Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:64374' (ECDSA) to the list of known hosts. 2025/08/29 10:39:42 fuzzer started 2025/08/29 10:39:43 dialing manager at localhost:43077 syzkaller login: [ 51.124329] cgroup: Unknown subsys name 'net' [ 51.187652] cgroup: Unknown subsys name 'cpuset' [ 51.204812] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:39:54 syscalls: 2214 2025/08/29 10:39:54 code coverage: enabled 2025/08/29 10:39:54 comparison tracing: enabled 2025/08/29 10:39:54 extra coverage: enabled 2025/08/29 10:39:54 setuid sandbox: enabled 2025/08/29 10:39:54 namespace sandbox: enabled 2025/08/29 10:39:54 Android sandbox: enabled 2025/08/29 10:39:54 fault injection: enabled 2025/08/29 10:39:54 leak checking: enabled 2025/08/29 10:39:54 net packet injection: enabled 2025/08/29 10:39:54 net device setup: enabled 2025/08/29 10:39:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:39:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:39:54 USB emulation: enabled 2025/08/29 10:39:54 hci packet injection: enabled 2025/08/29 10:39:54 wifi device emulation: enabled 2025/08/29 10:39:54 802.15.4 emulation: enabled 2025/08/29 10:39:54 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:39:54 fetching corpus: 50, signal 21617/25108 (executing program) 2025/08/29 10:39:54 fetching corpus: 100, signal 30417/35363 (executing program) 2025/08/29 10:39:54 fetching corpus: 150, signal 38961/45215 (executing program) 2025/08/29 10:39:54 fetching corpus: 200, signal 46490/53886 (executing program) 2025/08/29 10:39:54 fetching corpus: 250, signal 51213/59792 (executing program) 2025/08/29 10:39:54 fetching corpus: 300, signal 56968/66503 (executing program) 2025/08/29 10:39:54 fetching corpus: 350, signal 61698/72169 (executing program) 2025/08/29 10:39:54 fetching corpus: 400, signal 67741/78940 (executing program) 2025/08/29 10:39:54 fetching corpus: 450, signal 70201/82365 (executing program) 2025/08/29 10:39:54 fetching corpus: 500, signal 74047/86955 (executing program) 2025/08/29 10:39:55 fetching corpus: 550, signal 76523/90315 (executing program) 2025/08/29 10:39:55 fetching corpus: 600, signal 79209/93701 (executing program) 2025/08/29 10:39:55 fetching corpus: 650, signal 81503/96737 (executing program) 2025/08/29 10:39:55 fetching corpus: 700, signal 83832/99727 (executing program) 2025/08/29 10:39:55 fetching corpus: 750, signal 85568/102174 (executing program) 2025/08/29 10:39:55 fetching corpus: 800, signal 88103/105216 (executing program) 2025/08/29 10:39:55 fetching corpus: 850, signal 90337/107988 (executing program) 2025/08/29 10:39:55 fetching corpus: 900, signal 91774/110130 (executing program) 2025/08/29 10:39:55 fetching corpus: 950, signal 93852/112669 (executing program) 2025/08/29 10:39:56 fetching corpus: 1000, signal 96280/115461 (executing program) 2025/08/29 10:39:56 fetching corpus: 1050, signal 98373/117956 (executing program) 2025/08/29 10:39:56 fetching corpus: 1100, signal 99766/119882 (executing program) 2025/08/29 10:39:56 fetching corpus: 1150, signal 100920/121607 (executing program) 2025/08/29 10:39:56 fetching corpus: 1200, signal 102319/123464 (executing program) 2025/08/29 10:39:56 fetching corpus: 1250, signal 103735/125297 (executing program) 2025/08/29 10:39:56 fetching corpus: 1300, signal 105491/127356 (executing program) 2025/08/29 10:39:56 fetching corpus: 1350, signal 107320/129427 (executing program) 2025/08/29 10:39:56 fetching corpus: 1400, signal 109562/131691 (executing program) 2025/08/29 10:39:57 fetching corpus: 1450, signal 110477/133061 (executing program) 2025/08/29 10:39:57 fetching corpus: 1500, signal 112196/134945 (executing program) 2025/08/29 10:39:57 fetching corpus: 1550, signal 113743/136648 (executing program) 2025/08/29 10:39:57 fetching corpus: 1600, signal 115318/138280 (executing program) 2025/08/29 10:39:57 fetching corpus: 1650, signal 117179/140227 (executing program) 2025/08/29 10:39:57 fetching corpus: 1700, signal 118508/141714 (executing program) 2025/08/29 10:39:57 fetching corpus: 1750, signal 120007/143271 (executing program) 2025/08/29 10:39:57 fetching corpus: 1800, signal 121107/144564 (executing program) 2025/08/29 10:39:57 fetching corpus: 1850, signal 122106/145814 (executing program) 2025/08/29 10:39:57 fetching corpus: 1900, signal 123019/146965 (executing program) 2025/08/29 10:39:57 fetching corpus: 1950, signal 123855/148070 (executing program) 2025/08/29 10:39:58 fetching corpus: 2000, signal 124630/149067 (executing program) 2025/08/29 10:39:58 fetching corpus: 2050, signal 125403/150060 (executing program) 2025/08/29 10:39:58 fetching corpus: 2100, signal 