Warning: Permanently added '[localhost]:63639' (ECDSA) to the list of known hosts. 2025/08/29 10:24:18 fuzzer started 2025/08/29 10:24:18 dialing manager at localhost:43077 syzkaller login: [ 51.730412] cgroup: Unknown subsys name 'net' [ 51.794972] cgroup: Unknown subsys name 'cpuset' [ 51.814684] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:24:29 syscalls: 2214 2025/08/29 10:24:29 code coverage: enabled 2025/08/29 10:24:29 comparison tracing: enabled 2025/08/29 10:24:29 extra coverage: enabled 2025/08/29 10:24:29 setuid sandbox: enabled 2025/08/29 10:24:29 namespace sandbox: enabled 2025/08/29 10:24:29 Android sandbox: enabled 2025/08/29 10:24:29 fault injection: enabled 2025/08/29 10:24:29 leak checking: enabled 2025/08/29 10:24:29 net packet injection: enabled 2025/08/29 10:24:29 net device setup: enabled 2025/08/29 10:24:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:24:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:24:29 USB emulation: enabled 2025/08/29 10:24:29 hci packet injection: enabled 2025/08/29 10:24:29 wifi device emulation: enabled 2025/08/29 10:24:29 802.15.4 emulation: enabled 2025/08/29 10:24:29 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:24:29 fetching corpus: 50, signal 21183/24706 (executing program) 2025/08/29 10:24:30 fetching corpus: 100, signal 28634/33678 (executing program) 2025/08/29 10:24:30 fetching corpus: 150, signal 35431/41854 (executing program) 2025/08/29 10:24:30 fetching corpus: 200, signal 40483/48211 (executing program) 2025/08/29 10:24:30 fetching corpus: 250, signal 49662/58324 (executing program) 2025/08/29 10:24:30 fetching corpus: 300, signal 56096/65655 (executing program) 2025/08/29 10:24:30 fetching corpus: 350, signal 59829/70427 (executing program) 2025/08/29 10:24:30 fetching corpus: 400, signal 64057/75540 (executing program) 2025/08/29 10:24:30 fetching corpus: 450, signal 68420/80658 (executing program) 2025/08/29 10:24:30 fetching corpus: 500, signal 70869/84033 (executing program) 2025/08/29 10:24:30 fetching corpus: 550, signal 73135/87173 (executing program) 2025/08/29 10:24:30 fetching corpus: 600, signal 76113/90843 (executing program) 2025/08/29 10:24:30 fetching corpus: 650, signal 79082/94469 (executing program) 2025/08/29 10:24:31 fetching corpus: 700, signal 80823/96983 (executing program) 2025/08/29 10:24:31 fetching corpus: 750, signal 82344/99304 (executing program) 2025/08/29 10:24:31 fetching corpus: 800, signal 88377/105250 (executing program) 2025/08/29 10:24:31 fetching corpus: 850, signal 92235/109438 (executing program) 2025/08/29 10:24:31 fetching corpus: 900, signal 93917/111684 (executing program) 2025/08/29 10:24:31 fetching corpus: 950, signal 95635/113937 (executing program) 2025/08/29 10:24:31 fetching corpus: 1000, signal 98705/117192 (executing program) 2025/08/29 10:24:31 fetching corpus: 1050, signal 99965/118987 (executing program) 2025/08/29 10:24:31 fetching corpus: 1100, signal 101388/120894 (executing program) 2025/08/29 10:24:31 fetching corpus: 1150, signal 102578/122570 (executing program) 2025/08/29 10:24:32 fetching corpus: 1200, signal 104175/124512 (executing program) 2025/08/29 10:24:32 fetching corpus: 1250, signal 105285/126119 (executing program) 2025/08/29 10:24:32 fetching corpus: 1300, signal 107065/128167 (executing program) 2025/08/29 10:24:32 fetching corpus: 1350, signal 107881/129496 (executing program) 2025/08/29 10:24:32 fetching corpus: 1400, signal 108909/130950 (executing program) 2025/08/29 10:24:32 fetching corpus: 1450, signal 110948/133023 (executing program) 2025/08/29 10:24:32 fetching corpus: 1500, signal 112274/134730 (executing program) 2025/08/29 10:24:32 fetching corpus: 1550, signal 114051/136594 (executing program) 2025/08/29 10:24:32 fetching corpus: 1600, signal 115259/138074 (executing program) 2025/08/29 10:24:32 fetching corpus: 1650, signal 116946/139723 (executing program) 2025/08/29 10:24:33 fetching corpus: 1700, signal 117750/140937 (executing program) 2025/08/29 10:24:33 fetching corpus: 1750, signal 119343/142531 (executing program) 2025/08/29 10:24:33 fetching corpus: 1800, signal 120083/143662 (executing program) 2025/08/29 10:24:33 fetching corpus: 1850, signal 121292/144994 (executing program) 2025/08/29 10:24:33 fetching corpus: 1900, signal 122442/146301 (executing program) 2025/08/29 10:24:33 fetching corpus: 1950, signal 124010/147757 (executing program) 2025/08/29 10:24:33 fetching corpus: 2000, signal 124912/148774 (executing program) 2025/08/29 10:24:33 fetching corpus: 2050, signal 125882/149805 (executing program) 2025/08/29 10:24:33 fetching corpus: 2100, signal 126671/150853 (executing program) 2025/08/29 10:24:33 fetching corpus: 2150, signal 127656/151910 (executing program) 2025/08/29 10:24:33 fetching corpus: 2200, signal 128591/152963 (executing program) 2025/08/29 10:24:34 fetching corpus: 2250, signal 129163/153760 (executing program) 2025/08/29 10:24:34 fetching corpus: 2300, signal 129922/154692 (executing program) 2025/08/29 10:24:34 fetching corpus: 2350, signal 130636/155554 (executing program) 2025/08/29 10:24:34 fetching corpus: 2400, signal 131311/156357 (executing program) 2025/08/29 10:24:34 fetching corpus: 2450, signal 132205/157201 (executing program) 2025/08/29 10:24:34 fetching corpus: 2500, signal 132865/157991 (executing