Warning: Permanently added '[localhost]:51016' (ECDSA) to the list of known hosts. 2025/08/29 10:31:09 fuzzer started 2025/08/29 10:31:09 dialing manager at localhost:43077 syzkaller login: [ 51.373206] cgroup: Unknown subsys name 'net' [ 51.479225] cgroup: Unknown subsys name 'cpuset' [ 51.511233] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:31:19 syscalls: 2214 2025/08/29 10:31:19 code coverage: enabled 2025/08/29 10:31:19 comparison tracing: enabled 2025/08/29 10:31:19 extra coverage: enabled 2025/08/29 10:31:19 setuid sandbox: enabled 2025/08/29 10:31:19 namespace sandbox: enabled 2025/08/29 10:31:19 Android sandbox: enabled 2025/08/29 10:31:19 fault injection: enabled 2025/08/29 10:31:19 leak checking: enabled 2025/08/29 10:31:19 net packet injection: enabled 2025/08/29 10:31:19 net device setup: enabled 2025/08/29 10:31:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:31:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:31:19 USB emulation: enabled 2025/08/29 10:31:19 hci packet injection: enabled 2025/08/29 10:31:19 wifi device emulation: enabled 2025/08/29 10:31:19 802.15.4 emulation: enabled 2025/08/29 10:31:19 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:31:19 fetching corpus: 50, signal 15684/19323 (executing program) 2025/08/29 10:31:19 fetching corpus: 100, signal 28991/33964 (executing program) 2025/08/29 10:31:19 fetching corpus: 150, signal 38387/44608 (executing program) 2025/08/29 10:31:20 fetching corpus: 200, signal 48311/55533 (executing program) 2025/08/29 10:31:20 fetching corpus: 250, signal 55000/63226 (executing program) 2025/08/29 10:31:20 fetching corpus: 300, signal 57909/67271 (executing program) 2025/08/29 10:31:20 fetching corpus: 350, signal 61460/71890 (executing program) 2025/08/29 10:31:20 fetching corpus: 400, signal 65089/76420 (executing program) 2025/08/29 10:31:20 fetching corpus: 450, signal 69564/81604 (executing program) 2025/08/29 10:31:20 fetching corpus: 500, signal 71856/84846 (executing program) 2025/08/29 10:31:20 fetching corpus: 550, signal 74879/88628 (executing program) 2025/08/29 10:31:20 fetching corpus: 600, signal 78308/92672 (executing program) 2025/08/29 10:31:21 fetching corpus: 650, signal 81602/96517 (executing program) 2025/08/29 10:31:21 fetching corpus: 700, signal 83532/99237 (executing program) 2025/08/29 10:31:21 fetching corpus: 750, signal 84973/101480 (executing program) 2025/08/29 10:31:21 fetching corpus: 800, signal 87407/104440 (executing program) 2025/08/29 10:31:21 fetching corpus: 850, signal 90599/107973 (executing program) 2025/08/29 10:31:21 fetching corpus: 900, signal 93014/110892 (executing program) 2025/08/29 10:31:21 fetching corpus: 950, signal 96259/114351 (executing program) 2025/08/29 10:31:21 fetching corpus: 1000, signal 97784/116420 (executing program) 2025/08/29 10:31:21 fetching corpus: 1050, signal 100078/119020 (executing program) 2025/08/29 10:31:21 fetching corpus: 1100, signal 101772/121111 (executing program) 2025/08/29 10:31:22 fetching corpus: 1150, signal 104521/123922 (executing program) 2025/08/29 10:31:22 fetching corpus: 1200, signal 105502/125424 (executing program) 2025/08/29 10:31:22 fetching corpus: 1250, signal 107454/127573 (executing program) 2025/08/29 10:31:22 fetching corpus: 1300, signal 108964/129406 (executing program) 2025/08/29 10:31:22 fetching corpus: 1350, signal 110611/131291 (executing program) 2025/08/29 10:31:22 fetching corpus: 1400, signal 111714/132815 (executing program) 2025/08/29 10:31:22 fetching corpus: 1450, signal 112977/134430 (executing program) 2025/08/29 10:31:22 fetching corpus: 1500, signal 113800/135731 (executing program) 2025/08/29 10:31:22 fetching corpus: 1550, signal 115242/137341 (executing program) 2025/08/29 10:31:22 fetching corpus: 1600, signal 116448/138780 (executing program) 2025/08/29 10:31:22 fetching corpus: 1650, signal 117882/140365 (executing program) 2025/08/29 10:31:23 fetching corpus: 1700, signal 118808/141573 (executing program) 2025/08/29 10:31:23 fetching corpus: 1750, signal 119773/142802 (executing program) 2025/08/29 10:31:23 fetching corpus: 1800, signal 120802/144047 (executing program) 2025/08/29 10:31:23 fetching corpus: 1850, signal 121592/145160 (executing program) 2025/08/29 10:31:23 fetching corpus: 1900, signal 122339/146211 (executing program) 2025/08/29 10:31:23 fetching corpus: 1950, signal 123593/147530 (executing program) 2025/08/29 10:31:23 fetching corpus: 2000, signal 124184/148455 (executing program) 2025/08/29 10:31:23 fetching corpus: 2050, signal 125332/149752 (executing program) 2025/08/29 10:31:23 fetching corpus: 2100, signal 126209/150742 (executing program) 2025/08/29 10:31:23 fetching corpus: 2150, signal 126864/151668 (executing program) 2025/08/29 10:31:24 fetching corpus: 2200, signal 129197/153354 (executing program) 2025/08/29 10:31:24 fetching corpus: 2250, signal 129921/154318 (executing program) 2025/08/29 10:31:24 fetching corpus: 2300, signal 130776/155235 (executing program) 2025/08/29 10:31:24 fetching corpus: 2350, signal 131827/156249 (executing program) 2025/08/29 10:31:24 fetching corpus: 2400, signal 132958/157227 (executing program) 2025/08/29 10:31:24 fetching corpus: 2450, signal 133797/158127 (executing program) 2025/08/29 10:31:24 fetching corpus: 2500, signal 134528/158951 (executing program) 2025/08/29 10:31:24 fetching corpus: 2550, signal 135334/159816 (executing program) 2025/08/29 10:31:24 fetching corpus: 2600, signal 136178/160717 (executing program) 2025/08/29 10:31:24 fetching corpus: 2650, signal 137184/161603 (executing program) 2025/08/29 10:31:24 fetching corpus: 2700, signal 137877/162335 (executing program) 2025/08/29 10:31:25 fetching corpus: 2750, signal 139113/163313 (executing program) 2025/08/29 10:31:25 fetching corpus: 2800, signal 139636/163931 (executing program) 2025/08/29 10:31:25 fetching corpus: 2850, signal 140320/164598 (executing program) 2025/08/29 10:31:25 fetching corpus: 2900, signal 140889/165233 (executing