126680/151313 (executing program) 2025/08/29 10:39:58 fetching corpus: 2150, signal 128723/152924 (executing program) 2025/08/29 10:39:58 fetching corpus: 2200, signal 129410/153804 (executing program) 2025/08/29 10:39:58 fetching corpus: 2250, signal 130038/154632 (executing program) 2025/08/29 10:39:58 fetching corpus: 2300, signal 131416/155856 (executing program) 2025/08/29 10:39:58 fetching corpus: 2350, signal 132217/156786 (executing program) 2025/08/29 10:39:58 fetching corpus: 2400, signal 133188/157782 (executing program) 2025/08/29 10:39:59 fetching corpus: 2450, signal 133943/158669 (executing program) 2025/08/29 10:39:59 fetching corpus: 2500, signal 134726/159475 (executing program) 2025/08/29 10:39:59 fetching corpus: 2550, signal 135708/160444 (executing program) 2025/08/29 10:39:59 fetching corpus: 2600, signal 136390/161182 (executing program) 2025/08/29 10:39:59 fetching corpus: 2650, signal 137001/161922 (executing program) 2025/08/29 10:39:59 fetching corpus: 2700, signal 137508/162579 (executing program) 2025/08/29 10:39:59 fetching corpus: 2750, signal 138436/163349 (executing program) 2025/08/29 10:39:59 fetching corpus: 2800, signal 139211/164101 (executing program) 2025/08/29 10:39:59 fetching corpus: 2850, signal 139854/164833 (executing program) 2025/08/29 10:40:00 fetching corpus: 2900, signal 140670/165532 (executing program) 2025/08/29 10:40:00 fetching corpus: 2950, signal 141408/166182 (executing program) 2025/08/29 10:40:00 fetching corpus: 3000, signal 141882/166747 (executing program) 2025/08/29 10:40:00 fetching corpus: 3050, signal 142477/167341 (executing program) 2025/08/29 10:40:00 fetching corpus: 3100, signal 143811/168106 (executing program) 2025/08/29 10:40:00 fetching corpus: 3150, signal 144354/168666 (executing program) 2025/08/29 10:40:00 fetching corpus: 3200, signal 144923/169221 (executing program) 2025/08/29 10:40:00 fetching corpus: 3250, signal 145964/169864 (executing program) 2025/08/29 10:40:00 fetching corpus: 3300, signal 146313/170319 (executing program) 2025/08/29 10:40:00 fetching corpus: 3350, signal 146889/170777 (executing program) 2025/08/29 10:40:01 fetching corpus: 3400, signal 148006/171405 (executing program) 2025/08/29 10:40:01 fetching corpus: 3450, signal 148365/171813 (executing program) 2025/08/29 10:40:01 fetching corpus: 3500, signal 148772/172227 (executing program) 2025/08/29 10:40:01 fetching corpus: 3550, signal 149316/172654 (executing program) 2025/08/29 10:40:01 fetching corpus: 3600, signal 150062/173111 (executing program) 2025/08/29 10:40:01 fetching corpus: 3650, signal 150850/173562 (executing program) 2025/08/29 10:40:01 fetching corpus: 3700, signal 151246/173914 (executing program) 2025/08/29 10:40:01 fetching corpus: 3750, signal 151645/174295 (executing program) 2025/08/29 10:40:01 fetching corpus: 3800, signal 152397/174698 (executing program) 2025/08/29 10:40:01 fetching corpus: 3850, signal 152973/175030 (executing program) 2025/08/29 10:40:01 fetching corpus: 3900, signal 153452/175388 (executing program) 2025/08/29 10:40:01 fetching corpus: 3950, signal 153949/175677 (executing program) 2025/08/29 10:40:02 fetching corpus: 4000, signal 154494/176000 (executing program) 2025/08/29 10:40:02 fetching corpus: 4050, signal 155210/176325 (executing program) 2025/08/29 10:40:02 fetching corpus: 4100, signal 155724/176607 (executing program) 2025/08/29 10:40:02 fetching corpus: 4150, signal 156045/176896 (executing program) 2025/08/29 10:40:02 fetching corpus: 4200, signal 156598/177200 (executing program) 2025/08/29 10:40:02 fetching corpus: 4250, signal 157221/177525 (executing program) 2025/08/29 10:40:02 fetching corpus: 4300, signal 157711/177608 (executing program) 2025/08/29 10:40:02 fetching corpus: 4350, signal 158092/177643 (executing program) 2025/08/29 10:40:02 fetching corpus: 4400, signal 158377/177648 (executing program) 2025/08/29 10:40:02 fetching corpus: 4450, signal 158681/177653 (executing program) 2025/08/29 10:40:02 fetching corpus: 4500, signal 159229/177681 (executing program) 2025/08/29 10:40:02 fetching corpus: 4550, signal 159590/177708 (executing program) 2025/08/29 10:40:03 fetching corpus: 4600, signal 160074/177740 (executing program) 2025/08/29 10:40:03 fetching corpus: 4650, signal 160706/177761 (executing program) 2025/08/29 10:40:03 fetching corpus: 4700, signal 161190/177776 (executing program) 2025/08/29 10:40:03 fetching corpus: 4750, signal 161595/177784 (executing program) 2025/08/29 10:40:03 fetching corpus: 4800, signal 161962/177798 (executing program) 2025/08/29 10:40:03 fetching corpus: 4850, signal 162715/177846 (executing program) 2025/08/29 10:40:03 fetching corpus: 4900, signal 163324/177848 (executing program) 2025/08/29 10:40:03 fetching corpus: 4950, signal 163777/177866 (executing program) 2025/08/29 10:40:03 fetching corpus: 5000, signal 164203/177870 (executing program) 2025/08/29 10:40:03 fetching corpus: 5050, signal 164704/177873 (executing program) 2025/08/29 10:40:03 fetching corpus: 5100, signal 165011/177896 (executing program) 2025/08/29 10:40:04 fetching corpus: 5150, signal 165322/177923 (executing program) 2025/08/29 10:40:04 fetching corpus: 5200, signal 165664/177931 (executing program) 2025/08/29 10:40:04 fetching corpus: 5250, signal 166177/177934 (executing program) 2025/08/29 10:40:04 fetching corpus: 5300, signal 166502/177937 (executing program) 2025/08/29 10:40:04 fetching corpus: 5350, signal 166763/177938 (executing program) 2025/08/29 10:40:04 fetching corpus: 5400, signal 167324/177946 (executing program) 2025/08/29 10:40:04 fetching corpus: 5450, signal 167616/177990 (executing program) 2025/08/29 10:40:04 fetching corpus: 5500, signal 167905/178007 (executing program) 2025/08/29 10:40:04 fetching corpus: 5550, signal 168262/178055 (executing program) 2025/08/29 10:40:04 fetching corpus: 5600, signal 168697/178057 (executing program) 2025/08/29 10:40:04 fetching corpus: 5650, signal 169053/178120 (executing program) 2025/08/29 10:40:05 fetching corpus: 5700, signal 169354/178141 (executing program) 2025/08/29 10:40:05 fetching corpus: 5750, signal 169723/178150 (executing program) 2025/08/29 10:40:05 fetching corpus: 5800, signal 170037/178165 (executing program) 2025/08/29 10:40:05 fetching corpus: 5850, signal 170554/178266 (executing program) 2025/08/29 10:40:05 fetching corpus: 5900, signal 170827/178292 (executing program) 2025/08/29 10:40:05 fetching corpus: 5950, signal 171144/178298 (executing program) 2025/08/29 10:40:05 fetching corpus: 6000, signal 171390/178300 (executing program) 2025/08/29 10:40:05 fetching corpus: 6050, signal 171574/178317 (executing program) 2025/08/29 10:40:05 fetching corpus: 6100, signal 171962/178337 (executing program) 2025/08/29 10:40:05 fetching corpus: 6150, signal 172233/178340 (executing program) 2025/08/29 10:40:05 fetching corpus: 6200, signal 172504/178343 (executing program) 2025/08/29 10:40:05 fetching corpus: 6250, signal 172884/178356 (executing program) 2025/08/29 10:40:06 fetching corpus: 6300, signal 173206/178388 (executing program) 2025/08/29 10:40:06 fetching corpus: 6350, signal 173583/178388 (executing program) 2025/08/29 10:40:06 fetching corpus: 6400, signal 173872/178394 (executing program) 2025/08/29 10:40:06 fetching corpus: 6450, signal 174203/178407 (executing program) 2025/08/29 10:40:06 fetching corpus: 6500, signal 174672/178425 (executing program) 2025/08/29 10:40:06 fetching corpus: 6550, signal 175177/178534 (executing program) 2025/08/29 10:40:06 fetching corpus: 6600, signal 175365/178559 (executing program) 2025/08/29 10:40:06 fetching corpus: 6650, signal 175686/178566 (executing program) 2025/08/29 10:40:06 fetching corpus: 6700, signal 175868/178577 (executing program) 2025/08/29 10:40:06 fetching corpus: 6704, signal 175877/178580 (executing program) 2025/08/29 10:40:06 fetching corpus: 6704, signal 175877/178580 (executing program) 2025/08/29 10:40:08 starting 8 fuzzer processes 10:40:08 executing program 1: syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 10:40:08 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/if_inet6\x00') preadv(r0, &(0x7f0000001680)=[{&(0x7f00000001c0)=""/176, 0xb0}], 0x1, 0x9, 0x0) 10:40:08 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ppoll(&(0x7f00000003c0)=[{r0, 0x1142}], 0x1, 0x0, 0x0, 0x0) 10:40:08 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSETMODE(r0, 0x4b45, 0x0) 10:40:08 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x181802, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000100), 0x0, 0x0, 0x0) [ 76.120689] audit: type=1400 audit(1756464008.390:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:40:08 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) pwrite64(r0, &(0x7f0000000080)="9fbe7f7871c0357c77d9ca8a92960890e51f3e4519a140a02b7c10764c378578eab5d2dd459ceb5e7623ef0683ca79a0a5ddb2ab26f6e9e98dfbdbda94f9ff8a74fd8da2839de8076b209df04b4741783037ac5f68f37d7ce9970f65dec981bc154179466c68948c4ed11f31f26921977e4389cb3b4dc5b9621fd24a5221796812e57c3cfff5029ef989a2710e8ea81901930fd72900c4d8f5a4462ab757984d", 0xa0, 0x4) 10:40:08 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x4}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 10:40:08 