Warning: Permanently added '[localhost]:3598' (ECDSA) to the list of known hosts. 2025/08/29 10:17:31 fuzzer started 2025/08/29 10:17:32 dialing manager at localhost:43077 syzkaller login: [ 60.007118] cgroup: Unknown subsys name 'net' [ 60.083710] cgroup: Unknown subsys name 'cpuset' [ 60.092613] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:17:42 syscalls: 2214 2025/08/29 10:17:42 code coverage: enabled 2025/08/29 10:17:42 comparison tracing: enabled 2025/08/29 10:17:42 extra coverage: enabled 2025/08/29 10:17:42 setuid sandbox: enabled 2025/08/29 10:17:42 namespace sandbox: enabled 2025/08/29 10:17:42 Android sandbox: enabled 2025/08/29 10:17:42 fault injection: enabled 2025/08/29 10:17:42 leak checking: enabled 2025/08/29 10:17:42 net packet injection: enabled 2025/08/29 10:17:42 net device setup: enabled 2025/08/29 10:17:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:17:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:17:42 USB emulation: enabled 2025/08/29 10:17:42 hci packet injection: enabled 2025/08/29 10:17:42 wifi device emulation: enabled 2025/08/29 10:17:42 802.15.4 emulation: enabled 2025/08/29 10:17:42 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:17:42 fetching corpus: 50, signal 23776/27226 (executing program) 2025/08/29 10:17:42 fetching corpus: 100, signal 33051/37913 (executing program) 2025/08/29 10:17:42 fetching corpus: 150, signal 43438/49418 (executing program) 2025/08/29 10:17:42 fetching corpus: 200, signal 49217/56365 (executing program) 2025/08/29 10:17:42 fetching corpus: 250, signal 53948/62160 (executing program) 2025/08/29 10:17:42 fetching corpus: 300, signal 58616/67804 (executing program) 2025/08/29 10:17:42 fetching corpus: 350, signal 64015/74023 (executing program) 2025/08/29 10:17:42 fetching corpus: 400, signal 67461/78372 (executing program) 2025/08/29 10:17:43 fetching corpus: 450, signal 70967/82687 (executing program) 2025/08/29 10:17:43 fetching corpus: 500, signal 75090/87464 (executing program) 2025/08/29 10:17:43 fetching corpus: 550, signal 78000/91121 (executing program) 2025/08/29 10:17:43 fetching corpus: 600, signal 80900/94662 (executing program) 2025/08/29 10:17:43 fetching corpus: 650, signal 84334/98598 (executing program) 2025/08/29 10:17:43 fetching corpus: 700, signal 86059/101077 (executing program) 2025/08/29 10:17:43 fetching corpus: 750, signal 88530/104094 (executing program) 2025/08/29 10:17:43 fetching corpus: 800, signal 90393/106546 (executing program) 2025/08/29 10:17:43 fetching corpus: 850, signal 92371/109062 (executing program) 2025/08/29 10:17:43 fetching corpus: 900, signal 94059/111300 (executing program) 2025/08/29 10:17:44 fetching corpus: 950, signal 96029/113752 (executing program) 2025/08/29 10:17:44 fetching corpus: 1000, signal 97455/115734 (executing program) 2025/08/29 10:17:44 fetching corpus: 1050, signal 99555/118185 (executing program) 2025/08/29 10:17:44 fetching corpus: 1100, signal 101672/120539 (executing program) 2025/08/29 10:17:44 fetching corpus: 1150, signal 104070/123091 (executing program) 2025/08/29 10:17:44 fetching corpus: 1200, signal 105424/124855 (executing program) 2025/08/29 10:17:44 fetching corpus: 1250, signal 107017/126800 (executing program) 2025/08/29 10:17:44 fetching corpus: 1300, signal 108272/128431 (executing program) 2025/08/29 10:17:44 fetching corpus: 1350, signal 109333/129914 (executing program) 2025/08/29 10:17:45 fetching corpus: 1400, signal 110683/131550 (executing program) 2025/08/29 10:17:45 fetching corpus: 1450, signal 111997/133119 (executing program) 2025/08/29 10:17:45 fetching corpus: 1500, signal 114272/135343 (executing program) 2025/08/29 10:17:45 fetching corpus: 1550, signal 115674/136890 (executing program) 2025/08/29 10:17:45 fetching corpus: 1600, signal 116703/138232 (executing program) 2025/08/29 10:17:45 fetching corpus: 1650, signal 117953/139638 (executing program) 2025/08/29 10:17:45 fetching corpus: 1700, signal 118764/140738 (executing program) 2025/08/29 10:17:45 fetching corpus: 1750, signal 120274/142290 (executing program) 2025/08/29 10:17:45 fetching corpus: 1800, signal 121050/143326 (executing program) 2025/08/29 10:17:45 fetching corpus: 1850, signal 121865/144347 (executing program) 2025/08/29 10:17:46 fetching corpus: 1900, signal 122684/145388 (executing program) 2025/08/29 10:17:46 fetching corpus: 1950, signal 123691/146504 (executing program) 2025/08/29 10:17:46 fetching corpus: 2000, signal 124405/147465 (executing program) 2025/08/29 10:17:46 fetching corpus: 2050, signal 125395/148514 (executing program) 2025/08/29 10:17:46 fetching corpus: 2100, signal 126532/149634 (executing program) 2025/08/29 10:17:46 fetching corpus: 2150, signal 127447/150647 (executing program) 2025/08/29 10:17:46 fetching corpus: 2200, signal 128778/151984 (executing program) 