program) 2025/08/29 10:31:25 fetching corpus: 2950, signal 141691/166039 (executing program) 2025/08/29 10:31:25 fetching corpus: 3000, signal 142194/166644 (executing program) 2025/08/29 10:31:25 fetching corpus: 3050, signal 142704/167233 (executing program) 2025/08/29 10:31:25 fetching corpus: 3100, signal 143285/167781 (executing program) 2025/08/29 10:31:25 fetching corpus: 3150, signal 143669/168328 (executing program) 2025/08/29 10:31:25 fetching corpus: 3200, signal 144113/168831 (executing program) 2025/08/29 10:31:25 fetching corpus: 3250, signal 144848/169382 (executing program) 2025/08/29 10:31:26 fetching corpus: 3300, signal 145644/169942 (executing program) 2025/08/29 10:31:26 fetching corpus: 3350, signal 146286/170484 (executing program) 2025/08/29 10:31:26 fetching corpus: 3400, signal 146917/170993 (executing program) 2025/08/29 10:31:26 fetching corpus: 3450, signal 147504/171467 (executing program) 2025/08/29 10:31:26 fetching corpus: 3500, signal 148140/171941 (executing program) 2025/08/29 10:31:26 fetching corpus: 3550, signal 148789/172419 (executing program) 2025/08/29 10:31:26 fetching corpus: 3600, signal 149491/172875 (executing program) 2025/08/29 10:31:26 fetching corpus: 3650, signal 149988/173309 (executing program) 2025/08/29 10:31:26 fetching corpus: 3700, signal 150663/173740 (executing program) 2025/08/29 10:31:26 fetching corpus: 3750, signal 151141/174105 (executing program) 2025/08/29 10:31:27 fetching corpus: 3800, signal 151455/174439 (executing program) 2025/08/29 10:31:27 fetching corpus: 3850, signal 151918/174792 (executing program) 2025/08/29 10:31:27 fetching corpus: 3900, signal 152308/175140 (executing program) 2025/08/29 10:31:27 fetching corpus: 3950, signal 152809/175485 (executing program) 2025/08/29 10:31:27 fetching corpus: 4000, signal 153713/175837 (executing program) 2025/08/29 10:31:27 fetching corpus: 4050, signal 154414/176169 (executing program) 2025/08/29 10:31:27 fetching corpus: 4100, signal 154961/176472 (executing program) 2025/08/29 10:31:27 fetching corpus: 4150, signal 155555/176847 (executing program) 2025/08/29 10:31:27 fetching corpus: 4200, signal 156058/177111 (executing program) 2025/08/29 10:31:27 fetching corpus: 4250, signal 156540/177406 (executing program) 2025/08/29 10:31:27 fetching corpus: 4300, signal 157304/177439 (executing program) 2025/08/29 10:31:28 fetching corpus: 4350, signal 157733/177471 (executing program) 2025/08/29 10:31:28 fetching corpus: 4400, signal 158103/177485 (executing program) 2025/08/29 10:31:28 fetching corpus: 4450, signal 158372/177504 (executing program) 2025/08/29 10:31:28 fetching corpus: 4500, signal 158713/177511 (executing program) 2025/08/29 10:31:28 fetching corpus: 4550, signal 159192/177512 (executing program) 2025/08/29 10:31:28 fetching corpus: 4600, signal 159759/177518 (executing program) 2025/08/29 10:31:28 fetching corpus: 4650, signal 160230/177532 (executing program) 2025/08/29 10:31:28 fetching corpus: 4700, signal 160595/177533 (executing program) 2025/08/29 10:31:28 fetching corpus: 4750, signal 161245/177612 (executing program) 2025/08/29 10:31:28 fetching corpus: 4800, signal 161709/177621 (executing program) 2025/08/29 10:31:28 fetching corpus: 4850, signal 162099/177636 (executing program) 2025/08/29 10:31:28 fetching corpus: 4900, signal 162402/177637 (executing program) 2025/08/29 10:31:28 fetching corpus: 4950, signal 162842/177638 (executing program) 2025/08/29 10:31:29 fetching corpus: 5000, signal 163450/177641 (executing program) 2025/08/29 10:31:29 fetching corpus: 5050, signal 163833/177646 (executing program) 2025/08/29 10:31:29 fetching corpus: 5100, signal 164384/177655 (executing program) 2025/08/29 10:31:29 fetching corpus: 5150, signal 164730/177655 (executing program) 2025/08/29 10:31:29 fetching corpus: 5200, signal 165041/177662 (executing program) 2025/08/29 10:31:29 fetching corpus: 5250, signal 165644/177688 (executing program) 2025/08/29 10:31:29 fetching corpus: 5300, signal 165976/177707 (executing program) 2025/08/29 10:31:29 fetching corpus: 5350, signal 166213/177715 (executing program) 2025/08/29 10:31:29 fetching corpus: 5400, signal 166672/177717 (executing program) 2025/08/29 10:31:29 fetching corpus: 5450, signal 167023/177729 (executing program) 2025/08/29 10:31:29 fetching corpus: 5500, signal 167444/177729 (executing program) 2025/08/29 10:31:29 fetching corpus: 5550, signal 167817/177750 (executing program) 2025/08/29 10:31:30 fetching corpus: 5600, signal 168133/177754 (executing program) 2025/08/29 10:31:30 fetching corpus: 5650, signal 168503/177761 (executing program) 2025/08/29 10:31:30 fetching corpus: 5700, signal 168914/177764 (executing program) 2025/08/29 10:31:30 fetching corpus: 5750, signal 169282/177772 (executing program) 2025/08/29 10:31:30 fetching corpus: 5800, signal 169881/177787 (executing program) 2025/08/29 10:31:30 fetching corpus: 5850, signal 170355/177788 (executing program) 2025/08/29 10:31:30 fetching corpus: 5900, signal 170777/177795 (executing program) 2025/08/29 10:31:30 fetching corpus: 5950, signal 171138/177801 (executing program) 2025/08/29 10:31:30 fetching corpus: 6000, signal 171507/177807 (executing program) 2025/08/29 10:31:31 fetching corpus: 6050, signal 171807/177828 (executing program) 2025/08/29 10:31:31 fetching corpus: 6100, signal 172103/177847 (executing program) 2025/08/29 10:31:31 fetching corpus: 6150, signal 172461/177856 (executing program) 2025/08/29 10:31:31 fetching corpus: 6200, signal 172747/177879 (executing program) 2025/08/29 10:31:31 fetching corpus: 6250, signal 173080/177971 (executing program) 2025/08/29 10:31:31 fetching corpus: 6300, signal 173501/177972 (executing program) 2025/08/29 10:31:31 fetching corpus: 6350, signal 173857/177975 (executing program) 2025/08/29 10:31:31 fetching corpus: 6400, signal 174112/177981 (executing program) 2025/08/29 10:31:31 fetching corpus: 6450, signal 174357/177999 (executing program) 2025/08/29 10:31:31 fetching corpus: 