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x7caf, &(0x7f0000000040), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x13, &(0x7f0000000280)=[{0x0}, {0x0}], 0x2) inotify_init() ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan0\x00'}) [ 77.283781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.287284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.288800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.291636] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.293814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.358409] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.360510] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.361942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.364827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.366830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.416961] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.418984] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.422313] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.425432] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.426967] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.428712] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.430718] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.432267] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.444372] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.446449] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.448285] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.450742] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.453909] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.454358] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.459333] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.459760] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.460960] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.464383] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.464404] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.468895] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.471494] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.479633] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.483277] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.507443] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.526710] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.555707] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.559366] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.561141] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.600689] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.606398] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 79.317589] Bluetooth: hci0: command tx timeout [ 79.444132] Bluetooth: hci1: command tx timeout [ 79.508965] Bluetooth: hci4: command tx timeout [ 79.573250] Bluetooth: hci5: command tx timeout [ 79.573757] Bluetooth: hci3: command tx timeout [ 79.575225] Bluetooth: hci6: command tx timeout [ 79.575738] Bluetooth: hci2: command tx timeout [ 79.637617] Bluetooth: hci7: command tx timeout [ 81.365770] Bluetooth: hci0: command tx timeout [ 81.492260] Bluetooth: hci1: command tx timeout [ 81.556136] Bluetooth: hci4: command tx timeout [ 81.620154] Bluetooth: hci3: command tx timeout [ 81.620589] Bluetooth: hci5: command tx timeout [ 81.620960] Bluetooth: hci6: command tx timeout [ 81.621379] Bluetooth: hci2: command tx timeout [ 81.684169] Bluetooth: hci7: command tx timeout [ 83.413180] Bluetooth: hci0: command tx timeout [ 83.540136] Bluetooth: hci1: command tx timeout [ 83.604096] Bluetooth: hci4: command tx timeout [ 83.670067] Bluetooth: hci2: command tx timeout [ 83.670469] Bluetooth: hci6: command tx timeout [ 83.670840] Bluetooth: hci5: command tx timeout [ 83.671253] Bluetooth: hci3: command tx timeout [ 83.733127] Bluetooth: hci7: command tx timeout [ 85.460173] Bluetooth: hci0: command tx timeout [ 85.589171] Bluetooth: hci1: command tx timeout [ 85.652195] Bluetooth: hci4: command tx timeout [ 85.716140] Bluetooth: hci3: command tx timeout [ 85.716600] Bluetooth: hci5: command tx timeout [ 85.716975] Bluetooth: hci6: command tx timeout [ 85.717960] Bluetooth: hci2: command tx timeout [ 85.781771] Bluetooth: hci7: command tx timeout [ 113.694263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.695753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.961543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.962770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:40:46 