program) 2025/08/29 10:24:34 fetching corpus: 2550, signal 133688/158820 (executing program) 2025/08/29 10:24:34 fetching corpus: 2600, signal 134480/159567 (executing program) 2025/08/29 10:24:34 fetching corpus: 2650, signal 135576/160467 (executing program) 2025/08/29 10:24:34 fetching corpus: 2700, signal 136736/161355 (executing program) 2025/08/29 10:24:35 fetching corpus: 2750, signal 137368/162080 (executing program) 2025/08/29 10:24:35 fetching corpus: 2800, signal 138235/162807 (executing program) 2025/08/29 10:24:35 fetching corpus: 2850, signal 139353/163587 (executing program) 2025/08/29 10:24:35 fetching corpus: 2900, signal 140028/164197 (executing program) 2025/08/29 10:24:35 fetching corpus: 2950, signal 140624/164860 (executing program) 2025/08/29 10:24:35 fetching corpus: 3000, signal 141096/165423 (executing program) 2025/08/29 10:24:35 fetching corpus: 3050, signal 141821/165989 (executing program) 2025/08/29 10:24:35 fetching corpus: 3100, signal 142565/166560 (executing program) 2025/08/29 10:24:35 fetching corpus: 3150, signal 143132/167084 (executing program) 2025/08/29 10:24:35 fetching corpus: 3200, signal 143902/167629 (executing program) 2025/08/29 10:24:35 fetching corpus: 3250, signal 144420/168106 (executing program) 2025/08/29 10:24:35 fetching corpus: 3300, signal 144972/168567 (executing program) 2025/08/29 10:24:36 fetching corpus: 3350, signal 145434/168991 (executing program) 2025/08/29 10:24:36 fetching corpus: 3400, signal 146209/169475 (executing program) 2025/08/29 10:24:36 fetching corpus: 3450, signal 146802/169973 (executing program) 2025/08/29 10:24:36 fetching corpus: 3500, signal 147366/170415 (executing program) 2025/08/29 10:24:36 fetching corpus: 3550, signal 148026/170844 (executing program) 2025/08/29 10:24:36 fetching corpus: 3600, signal 148503/171234 (executing program) 2025/08/29 10:24:36 fetching corpus: 3650, signal 149034/171718 (executing program) 2025/08/29 10:24:36 fetching corpus: 3700, signal 149546/172112 (executing program) 2025/08/29 10:24:36 fetching corpus: 3750, signal 150357/172569 (executing program) 2025/08/29 10:24:36 fetching corpus: 3800, signal 150860/172923 (executing program) 2025/08/29 10:24:37 fetching corpus: 3850, signal 151578/173265 (executing program) 2025/08/29 10:24:37 fetching corpus: 3900, signal 152282/173611 (executing program) 2025/08/29 10:24:37 fetching corpus: 3950, signal 152687/173894 (executing program) 2025/08/29 10:24:37 fetching corpus: 4000, signal 153127/174189 (executing program) 2025/08/29 10:24:37 fetching corpus: 4050, signal 153594/174472 (executing program) 2025/08/29 10:24:37 fetching corpus: 4100, signal 154070/174747 (executing program) 2025/08/29 10:24:37 fetching corpus: 4150, signal 154418/174991 (executing program) 2025/08/29 10:24:37 fetching corpus: 4200, signal 154887/175267 (executing program) 2025/08/29 10:24:37 fetching corpus: 4250, signal 155294/175303 (executing program) 2025/08/29 10:24:37 fetching corpus: 4300, signal 155785/175311 (executing program) 2025/08/29 10:24:37 fetching corpus: 4350, signal 156426/175353 (executing program) 2025/08/29 10:24:37 fetching corpus: 4400, signal 156872/175365 (executing program) 2025/08/29 10:24:38 fetching corpus: 4450, signal 157280/175383 (executing program) 2025/08/29 10:24:38 fetching corpus: 4500, signal 157751/175385 (executing program) 2025/08/29 10:24:38 fetching corpus: 4550, signal 158031/175392 (executing program) 2025/08/29 10:24:38 fetching corpus: 4600, signal 158721/175395 (executing program) 2025/08/29 10:24:38 fetching corpus: 4650, signal 159059/175397 (executing program) 2025/08/29 10:24:38 fetching corpus: 4700, signal 159649/175405 (executing program) 2025/08/29 10:24:38 fetching corpus: 4750, signal 160171/175409 (executing program) 2025/08/29 10:24:38 fetching corpus: 4800, signal 160549/175416 (executing program) 2025/08/29 10:24:38 fetching corpus: 4850, signal 160908/175437 (executing program) 2025/08/29 10:24:38 fetching corpus: 4900, signal 161396/175447 (executing program) 2025/08/29 10:24:38 fetching corpus: 4950, signal 161670/175461 (executing program) 2025/08/29 10:24:39 fetching corpus: 5000, signal 162457/175468 (executing program) 2025/08/29 10:24:39 fetching corpus: 5050, signal 163036/175492 (executing program) 2025/08/29 10:24:39 fetching corpus: 5100, signal 163439/175496 (executing program) 2025/08/29 10:24:39 fetching corpus: 5150, signal 163904/175613 (executing program) 2025/08/29 10:24:39 fetching corpus: 5200, signal 164510/175622 (executing program) 2025/08/29 10:24:39 fetching corpus: 5250, signal 164867/175629 (executing program) 2025/08/29 10:24:39 fetching corpus: 5300, signal 165559/175630 (executing program) 2025/08/29 10:24:39 fetching corpus: 5350, signal 166074/175639 (executing program) 2025/08/29 10:24:39 fetching corpus: 5400, signal 166341/175645 (executing program) 2025/08/29 10:24:39 fetching corpus: 5450, signal 166838/175662 (executing program) 2025/08/29 10:24:40 fetching corpus: 5500, signal 167138/175749 (executing program) 2025/08/29 10:24:40 fetching corpus: 5550, signal 167682/175762 (executing program) 2025/08/29 10:24:40 fetching corpus: 5600, signal 167986/175778 (executing program) 2025/08/29 10:24:40 fetching corpus: 5650, signal 168323/175790 (executing program) 2025/08/29 10:24:40 fetching