2025/08/29 10:17:46 fetching corpus: 2250, signal 129386/152816 (executing program) 2025/08/29 10:17:46 fetching corpus: 2300, signal 130067/153572 (executing program) 2025/08/29 10:17:46 fetching corpus: 2350, signal 130816/154383 (executing program) 2025/08/29 10:17:47 fetching corpus: 2400, signal 131501/155170 (executing program) 2025/08/29 10:17:47 fetching corpus: 2450, signal 132343/156027 (executing program) 2025/08/29 10:17:47 fetching corpus: 2500, signal 132929/156833 (executing program) 2025/08/29 10:17:47 fetching corpus: 2550, signal 133662/157619 (executing program) 2025/08/29 10:17:47 fetching corpus: 2600, signal 134322/158391 (executing program) 2025/08/29 10:17:47 fetching corpus: 2650, signal 135058/159104 (executing program) 2025/08/29 10:17:47 fetching corpus: 2700, signal 135882/159922 (executing program) 2025/08/29 10:17:47 fetching corpus: 2750, signal 136460/160588 (executing program) 2025/08/29 10:17:47 fetching corpus: 2800, signal 137193/161319 (executing program) 2025/08/29 10:17:47 fetching corpus: 2850, signal 138051/162061 (executing program) 2025/08/29 10:17:47 fetching corpus: 2900, signal 138568/162639 (executing program) 2025/08/29 10:17:48 fetching corpus: 2950, signal 139377/163237 (executing program) 2025/08/29 10:17:48 fetching corpus: 3000, signal 140050/163841 (executing program) 2025/08/29 10:17:48 fetching corpus: 3050, signal 140614/164360 (executing program) 2025/08/29 10:17:48 fetching corpus: 3100, signal 141399/164950 (executing program) 2025/08/29 10:17:48 fetching corpus: 3150, signal 142175/165525 (executing program) 2025/08/29 10:17:48 fetching corpus: 3200, signal 142956/166085 (executing program) 2025/08/29 10:17:48 fetching corpus: 3250, signal 143372/166501 (executing program) 2025/08/29 10:17:48 fetching corpus: 3300, signal 144350/167092 (executing program) 2025/08/29 10:17:48 fetching corpus: 3350, signal 145361/167720 (executing program) 2025/08/29 10:17:48 fetching corpus: 3400, signal 145953/168215 (executing program) 2025/08/29 10:17:49 fetching corpus: 3450, signal 146545/168678 (executing program) 2025/08/29 10:17:49 fetching corpus: 3500, signal 147094/169076 (executing program) 2025/08/29 10:17:49 fetching corpus: 3550, signal 147557/169470 (executing program) 2025/08/29 10:17:49 fetching corpus: 3600, signal 148001/169823 (executing program) 2025/08/29 10:17:49 fetching corpus: 3650, signal 148371/170147 (executing program) 2025/08/29 10:17:49 fetching corpus: 3700, signal 148904/170474 (executing program) 2025/08/29 10:17:49 fetching corpus: 3750, signal 149320/170852 (executing program) 2025/08/29 10:17:49 fetching corpus: 3800, signal 149870/171191 (executing program) 2025/08/29 10:17:49 fetching corpus: 3850, signal 150698/171553 (executing program) 2025/08/29 10:17:49 fetching corpus: 3900, signal 151763/171874 (executing program) 2025/08/29 10:17:49 fetching corpus: 3950, signal 152390/172173 (executing program) 2025/08/29 10:17:50 fetching corpus: 4000, signal 152714/172467 (executing program) 2025/08/29 10:17:50 fetching corpus: 4050, signal 153057/172706 (executing program) 2025/08/29 10:17:50 fetching corpus: 4100, signal 153372/172942 (executing program) 2025/08/29 10:17:50 fetching corpus: 4150, signal 153938/173186 (executing program) 2025/08/29 10:17:50 fetching corpus: 4200, signal 154507/173212 (executing program) 2025/08/29 10:17:50 fetching corpus: 4250, signal 155017/173234 (executing program) 2025/08/29 10:17:50 fetching corpus: 4300, signal 155578/173240 (executing program) 2025/08/29 10:17:50 fetching corpus: 4350, signal 156023/173295 (executing program) 2025/08/29 10:17:50 fetching corpus: 4400, signal 156678/173328 (executing program) 2025/08/29 10:17:50 fetching corpus: 4450, signal 157153/173338 (executing program) 2025/08/29 10:17:50 fetching corpus: 4500, signal 157598/173395 (executing program) 2025/08/29 10:17:50 fetching corpus: 4550, signal 158163/173415 (executing program) 2025/08/29 10:17:51 fetching corpus: 4600, signal 158802/173432 (executing program) 2025/08/29 10:17:51 fetching corpus: 4650, signal 159174/173544 (executing program) 2025/08/29 10:17:51 fetching corpus: 4700, signal 159660/173554 (executing program) 2025/08/29 10:17:51 fetching corpus: 4750, signal 160089/173566 (executing program) 2025/08/29 10:17:51 fetching corpus: 4800, signal 160810/173568 (executing program) 2025/08/29 10:17:51 fetching corpus: 4850, signal 161166/173582 (executing program) 2025/08/29 10:17:51 fetching corpus: 4900, signal 161391/173602 (executing program) 2025/08/29 10:17:51 fetching corpus: 4950, signal 161756/173623 (executing program) 2025/08/29 10:17:51 fetching corpus: 5000, signal 162163/173623 (executing program) 2025/08/29 10:17:51 fetching corpus: 5050, signal 162637/173681 (executing program) 2025/08/29 10:17:52 fetching corpus: 