6500, signal 174778/178042 (executing program) 2025/08/29 10:31:31 fetching corpus: 6550, signal 175113/178044 (executing program) 2025/08/29 10:31:32 fetching corpus: 6600, signal 175352/178051 (executing program) 2025/08/29 10:31:32 fetching corpus: 6624, signal 175481/178051 (executing program) 2025/08/29 10:31:32 fetching corpus: 6624, signal 175481/178051 (executing program) 2025/08/29 10:31:34 starting 8 fuzzer processes 10:31:34 executing program 0: io_setup(0x8, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r0, 0x2, &(0x7f0000003400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000002180)={0x0, 0x0, 0x0, 0x8, 0x0, r2, &(0x7f0000001180)="7dd92e328910fb742f3c420265268fa12f6ac4113957fc8c636eebab5b76f47dd3dd58a39b4867009959d6248b609b93986fc858f96ecd487764fb6c1eafd36a04000e9a8e02716988b55ed3943900ec3861474499eec8adac6cd06125f914f43e616a6a2e2a5496064ac853a75ed16932419b0beb3a8bfc4c1880599c02a24f440bb634c124d575b0da32fb04de3804b890c45bbc373f804ccc3440f2e18f3528765bd6a7d15d0df5a5d28ca17cb50ea4493c6ffbb8758f08860742afe394b31645f8ffdb7c411c351eac4e1eff4e164d7ae5198ef92e1da0488fa2d4fcf444b9747b1ad194b1d042290c55b86224594ea495bb6b2ba91dce50602ec0161d6a18ee70f2dbf1d15f40e50a90d722145e642c610cf5cbba614a71ff2e26dbfa82b7f6eef1e6845265f39f76b9423643cac6d6cc53a990b68927bc9ad2a54b1fea33c38db97feb5489847449077ca635b427c7ecce02d4047a13053f7a303242c297406605ac475b8403a70ac510ca50cb3cb06b46ef4a7854bb8e1afafc744efb959d5cfcf5fd1971816986492b1d85392cfc14ef380c9b031042a2f3b47d9fd6b172d382513359cbb3cc02c4ce18d849f61cce5dae2e2175aa247f17821a70ade707c78674025d2f001aede1395665d190d300655c5e413d815e907bec2b9b80226944939e6a95ee18792e5455e81aa8b05ad75026394d5f0dfc4e84d9490845202f3951239e5b3b4a686a93d201a2564af5d2db89b99e0255816af6a930f0782327761833495deb91c4824cf95b4f27d4731da20d07f7063502d81e33be03d6cf8ee12cf6235795d73aeb095a7708e53079cd1b04dd466cdb6a30b2b8076ab28d56fa75defd4934b65607a5a0bfd3722d5c519f5ca9d3bff3ef53663c044823a99554078e564b11ae92b3a55b9707e66a5ef6566bc24590d67dd5a5f9fe8889393a96a2f1aa7523b96f15372db56ad738f9b76d7019e10637832e27bee20d17ab6087fc8702c427c0727826755383a2ee8213b3c1fffea94881748ae3dca5a9dc4608c28a32d4f217b35a945925305410e6c401cbdeebe1bb4dba2036e41d431f0c317f2284464304df89f0018e57ac8f5c9e3409982d63c251ab197767b5b89b42f4ad58cbd5d32101cf89f5f8463df3094104116266fe3321675749ed9f089c4f8dee36bfd73a2f425790805818517b654a4c58a04025e53869ab1f78e220d4a16ca80dd63c8651e5fa08d4cc66cedeef62ef40995f93a5b6842e809b428b691b4e3823ae0fc65e6aa8959c7fcf0ffa75e8fd9745e072cd486558f17a813ba9f8177641c04cca052084524b2eb2b05126099977f6248928f8e946696f7701189efe63b4cc9ee5ad42493ef20eae4ac717a67646ff5780b5db6c749ac34f19404b7e09b0da708013cecb9fa76915d2a5f13641ce2536e535baa70e12f8fce2c7", 0x401}]) 10:31:34 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) 10:31:34 executing program 2: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfff}) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x2f}) [ 75.480214] audit: type=1400 audit(1756463494.176:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:31:34 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 10:31:34 executing program 3: r0 = io_uring_setup(0x4e6f, &(0x7f0000000000)) io_uring_enter(r0, 0x7a03, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x36db, 0x0, 0x0, 0x0, 0x0) 10:31:34 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f00000000c0)) 10:31:34 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x2, 0x0, 0x80}}) 10:31:34 executing program 7: timer_create(0x3, 0x0, &(0x7f0000000040)) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_gettime(0x0, &(0x7f00000000c0)) [ 76.686668] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.689550] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.693598] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.695443] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.697611] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.700033] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.702636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.706822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.709060] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.712032] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.740865] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.746086] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.748028] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.758151] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.760523] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.821171] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.824971] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.838010] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.844414] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.846743] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.871191] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.878021] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.880805] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.884105] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.885831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.888096] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.889477] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.903500] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.908328] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.909460] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.912478] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.920371] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.921776] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.926563] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.933773] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.946449] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.954748] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.962942] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.993641] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.007719] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.778842] Bluetooth: hci0: command tx timeout [ 78.779659] Bluetooth: hci1: command tx timeout [ 78.842659] Bluetooth: hci2: command tx timeout [ 78.906371] Bluetooth: hci3: command tx timeout [ 78.971421] Bluetooth: hci6: command tx timeout [ 78.971507] Bluetooth: hci4: command tx timeout [ 79.034398] Bluetooth: hci5: command tx timeout [ 79.035108] Bluetooth: hci7: command tx timeout [ 80.827400] Bluetooth: hci1: command tx timeout [ 80.827419] Bluetooth: hci0: command tx timeout [ 80.890501] Bluetooth: hci2: command tx timeout [ 80.954335] Bluetooth: hci3: command tx timeout [ 81.018477] Bluetooth: hci6: command tx timeout [ 81.018613] Bluetooth: hci4: command tx timeout [ 81.082693] Bluetooth: hci5: command tx timeout [ 81.082781] Bluetooth: hci7: command tx timeout [ 82.874554] Bluetooth: hci1: command tx timeout [ 82.874645] Bluetooth: hci0: command tx timeout [ 82.939353] Bluetooth: hci2: command tx timeout [ 83.002451] Bluetooth: hci3: command tx timeout [ 83.066401] Bluetooth: hci6: command tx timeout [ 83.069164] Bluetooth: hci4: command tx timeout [ 83.130417] Bluetooth: hci7: command tx timeout [ 83.131408] Bluetooth: hci5: command tx timeout [ 84.922397] Bluetooth: hci0: command tx timeout [ 84.922603] Bluetooth: hci1: command tx timeout [ 84.986451] Bluetooth: hci2: command tx timeout [ 85.050522] Bluetooth: hci3: command tx timeout [ 85.114399] Bluetooth: hci4: command tx timeout [ 85.114664] Bluetooth: hci6: command tx timeout [ 85.180390] Bluetooth: hci5: command tx timeout [ 85.180413] Bluetooth: hci7: command tx timeout [ 112.716497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.717173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.814721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.815375] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.934417] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.935028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.110022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.110701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.442076] audit: type=1400 audit(1756463532.138:8): avc: denied { open } for pid=3711 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 113.450761] audit: type=1400 audit(1756463532.138:9): avc: denied { kernel } for pid=3711 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:32:12 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) 10:32:12 executing program 3: r0 = io_uring_setup(0x4e6f, &(0x7f0000000000)) io_uring_enter(r0, 0x7a03, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x36db, 0x0, 0x0, 0x0, 0x0) 10:32:12 executing program 3: r0 = io_uring_setup(0x4e6f, &(0x7f0000000000)) io_uring_enter(r0, 0x7a03, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x36db, 0x0, 0x0, 0x0, 0x0) 10:32:12 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) 10:32:12 executing program 3: r0 = io_uring_setup(0x4e6f, &(0x7f0000000000)) io_uring_enter(r0, 0x7a03, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x36db, 0x0, 0x0, 0x0, 0x0) 10:32:12 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) 10:32:12 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) 10:32:12 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) [ 114.218721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.219546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.320362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.320979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.664321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.664922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.762339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.763117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.959754] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.960827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.039783] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.040450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.166593] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.167230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.173671] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.174936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.450638] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 115.679353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.679970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.713433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.714016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.876095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.876772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.902889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.903715] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.973562] audit: type=1326 audit(1756463534.669:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3904 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f250fb02b19 code=0x0 [ 116.806633] audit: type=1326 audit(1756463535.502:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3904 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f250fb02b19 code=0x0 10:32:15 executing program 0: io_setup(0x8, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r0, 0x2, &(0x7f0000003400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000002180)={0x0, 0x0, 0x0, 0x8, 