cfee3e85f265fdd8e4edd446de8ae6076d8a025653f4fa30f8f92bfe631668cf2fac9d1f04df67a104d03feef315b4a4e91cbcc5a049311c5d5e5a7a8f3831a993727e054c25a53c92c77c045e741f8776ca29d76008003a5f0f8bc83d6f6e32624e61d03a68a833c3c218e1a80cca1dcc36b19928b0a5df7e9e0c2d153ecd9f8c7bc69f59a1896918617c66fd46b8741d5b38af2576bb2cf2f29df66a700011437e5219240ce840a79e16afec51f5041e2e611d25b3320d655449445d12b5830b5664b7a3fb7d17b47f45bc7b333546d4ab6c8b57edb9708aefe6c14aaa47c823c18ab2f29a3b5b0674e17c8df14dd6d6da6784887da1e13b119503899474822a2a026d0a35d13c9367aff97dafc6ac3c52016281236d0baef7bc0fc8662ae98531d247f439ea772fee207f28e853ec29f35bd016c8273732591ac36e5d357c76cd8958a7bd7dad5af5f6af49f57ebaa969bbbc202ba1e6ffd00ad6c29190586b9db6f7baa0151c4973238a206c0c689ba9f9e5e3f5ae659782abd988c767e1409efd4029afbdc31a0e9ec85864d10e45fc7b93fa36cd3864cd6062ad9366e733db1abaa7edd4f8f75c87e91936a6850b08ffb9c945ee5f24b622c41936d4e9bad890b93eb6105e5e89063cee6f187a0ead2a03530a79851fb561ae7b3fb9abec8a622c3ad1c4c28b0ca5840f819bd37fe49eadb8380b7d81f77a47f126fa60c3f378e163258f01bb729bb7c2f8dc6b4a0e3ab460a3407e778158e0a0f51959500d0eeb1387cb5cbb12d21c2f8f03ffb697fb176855901e48621ef931b899b53606930a5ded759f4ab1151d4217750625265d0ed62297a3b77d0817295b8c4da9e7efae211d0386d4d317e861a999fee36df30aebb4d00d16747187a0893c3c1438c8fec44b97b335d6709eee3d6b51fefd649e8a5acc1b2275892d018a0e6580c301c8b99f7360ffe0d2bed7cc1adcb25cb27ac2a82734088224c459876809d36cd93a217178b1223c97cbd1e454a0206b72b969e3968efd6bb71b7bbc0ea5f5d54d83a5dc7492e69c1b5ef433b4d606243a88a2f6fdb7b429030ff41093df51d2fec2b9a179b31c97a66699e72b198e25109d959632f55604b7f8c9777be8c1aec5ddafdebbf4fdbd3ed313d63ced04bd9966d9cdf7564ca2d31cc6775826c14149eeb1a4b196932adfabea7e8f70909e8a1c87ffcfb1b1dfb49eb1b7999f3127946844a75e2a0b667686c6ef08c89faa4a70d18f28b17d90e3e04f8b921e2fb5b4e843d62b00fb36f49a6ff37666307008dfc7eb82c90d509adffc24bae11f88550b5b070826101824d3237f44b7ce3c7f22f35a8672300ab794506725857969536d1bd7c470a72b0c453166f004b2cd51bd2fd0d60f34ce16209238c6953e1eac9b6927a6b19d9b3310804ccb53a1706847b97314d85f47ffc8f25b1be7b120dfe17577eff4133c121c459b959ee7508bc708a8019d693f5cc09d6dd1e5f21fde4e54a5f4917e5c41a568e2f18996ecb219e82963daa95f6cb913cd81287867e9d4379d908363f126e39e624ad70b5fee0226bd21328e0d72d0d2e5df5363087fee4117018b234d9777968e23e3ad6cdbf40b8426d6ac6347177cdf4959d6ae965ef89debe4c350ad1370528b49b62bcc1c3ed4f57463192f265308a8ac6cc47a66cd3c8bcd7a226dddf6712adf087d972b2df3abbfa3192f4d2eafccee9fbeeba140f6e05a4548f2183dea6508f26d733f21ebe5dae519b2adcf6da2043c7bcc1608c6830ce6a56d055efd8ac592a3bc36f63542c82626c9359a8eb14c17a33822e72cd314b93205d6950d38cd43649ba18a9cabf77638016ba4aea5690bc08aac39815a23da010a2da5f10df15065d94732eb34f2fc3578bc627787e75ee37058f55dbb4a77c5be61edc7a4874db2ef8ccb355444ac66001af331419ca90922a8a39f703eca34740bb8fdfe6e7874a61484730c5790da4660ee1277e592734a8bd3c7782494ea375aeeb8cd4d166f146f2bf0f43786976c738ac8794c8aff197ec1ef6b889e42c51aa4e278384bf7e002659dee3dac2fc11e9590105c069ce5dbd38c1eb7261a9ff63d37786b99ea2fbd3069a85eeb292942a4d00895bda756b6154dece011dab422a146d4d375455b93018b90915c8084692918dfaa4de7ae183efe5b52e04bfaedb4de46808996c62c7d6d9f041e70c6553eba93b13696d2b6794e0d5323837e32d294b258375c7dba7d10918ef2f0229c666c874c10fd00426fd89cd18d3045f8092ecb2958c72b29cb0a361b91768eb1bc08ae56a72c946504ba296881bf8346b589d029ed35d12a50a43dda7d26f5117889e3f18e56c3faba79058bb4d280ae43e09b0dd1448c32b536a2228401a44a286fe045b400434c0dbc745729ac7a0bd6d5a085ac7902403be321f996111398ff8435dc41cae621196628118a44a658adb874bec8e291f15ffa62ca1b6d311bd686904e1a2f49275b1c4d6bae983