5100, signal 162961/173695 (executing program) 2025/08/29 10:17:52 fetching corpus: 5150, signal 163265/173696 (executing program) 2025/08/29 10:17:52 fetching corpus: 5200, signal 163661/173714 (executing program) 2025/08/29 10:17:52 fetching corpus: 5250, signal 164079/173734 (executing program) 2025/08/29 10:17:52 fetching corpus: 5300, signal 164430/173743 (executing program) 2025/08/29 10:17:52 fetching corpus: 5350, signal 164768/173745 (executing program) 2025/08/29 10:17:52 fetching corpus: 5400, signal 165096/173757 (executing program) 2025/08/29 10:17:52 fetching corpus: 5450, signal 165361/173763 (executing program) 2025/08/29 10:17:52 fetching corpus: 5500, signal 165830/173781 (executing program) 2025/08/29 10:17:52 fetching corpus: 5550, signal 166178/173783 (executing program) 2025/08/29 10:17:52 fetching corpus: 5600, signal 166606/173784 (executing program) 2025/08/29 10:17:52 fetching corpus: 5650, signal 167174/173811 (executing program) 2025/08/29 10:17:53 fetching corpus: 5700, signal 168762/173825 (executing program) 2025/08/29 10:17:53 fetching corpus: 5750, signal 169091/173857 (executing program) 2025/08/29 10:17:53 fetching corpus: 5800, signal 169496/173857 (executing program) 2025/08/29 10:17:53 fetching corpus: 5850, signal 169928/173858 (executing program) 2025/08/29 10:17:53 fetching corpus: 5900, signal 170240/173861 (executing program) 2025/08/29 10:17:53 fetching corpus: 5950, signal 170571/173906 (executing program) 2025/08/29 10:17:53 fetching corpus: 6000, signal 170971/173906 (executing program) 2025/08/29 10:17:53 fetching corpus: 6050, signal 171515/173917 (executing program) 2025/08/29 10:17:53 fetching corpus: 6053, signal 171523/173917 (executing program) 2025/08/29 10:17:53 fetching corpus: 6053, signal 171523/173917 (executing program) 2025/08/29 10:17:55 starting 8 fuzzer processes 10:17:55 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 10:17:55 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe) 10:17:55 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xa, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @private}}}}) 10:17:55 executing program 2: r0 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x0, 0x720b, 0x1, 0x0, 0x0) 10:17:55 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x11, &(0x7f0000002bc0)={0x3, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 10:17:55 executing program 5: msgctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/44) [ 83.761530] audit: type=1400 audit(1756462675.978:7): avc: denied { execmem } for pid=281 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:17:56 executing program 7: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10800, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000210000000000002100000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200170000000000001700080000000008007809140b2a3a08020000010000010100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202073797a6b616c6c65722020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202047454e49534f494d4147452049534f20393636302f4846532046494c4553595354454d2043524541544f5220284329203139393320452e594f554e4744414c452028432920313939372d32303036204a2e50454152534f4e2f4a2e534348494c4c494e472028432920323030362d32303037204344524b4954205445414d202066696c6533202020202020202020202020202020202020202020202020202020202020202066696c6531202020202020202020202020202020202020202020202020202020202020202066696c6532202020202020202020202020202020202020202020202020202020202020202032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8000}, {&(0x7f0000010600)="ff43443030310100"/32, 0x20, 0x8800}, {&(0x7f0000010700)="01001700000001000000050018000000010046494c4530000000000000000000", 0x20, 0x9800}, {&(0x7f0000010800)="01000000001700010000050000000018000146494c4530000000000000000000", 0x20, 0xa800}, {&(0x7f0000010900)="2200170000000000001700080000000008007809140b2a3a080200000100000101002200170000000000001700080000000008007809140b2a3a080200000100000101012c00190000000000001964000000000000647809140b2a3a08000000010000010a46494c452e434f4c3b31002600180000000000001800080000000008007809140b2a3a08020000010000010546494c45302a001a0000000000001a0a0000000000000a7809140b2a3a08000000010000010846494c45312e3b31002a001b0000000000001b28230000000023287809140b2a3a08000000010000010846494c45322e3b31002a001b0000000000001b28230000000023287809140b2a3a08000000010000010846494c45332e3b3100"/288, 0x120, 0xb800}, {&(0x7f0000010b00)="2200180000000000001800080000000008007809140b2a3a080200000100000101002200170000000000001700080000000008007809140b2a3a080200000100000101012a0020000000000000201a0400000000041a7809140b2a3a08000000010000010846494c45302e3b3100"/128, 0x80, 0xc000}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xc800}, {&(0x7f0000010d00)='syzkallers\x00'/32, 0x20, 0xd000}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x10000}], 