0x0, r2, &(0x7f0000001180)="7dd92e328910fb742f3c420265268fa12f6ac4113957fc8c636eebab5b76f47dd3dd58a39b4867009959d6248b609b93986fc858f96ecd487764fb6c1eafd36a04000e9a8e02716988b55ed3943900ec3861474499eec8adac6cd06125f914f43e616a6a2e2a5496064ac853a75ed16932419b0beb3a8bfc4c1880599c02a24f440bb634c124d575b0da32fb04de3804b890c45bbc373f804ccc3440f2e18f3528765bd6a7d15d0df5a5d28ca17cb50ea4493c6ffbb8758f08860742afe394b31645f8ffdb7c411c351eac4e1eff4e164d7ae5198ef92e1da0488fa2d4fcf444b9747b1ad194b1d042290c55b86224594ea495bb6b2ba91dce50602ec0161d6a18ee70f2dbf1d15f40e50a90d722145e642c610cf5cbba614a71ff2e26dbfa82b7f6eef1e6845265f39f76b9423643cac6d6cc53a990b68927bc9ad2a54b1fea33c38db97feb5489847449077ca635b427c7ecce02d4047a13053f7a303242c297406605ac475b8403a70ac510ca50cb3cb06b46ef4a7854bb8e1afafc744efb959d5cfcf5fd1971816986492b1d85392cfc14ef380c9b031042a2f3b47d9fd6b172d382513359cbb3cc02c4ce18d849f61cce5dae2e2175aa247f17821a70ade707c78674025d2f001aede1395665d190d300655c5e413d815e907bec2b9b80226944939e6a95ee18792e5455e81aa8b05ad75026394d5f0dfc4e84d9490845202f3951239e5b3b4a686a93d201a2564af5d2db89b99e0255816af6a930f0782327761833495deb91c4824cf95b4f27d4731da20d07f7063502d81e33be03d6cf8ee12cf6235795d73aeb095a7708e53079cd1b04dd466cdb6a30b2b8076ab28d56fa75defd4934b65607a5a0bfd3722d5c519f5ca9d3bff3ef53663c044823a99554078e564b11ae92b3a55b9707e66a5ef6566bc24590d67dd5a5f9fe8889393a96a2f1aa7523b96f15372db56ad738f9b76d7019e10637832e27bee20d17ab6087fc8702c427c0727826755383a2ee8213b3c1fffea94881748ae3dca5a9dc4608c28a32d4f217b35a945925305410e6c401cbdeebe1bb4dba2036e41d431f0c317f2284464304df89f0018e57ac8f5c9e3409982d63c251ab197767b5b89b42f4ad58cbd5d32101cf89f5f8463df3094104116266fe3321675749ed9f089c4f8dee36bfd73a2f425790805818517b654a4c58a04025e53869ab1f78e220d4a16ca80dd63c8651e5fa08d4cc66cedeef62ef40995f93a5b6842e809b428b691b4e3823ae0fc65e6aa8959c7fcf0ffa75e8fd9745e072cd486558f17a813ba9f8177641c04cca052084524b2eb2b05126099977f6248928f8e946696f7701189efe63b4cc9ee5ad42493ef20eae4ac717a67646ff5780b5db6c749ac34f19404b7e09b0da708013cecb9fa76915d2a5f13641ce2536e535baa70e12f8fce2c7", 0x401}]) 10:32:15 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) 10:32:15 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) 10:32:15 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x2, 0x0, 0x80}}) 10:32:15 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000280)='./file1\x00', r0, &(0x7f0000000200)='./file0\x00') creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) 10:32:15 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 10:32:15 executing program 2: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfff}) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x2f}) 10:32:15 executing program 7: timer_create(0x3, 0x0, &(0x7f0000000040)) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_gettime(0x0, &(0x7f00000000c0)) 10:32:15 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x2, 0x0, 0x80}}) [ 116.975807] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 116.993039] audit: type=1326 audit(1756463535.688:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3922 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f250fb02b19 code=0x0 10:32:16 executing program 0: io_setup(0x8, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r0, 0x2, &(0x7f0000003400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000002180)={0x0, 0x0, 0x0, 0x8, 0x0, r2, &(0x7f0000001180)="7dd92e328910fb742f3c420265268fa12f6ac4113957fc8c636eebab5b76f47dd3dd58a39b4867009959d6248b609b93986fc858f96ecd487764fb6c1eafd36a04000e9a8e02716988b55ed3943900ec3861474499eec8adac6cd06125f914f43e616a6a2e2a5496064ac853a75ed16932419b0beb3a8bfc4c1880599c02a24f440bb634c124d575b0da32fb04de3804b890c45bbc373f804ccc3440f2e18f3528765bd6a7d15d0df5a5d28ca17cb50ea4493c6ffbb8758f08860742afe394b31645f8ffdb7c411c351eac4e1eff4e164d7ae5198ef92e1da0488fa2d4fcf444b9747b1ad194b1d042290c55b86224594ea495bb6b2ba91dce50602ec0161d6a18ee70f2dbf1d15f40e50a90d722145e642c610cf5cbba614a71ff2e26dbfa82b7f6eef1e6845265f39f76b9423643cac6d6cc53a990b68927bc9ad2a54b1fea33c38db97feb5489847449077ca635b427c7ecce02d4047a13053f7a303242c297406605ac475b8403a70ac510ca50cb3cb06b46ef4a7854bb8e1afafc744efb959d5cfcf5fd1971816986492b1d85392cfc14ef380c9b031042a2f3b47d9fd6b172d382513359cbb3cc02c4ce18d849f61cce5dae2e2175aa247f17821a70ade707c78674025d2f001aede1395665d190d300655c5e413d815e907bec2b9b80226944939e6a95ee18792e5455e81aa8b05ad75026394d5f0dfc4e84d9490845202f3951239e5b3b4a686a93d201a2564af5d2db89b99e0255816af6a930f0782327761833495deb91c4824cf95b4f27d4731da20d07f7063502d81e33be03d6cf8ee12cf6235795d73aeb095a7708e53079cd1b04dd466cdb6a30b2b8076ab28d56fa75defd4934b65607a5a0bfd3722d5c519f5ca9d3bff3ef53663c044823a99554078e564b11ae92b3a55b9707e66a5ef6566bc24590d67dd5a5f9fe8889393a96a2f1aa7523b96f15372db56ad738f9b76d7019e10637832e27bee20d17ab6087fc8702c427c0727826755383a2ee8213b3c1fffea94881748ae3dca5a9dc4608c28a32d4f217b35a945925305410e6c401cbdeebe1bb4dba2036e41d431f0c317f2284464304df89f0018e57ac8f5c9e3409982d63c251ab197767b5b89b42f4ad58cbd5d32101cf89f5f8463df3094104116266fe3321675749ed9f089c4f8dee36bfd73a2f425790805818517b654a4c58a04025e53869ab1f78e220d4a16ca80dd63c8651e5fa08d4cc66cedeef62ef40995f93a5b6842e809b428b691b4e3823ae0fc65e6aa8959c7fcf0ffa75e8fd9745e072cd486558f17a813ba9f8177641c04cca052084524b2eb2b05126099977f6248928f8e946696f7701189efe63b4cc9ee5ad42493ef20eae4ac717a67646ff5780b5db6c749ac34f19404b7e09b0da708013cecb9fa76915d2a5f13641ce2536e535baa70e12f8fce2c7", 0x401}]) 10:32:16 executing program 7: timer_create(0x3, 0x0, &(0x7f0000000040)) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_gettime(0x0, &(0x7f00000000c0)) 10:32:16 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x2, 0x0, 0x80}}) 10:32:16 executing program 3: timer_create(0x3, 0x0, &(0x7f0000000040)) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_gettime(0x0, &(0x7f00000000c0)) 10:32:16 executing program 2: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfff}) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x2f}) 10:32:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 10:32:16 executing program 6: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000280)='./file1\x00', r0, &(0x7f0000000200)='./file0\x00') creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) 10:32:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) [ 117.898096] audit: type=1326 audit(1756463536.590:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3932 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f250fb02b19 code=0x0 [ 117.906273] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 117.907034] audit: type=1326 audit(1756463536.602:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3934 