corpus: 5700, signal 168566/175806 (executing program) 2025/08/29 10:24:40 fetching corpus: 5750, signal 168834/175816 (executing program) 2025/08/29 10:24:40 fetching corpus: 5800, signal 169516/175822 (executing program) 2025/08/29 10:24:40 fetching corpus: 5850, signal 170005/175827 (executing program) 2025/08/29 10:24:40 fetching corpus: 5900, signal 170382/175863 (executing program) 2025/08/29 10:24:40 fetching corpus: 5950, signal 170826/175865 (executing program) 2025/08/29 10:24:40 fetching corpus: 6000, signal 171188/175872 (executing program) 2025/08/29 10:24:41 fetching corpus: 6050, signal 171487/175874 (executing program) 2025/08/29 10:24:41 fetching corpus: 6100, signal 171723/175907 (executing program) 2025/08/29 10:24:41 fetching corpus: 6150, signal 171986/175925 (executing program) 2025/08/29 10:24:41 fetching corpus: 6200, signal 172342/175934 (executing program) 2025/08/29 10:24:41 fetching corpus: 6250, signal 172693/175946 (executing program) 2025/08/29 10:24:41 fetching corpus: 6300, signal 173202/175946 (executing program) 2025/08/29 10:24:41 fetching corpus: 6350, signal 173533/175958 (executing program) 2025/08/29 10:24:41 fetching corpus: 6362, signal 173620/175958 (executing program) 2025/08/29 10:24:41 fetching corpus: 6362, signal 173620/175958 (executing program) 2025/08/29 10:24:43 starting 8 fuzzer processes 10:24:43 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x1) fallocate(r1, 0x20, 0x0, 0x100000000) write(r1, &(0x7f00000000c0)='g', 0x1) fallocate(r0, 0x8, 0x0, 0x100000000) 10:24:43 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x200000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) 10:24:43 executing program 4: syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0) 10:24:43 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, 0x3, 0x2, 0x401}, 0x14}}, 0x0) 10:24:43 executing program 7: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r1, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) clone3(&(0x7f0000000240)={0x61020100, &(0x7f00000056c0), 0x0, 0x0, {}, &(0x7f00000001c0)=""/96, 0x60, 0x0, 0x0}, 0x58) 10:24:44 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3e96, &(0x7f0000000140)) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x28003, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:24:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0) [ 76.778971] audit: type=1400 audit(1756463084.043:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:24:44 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x70012000, 0x0, &(0x7f00000000c0), 0x0, {}, &(0x7f0000000140)=""/58, 0x3a, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='debugfs\x00', &(0x7f0000000040)='T', 0x1) read(r0, &(0x7f0000000200)=""/222, 0xde) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) [ 77.886386] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.889871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.893348] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.898040] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.901525] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.011410] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.015729] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.017270] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.034898] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.036431] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.041375] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.042628] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.045023] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.056644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.060205] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.086501] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.090177] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.097066] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.098633] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.100600] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.102806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.104427] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.114432] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.120901] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.124409] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.125859] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.129895] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.132033] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.135805] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.139852] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.143369] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.145432] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.150753] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.152454] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.154396] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.170504] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.197954] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.202531] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.204436] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.211231] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 79.981647] Bluetooth: hci0: command tx timeout [ 80.109233] Bluetooth: hci1: command tx timeout [ 80.174491] Bluetooth: hci3: command tx timeout [ 80.176373] Bluetooth: hci2: command tx timeout [ 80.237230] Bluetooth: hci6: command tx timeout [ 80.238567] Bluetooth: hci4: command tx timeout [ 80.239178] Bluetooth: hci5: command tx timeout [ 80.302374] Bluetooth: hci7: command tx timeout [ 82.029396] Bluetooth: hci0: command tx timeout [ 82.157195] Bluetooth: hci1: command tx timeout [ 82.221272] Bluetooth: hci3: command tx timeout [ 82.221289] Bluetooth: hci2: command tx timeout [ 82.285225] Bluetooth: hci6: command tx timeout [ 82.285262] Bluetooth: hci4: command tx timeout [ 82.285675] Bluetooth: hci5: command tx timeout [ 82.349233] Bluetooth: hci7: command tx timeout [ 84.078301] Bluetooth: hci0: command tx timeout [ 84.206671] Bluetooth: hci1: command tx timeout [ 84.269634] Bluetooth: hci3: command tx timeout [ 84.270540] Bluetooth: hci2: command tx timeout [ 84.333192] Bluetooth: hci5: command tx timeout [ 84.336209] Bluetooth: hci4: command tx timeout [ 84.336936] Bluetooth: hci6: command tx timeout [ 84.397426] Bluetooth: hci7: command tx timeout [ 86.126299] Bluetooth: hci0: command tx timeout [ 86.253894] Bluetooth: hci1: command tx timeout [ 86.317219] Bluetooth: hci3: command tx timeout [ 86.317650] Bluetooth: hci2: command tx timeout [ 86.381317] Bluetooth: hci6: command tx timeout [ 86.381747] Bluetooth: hci4: command tx timeout [ 86.383035] Bluetooth: hci5: command tx timeout [ 86.447153] Bluetooth: hci7: command tx timeout [ 119.409464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.411173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.657698] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.658812] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.726385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.726954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.984946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.985637] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:25:27 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x200000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) 10:25:27 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x200000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) [ 120.166591] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.168346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:25:27 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x200000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) [ 120.371152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.371774] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:25:27 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x20000000, &(0x7f0000000080)='./file0\x00', 0x0, 0x2000, 0x0) 10:25:27 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x20000000, &(0x7f0000000080)='./file0\x00', 0x0, 0x2000, 0x0) 10:25:27 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x20000000, &(0x7f0000000080)='./file0\x00', 0x0, 0x2000, 0x0) [ 120.575635] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 10:25:27 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x20000000, &(0x7f0000000080)='./file0\x00', 0x0, 0x2000, 0x0) [ 120.650698] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.651740] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:25:27 executing program 1: getresuid(&(0x7f0000000000), 0x0, 0x0) [ 120.816595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.817375] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.895896] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.896834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.945673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.946301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.998702] audit: type=1400 audit(1756463128.262:8): avc: denied { open } for pid=3883 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.010342] audit: type=1400 audit(1756463128.263:9): avc: denied { kernel } for pid=3883 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.054710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.055330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.161804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.162797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.251744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.252608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.353869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.354567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.449841] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.451245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.451962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.452616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.634218] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 121.634909] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 121.640732] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 121.642982] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.643843] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 121.645738] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 121.647599] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 121.648151] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 121.649994] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 121.651784] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 