0x0, &(0x7f0000011300)) 10:17:56 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000000b80)=[{&(0x7f0000000740)=""/210, 0xd2}], 0x1) [ 84.955782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.957788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.959616] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.965228] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.971300] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.089566] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.093390] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.095075] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.098820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.101756] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.141324] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.147861] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.153182] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.163225] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.165794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.167688] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.176238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.178294] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.181189] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.182401] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.186626] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.194826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.202142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.211088] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.216731] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.254841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 85.258475] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 85.260333] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 85.269224] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 85.272456] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 85.272696] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 85.285139] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 85.286195] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 85.288449] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 85.295661] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 85.297897] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 85.303304] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 85.305171] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 85.306541] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 85.317449] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.046459] Bluetooth: hci0: command tx timeout [ 87.174112] Bluetooth: hci1: command tx timeout [ 87.238002] Bluetooth: hci4: command tx timeout [ 87.238230] Bluetooth: hci3: command tx timeout [ 87.238590] Bluetooth: hci2: command tx timeout [ 87.366020] Bluetooth: hci6: command tx timeout [ 87.366686] Bluetooth: hci5: command tx timeout [ 87.367011] Bluetooth: hci7: command tx timeout [ 89.096029] Bluetooth: hci0: command tx timeout [ 89.223008] Bluetooth: hci1: command tx timeout [ 89.286043] Bluetooth: hci3: command tx timeout [ 89.287884] Bluetooth: hci2: command tx timeout [ 89.288293] Bluetooth: hci4: command tx timeout [ 89.414998] Bluetooth: hci6: command tx timeout [ 89.415149] Bluetooth: hci5: command tx timeout [ 89.415451] Bluetooth: hci7: command tx timeout [ 91.143007] Bluetooth: hci0: command tx timeout [ 91.270188] Bluetooth: hci1: command tx timeout [ 91.334123] Bluetooth: hci4: command tx timeout [ 91.334554] Bluetooth: hci2: command tx timeout [ 91.336032] Bluetooth: hci3: command tx timeout [ 91.462059] Bluetooth: hci7: command tx timeout [ 91.462512] Bluetooth: hci6: command tx timeout [ 91.462909] Bluetooth: hci5: command tx timeout [ 93.189997] Bluetooth: hci0: command tx timeout [ 93.318750] Bluetooth: hci1: command tx timeout [ 93.381994] Bluetooth: hci2: command tx timeout [ 93.382437] Bluetooth: hci3: command tx timeout [ 93.384961] Bluetooth: hci4: command tx timeout [ 93.511964] Bluetooth: hci7: command tx timeout [ 93.512420] Bluetooth: hci5: command tx timeout [ 93.512795] Bluetooth: hci6: command tx timeout [ 121.870452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.871624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.142440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.143545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.414900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.415545] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.630744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.631386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.479979] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.480577] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.570256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.571008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.669236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.669872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.781234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.782169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.895888] loop7: detected capacity change from 0 to 256 [ 125.371451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.372181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.438979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.439628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.508338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.508976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.562650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.563290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.651518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.652546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.736330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.737412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.874066] audit: type=1400 audit(1756462718.090:8): avc: denied { open } for pid=3895 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.875912] audit: type=1400 audit(1756462718.090:9): avc: denied { kernel } for pid=3895 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.933102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.933678] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.960327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.960922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:18:39 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x11, &(0x7f0000002bc0)={0x3, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 10:18:39 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe) 10:18:39 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "26f954d5b7b3eb7a"}) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, 0x0) 10:18:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xa, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @private}}}}) 10:18:39 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2016000, 0x0) 10:18:39 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:18:39 executing program 2: r0 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x0, 0x720b, 0x1, 0x0, 0x0) 10:18:39 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 10:18:39 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x11, &(0x7f0000002bc0)={0x3, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 10:18:39 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe) 10:18:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xa, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @private}}}}) 10:18:39 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2016000, 0x0) 10:18:40 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x11, &(0x7f0000002bc0)={0x3, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 10:18:40 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2016000, 0x0) 10:18:40 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 10:18:40 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:18:40 executing program 2: r0 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x0, 0x720b, 0x1, 0x0, 0x0) 10:18:40 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xa, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @private}}}}) 10:18:40 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "26f954d5b7b3eb7a"}) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, 0x0) 10:18:40 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe) [ 128.079911] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 128.081081] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 128.081841] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.084640] Tainted: [W]=WARN [ 128.085450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.087884] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.089122] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.092644] RSP: 0018:ffff888044ebf780 EFLAGS: 00010012 [ 128.093200] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 128.093923] RDX: ffff88804305d280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 128.094640] RBP: ffff888044ebf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd09480 [ 128.095371] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 128.096099] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 128.096814] FS: 00005555597c6400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.097627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.098216] CR2: 00005555597c7c18 CR3: 000000000ca47000 CR4: 0000000000350ef0 [ 128.098947] Call Trace: [ 128.099216] [ 128.099445] ? __pfx_perf_tp_event+0x10/0x10 [ 128.099909] ? arch_scale_cpu_capacity+0x17/0xa0 [ 128.100399] ? cpu_util.constprop.0+0x17d/0x340 [ 128.100880] ? __asan_memset+0x24/0x50 [ 128.101291] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 128.101841] ? lock_release+0xc8/0x290 [ 128.102245] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 128.102828] ? __lock_acquire+0x694/0x1b70 [ 128.103261] ? perf_trace_run_bpf_submit+0xef/0x180 [ 128.103771] perf_trace_run_bpf_submit+0xef/0x180 [ 128.104268] perf_trace_preemptirq_template+0x259/0x430 [ 128.104823] ? __pick_eevdf+0x326/0x570 [ 128.105226] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 128.105827] ? update_curr+0x39e/0x500 [ 128.106226] ? find_held_lock+0x2b/0x80 [ 128.106638] ? try_to_wake_up+0x8ae/0x11d0 [ 128.107082] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 128.107598] trace_irq_enable.constprop.0+0xa6/0x100 [ 128.108112] trace_hardirqs_on+0x26/0x40 [ 128.108525] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 128.109023] try_to_wake_up+0x8ae/0x11d0 [ 128.109439] ? __pfx_try_to_wake_up+0x10/0x10 [ 128.109897] ? plist_del+0x122/0x270 [ 128.110282] ? find_held_lock+0x2b/0x80 [ 128.110696] ? futex_wake+0x474/0x540 [ 128.111102] wake_up_q+0xa1/0x130 [ 128.111462] futex_wake+0x47e/0x540 [ 128.111843] ? __pfx_futex_wake+0x10/0x10 [ 128.112269] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 128.112791] ? finish_task_switch.isra.0+0x206/0x840 [ 128.113308] do_futex+0x26d/0x370 [ 128.113669] ? __pfx_do_futex+0x10/0x10 [ 128.114079] ? __pfx___schedule+0x10/0x10 [ 128.114506] __x64_sys_futex+0x1c9/0x4d0 [ 128.114925] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 128.115532] ? __pfx___x64_sys_futex+0x10/0x10 [ 128.115992] ? xfd_validate_state+0x55/0x180 [ 128.116447] do_syscall_64+0xbf/0x360 [ 128.116832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.117352] RIP: 0033:0x7fa13eabab19 [ 128.117730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.119547] RSP: 002b:00007ffc0ee12a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.120302] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa13eabab19 [ 128.120997] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa13ebcdf68 [ 128.121698] RBP: 00007fa13ebcdf60 R08: 00007fa13c030700 R09: 0000000000000000 [ 128.122403] R10: 00007fa13c030700 R11: 0000000000000246 R12: 00007fa13ebd20a0 [ 128.123115] R13: 00007ffc0ee12b80 R14: 00007fa13ebcdf60 R15: 000000000001f3d6 [ 128.123825] [ 128.124057] Modules linked in: [ 128.124375] ---[ end trace 0000000000000000 ]--- [ 128.124850] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.125323] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.127112] RSP: 0018:ffff888044ebf780 EFLAGS: 00010012 [ 128.127629] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 128.128331] RDX: ffff88804305d280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 128.129034] RBP: ffff888044ebf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd09480 [ 128.129735] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 10:18:40 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000000), 0x0, 0x4) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) [ 128.130439] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 128.131355] FS: 00005555597c6400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.132154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.132730] CR2: 00005555597c7c18 CR3: 000000000ca47000 CR4: 0000000000350ef0 [ 128.133428] note: syz-executor.0[3948] exited with irqs disabled [ 128.134088] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 128.135177] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 128.135908] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 128.137071] Tainted: [D]=DIE, [W]=WARN [ 128.137448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 128.138259] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.138724] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.140501] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 128.141013] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 128.141684] RDX: ffff88804305d280 RSI: ffffffff818995b7 RDI: 0000000000000191 10:18:40 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000]) 10:18:40 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2016000, 0x0) 10:18:40 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "26f954d5b7b3eb7a"}) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, 0x0) [ 128.142352] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd09480 [ 128.143229] R10: 0000000000000000 R11: ffff88801769c898 R12: dffffc0000000000 [ 128.143956] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 128.144727] FS: 00005555597c6400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.145482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.146024] CR2: 00005555597c7c18 CR3: 000000000ca47000 CR4: 0000000000350ef0 [ 128.146689] Call Trace: [ 