comm="syz-executor.3" exe="/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f726f8a1b19 code=0x0 [ 117.907766] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 117.907793] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.918672] Tainted: [W]=WARN [ 117.919074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.920123] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.920741] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.923060] RSP: 0018:ffff888045367600 EFLAGS: 00010212 [ 117.923746] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000b23a000 [ 117.924657] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 117.925550] RBP: ffff888045367870 R08: ffff88806ce31340 R09: ffffe8ffffc16760 [ 117.926456] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.927366] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.928271] FS: 00007f6f48574700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.929302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.930047] CR2: 0000555558c64c18 CR3: 0000000045617000 CR4: 0000000000350ef0 [ 117.930975] Call Trace: [ 117.931312] [ 117.931625] ? __pfx_perf_tp_event+0x10/0x10 [ 117.932256] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.932913] perf_trace_run_bpf_submit+0xef/0x180 [ 117.933554] perf_trace_lock+0x337/0x5d0 [ 117.934090] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.934695] ? lock_acquire+0x15e/0x2f0 [ 117.935207] ? futex_ref_get+0x48/0x300 [ 117.935721] ? futex_ref_get+0x114/0x300 [ 117.936239] ? futex_hash+0x15c/0x390 [ 117.936734] lock_release+0x1ab/0x290 [ 117.937229] ? futex_hash+0x15c/0x390 [ 117.937720] futex_ref_get+0x119/0x300 [ 117.938219] ? futex_hash+0x15c/0x390 [ 117.938713] futex_hash+0x70/0x390 [ 117.939177] futex_wait_setup+0xae/0x550 [ 117.939717] __futex_wait+0x151/0x300 [ 117.940217] ? __pfx___futex_wait+0x10/0x10 [ 117.940780] ? __pfx_futex_wake_mark+0x10/0x10 [ 117.941392] futex_wait+0xde/0x380 [ 117.941869] ? __pfx_futex_wait+0x10/0x10 [ 117.942405] ? perf_trace_lock+0xb5/0x5d0 [ 117.942950] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.943618] do_futex+0x2ee/0x370 [ 117.944074] ? __pfx_do_futex+0x10/0x10 [ 117.944592] ? do_raw_spin_lock+0x123/0x260 [ 117.945154] __x64_sys_futex+0x1c9/0x4d0 [ 117.945685] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.946351] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.946946] ? kcov_ioctl+0x386/0x6c0 [ 117.947442] ? fput+0x6a/0x100 [ 117.947874] do_syscall_64+0xbf/0x360 [ 117.948369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.949040] RIP: 0033:0x7f6f4affeb19 [ 117.949515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.951784] RSP: 002b:00007f6f48574218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.952733] RAX: ffffffffffffffda RBX: 00007f6f4b111f68 RCX: 00007f6f4affeb19 [ 117.953623] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6f4b111f68 [ 117.954507] RBP: 00007f6f4b111f60 R08: 00007f6f48574700 R09: 0000000000000000 [ 117.955396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6f4b111f6c [ 117.956281] R13: 00007ffde29ec97f R14: 00007f6f48574300 R15: 0000000000022000 [ 117.957182] [ 117.957483] Modules linked in: [ 117.959781] ---[ end trace 0000000000000000 ]--- [ 117.961713] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.962359] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.964651] RSP: 0018:ffff888045367600 EFLAGS: 00010212 [ 117.965354] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000b23a000 [ 117.966246] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 117.967160] RBP: ffff888045367870 R08: ffff88806ce31340 R09: ffffe8ffffc16760 [ 117.968074] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.968984] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.969893] FS: 00007f6f48574700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.970920] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.971675] CR2: 0000555558c64c18 CR3: 0000000045617000 CR4: 0000000000350ef0 [ 117.972581] note: syz-executor.6[3943] exited with preempt_count 1 [ 117.973371] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 117.974487] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3943, name: syz-executor.6 [ 117.975564] preempt_count: 0, expected: 0 [ 117.976071] RCU nest depth: 2, expected: 0 [ 117.976613] INFO: lockdep is turned off. [ 117.977112] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.977141] Tainted: [D]=DIE, [W]=WARN [ 117.977147] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.977157] Call Trace: [ 117.977163] [ 117.977169] dump_stack_lvl+0xfa/0x120 [ 117.977199] __might_resched+0x2f3/0x510 [ 117.977220] exit_signals+0x25/0x940 [ 117.977248] do_exit+0x2db/0x2970 [ 117.977269] ? _printk+0xbe/0xf0 [ 117.977294] ? __pfx__printk+0x10/0x10 [ 117.977312] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 117.977330] ? __pfx_do_exit+0x10/0x10 [ 117.977349] ? kcov_ioctl+0x386/0x6c0 [ 117.977371] make_task_dead+0x174/0x3b0 [ 117.977391] ? do_syscall_64+0xbf/0x360 [ 117.977406] rewind_stack_and_make_dead+0x16/0x20 [ 117.977430] RIP: 0033:0x7f6f4affeb19 [ 117.977442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.977458] RSP: 002b:00007f6f48574218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.977476] RAX: ffffffffffffffda RBX: 00007f6f4b111f68 RCX: 00007f6f4affeb19 [ 117.977487] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6f4b111f68 [ 117.977498] RBP: 00007f6f4b111f60 R08: 00007f6f48574700 R09: 0000000000000000 [ 117.977509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6f4b111f6c [ 117.977519] R13: 00007ffde29ec97f R14: 00007f6f48574300 R15: 0000000000022000 [ 117.977536] 10:32:16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) [ 118.016089] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO 10:32:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) 10:32:16 executing program 0: io_setup(0x8, &(0x7f0000000040)=0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) io_submit(r0, 0x2, &(0x7f0000003400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}, &(0x7f0000002180)={0x0, 