Warning: Permanently added '[localhost]:47468' (ECDSA) to the list of known hosts.
2025/08/29 10:40:33 fuzzer started
2025/08/29 10:40:34 dialing manager at localhost:43077
syzkaller login: [   51.242212] cgroup: Unknown subsys name 'net'
[   51.323501] cgroup: Unknown subsys name 'cpuset'
[   51.342871] cgroup: Unknown subsys name 'rlimit'
2025/08/29 10:40:43 syscalls: 2214
2025/08/29 10:40:43 code coverage: enabled
2025/08/29 10:40:43 comparison tracing: enabled
2025/08/29 10:40:43 extra coverage: enabled
2025/08/29 10:40:43 setuid sandbox: enabled
2025/08/29 10:40:43 namespace sandbox: enabled
2025/08/29 10:40:43 Android sandbox: enabled
2025/08/29 10:40:43 fault injection: enabled
2025/08/29 10:40:43 leak checking: enabled
2025/08/29 10:40:43 net packet injection: enabled
2025/08/29 10:40:43 net device setup: enabled
2025/08/29 10:40:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 10:40:43 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 10:40:43 USB emulation: enabled
2025/08/29 10:40:43 hci packet injection: enabled
2025/08/29 10:40:43 wifi device emulation: enabled
2025/08/29 10:40:43 802.15.4 emulation: enabled
2025/08/29 10:40:43 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 10:40:43 fetching corpus: 50, signal 16265/19899 (executing program)
2025/08/29 10:40:43 fetching corpus: 100, signal 28771/33806 (executing program)
2025/08/29 10:40:44 fetching corpus: 150, signal 40660/46774 (executing program)
2025/08/29 10:40:44 fetching corpus: 200, signal 46296/53614 (executing program)
2025/08/29 10:40:44 fetching corpus: 250, signal 54107/62385 (executing program)
2025/08/29 10:40:44 fetching corpus: 300, signal 57326/66760 (executing program)
2025/08/29 10:40:44 fetching corpus: 350, signal 61950/72282 (executing program)
2025/08/29 10:40:44 fetching corpus: 400, signal 64830/76194 (executing program)
2025/08/29 10:40:44 fetching corpus: 450, signal 68937/81134 (executing program)
2025/08/29 10:40:44 fetching corpus: 500, signal 72003/85065 (executing program)
2025/08/29 10:40:44 fetching corpus: 550, signal 75933/89626 (executing program)
2025/08/29 10:40:44 fetching corpus: 600, signal 78349/92824 (executing program)
2025/08/29 10:40:45 fetching corpus: 650, signal 81840/96858 (executing program)
2025/08/29 10:40:45 fetching corpus: 700, signal 84891/100458 (executing program)
2025/08/29 10:40:45 fetching corpus: 750, signal 86506/102866 (executing program)
2025/08/29 10:40:45 fetching corpus: 800, signal 89463/106357 (executing program)
2025/08/29 10:40:45 fetching corpus: 850, signal 91935/109332 (executing program)
2025/08/29 10:40:45 fetching corpus: 900, signal 94697/112495 (executing program)
2025/08/29 10:40:45 fetching corpus: 950, signal 96934/115234 (executing program)
2025/08/29 10:40:45 fetching corpus: 1000, signal 99205/117854 (executing program)
2025/08/29 10:40:45 fetching corpus: 1050, signal 101214/120243 (executing program)
2025/08/29 10:40:45 fetching corpus: 1100, signal 102722/122241 (executing program)
2025/08/29 10:40:46 fetching corpus: 1150, signal 104787/124649 (executing program)
2025/08/29 10:40:46 fetching corpus: 1200, signal 106406/126695 (executing program)
2025/08/29 10:40:46 fetching corpus: 1250, signal 107444/128218 (executing program)
2025/08/29 10:40:46 fetching corpus: 1300, signal 108731/129906 (executing program)
2025/08/29 10:40:46 fetching corpus: 1350, signal 111171/132314 (executing program)
2025/08/29 10:40:46 fetching corpus: 1400, signal 112424/133955 (executing program)
2025/08/29 10:40:46 fetching corpus: 1450, signal 113208/135235 (executing program)
2025/08/29 10:40:46 fetching corpus: 1500, signal 115585/137490 (executing program)
2025/08/29 10:40:46 fetching corpus: 1550, signal 116248/138625 (executing program)
2025/08/29 10:40:46 fetching corpus: 1600, signal 117605/140166 (executing program)
2025/08/29 10:40:46 fetching corpus: 1650, signal 119256/141857 (executing program)