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) pwrite64(r0, &(0x7f0000000080)="9fbe7f7871c0357c77d9ca8a92960890e51f3e4519a140a02b7c10764c378578eab5d2dd459ceb5e7623ef0683ca79a0a5ddb2ab26f6e9e98dfbdbda94f9ff8a74fd8da2839de8076b209df04b4741783037ac5f68f37d7ce9970f65dec981bc154179466c68948c4ed11f31f26921977e4389cb3b4dc5b9621fd24a5221796812e57c3cfff5029ef989a2710e8ea81901930fd72900c4d8f5a4462ab757984d", 0xa0, 0x4) 10:40:46 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) pwrite64(r0, &(0x7f0000000080)="9fbe7f7871c0357c77d9ca8a92960890e51f3e4519a140a02b7c10764c378578eab5d2dd459ceb5e7623ef0683ca79a0a5ddb2ab26f6e9e98dfbdbda94f9ff8a74fd8da2839de8076b209df04b4741783037ac5f68f37d7ce9970f65dec981bc154179466c68948c4ed11f31f26921977e4389cb3b4dc5b9621fd24a5221796812e57c3cfff5029ef989a2710e8ea81901930fd72900c4d8f5a4462ab757984d", 0xa0, 0x4) 10:40:47 executing program 4: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) pwrite64(r0, &(0x7f0000000080)="9fbe7f7871c0357c77d9ca8a92960890e51f3e4519a140a02b7c10764c378578eab5d2dd459ceb5e7623ef0683ca79a0a5ddb2ab26f6e9e98dfbdbda94f9ff8a74fd8da2839de8076b209df04b4741783037ac5f68f37d7ce9970f65dec981bc154179466c68948c4ed11f31f26921977e4389cb3b4dc5b9621fd24a5221796812e57c3cfff5029ef989a2710e8ea81901930fd72900c4d8f5a4462ab757984d", 0xa0, 0x4) 10:40:47 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x6a841, 0x0) write$binfmt_script(r0, 0x0, 0x84) [ 115.005122] random: crng reseeded on system resumption [ 115.014099] random: crng reseeded on system resumption 10:40:47 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @local, {[@lsrr={0x83, 0x7, 0x6f, [@remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0) [ 115.094369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.095721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:40:47 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @local, {[@lsrr={0x83, 0x7, 0x6f, [@remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0) [ 115.210260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.210851] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:40:47 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @local, {[@lsrr={0x83, 0x7, 0x6f, [@remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0) 10:40:47 executing program 4: syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @local, {[@lsrr={0x83, 0x7, 0x6f, [@remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0) [ 115.471737] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.472686] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.649882] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.651067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.841340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.842917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.004545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.005779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.078163] audit: type=1400 audit(1756464048.346:8): avc: denied { open } for pid=3878 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.082133] audit: type=1400 audit(1756464048.347:9): avc: denied { kernel } for pid=3878 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.143420] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.144067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.223644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.224293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.294408] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.295246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.342176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.342747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.385749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.386354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.422106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.422770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.589886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.590794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.616119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.616723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:40:49 executing program 4: r0 = getpid() pidfd_open(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00') pread64(r1, &(0x7f0000000100)=""/147, 0x93, 0x0) 10:40:49 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ppoll(&(0x7f00000003c0)=[{r0, 0x1142}], 0x1, 0x0, 0x0, 0x0) 10:40:49 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x4}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 10:40:49 executing program 1: syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 10:40:49 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x181802, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000100), 0x0, 0x0, 0x0) 10:40:49 