0x0, 0x0, 0x8, 0x0, r2, &(0x7f0000001180)="7dd92e328910fb742f3c420265268fa12f6ac4113957fc8c636eebab5b76f47dd3dd58a39b4867009959d6248b609b93986fc858f96ecd487764fb6c1eafd36a04000e9a8e02716988b55ed3943900ec3861474499eec8adac6cd06125f914f43e616a6a2e2a5496064ac853a75ed16932419b0beb3a8bfc4c1880599c02a24f440bb634c124d575b0da32fb04de3804b890c45bbc373f804ccc3440f2e18f3528765bd6a7d15d0df5a5d28ca17cb50ea4493c6ffbb8758f08860742afe394b31645f8ffdb7c411c351eac4e1eff4e164d7ae5198ef92e1da0488fa2d4fcf444b9747b1ad194b1d042290c55b86224594ea495bb6b2ba91dce50602ec0161d6a18ee70f2dbf1d15f40e50a90d722145e642c610cf5cbba614a71ff2e26dbfa82b7f6eef1e6845265f39f76b9423643cac6d6cc53a990b68927bc9ad2a54b1fea33c38db97feb5489847449077ca635b427c7ecce02d4047a13053f7a303242c297406605ac475b8403a70ac510ca50cb3cb06b46ef4a7854bb8e1afafc744efb959d5cfcf5fd1971816986492b1d85392cfc14ef380c9b031042a2f3b47d9fd6b172d382513359cbb3cc02c4ce18d849f61cce5dae2e2175aa247f17821a70ade707c78674025d2f001aede1395665d190d300655c5e413d815e907bec2b9b80226944939e6a95ee18792e5455e81aa8b05ad75026394d5f0dfc4e84d9490845202f3951239e5b3b4a686a93d201a2564af5d2db89b99e0255816af6a930f0782327761833495deb91c4824cf95b4f27d4731da20d07f7063502d81e33be03d6cf8ee12cf6235795d73aeb095a7708e53079cd1b04dd466cdb6a30b2b8076ab28d56fa75defd4934b65607a5a0bfd3722d5c519f5ca9d3bff3ef53663c044823a99554078e564b11ae92b3a55b9707e66a5ef6566bc24590d67dd5a5f9fe8889393a96a2f1aa7523b96f15372db56ad738f9b76d7019e10637832e27bee20d17ab6087fc8702c427c0727826755383a2ee8213b3c1fffea94881748ae3dca5a9dc4608c28a32d4f217b35a945925305410e6c401cbdeebe1bb4dba2036e41d431f0c317f2284464304df89f0018e57ac8f5c9e3409982d63c251ab197767b5b89b42f4ad58cbd5d32101cf89f5f8463df3094104116266fe3321675749ed9f089c4f8dee36bfd73a2f425790805818517b654a4c58a04025e53869ab1f78e220d4a16ca80dd63c8651e5fa08d4cc66cedeef62ef40995f93a5b6842e809b428b691b4e3823ae0fc65e6aa8959c7fcf0ffa75e8fd9745e072cd486558f17a813ba9f8177641c04cca052084524b2eb2b05126099977f6248928f8e946696f7701189efe63b4cc9ee5ad42493ef20eae4ac717a67646ff5780b5db6c749ac34f19404b7e09b0da708013cecb9fa76915d2a5f13641ce2536e535baa70e12f8fce2c7", 0x401}]) 10:32:16 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0) 10:32:16 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000280)='./file1\x00', r0, &(0x7f0000000200)='./file0\x00') creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) 10:32:16 executing program 2: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfff}) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x2f}) 10:32:16 executing program 0: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[]) symlinkat(&(0x7f0000000280)='./file1\x00', r0, &(0x7f0000000200)='./file0\x00') creat(&(0x7f0000000000)='./file0/file0\x00', 0x0) creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) [ 118.103986] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 118.126305] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#2] SMP KASAN NOPTI [ 118.127241] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587] [ 118.127902] CPU: 1 UID: 0 PID: 3963 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 118.128830] Tainted: [D]=DIE, [W]=WARN [ 118.129131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 118.129769] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 118.130151] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 118.131569] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 118.131990] RAX: 00200000000000b0 RBX: ffff888017b02581 RCX: ffffffff8189962c [ 118.132545] RDX: ffff888045488000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 118.133101] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16760 [ 118.133660] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 118.134213] R13: 0100000000000000 R14: ffff88806cf31490 R15: dffffc0000000000 [ 118.134783] FS: 00007f80013b4700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.135407] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.135866] CR2: 0000001b2d42c000 CR3: 000000001f7ad000 CR4: 0000000000350ef0 [ 118.136423] Call Trace: [ 118.136629] [ 118.136810] ? __pfx_perf_tp_event+0x10/0x10 [ 118.137168] ? sched_clock_cpu+0x6c/0x4e0 [ 118.137505] ? trace_pelt_se_tp+0xdf/0x130 [ 118.137840] ? __update_load_avg_se+0x428/0xa40 [ 118.138229] ? perf_trace_lock+0xb5/0x5d0 [ 118.138562] ? perf_trace_lock+0xb5/0x5d0 [ 118.138901] ? place_entity+0x300/0x410 [ 118.139221] ? kvm_sched_clock_read+0x16/0x30 [ 118.139587] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.139953] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.140320] ? check_preempt_wakeup_fair+0x6e/0x950 [ 118.140720] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.141118] ? do_raw_spin_unlock+0x53/0x220 [ 118.141474] perf_trace_run_bpf_submit+0xef/0x180 [ 118.141863] perf_trace_lock+0x337/0x5d0 [ 118.142187] ? do_raw_spin_lock+0x123/0x260 [ 118.142535] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.142910] ? clockevents_program_event+0x14f/0x360 [ 118.143318] ? hrtimer_interrupt+0x114/0x830 [ 118.143667] lock_release+0x1ab/0x290 [ 118.143976] ktime_get_update_offsets_now+0xab/0x3c0 [ 118.144384] ? hrtimer_interrupt+0x114/0x830 [ 118.144733] ? __pfx_lapic_next_deadline+0x10/0x10 [ 118.145130] hrtimer_interrupt+0x114/0x830 [ 118.145470] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 118.145880] sysvec_apic_timer_interrupt+0x6b/0x80 [ 118.146271] [ 118.146455] [ 118.146648] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 118.147065] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x80 [ 118.147489] Code: 5d e9 a0 1f 4a 03 48 c7 c0 f4 ff ff ff eb 92 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 8b 34 24 65 48 8b 15 88 48 10 06 65 8b 05 99 48 10 06 a9 00 01 [ 118.148902] RSP: 0018:ffff88801a07f4d8 EFLAGS: 00000246 [ 118.149321] RAX: 0000000000000002 RBX: ffff88801a07f5b0 RCX: ffffffff84bb0137 [ 118.149875] RDX: ffff888045488000 RSI: 0000000000000000 RDI: 0000000000000001 [ 118.150434] RBP: ffff88801a07f5d4 R08: 0000000000000001 R09: 0000000000000000 [ 