128.146946] [ 128.147161] ? __pfx_perf_tp_event+0x10/0x10 [ 128.147592] ? enqueue_task_fair+0xded/0x1e00 [ 128.148022] ? check_preempt_wakeup_fair+0x6e/0x950 [ 128.148498] ? wakeup_preempt+0x140/0x2a0 [ 128.148891] ? lock_release+0x1c7/0x290 [ 128.149377] ? lock_release+0x1c7/0x290 [ 128.149765] ? do_raw_spin_unlock+0x53/0x220 [ 128.150328] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 128.151046] ? try_to_wake_up+0x8ae/0x11d0 [ 128.151460] ? do_raw_spin_lock+0x123/0x260 [ 128.151868] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 128.152309] ? perf_trace_run_bpf_submit+0xef/0x180 [ 128.152778] perf_trace_run_bpf_submit+0xef/0x180 [ 128.153237] perf_trace_preemptirq_template+0x259/0x430 [ 128.153741] ? read_tsc+0x9/0x20 [ 128.154073] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 128.154625] ? clockevents_program_event+0x135/0x360 [ 128.155114] ? tick_program_event+0xac/0x140 10:18:40 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "26f954d5b7b3eb7a"}) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, 0x0) [ 128.155530] ? handle_softirqs+0x16e/0x770 [ 128.156032] trace_irq_enable.constprop.0+0xa6/0x100 [ 128.156512] trace_hardirqs_on+0x26/0x40 [ 128.156897] handle_softirqs+0x16e/0x770 [ 128.157289] __irq_exit_rcu+0xc4/0x100 [ 128.157667] irq_exit_rcu+0x9/0x20 [ 128.158047] sysvec_apic_timer_interrupt+0x70/0x80 [ 128.158529] [ 128.158743] [ 128.158966] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 128.159457] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 128.159904] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 128.161573] RSP: 0018:ffff888044ebff28 EFLAGS: 00000246 [ 128.162074] RAX: 0000000000000001 RBX: ffff88804305d280 RCX: ffffffff817c2b86 [ 128.162735] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 128.163409] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 128.164068] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88804305d280 [ 128.164733] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 128.165400] ? trace_irq_enable.constprop.0+0x26/0x100 [ 128.165888] ? make_task_dead+0x214/0x3b0 [ 128.166286] ? make_task_dead+0x214/0x3b0 [ 128.166679] ? do_syscall_64+0xbf/0x360 [ 128.167061] rewind_stack_and_make_dead+0x16/0x20 [ 128.167520] RIP: 0033:0x7fa13eabab19 [ 128.167865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.169530] RSP: 002b:00007ffc0ee12a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.170227] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa13eabab19 [ 128.170893] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa13ebcdf68 [ 128.171546] RBP: 00007fa13ebcdf60 R08: 00007fa13c030700 R09: 0000000000000000 [ 128.172194] R10: 00007fa13c030700 R11: 0000000000000246 R12: 00007fa13ebd20a0 [ 128.172846] R13: 00007ffc0ee12b80 R14: 00007fa13ebcdf60 R15: 000000000001f3d6 [ 128.173506] [ 128.173726] Modules linked in: [ 128.174029] ---[ end trace 0000000000000000 ]--- [ 128.174463] RIP: 0010:perf_tp_event+0x175/0xe70 [ 128.174914] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 128.176576] RSP: 0018:ffff888044ebf780 EFLAGS: 00010012 [ 128.177066] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 128.177719] RDX: ffff88804305d280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 128.178375] RBP: ffff888044ebf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd09480 [ 128.179034] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 128.179689] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 128.180353] FS: 00005555597c6400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 128.181092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.181626] CR2: 00005555597c7c18 CR3: 000000000ca47000 CR4: 0000000000350ef0 [ 128.182281] Kernel panic - not syncing: Fatal exception in interrupt [ 128.183126] Kernel Offset: disabled [ 128.183464] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:18:40 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff81364e44 RDX=1ffff11002d4effc RSI=0000000000000003 RDI=0000000000000000 RBP=ffff888016a77f58 RSP=ffff888016a77ec8 R8 =0000000000000000 R9 =fffffbfff0c8758a R10=0000000000000004 R11=0000000000000000 R12=0000000000000007 R13=000055556fc8bc18 R14=0000000000000000 R15=ffff888008c6e900 RIP=ffffffff8173e284 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556fc8a400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055556fc8bc18 CR3=000000004232a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888044ebf070 R8 =0000000000000000 R9 =ffffed1001651046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555597c6400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005555597c7c18 CR3=000000000ca47000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fa13eba17c000007fa13eba17c8 XMM02=00007fa13eba17e000007fa13eba17c0 XMM03=00007fa13eba17c800007fa13eba17c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000