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/if_inet6\x00') preadv(r0, &(0x7f0000001680)=[{&(0x7f00000001c0)=""/176, 0xb0}], 0x1, 0x9, 0x0) 10:40:49 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSETMODE(r0, 0x4b45, 0x0) 10:40:49 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x7caf, &(0x7f0000000040), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x13, &(0x7f0000000280)=[{0x0}, {0x0}], 0x2) inotify_init() ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan0\x00'}) 10:40:49 executing program 1: syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 10:40:49 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ppoll(&(0x7f00000003c0)=[{r0, 0x1142}], 0x1, 0x0, 0x0, 0x0) 10:40:49 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSETMODE(r0, 0x4b45, 0x0) 10:40:49 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/if_inet6\x00') preadv(r0, &(0x7f0000001680)=[{&(0x7f00000001c0)=""/176, 0xb0}], 0x1, 0x9, 0x0) 10:40:49 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {0x4}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 10:40:49 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x7caf, &(0x7f0000000040), &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x13, &(0x7f0000000280)=[{0x0}, {0x0}], 0x2) inotify_init() ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan0\x00'}) [ 117.010735] Oops: general protection fault, probably for non-canonical address 0xebfffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 117.011677] KASAN: maybe wild-memory-access in range [0x6000000000000190-0x6000000000000197] [ 117.012366] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.014205] Tainted: [W]=WARN [ 117.015007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.016927] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.018441] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.022634] RSP: 0018:ffff888009a47800 EFLAGS: 00010212 [ 117.023064] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc90001c98000 [ 117.023632] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 6000000000000190 [ 117.024201] RBP: ffff888009a47a70 R08: ffff88806ce31340 R09: ffffe8ffffc15d60 [ 117.024783] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.025354] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.025923] FS: 00007fbc076ed700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.026564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.027028] CR2: 00007fbc0a28b018 CR3: 000000001ede5000 CR4: 0000000000350ef0 [ 117.027597] Call Trace: [ 117.027815] [ 117.028000] ? perf_swevent_event+0x63/0x3f0 [ 117.028373] ? __pfx_perf_tp_event+0x10/0x10 [ 117.028757] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 117.029184] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 117.029602] ? perf_swevent_event+0x63/0x3f0 [ 117.029978] ? perf_tp_event+0x807/0xe70 [ 117.030334] ? __pfx_perf_tp_event+0x10/0x10 [ 117.030714] ? __perf_install_in_context+0x503/0xb90 [ 117.031146] ? do_raw_spin_unlock+0x53/0x220 [ 117.031529] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.031949] perf_trace_run_bpf_submit+0xef/0x180 [ 117.032364] perf_trace_lock+0x337/0x5d0 [ 117.032721] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.033113] ? lock_acquire+0x15e/0x2f0 [ 117.033455] ? futex_ref_get+0x48/0x300 [ 117.033789] ? futex_ref_get+0x114/0x300 [ 117.034129] ? futex_hash+0x15c/0x390 [ 117.034456] lock_release+0x1ab/0x290 [ 117.034781] ? futex_hash+0x15c/0x390 [ 117.035107] futex_ref_get+0x119/0x300 [ 117.035435] ? futex_hash+0x15c/0x390 [ 117.035757] futex_hash+0x70/0x390 [ 117.036064] futex_wake+0x143/0x540 [ 117.036375] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.036771] ? __pfx_futex_wake+0x10/0x10 [ 117.037132] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 117.037560] ? lock_release+0xc8/0x290 [ 117.037896] do_futex+0x26d/0x370 [ 117.038197] ? __pfx_do_futex+0x10/0x10 [ 117.038535] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 117.038986] ? find_held_lock+0x2b/0x80 [ 117.039337] __x64_sys_futex+0x1c9/0x4d0 [ 117.039683] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.040079] ? xfd_validate_state+0x55/0x180 [ 117.040477] do_syscall_64+0xbf/0x360 [ 117.040808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.041244] RIP: 0033:0x7fbc0a177b19 [ 117.041556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.043066] RSP: 002b:00007fbc076ed218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.043696] RAX: ffffffffffffffda RBX: 00007fbc0a28af68 RCX: 00007fbc0a177b19 [ 117.044289] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbc0a28af6c [ 117.044885] RBP: 00007fbc0a28af60 R08: 000000000000000e R09: 0000000000000000 [ 