2025/08/29 10:40:47 fetching corpus: 1700, signal 120181/143042 (executing program)
2025/08/29 10:40:47 fetching corpus: 1750, signal 121119/144279 (executing program)
2025/08/29 10:40:47 fetching corpus: 1800, signal 121890/145357 (executing program)
2025/08/29 10:40:47 fetching corpus: 1850, signal 123298/146785 (executing program)
2025/08/29 10:40:47 fetching corpus: 1900, signal 124699/148170 (executing program)
2025/08/29 10:40:47 fetching corpus: 1950, signal 125244/149027 (executing program)
2025/08/29 10:40:47 fetching corpus: 2000, signal 125947/150021 (executing program)
2025/08/29 10:40:47 fetching corpus: 2050, signal 126967/151141 (executing program)
2025/08/29 10:40:47 fetching corpus: 2100, signal 127869/152175 (executing program)
2025/08/29 10:40:47 fetching corpus: 2150, signal 128862/153214 (executing program)
2025/08/29 10:40:47 fetching corpus: 2200, signal 129649/154118 (executing program)
2025/08/29 10:40:47 fetching corpus: 2250, signal 130442/155050 (executing program)
2025/08/29 10:40:48 fetching corpus: 2300, signal 131313/156004 (executing program)
2025/08/29 10:40:48 fetching corpus: 2350, signal 132285/156982 (executing program)
2025/08/29 10:40:48 fetching corpus: 2400, signal 132759/157695 (executing program)
2025/08/29 10:40:48 fetching corpus: 2450, signal 133551/158592 (executing program)
2025/08/29 10:40:48 fetching corpus: 2500, signal 134447/159530 (executing program)
2025/08/29 10:40:48 fetching corpus: 2550, signal 135221/160324 (executing program)
2025/08/29 10:40:48 fetching corpus: 2600, signal 135811/161079 (executing program)
2025/08/29 10:40:48 fetching corpus: 2650, signal 136221/161713 (executing program)
2025/08/29 10:40:48 fetching corpus: 2700, signal 136750/162379 (executing program)
2025/08/29 10:40:48 fetching corpus: 2750, signal 137534/163170 (executing program)
2025/08/29 10:40:48 fetching corpus: 2800, signal 138109/163840 (executing program)
2025/08/29 10:40:49 fetching corpus: 2850, signal 138741/164563 (executing program)
2025/08/29 10:40:49 fetching corpus: 2900, signal 139622/165299 (executing program)
2025/08/29 10:40:49 fetching corpus: 2950, signal 140284/165932 (executing program)
2025/08/29 10:40:49 fetching corpus: 3000, signal 141021/166563 (executing program)
2025/08/29 10:40:49 fetching corpus: 3050, signal 141496/167144 (executing program)
2025/08/29 10:40:49 fetching corpus: 3100, signal 142297/167825 (executing program)
2025/08/29 10:40:49 fetching corpus: 3150, signal 143526/168559 (executing program)
2025/08/29 10:40:49 fetching corpus: 3200, signal 144240/169123 (executing program)
2025/08/29 10:40:49 fetching corpus: 3250, signal 144785/169641 (executing program)
2025/08/29 10:40:49 fetching corpus: 3300, signal 145565/170197 (executing program)
2025/08/29 10:40:49 fetching corpus: 3350, signal 146260/170750 (executing program)
2025/08/29 10:40:50 fetching corpus: 3400, signal 146879/171263 (executing program)
2025/08/29 10:40:50 fetching corpus: 3450, signal 147347/171726 (executing program)
2025/08/29 10:40:50 fetching corpus: 3500, signal 148219/172212 (executing program)
2025/08/29 10:40:50 fetching corpus: 3550, signal 149018/172677 (executing program)
2025/08/29 10:40:50 fetching corpus: 3600, signal 149463/173121 (executing program)
2025/08/29 10:40:50 fetching corpus: 3650, signal 150002/173528 (executing program)
2025/08/29 10:40:50 fetching corpus: 3700, signal 150571/173966 (executing program)
2025/08/29 10:40:50 fetching corpus: 3750, signal 151059/174356 (executing program)
2025/08/29 10:40:50 fetching corpus: 3800, signal 151542/174757 (executing program)
2025/08/29 10:40:50 fetching corpus: 3850, signal 152204/175127 (executing program)
2025/08/29 10:40:51 fetching corpus: 3900, signal 152726/175517 (executing program)
2025/08/29 10:40:51 fetching corpus: 3950, signal 153066/175835 (executing program)