121.652295] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 121.653904] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 121.656018] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 121.656812] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 121.658356] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 121.660078] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 121.660600] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 121.663471] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 121.681472] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 121.681979] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 121.688896] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 121.691232] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 121.691753] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 121.693742] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 121.762732] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 121.763517] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.764205] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 121.764837] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 121.765485] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 121.766214] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 121.766880] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 121.767808] Bluetooth: hci6: Opcode 0x0c1a failed: -4 10:25:29 executing program 4: syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0) 10:25:29 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x70012000, 0x0, &(0x7f00000000c0), 0x0, {}, &(0x7f0000000140)=""/58, 0x3a, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='debugfs\x00', &(0x7f0000000040)='T', 0x1) read(r0, &(0x7f0000000200)=""/222, 0xde) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:25:29 executing program 1: io_setup(0x572, &(0x7f0000000140)=0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r2 = dup(r1) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) 10:25:29 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x70012000, 0x0, &(0x7f00000000c0), 0x0, {}, &(0x7f0000000140)=""/58, 0x3a, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='debugfs\x00', &(0x7f0000000040)='T', 0x1) read(r0, &(0x7f0000000200)=""/222, 0xde) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:25:29 executing program 7: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r1, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) clone3(&(0x7f0000000240)={0x61020100, &(0x7f00000056c0), 0x0, 0x0, {}, &(0x7f00000001c0)=""/96, 0x60, 0x0, 0x0}, 0x58) 10:25:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, 0x3, 0x2, 0x401}, 0x14}}, 0x0) 10:25:29 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x1) fallocate(r1, 0x20, 0x0, 0x100000000) write(r1, &(0x7f00000000c0)='g', 0x1) fallocate(r0, 0x8, 0x0, 0x100000000) 10:25:29 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3e96, &(0x7f0000000140)) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x28003, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:25:29 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x1) fallocate(r1, 0x20, 0x0, 0x100000000) write(r1, &(0x7f00000000c0)='g', 0x1) fallocate(r0, 0x8, 0x0, 0x100000000) 10:25:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, 0x3, 0x2, 0x401}, 0x14}}, 0x0) [ 121.906593] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 121.913566] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.917980] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 121.920300] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 121.920858] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 121.927391] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 121.927952] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 121.931650] Bluetooth: hci6: Opcode 0x0c1a failed: -4 10:25:29 executing program 4: syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0) 10:25:29 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x70012000, 0x0, &(0x7f00000000c0), 0x0, {}, &(0x7f0000000140)=""/58, 0x3a, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='debugfs\x00', &(0x7f0000000040)='T', 0x1) read(r0, &(0x7f0000000200)=""/222, 0xde) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:25:29 executing program 1: io_setup(0x572, &(0x7f0000000140)=0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r2 = dup(r1) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) 10:25:29 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x1) fallocate(r1, 0x20, 0x0, 0x100000000) write(r1, &(0x7f00000000c0)='g', 0x1) fallocate(r0, 0x8, 0x0, 0x100000000) 10:25:29 executing program 7: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg$inet6(r1, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) clone3(&(0x7f0000000240)={0x61020100, &(0x7f00000056c0), 0x0, 0x0, {}, &(0x7f00000001c0)=""/96, 0x60, 0x0, 0x0}, 0x58) 10:25:29 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3e96, &(0x7f0000000140)) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, 0x0, 0x28003, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:25:29 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(&(0x7f00000003c0)={0x70012000, 0x0, &(0x7f00000000c0), 0x0, {}, &(0x7f0000000140)=""/58, 0x3a, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='debugfs\x00', &(0x7f0000000040)='T', 