117.045480] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbc0a28af6c [ 117.046073] R13: 00007ffc8050e09f R14: 00007fbc076ed300 R15: 0000000000022000 [ 117.046673] [ 117.046871] Modules linked in: [ 117.047177] Oops: general protection fault, probably for non-canonical address 0xebfffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 117.048084] KASAN: maybe wild-memory-access in range [0x6000000000000190-0x6000000000000197] [ 117.048781] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 117.049760] Tainted: [D]=DIE, [W]=WARN [ 117.050077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.050753] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.051155] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.052650] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 117.053094] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffffff81898973 [ 117.053679] RDX: ffff8880168f8000 RSI: ffffffff818995b7 RDI: 6000000000000190 [ 117.054266] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15d60 [ 117.054851] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 117.055443] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000 [ 117.056036] FS: 00007fbc076ed700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.056704] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.057190] CR2: 00007fbc0a28b018 CR3: 000000001ede5000 CR4: 0000000000350ef0 [ 117.057778] Call Trace: [ 117.057990] [ 117.058183] ? __pfx_perf_tp_event+0x10/0x10 [ 117.058562] ? kasan_save_stack+0x34/0x50 [ 117.058897] ? kasan_save_stack+0x24/0x50 [ 117.059235] ? kasan_save_track+0x14/0x30 [ 117.059583] ? __kasan_save_free_info+0x3a/0x60 [ 117.059970] ? __kasan_slab_free+0x3f/0x50 [ 117.060325] ? kmem_cache_free+0x2a1/0x540 [ 117.060688] ? rcu_core+0x7c8/0x1800 [ 117.061005] ? handle_softirqs+0x1b1/0x770 [ 117.061362] ? __irq_exit_rcu+0xc4/0x100 [ 117.061704] ? irq_exit_rcu+0x9/0x20 [ 117.062018] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 117.062445] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 117.062894] ? copy_page_range+0x1d55/0x5140 [ 117.063267] ? dup_mmap+0xd2f/0x1d10 [ 117.063587] ? copy_process+0x3ad5/0x73c0 [ 117.063938] ? kernel_clone+0xea/0x7f0 [ 117.064256] ? __do_sys_clone+0xce/0x120 [ 117.064600] ? do_syscall_64+0xbf/0x360 [ 117.064931] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.065372] ? lock_is_held_type+0x9e/0x120 [ 117.065735] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.066151] perf_trace_run_bpf_submit+0xef/0x180 [ 117.066555] perf_trace_lock+0x337/0x5d0 [ 117.066896] ? place_entity+0x1c/0x410 [ 117.067225] ? kvm_sched_clock_read+0x16/0x30 [ 117.067605] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.067991] ? check_preempt_wakeup_fair+0x6e/0x950 [ 117.068413] ? sched_ttwu_pending+0x2e0/0x4a0 [ 117.068789] lock_release+0x1ab/0x290 [ 117.069113] ? ttwu_do_activate+0x1a4/0x8a0 [ 117.069468] _raw_spin_unlock+0x16/0x40 [ 117.069796] sched_ttwu_pending+0x2e0/0x4a0 [ 117.070153] ? __pfx_try_to_wake_up+0x10/0x10 [ 117.070523] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 117.070933] __flush_smp_call_function_queue+0x434/0x740 [ 117.071389] __sysvec_call_function_single+0x6d/0x370 [ 117.071825] sysvec_call_function_single+0xa1/0xc0 [ 117.072232] [ 117.072428] [ 117.072613] asm_sysvec_call_function_single+0x1a/0x20 [ 117.073030] RIP: 0010:oops_exit+0x0/0x50 [ 117.073457] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 117.074878] RSP: 0018:ffff888009a47690 EFLAGS: 00000202 [ 117.075287] RAX: 000000000002b5a4 RBX: 0000000000000216 RCX: ffffc90001c98000 [ 117.075827] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 117.076388] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 117.076955] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888009a47758 [ 117.077499] R13: 0000000000000000 R14: ebfffc0000000032 R15: 0000000000000000 [ 117.078046] ? oops_end+0x4a/0xe0 [ 117.078333] oops_end+0x65/0xe0 [ 117.078613] exc_general_protection+0x1a2/0x330 [ 117.078996] asm_exc_general_protection+0x26/0x30 [ 117.079386] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.079750] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.081150] RSP: 0018:ffff888009a47800 EFLAGS: 00010212 [ 117.081569] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc90001c98000 [ 117.082114] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 6000000000000190 [ 117.082657] RBP: ffff888009a47a70 R08: ffff88806ce31340 R09: ffffe8ffffc15d60 [ 117.083214] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.083778] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.084341] ? perf_tp_event+0x167/0xe70 [ 117.084675] ? perf_swevent_event+0x63/0x3f0 [ 117.085043] ? __pfx_perf_tp_event+0x10/0x10 [ 117.085411] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 117.085816] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 117.086223] ? perf_swevent_event+0x63/0x3f0 [ 117.086592] ? perf_tp_event+0x807/0xe70 [ 117.086928] ? __pfx_perf_tp_event+0x10/0x10 [ 117.087290] ? __perf_install_in_context+0x503/0xb90 [ 117.087696] ? do_raw_spin_unlock+0x53/0x220 [ 117.088061] ? perf_trace_run_bpf_submit+0xef/0x180 [ 117.088465] perf_trace_run_bpf_submit+0xef/0x180 [ 117.088860] perf_trace_lock+0x337/0x5d0 [ 117.089198] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.089574] ? lock_acquire+0x15e/0x2f0 [ 117.089899] ? futex_ref_get+0x48/0x300 [ 117.090217] ? futex_ref_get+0x114/0x300 [ 117.090533] ? futex_hash+0x15c/0x390 [ 117.090829] lock_release+0x1ab/0x290 [ 117.091134] ? futex_hash+0x15c/0x390 [ 117.091444] futex_ref_get+0x119/0x300 [ 117.091757] ? futex_hash+0x15c/0x390 [ 117.092071] futex_hash+0x70/0x390 [ 117.092363] futex_wake+0x143/0x540 [ 117.092667] ? __pfx_perf_trace_lock+0x10/0x10 [ 117.093025] ? __pfx_futex_wake+0x10/0x10 [ 117.093352] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 117.093743] ? lock_release+0xc8/0x290 [ 117.094064] do_futex+0x26d/0x370 [ 117.094355] ? __pfx_do_futex+0x10/0x10 [ 117.094678] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 117.095104] ? find_held_lock+0x2b/0x80 [ 117.095425] __x64_sys_futex+0x1c9/0x4d0 [ 117.095746] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.096101] ? xfd_validate_state+0x55/0x180 [ 117.096458] do_syscall_64+0xbf/0x360 [ 117.096765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.097184] RIP: 0033:0x7fbc0a177b19 [ 117.097487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.098906] RSP: 002b:00007fbc076ed218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.099484] RAX: ffffffffffffffda RBX: 00007fbc0a28af68 RCX: 00007fbc0a177b19 [ 117.100025] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbc0a28af6c [ 117.100585] RBP: 00007fbc0a28af60 R08: 000000000000000e R09: 0000000000000000 [ 117.101149] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbc0a28af6c [ 117.101711] R13: 00007ffc8050e09f R14: 00007fbc076ed300 R15: 0000000000022000 [ 117.102281] [ 117.102474] Modules linked in: [ 117.102734] ---[ end trace 0000000000000000 ]--- [ 117.103094] RIP: 0010:perf_tp_event+0x175/0xe70 [ 117.103458] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 117.104860] RSP: 0018:ffff888009a47800 EFLAGS: 00010212 [ 117.105288] RAX: 0c00000000000032 RBX: 5fffffffffffffa0 RCX: ffffc90001c98000 [ 117.105832] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 6000000000000190 [ 117.106372] RBP: ffff888009a47a70 R08: ffff88806ce31340 R09: ffffe8ffffc15d60 [ 117.106938] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 117.107515] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 117.108060] FS: 00007fbc076ed700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 117.108676] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.109126] CR2: 00007fbc0a28b018 CR3: 000000001ede5000 CR4: 0000000000350ef0 [ 117.109670] Kernel panic - not syncing: Fatal exception in interrupt [ 118.154145] Shutting down cpus with NMI [ 118.154731] Kernel Offset: disabled [ 118.155032] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:40:49 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888009a47100 R8 =0000000000000000 R9 =ffffed100148f046 R10=00000000000fe503 R11=30376578302f4952 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000 RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fbc076ed700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbc0a28b018 CR3=000000001ede5000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fbc0a25e7c000007fbc0a25e7c8 XMM02=00007fbc0a25e7e000007fbc0a25e7c0 XMM03=00007fbc0a25e7c800007fbc0a25e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff88804739b320 RBX=0000000000000000 RCX=ffffffff81b96ed1 RDX=ffff888015989b80 RSI=0000000000000000 RDI=0000000000000000 RBP=ffff8880143cfae0 RSP=ffff8880143cfaa0 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000200000 R11=0000000000000000 R12=ffff8880143cfc38 R13=ffff8880143cfb90 R14=ffff88804739b320 R15=ffff8880143cfc38 RIP=ffffffff8173e2b4 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f8b0b3828c0 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ce24000 CR3=000000000da31000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00000000000000000000556700716d2f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000556759089490000055675905bc30 XMM06=00005567590b0c300000000300000004 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000