c99942f19bfc18ac3948b0ac14ffa4000072a49f24097f0ab29d08d580bb3c95e7bdb53f8e727e413dc0beabdff6b1099299c80cde53e743806225dc7e44d11890340a3c2851faad6f3a25e29f36cd6314ea07499efd403738581011c77335ff58099f03119efcc33f678b1a1c2f85665df87ba7ae2cd91ea12569f1fef4d974c23bef5d6f2bb43ce1e01afb2a0a1822a28f55bf3dbe978e20babaac817db87549a03867b3456689ef5e5ef6b02c12d8fe326cac7faf1419c828f718119e742629112cdf62df8a48c0e81620021be29c76d3c18714a8fce21a5dfac21ec2e0b1ccb96fef3ae50e7df6b9526beb8ecd0a5956a249d0632126e64b8d81ff7b553c820d3a3d4a6bd2e9f75184f54d3021b0cc6620e7ba4beda098484f6936092c05ba5eaa2823d3877f211c6beca053a75e8f30becb0ff840dc0e76829a1e4190a06d66015ec66d06d31686fcabcb20d76532dd34839802d7661eb418e3f3ace20f8d29475470e342f977510119279f8b8c91e99799b7f019ee472f4d303810df2431abecd3b037993bd677ff5a33d6014ec8bdd51a70d898df9476d0f03d6241fb5fcbca7b32a3866335f1b3d39ba08fd23ba078ad28b3157aa0dce81c0f93207259811f1f320c21c6b688dc68d128f75f41f9ac0239e5a8d0990c9aaca82e042707df70c415f7f60f972491d869e13231d955579ef820414e19ae49ab1728a6d7fe87506326f4abe45239b5afaa3f8599df18fb3e988a6017aad318da77d807d26e39b0293271dc11a4567a6ef2a71a5585a2a207fc3081e990b77efd05549e1cd96ab7faa78e115ff20e1cbf3bd514b26dc5df063069619958d84bc366a4b4a0fe85ced07fa0bf10aecf602dd397bce28221b87b5dffee0596702681c46435633a5729160c364147aef5cb2d36f92a61ce09a8cb27a78b199dfc446daf04fea172c2fa0d7c6b75f819ba6970370ac556d56715697872eabecb46038b46c1afe7ebdab38a4c257644d23be6f44b95098e6ac538cd4c1b1ac2ec207acb5dba9dc98b21470b3dee228ac0b407b4b6b040b6a65d8eae72bd7616ca51d1235622567be201bd0ad46eaa30ac789509d73a01951a5b23d0124b1e741d5941c74e2e65aebb0be86e1e12c320ffb0f32ae65a747eb63fb0d4d22f63f66faf189921d368d71ef591dced0aae8892e3136a8bd25ee7637ba4986dc8b4f79b7f800c2a9101a6bf98031962135358eaedcd8903986571072f7d891c6d514758ee28a6370fad67312c59ec5ee57f0f12025cd6e57bb2c493f912290e4d024fce318fe97ec7a987d7cf587f283e7aa1a08aa81f9e866a317eb756821043d194bc22ae5d2d191a42701cbb964cbb7c520fdc6f2b2ad25e41d173646b7a5603cd742f7c2f052ac94b2a57a8e8f4d546e14adb8abe916ef96687604bb7d3c6cdb70191a44526f8bb908260d8b141f920bc187e256cc3d604921c5abee5bdf9d95b0d8494a4ad07ac5b26297a65dc3401c4fce9b212e0357da7a8571e1253c6f36c3d9a6dab48ea717c5e26f3d6dcc83efb2b0177827a5415323c669499fd3e48c826ec9e3a9332ba5d6ec3dedb8d19bd1731412f3a4ba02ae0bfaad69b93d22b0e2bf3b835610b6ad3aac758a00af87f059dd35d1b5d41553319d334562cd0cf0fc6910f622b73988c2f5bf3b9b72fad044ddae0cbbe837a075da6c598e889c7d379fc5e0ec4532768b74d87d632cf5470542c5081f4d9fb9c74388809863ac102c2365e338f504598990a997091cbadb2b33f5ca3283f9c8754d312d0808ffee4ed9f4929c390007c39717db82359bed7716b11eb4fec4f910797da41242cb7ebf21c097c3e73cde07ccfd50b0b344ebb86f478e039a68617205ef6b680f706fdf577a51fdd7e0f08d8ef524c007641b410455f146b899117c9dcc5768452eef94cfc24cdb4d0dff743e97178f8a76ee540bbf6656494d7c4a892a3f1169b8dca6083186d58a15ed5ec9818f4be67032acf2f1e9e9fd58a21036bac2adf6efeeea4b67c7efeb6287428abb01150db5961f2d9fb8b348a6b0c07c3e451826c274873dde70b5cb03a399f50b037bc3be2b2c13785519729c43e9834d6a4439416bd6e8cd2878192413cc8de24d6fef549d3152f0d33bf4214e981ab23a7cda40b6be44328cb6ac1b77446bd524b0f0b21af7f85aee7b02dc18f2390038e0bf4ee7afa1fb83ef45a3ecfadb33e170ca08ec7b85147244e8cb5af63d13b5f611ef1b2eaf3238e0b02e1b07ed947eb9bc7e851d97026467ec6e4867914a73602ce3d4355c48a761d172a1388a29e177fa50ef7776258f8a3b962ec4202df3f62c1f27c69e550937d00fffdfe1308803528608aa422a5f8a2d658f73cfaba6cbba1d330b52cda57890141d848074278f30e5a19f02c48e6d303f854eabd35bd5f99a3805e91148ebdeed7d9cfe6af716b4f835899a31822bb8790e9e475ec5409d73a1ea6797ce66d01fd7f05e0d4d1acc299b490bb982fd8e6c55b1ffd2441b7ce050064149128b747ce34358564eac76aa85946d51ed75ee4d9051b1c463ad4d6ee9babcd84633ae79688ccbb76465d507542975a91bd18ffe6a2f835ccc451cda340fe1694c67484155eaa0d51dd2b0ec1b4e237965bbda79a369391a9d86b9abcc5e112a9e9d67f331e07e6dcca9fc195bebe67bfca626ca821bb52f3b2442790f11370de876c71a9dfbc270dda63a17d7970e2c59a4a0318205ce4d989773c1655f259327376b1df21d69f36cad2fd55e386144135e11a291bb51d7dc6cbe207a70614f9fdc7a2fb3c3e5c363e54be8ee43c5506792385b3806c73d7b61cf909e3eba20060d40a6d8d81fd6a9acb0d01f93dc5180cbbf72300eaa20bb4409bb13e7b0d3a96e5f15afe06c01e751d112ff7ea6f9fc5b31253c60829d6f756fea32c372de07b97991e7865db53f276b789afc3212f2b9d0f162ebd936fb9da741de3cf69d2234f5a2cbf811d1cbbb99ba0b87ffb5a44189", 0x1000, 0x9}], 0x2809020, &(0x7f0000000040)=ANY=[@ANYBLOB="59a318b367b891a394"]) 12:31:49 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000240)=0x1, 0x4) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000040)) [ 134.483896] loop3: detected capacity change from 0 to 240 [ 134.510740] loop3: detected capacity change from 0 to 240 12:31:58 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00') writev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)="a0", 0x1}], 0x1) 12:31:58 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x12, r0, 0x0) syz_io_uring_setup(0x6fa5, &(0x7f0000000080)={0x0, 0x5063, 0x10, 0x0, 0x102, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100)=0x13, 0x0, 0x4) syz_io_uring_setup(0x2b43, &(0x7f0000000140)={0x0, 0x0, 0x2, 0x0, 0xd8}, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0) 12:31:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 12:31:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSF2(r0, 0x5423, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, "f2f3e2a9286b6a770ff8c2b978657df3480824"}) read(r0, 0x0, 0x40004) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 12:31:58 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002900), 0x0) open_by_handle_at(r0, &(0x7f0000000080)=@reiserfs_2={0x8}, 0x0) 12:31:58 executing program 7: setresuid(0x0, 0xee01, 0x0) r0 = memfd_create(&(0x7f0000001a80)='\x00', 0x6) fchown(r0, 0x0, 0xffffffffffffffff) 12:31:58 executing program 6: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000240)=0x1, 0x4) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000040)) 12:31:58 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x10}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0) [ 143.226401] serio: Serial port ptm0 [ 143.234644] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 143.235571] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 143.236247] CPU: 1 UID: 0 PID: 3962 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 143.238351] Tainted: [W]=WARN [ 143.239084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.240938] RIP: 0010:perf_tp_event+0x175/0xe70 [ 143.242558] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 143.246278] RSP: 0018:ffff888013f4f800 EFLAGS: 00010212 [ 143.246718] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 143.247288] RDX: ffff888015c39b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 143.247849] RBP: ffff888013f4fa70 R08: ffff88806cf31340 R09: ffffe8ffffd109c8 [ 143.248410] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 143.248969] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 143.249527] FS: 0000555556c1b400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 143.250163] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.250631] CR2: 0000001b2cd23000 CR3: 000000000c00c000 CR4: 0000000000350ef0 [ 143.251191] Call Trace: [ 143.251399] [ 143.251584] ? arch_scale_cpu_capacity+0x17/0xa0 [ 143.251974] ? __pfx_perf_tp_event+0x10/0x10 [ 143.252332] ? __asan_memset+0x24/0x50 [ 143.252658] ? perf_trace_lock+0xb5/0x5d0 [ 143.252992] ? kvm_sched_clock_read+0x16/0x30 [ 143.253357] ? sched_clock+0x37/0x60 [ 143.253661] ? sched_clock_cpu+0x6c/0x4e0 [ 143.253995] ? lock_is_held_type+0x9e/0x120 [ 143.254354] ? perf_trace_run_bpf_submit+0xef/0x180 [ 143.254754] perf_trace_run_bpf_submit+0xef/0x180 [ 143.255156] perf_trace_lock+0x337/0x5d0 [ 143.255489] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.255860] ? lock_acquire+0x15e/0x2f0 [ 143.256177] ? futex_ref_get+0x48/0x300 [ 143.256497] ? futex_ref_get+0x114/0x300 [ 143.256818] ? futex_hash+0x15c/0x390 [ 143.257121] lock_release+0x1ab/0x290 [ 143.257429] ? futex_hash+0x15c/0x390 [ 143.257735] futex_ref_get+0x119/0x300 [ 143.258052] ? futex_hash+0x15c/0x390 [ 143.258363] futex_hash+0x70/0x390 [ 143.258654] futex_wake+0x143/0x540 [ 143.258950] ? put_pid+0x1f/0x30 [ 143.259224] ? kernel_clone+0x204/0x7f0 [ 143.259543] ? __pfx_futex_wake+0x10/0x10 [ 143.259875] ? __pfx_kernel_clone+0x10/0x10 [ 143.260217] ? perf_trace_lock+0xb5/0x5d0 [ 143.260551] do_futex+0x26d/0x370 [ 143.260836] ? __pfx_do_futex+0x10/0x10 [ 143.261162] ? __pfx___do_sys_clone+0x10/0x10 [ 143.261521] ? find_held_lock+0x2b/0x80 [ 143.261847] __x64_sys_futex+0x1c9/0x4d0 [ 143.262182] ? __pfx___x64_sys_futex+0x10/0x10 [ 143.262552] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 143.262973] do_syscall_64+0xbf/0x360 [ 143.263281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.263692] RIP: 0033:0x7f0d551ebb19 [ 143.263987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 143.265413] RSP: 002b:00007ffd06bc5278 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 143.266008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0d551ebb19 [ 143.266575] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0d552fef68 [ 143.267136] RBP: 00007f0d552fef60 R08: 00007f0d52761700 R09: 0000000000000000 [ 143.267696] R10: 00007f0d52761700 R11: 0000000000000246 R12: 00007f0d55303060 [ 143.268258] R13: 00007ffd06bc5380 R14: 00007f0d552fef60 R15: 0000000000022f19 [ 143.268828] [ 143.269016] Modules linked in: [ 143.269278] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 143.271033] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 143.272205] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 143.274081] Tainted: [D]=DIE, [W]=WARN [ 143.274692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.275986] RIP: 0010:perf_tp_event+0x175/0xe70 [ 143.276718] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 143.279554] RSP: 0018:ffff8880169f7800 EFLAGS: 00010212 [ 143.280385] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 143.281509] RDX: ffff88800f775280 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 143.282624] RBP: ffff8880169f7a70 R08: ffff88806ce31340 R09: ffffe8ffffc109c8 [ 143.283734] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 143.284863] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 143.285990] FS: 0000555566722400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 143.287249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.288166] CR2: 0000555566723c18 CR3: 000000004481f000 CR4: 0000000000350ef0 [ 143.289284] Call Trace: [ 143.289692] [ 143.290073] ? arch_scale_cpu_capacity+0x17/0xa0 [ 143.290879] ? __pfx_perf_tp_event+0x10/0x10 [ 143.291580] ? __asan_memset+0x24/0x50 [ 