2025/08/29 10:40:51 fetching corpus: 4000, signal 153541/176143 (executing program)
2025/08/29 10:40:51 fetching corpus: 4050, signal 154045/176463 (executing program)
2025/08/29 10:40:51 fetching corpus: 4100, signal 154936/176891 (executing program)
2025/08/29 10:40:51 fetching corpus: 4150, signal 155387/177196 (executing program)
2025/08/29 10:40:51 fetching corpus: 4200, signal 155799/177501 (executing program)
2025/08/29 10:40:51 fetching corpus: 4250, signal 156229/177750 (executing program)
2025/08/29 10:40:51 fetching corpus: 4300, signal 156500/177867 (executing program)
2025/08/29 10:40:51 fetching corpus: 4350, signal 156931/177869 (executing program)
2025/08/29 10:40:52 fetching corpus: 4400, signal 157292/177891 (executing program)
2025/08/29 10:40:52 fetching corpus: 4450, signal 157673/177894 (executing program)
2025/08/29 10:40:52 fetching corpus: 4500, signal 158233/177907 (executing program)
2025/08/29 10:40:52 fetching corpus: 4550, signal 158825/177935 (executing program)
2025/08/29 10:40:52 fetching corpus: 4600, signal 159236/177944 (executing program)
2025/08/29 10:40:52 fetching corpus: 4650, signal 159600/177950 (executing program)
2025/08/29 10:40:52 fetching corpus: 4700, signal 160070/177997 (executing program)
2025/08/29 10:40:52 fetching corpus: 4750, signal 160721/178017 (executing program)
2025/08/29 10:40:52 fetching corpus: 4800, signal 161308/178129 (executing program)
2025/08/29 10:40:52 fetching corpus: 4850, signal 161658/178159 (executing program)
2025/08/29 10:40:53 fetching corpus: 4900, signal 162028/178166 (executing program)
2025/08/29 10:40:53 fetching corpus: 4950, signal 162305/178178 (executing program)
2025/08/29 10:40:53 fetching corpus: 5000, signal 162686/178215 (executing program)
2025/08/29 10:40:53 fetching corpus: 5050, signal 163073/178220 (executing program)
2025/08/29 10:40:53 fetching corpus: 5099, signal 163539/178260 (executing program)
2025/08/29 10:40:53 fetching corpus: 5148, signal 163955/178317 (executing program)
2025/08/29 10:40:53 fetching corpus: 5198, signal 164356/178318 (executing program)
2025/08/29 10:40:53 fetching corpus: 5248, signal 164717/178321 (executing program)
2025/08/29 10:40:53 fetching corpus: 5298, signal 165070/178329 (executing program)
2025/08/29 10:40:54 fetching corpus: 5348, signal 165808/178339 (executing program)
2025/08/29 10:40:54 fetching corpus: 5398, signal 166111/178356 (executing program)
2025/08/29 10:40:54 fetching corpus: 5448, signal 166458/178361 (executing program)
2025/08/29 10:40:54 fetching corpus: 5498, signal 166864/178364 (executing program)
2025/08/29 10:40:54 fetching corpus: 5548, signal 167217/178366 (executing program)
2025/08/29 10:40:54 fetching corpus: 5598, signal 167564/178376 (executing program)
2025/08/29 10:40:54 fetching corpus: 5648, signal 168126/178384 (executing program)
2025/08/29 10:40:54 fetching corpus: 5698, signal 168482/178384 (executing program)
2025/08/29 10:40:54 fetching corpus: 5748, signal 168715/178393 (executing program)
2025/08/29 10:40:54 fetching corpus: 5798, signal 169180/178393 (executing program)
2025/08/29 10:40:54 fetching corpus: 5848, signal 169406/178400 (executing program)
2025/08/29 10:40:55 fetching corpus: 5898, signal 169816/178403 (executing program)
2025/08/29 10:40:55 fetching corpus: 5948, signal 170063/178419 (executing program)
2025/08/29 10:40:55 fetching corpus: 5998, signal 170598/178466 (executing program)
2025/08/29 10:40:55 fetching corpus: 6048, signal 170861/178470 (executing program)
2025/08/29 10:40:55 fetching corpus: 6098, signal 171219/178471 (executing program)
2025/08/29 10:40:55 fetching corpus: 6148, signal 171681/178475 (executing program)
2025/08/29 10:40:55 fetching corpus: 6198, signal 171930/178496 (executing program)
2025/08/29 10:40:55 fetching corpus: 6248, signal 172305/178507 (executing program)
2025/08/29 10:40:55 fetching corpus: 6298, signal 172561/178527 (executing program)