118.151000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 118.151557] R13: 0000000000000000 R14: ffff88801a07f640 R15: ffff88801a07f5b0 [ 118.152117] ? insn_get_modrm+0x57/0x870 [ 118.152450] insn_get_modrm+0x7c/0x870 [ 118.152764] ? hw_breakpoint_exceptions_notify+0x38/0x370 [ 118.153207] insn_get_displacement+0x31a/0x950 [ 118.153581] insn_decode+0x262/0x350 [ 118.153887] get_kernel_gp_address+0x131/0x230 [ 118.154259] ? __pfx_get_kernel_gp_address+0x10/0x10 [ 118.154671] ? atomic_notifier_call_chain+0xa9/0x1c0 [ 118.155078] ? search_exception_tables+0x37/0x50 [ 118.155457] ? fixup_exception+0x10d/0xc00 [ 118.155801] exc_general_protection+0x259/0x330 [ 118.156177] asm_exc_general_protection+0x26/0x30 [ 118.156557] RIP: 0010:perf_tp_event+0x26b/0xe70 [ 118.156930] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f [ 118.158343] RSP: 0018:ffff88801a07f800 EFLAGS: 00010212 [ 118.158767] RAX: 00200000000000b0 RBX: ffff888017b02581 RCX: ffffc9000c041000 [ 118.159324] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580 [ 118.159885] RBP: ffff88801a07fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16760 [ 118.160440] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 118.160996] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000 [ 118.161559] ? perf_tp_event+0x25d/0xe70 [ 118.161886] ? perf_swevent_event+0x63/0x3f0 [ 118.162242] ? __pfx_perf_tp_event+0x10/0x10 [ 118.162604] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 118.163006] ? perf_swevent_event+0x63/0x3f0 [ 118.163361] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 118.163754] ? perf_swevent_event+0x63/0x3f0 [ 118.164108] ? perf_tp_event+0x807/0xe70 [ 118.164437] ? __pfx_perf_tp_event+0x10/0x10 [ 118.164790] ? perf_ctx_unlock+0x73/0x160 [ 118.165119] ? __perf_install_in_context+0x503/0xb90 [ 118.165521] ? do_raw_spin_unlock+0x53/0x220 [ 118.165877] ? perf_trace_run_bpf_submit+0xef/0x180 [ 118.166272] perf_trace_run_bpf_submit+0xef/0x180 [ 118.166669] perf_trace_lock+0x337/0x5d0 [ 118.166998] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.167367] ? get_futex_key+0x592/0x14a0 [ 118.167697] ? futex_ref_get+0x114/0x300 [ 118.168018] ? futex_hash+0x15c/0x390 [ 118.168324] lock_release+0x1ab/0x290 [ 118.168633] ? futex_hash+0x15c/0x390 [ 118.168936] futex_ref_get+0x119/0x300 [ 118.169244] ? futex_hash+0x15c/0x390 [ 118.169547] futex_hash+0x70/0x390 [ 118.169835] futex_wake+0x143/0x540 [ 118.170137] ? __pfx_perf_trace_lock+0x10/0x10 [ 118.170501] ? __pfx___mutex_lock+0x10/0x10 [ 118.170858] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.171276] ? __pfx_futex_wake+0x10/0x10 [ 118.171611] ? lock_release+0x1c7/0x290 [ 118.171927] ? fd_install+0x1f0/0x660 [ 118.172236] do_futex+0x26d/0x370 [ 118.172519] ? __pfx_do_futex+0x10/0x10 [ 118.172840] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 118.173257] ? count_memcg_events+0x32b/0x420 [ 118.173621] __x64_sys_futex+0x1c9/0x4d0 [ 118.173951] ? __pfx___x64_sys_futex+0x10/0x10 [ 118.174315] ? xfd_validate_state+0x55/0x180 [ 118.174684] do_syscall_64+0xbf/0x360 [ 118.174988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.175393] RIP: 0033:0x7f8003e3eb19 [ 118.175688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 118.177095] RSP: 002b:00007f80013b4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.177687] RAX: ffffffffffffffda RBX: 00007f8003f51f68 RCX: 00007f8003e3eb19 [ 118.178241] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8003f51f6c [ 118.178806] RBP: 00007f8003f51f60 R08: 000000000000000e R09: 0000000000000000 [ 118.179361] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8003f51f6c [ 118.179915] R13: 00007ffce692b43f R14: 00007f80013b4300 R15: 0000000000022000 [ 118.180479] [ 118.180671] Modules linked in: [ 118.180933] ---[ end trace 0000000000000000 ]--- [ 118.181303] RIP: 0010:perf_tp_event+0x175/0xe70 [ 118.181677] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 118.183101] RSP: 0018:ffff888045367600 EFLAGS: 00010212 [ 118.183518] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000b23a000 [ 118.184076] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 118.184634] RBP: ffff888045367870 R08: ffff88806ce31340 R09: ffffe8ffffc16760 [ 118.185190] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 118.185743] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 118.186302] FS: 00007f80013b4700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 118.186937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.187392] CR2: 0000001b2d42c000 CR3: 000000001f7ad000 CR4: 0000000000350ef0 [ 118.187950] Kernel panic - not syncing: Fatal exception in interrupt [ 118.188552] Kernel Offset: disabled [ 118.188840] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:32:16 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888045366f60 R8 =0000000000000000 R9 =ffffed10014ce046 R10=0000000000000030 R11=70203a4e4153414b R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f6f48574700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555558c64c18 CR3=0000000045617000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f6f4b0e57c000007f6f4b0e57c8 XMM02=00007f6f4b0e57e000007f6f4b0e57c0 XMM03=00007f6f4b0e57c800007f6f4b0e57c0 XMM04=253d7367726100656d6172665f746365 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff868a15ca RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000001 RBP=ffff888016b37a48 RSP=ffff888016b37980 R8 =ffffffff868a15ce R9 =0000000000000000 R10=000000000003be53 R11=00000000000268e8 R12=ffff888016b37a50 R13=ffff888016b37a38 R14=ffff888016b37a31 R15=ffff888016b379f0 RIP=ffffffff813587f6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f8cf62298c0 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1a35d9b000 CR3=000000000bf14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffff0000000000000000 XMM02=00007f8cf67a8be000007f8cf67a8be0 XMM03=00000000000000006c6175747269762f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=000055e1f01979800000000400000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000