0x1) read(r0, &(0x7f0000000200)=""/222, 0xde) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 10:25:29 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, 0x3, 0x2, 0x401}, 0x14}}, 0x0) [ 122.044055] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 122.044989] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 122.045708] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.047489] Tainted: [W]=WARN [ 122.048337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.050290] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.051686] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.055689] RSP: 0018:ffff8880188a7780 EFLAGS: 00010012 [ 122.056108] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d477000 [ 122.056666] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 122.057227] RBP: ffff8880188a79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16680 [ 122.057786] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 122.058341] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.058897] FS: 00007f88a6d2d700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.059518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.059971] CR2: 00007f4541a67545 CR3: 000000000a082000 CR4: 0000000000350ef0 [ 122.060525] Call Trace: [ 122.060728] [ 122.060912] ? __pfx_perf_tp_event+0x10/0x10 [ 122.061275] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 122.061760] ? lock_acquire+0x15e/0x2f0 [ 122.062079] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 122.062582] ? lock_is_held_type+0x9e/0x120 [ 122.062931] ? lock_is_held_type+0x9e/0x120 [ 122.063279] ? ctx_sched_in+0x134/0x9b0 [ 122.063593] ? kvm_sched_clock_read+0x16/0x30 [ 122.063951] ? sched_clock+0x37/0x60 [ 122.064257] ? sched_clock_cpu+0x6c/0x4e0 [ 122.064589] ? lock_is_held_type+0x9e/0x120 [ 122.064935] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.065341] ? lock_is_held_type+0x9e/0x120 [ 122.065687] perf_trace_run_bpf_submit+0xef/0x180 [ 122.066074] perf_trace_preemptirq_template+0x259/0x430 [ 122.066500] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.066967] ? check_preempt_wakeup_fair+0x406/0x950 [ 122.067371] ? find_held_lock+0x2b/0x80 [ 122.067695] ? try_to_wake_up+0x8ae/0x11d0 [ 122.068036] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.068441] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.068840] trace_hardirqs_on+0x26/0x40 [ 122.069165] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.069559] try_to_wake_up+0x8ae/0x11d0 [ 122.069886] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.070248] ? plist_del+0x122/0x270 [ 122.070548] ? find_held_lock+0x2b/0x80 [ 122.070873] ? futex_wake+0x474/0x540 [ 122.071181] wake_up_q+0xa1/0x130 [ 122.071466] futex_wake+0x47e/0x540 [ 122.071762] ? __pfx_futex_wake+0x10/0x10 [ 122.072093] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 122.072493] ? lock_release+0xc8/0x290 [ 122.072805] do_futex+0x26d/0x370 [ 122.073094] ? __pfx_do_futex+0x10/0x10 [ 122.073412] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.073837] ? find_held_lock+0x2b/0x80 [ 122.074162] __x64_sys_futex+0x1c9/0x4d0 [ 122.074486] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.074950] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.075314] ? xfd_validate_state+0x55/0x180 [ 122.075672] do_syscall_64+0xbf/0x360 [ 122.075975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.076380] RIP: 0033:0x7f88a97b7b19 [ 122.076677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.078080] RSP: 002b:00007f88a6d2d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.078670] RAX: ffffffffffffffda RBX: 00007f88a98caf68 RCX: 00007f88a97b7b19 [ 122.079219] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f88a98caf6c [ 122.079771] RBP: 00007f88a98caf60 R08: 000000000000000e R09: 0000000000000000 [ 122.080338] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f88a98caf6c [ 122.080886] R13: 00007ffd3af1394f R14: 00007f88a6d2d300 R15: 0000000000022000 [ 122.081444] [ 122.081631] Modules linked in: [ 122.081888] ---[ end trace 0000000000000000 ]--- [ 122.081892] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 122.082249] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.083075] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.083430] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.083982] CPU: 0 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.085371] RSP: 0018:ffff8880188a7780 EFLAGS: 00010012 [ 122.086235] Tainted: [D]=DIE, [W]=WARN [ 122.086636] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d477000 [ 122.086921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.087463] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 122.088067] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.088613] RBP: ffff8880188a79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16680 [ 122.088955] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.089506] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 122.090826] RSP: 0018:ffff888018887780 EFLAGS: 00010012 [ 122.091369] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.091759] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90007246000 [ 122.092304] FS: 00007f88a6d2d700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.092822] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.093446] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.093962] RBP: ffff8880188879f0 R08: ffff88806ce31340 R09: ffffe8ffffc16680 [ 122.094404] CR2: 00007f4541a67545 CR3: 000000000a082000 CR4: 0000000000350ef0 [ 122.094919] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 122.095468] note: syz-executor.6[3945] exited with irqs disabled [ 122.095984] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 122.096969] FS: 00007f7fd85b9700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 122.097571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.098001] CR2: 00007f7fdb157018 CR3: 000000001d760000 CR4: 0000000000350ef0 [ 122.098524] Call Trace: [ 122.098720] [ 122.098892] ? merge_sched_in+0xcb/0x1810 [ 122.099203] ? __pfx_perf_tp_event+0x10/0x10 [ 122.099538] ? __asan_memcpy+0x3d/0x60 [ 122.099834] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 122.100293] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 122.100765] ? kvm_sched_clock_read+0x16/0x30 [ 122.101120] ? local_clock_noinstr+0xf/0xc0 [ 122.101448] ? ctx_sched_in+0x134/0x9b0 [ 122.101746] ? __kernel_text_address+0xd/0x40 [ 122.102090] ? css_rstat_updated+0x1b8/0x4d0 [ 122.102428] ? __pfx_css_rstat_updated+0x10/0x10 [ 122.102796] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.103173] perf_trace_run_bpf_submit+0xef/0x180 [ 122.103540] perf_trace_preemptirq_template+0x259/0x430 [ 122.103948] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.104388] ? check_preempt_wakeup_fair+0x406/0x950 [ 122.104770] ? wakeup_preempt+0x140/0x2a0 [ 122.105093] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.105477] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.105858] trace_hardirqs_on+0x26/0x40 [ 122.106163] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 122.106532] try_to_wake_up+0x8ae/0x11d0 [ 122.106843] ? __pfx_try_to_wake_up+0x10/0x10 [ 122.107184] ? plist_del+0x122/0x270 [ 122.107469] ? __futex_unqueue+0xda/0x1c0 [ 122.107782] wake_up_q+0xa1/0x130 [ 122.108051] futex_wake+0x47e/0x540 [ 122.108331] ? __pfx_futex_wake+0x10/0x10 [ 122.108644] ? lock_release+0x1c7/0x290 [ 122.108946] ? lock_release+0x1c7/0x290 [ 122.109253] ? fd_install+0x1f0/0x660 [ 122.109545] do_futex+0x26d/0x370 [ 122.109810] ? __pfx_do_futex+0x10/0x10 [ 122.110110] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 122.110505] ? count_memcg_events+0x32b/0x420 [ 122.110847] __x64_sys_futex+0x1c9/0x4d0 [ 122.111152] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.111591] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.111937] do_syscall_64+0xbf/0x360 [ 122.112226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.112608] RIP: 0033:0x7f7fdb043b19 [ 122.112884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.114204] RSP: 002b:00007f7fd85b9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.114762] RAX: ffffffffffffffda RBX: 00007f7fdb156f68 RCX: 00007f7fdb043b19 [ 122.115281] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7fdb156f6c [ 122.115799] RBP: 00007f7fdb156f60 R08: 000000000000000e R09: 0000000000000000 [ 122.116319] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7fdb156f6c [ 122.116838] R13: 00007ffe3961f18f R14: 00007f7fd85b9300 R15: 0000000000022000 [ 122.117368] [ 122.117545] Modules linked in: [ 122.117788] ---[ end trace 0000000000000000 ]--- [ 122.117789] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 122.118132] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.118973] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 122.119308] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.119965] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.121274] RSP: 0018:ffff8880188a7780 EFLAGS: 00010012 [ 122.122179] Tainted: [D]=DIE, [W]=WARN [ 122.122563] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d477000 [ 122.122858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.123371] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 122.124008] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.124541] RBP: ffff8880188a79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16680 [ 122.124904] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.125470] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 122.126891] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 122.127444] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.127860] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 122.128417] FS: 00007f7fd85b9700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 122.128972] RDX: ffff888015e83700 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 122.129601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.130153] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16680 [ 122.130609] CR2: 00007f7fdb157018 CR3: 000000001d760000 CR4: 0000000000350ef0 [ 122.131164] R10: 0000000000000000 R11: ffff888018a55098 R12: dffffc0000000000 [ 122.131728] note: syz-executor.3[3952] exited with irqs disabled [ 122.132285] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 122.133318] FS: 00007f88a6d2d700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.133946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.134404] CR2: 00007f4541a67545 CR3: 000000000a082000 CR4: 0000000000350ef0 [ 122.134968] Call Trace: [ 122.135175] [ 122.135360] ? __pfx_perf_tp_event+0x10/0x10 [ 122.135720] ? update_load_avg+0x17d/0x1ef0 [ 