143.292234] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.292992] ? __pfx___mutex_lock+0x10/0x10 [ 143.293688] ? perf_trace_lock+0xb5/0x5d0 [ 143.294372] ? kvm_sched_clock_read+0x16/0x30 [ 143.295111] ? sched_clock+0x37/0x60 [ 143.295703] ? sched_clock_cpu+0x6c/0x4e0 [ 143.296385] ? perf_trace_run_bpf_submit+0xef/0x180 [ 143.297204] perf_trace_run_bpf_submit+0xef/0x180 [ 143.298006] perf_trace_lock+0x337/0x5d0 [ 143.298680] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.299421] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.300157] ? get_futex_key+0x592/0x14a0 [ 143.300803] ? futex_ref_get+0x114/0x300 [ 143.301571] ? futex_hash+0x15c/0x390 [ 143.302357] lock_release+0x1ab/0x290 [ 143.303127] ? futex_hash+0x15c/0x390 [ 143.303880] futex_ref_get+0x119/0x300 [ 143.304498] ? futex_hash+0x15c/0x390 [ 143.305108] futex_hash+0x70/0x390 [ 143.305676] futex_wake+0x143/0x540 [ 143.306293] ? put_pid+0x1f/0x30 [ 143.306836] ? kernel_clone+0x204/0x7f0 [ 143.307490] ? __pfx_futex_wake+0x10/0x10 [ 143.308165] ? __pfx_kernel_clone+0x10/0x10 [ 143.308846] ? perf_trace_lock+0xb5/0x5d0 [ 143.309512] ? __pfx___handle_mm_fault+0x10/0x10 [ 143.310303] do_futex+0x26d/0x370 [ 143.310884] ? __pfx_do_futex+0x10/0x10 [ 143.311541] ? __pfx___do_sys_clone+0x10/0x10 [ 143.312257] ? handle_mm_fault+0x590/0x9b0 [ 143.312953] __x64_sys_futex+0x1c9/0x4d0 [ 143.313597] ? __pfx___x64_sys_futex+0x10/0x10 [ 143.314341] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 143.315186] do_syscall_64+0xbf/0x360 [ 143.315789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.316611] RIP: 0033:0x7f4b1b3c4b19 [ 143.317205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 143.320033] RSP: 002b:00007ffd473b24e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 143.321226] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b1b3c4b19 [ 143.322359] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4b1b4d7f68 [ 143.323464] RBP: 00007f4b1b4d7f60 R08: 00007f4b1893a700 R09: 0000000000000000 [ 143.324602] R10: 00007f4b1893a700 R11: 0000000000000246 R12: 00007f4b1b4dca68 [ 143.325731] R13: 00007ffd473b25f0 R14: 00007f4b1b4d7f60 R15: 0000000000022f17 [ 143.327016] [ 143.327387] Modules linked in: [ 143.327909] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 143.328775] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 143.329447] CPU: 1 UID: 0 PID: 3962 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 143.330383] Tainted: [D]=DIE, [W]=WARN [ 143.330684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.331321] RIP: 0010:perf_tp_event+0x175/0xe70 [ 143.331697] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 143.333107] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 143.333523] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 143.334081] RDX: ffff888015c39b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 143.334644] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd109c8 [ 143.335202] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 143.335760] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000 [ 143.336318] FS: 0000555556c1b400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 143.336950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.337405] CR2: 0000001b2cd23000 CR3: 000000000c00c000 CR4: 0000000000350ef0 [ 143.337967] Call Trace: [ 143.338179] [ 143.338362] ? __pfx_perf_tp_event+0x10/0x10 [ 143.338718] ? lock_is_held_type+0x9e/0x120 [ 143.339067] ? trace_pelt_se_tp+0xdf/0x130 [ 143.339402] ? __update_load_avg_se+0x428/0xa40 [ 143.339776] ? lock_is_held_type+0x9e/0x120 [ 143.340125] ? perf_trace_lock+0xb5/0x5d0 [ 143.340453] ? perf_trace_lock+0xb5/0x5d0 [ 143.340784] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.341147] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.341511] ? check_preempt_wakeup_fair+0x406/0x950 [ 143.341918] ? perf_trace_run_bpf_submit+0xef/0x180 [ 143.342321] perf_trace_run_bpf_submit+0xef/0x180 [ 143.342715] perf_trace_lock+0x337/0x5d0 [ 143.343043] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.343416] ? find_held_lock+0x2b/0x80 [ 143.343737] ? hrtimer_interrupt+0x114/0x830 [ 143.344086] lock_release+0x1ab/0x290 [ 143.344393] ktime_get_update_offsets_now+0xab/0x3c0 [ 143.344798] ? hrtimer_interrupt+0x114/0x830 [ 143.345150] ? __pfx_lapic_next_deadline+0x10/0x10 [ 143.345545] hrtimer_interrupt+0x114/0x830 [ 143.345886] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 143.346301] sysvec_apic_timer_interrupt+0x6b/0x80 [ 143.346694] [ 143.346876] [ 143.347059] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 143.347474] RIP: 0010:oops_exit+0x0/0x50 [ 143.347799] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 143.349221] RSP: 0018:ffff888013f4f690 EFLAGS: 00000202 [ 143.349638] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 143.350200] RDX: ffff888015c39b80 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 143.350756] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 143.351309] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888013f4f758 [ 143.351864] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 143.352427] ? add_taint+0x5f/0xd0 [ 143.352716] ? oops_end+0x4a/0xe0 [ 143.353004] oops_end+0x65/0xe0 [ 143.353281] exc_general_protection+0x1a2/0x330 [ 143.353663] asm_exc_general_protection+0x26/0x30 [ 143.354051] RIP: 0010:perf_tp_event+0x175/0xe70 [ 143.354436] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 143.355869] RSP: 0018:ffff888013f4f800 EFLAGS: 00010212 [ 143.356294] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 143.356858] RDX: ffff888015c39b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 143.357427] RBP: ffff888013f4fa70 R08: ffff88806cf31340 R09: ffffe8ffffd109c8 [ 143.357996] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 143.358567] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 143.359139] ? perf_tp_event+0x167/0xe70 [ 143.359480] ? arch_scale_cpu_capacity+0x17/0xa0 [ 143.359867] ? __pfx_perf_tp_event+0x10/0x10 [ 143.360230] ? __asan_memset+0x24/0x50 [ 143.360562] ? perf_trace_lock+0xb5/0x5d0 [ 143.360907] ? kvm_sched_clock_read+0x16/0x30 [ 143.361275] ? sched_clock+0x37/0x60 [ 143.361583] ? sched_clock_cpu+0x6c/0x4e0 [ 143.361920] ? lock_is_held_type+0x9e/0x120 [ 143.362285] ? perf_trace_run_bpf_submit+0xef/0x180 [ 143.362692] perf_trace_run_bpf_submit+0xef/0x180 [ 143.363094] perf_trace_lock+0x337/0x5d0 [ 143.363430] ? __pfx_perf_trace_lock+0x10/0x10 [ 143.363805] ? lock_acquire+0x15e/0x2f0 [ 143.364129] ? futex_ref_get+0x48/0x300 [ 143.364455] ? futex_ref_get+0x114/0x300 [ 143.364779] ? futex_hash+0x15c/0x390 [ 143.365085] lock_release+0x1ab/0x290 [ 143.365399] ? futex_hash+0x15c/0x390 [ 143.365704] futex_ref_get+0x119/0x300 [ 143.366015] ? futex_hash+0x15c/0x390 [ 143.366328] futex_hash+0x70/0x390 [ 143.366615] futex_wake+0x143/0x540 [ 143.366910] ? put_pid+0x1f/0x30 [ 143.367182] ? kernel_clone+0x204/0x7f0 [ 143.367499] ? __pfx_futex_wake+0x10/0x10 [ 143.367831] ? __pfx_kernel_clone+0x10/0x10 [ 143.368178] ? perf_trace_lock+0xb5/0x5d0 [ 143.368519] do_futex+0x26d/0x370 [ 143.368807] ? __pfx_do_futex+0x10/0x10 [ 143.369128] ? __pfx___do_sys_clone+0x10/0x10 [ 143.369488] ? find_held_lock+0x2b/0x80 [ 143.369811] __x64_sys_futex+0x1c9/0x4d0 [ 143.370140] ? __pfx___x64_sys_futex+0x10/0x10 [ 143.370517] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 143.370937] do_syscall_64+0xbf/0x360 [ 143.371240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.371648] RIP: 0033:0x7f0d551ebb19 [ 143.371942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 143.373366] RSP: 002b:00007ffd06bc5278 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 143.373967] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0d551ebb19 [ 143.374531] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0d552fef68 [ 143.375095] RBP: 00007f0d552fef60 R08: 00007f0d52761700 R09: 0000000000000000 [ 143.375662] R10: 00007f0d52761700 R11: 0000000000000246 R12: 00007f0d55303060 [ 143.376221] R13: 00007ffd06bc5380 R14: 00007f0d552fef60 R15: 0000000000022f19 [ 143.376789] [ 143.376978] Modules linked in: [ 143.377239] ---[ end trace 0000000000000000 ]--- [ 143.377241] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 143.377610] RIP: 0010:perf_tp_event+0x175/0xe70 [ 143.379324] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 143.379681] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 143.380846] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 143.382250] RSP: 0018:ffff888013f4f800 EFLAGS: 00010212 [ 143.384101] Tainted: [D]=DIE, [W]=WARN [ 143.384498] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 143.385093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.385640] RDX: ffff888015c39b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 143.386941] RIP: 0010:perf_tp_event+0x175/0xe70 [ 143.387487] RBP: ffff888013f4fa70 R08: ffff88806cf31340 R09: ffffe8ffffd109c8 [ 143.388216] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 143.388764] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 143.391587] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 143.392135] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 143.392145] FS: 0000555556c1b400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 143.392970] [ 143.393521] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.394762] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 143.394894] CR2: 0000001b2cd23000 CR3: 000000000c00c000 CR4: 0000000000350ef0 [ 143.394903] Kernel panic - not syncing: Fatal exception in interrupt [ 144.438825] Shutting down cpus with NMI [ 144.440855] Kernel Offset: disabled [ 144.441144] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:31:58 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff8880169f75b0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff11002d3eeb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff8880169f75e8 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555566722400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555566723c18 CR3=000000004481f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f4b1b4ab7c000007f4b1b4ab7c8 XMM02=00007f4b1b4ab7e000007f4b1b4ab7c0 XMM03=00007f4b1b4ab7c800007f4b1b4ab7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888013f4f0f0 R8 =0000000000000000 R9 =ffffed10014eb046 R10=0000000000000030 R11=0000000065646f43 R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555556c1b400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cd23000 CR3=000000000c00c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f0d552d27c000007f0d552d27c8 XMM02=00007f0d552d27e000007f0d552d27c0 XMM03=00007f0d552d27c800007f0d552d27c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000