122.136063] ? check_preempt_wakeup_fair+0x6e/0x950 [ 122.136463] ? lock_release+0x1c7/0x290 [ 122.136788] ? lock_release+0x1c7/0x290 [ 122.137112] ? do_raw_spin_unlock+0x53/0x220 [ 122.137473] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 122.137885] ? try_to_wake_up+0x8ae/0x11d0 [ 122.138231] ? do_raw_spin_lock+0x123/0x260 [ 122.138583] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 122.138963] ? perf_trace_run_bpf_submit+0xef/0x180 [ 122.139371] perf_trace_run_bpf_submit+0xef/0x180 [ 122.139764] perf_trace_preemptirq_template+0x259/0x430 [ 122.140194] ? read_tsc+0x9/0x20 [ 122.140472] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.140944] ? clockevents_program_event+0x135/0x360 [ 122.141360] ? tick_program_event+0xac/0x140 [ 122.141713] ? handle_softirqs+0x16e/0x770 [ 122.142066] trace_irq_enable.constprop.0+0xa6/0x100 [ 122.142471] trace_hardirqs_on+0x26/0x40 [ 122.142793] handle_softirqs+0x16e/0x770 [ 122.143127] __irq_exit_rcu+0xc4/0x100 [ 122.143449] irq_exit_rcu+0x9/0x20 [ 122.143735] sysvec_apic_timer_interrupt+0x70/0x80 [ 122.144134] [ 122.144317] [ 122.144502] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 122.144920] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 122.145309] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 122.146740] RSP: 0018:ffff8880188a7f28 EFLAGS: 00000246 [ 122.147162] RAX: 0000000000000001 RBX: ffff888015e83700 RCX: ffffffff817c2b86 [ 122.147727] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 122.148297] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 122.148862] R10: ffffffff8643ac57 R11: 7973203a65746f6e R12: ffff888015e83700 [ 122.149432] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 122.149993] ? trace_irq_enable.constprop.0+0x26/0x100 [ 122.150415] ? make_task_dead+0x214/0x3b0 [ 122.150752] ? make_task_dead+0x214/0x3b0 [ 122.151088] ? do_syscall_64+0xbf/0x360 [ 122.151410] rewind_stack_and_make_dead+0x16/0x20 [ 122.151802] RIP: 0033:0x7f88a97b7b19 [ 122.152098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.153539] RSP: 002b:00007f88a6d2d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.154140] RAX: ffffffffffffffda RBX: 00007f88a98caf68 RCX: 00007f88a97b7b19 [ 122.154705] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f88a98caf6c [ 122.155268] RBP: 00007f88a98caf60 R08: 000000000000000e R09: 0000000000000000 [ 122.155832] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f88a98caf6c [ 122.156398] R13: 00007ffd3af1394f R14: 00007f88a6d2d300 R15: 0000000000022000 [ 122.156969] [ 122.157163] Modules linked in: [ 122.157427] ---[ end trace 0000000000000000 ]--- [ 122.157428] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 122.157798] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.158658] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 122.159022] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.159617] CPU: 0 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 122.161029] RSP: 0018:ffff8880188a7780 EFLAGS: 00010012 [ 122.161964] Tainted: [D]=DIE, [W]=WARN [ 122.162372] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d477000 [ 122.162671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.163227] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 122.163869] RIP: 0010:perf_tp_event+0x175/0xe70 [ 122.164429] RBP: ffff8880188a79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16680 [ 122.164790] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 122.165349] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 122.166759] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 122.167318] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 122.167732] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 122.168288] FS: 00007f88a6d2d700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 122.168839] RDX: ffff888015e8b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 122.169477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.170032] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16680 [ 122.170490] CR2: 00007f4541a67545 CR3: 000000000a082000 CR4: 0000000000350ef0 [ 122.171044] R10: 0000000000000000 R11: ffff88801505f098 R12: dffffc0000000000 [ 122.171610] Kernel panic - not syncing: Fatal exception in interrupt [ 123.217877] Shutting down cpus with NMI [ 123.218896] Kernel Offset: disabled [ 123.219184] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:25:29 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff888018887530 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11003110ea7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888018887568 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7fd85b9700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7fdb157018 CR3=000000001d760000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7fdb12a7c000007f7fdb12a7c8 XMM02=00007f7fdb12a7e000007f7fdb12a7c0 XMM03=00007f7fdb12a7c800007f7fdb12a7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880188a7070 R8 =0000000000000000 R9 =ffffed100171a046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f88a6d2d700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4541a67545 CR3=000000000a082000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f88a989e7c000007f88a989e7c8 XMM02=00007f88a989e7e000007f88a989e7c0 XMM03=00007f88a989e7c800007f88a989e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000