2025/08/29 10:40:55 fetching corpus: 6348, signal 173140/178542 (executing program)
2025/08/29 10:40:56 fetching corpus: 6398, signal 173386/178587 (executing program)
2025/08/29 10:40:56 fetching corpus: 6448, signal 173673/178588 (executing program)
2025/08/29 10:40:56 fetching corpus: 6498, signal 174156/178589 (executing program)
2025/08/29 10:40:56 fetching corpus: 6548, signal 174456/178597 (executing program)
2025/08/29 10:40:56 fetching corpus: 6598, signal 174817/178598 (executing program)
2025/08/29 10:40:56 fetching corpus: 6648, signal 175302/178610 (executing program)
2025/08/29 10:40:56 fetching corpus: 6698, signal 175751/178616 (executing program)
2025/08/29 10:40:56 fetching corpus: 6715, signal 175904/178616 (executing program)
2025/08/29 10:40:56 fetching corpus: 6715, signal 175904/178616 (executing program)
2025/08/29 10:40:59 starting 8 fuzzer processes
10:40:59 executing program 0:
setresgid(0x0, 0x0, 0xee01)
setfsgid(0xee01)

10:40:59 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

10:40:59 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000100)={{}, {0x2}})
fremovexattr(0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x80045300, 0x0)

10:40:59 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GETSTATE(r0, 0xc0185879, &(0x7f0000002a00))

10:40:59 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0x4)

10:40:59 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}}, 0x0)

[   76.377392] audit: type=1400 audit(1756464059.484:7): avc:  denied  { execmem } for  pid=271 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:40:59 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000a80), 0x101)
write$binfmt_elf32(r0, 0x0, 0x0)
clock_gettime(0x0, 0x0)

10:40:59 executing program 6:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, r0)

[   77.669424] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   77.671142] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.675490] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   77.676592] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.678996] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.681146] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   77.685017] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.687497] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.694821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   77.698415] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   77.749174] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   77.751251] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   77.763858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   77.768540] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   77.772228] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   77.777768] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   77.779398] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   77.781309] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   77.783015] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   77.785777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   77.785999] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   77.789138] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   77.794076] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   77.801370] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   77.804853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   77.806019] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   77.808374] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   77.810726] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   77.811965] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   77.813287] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   77.825876] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   77.828796] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   77.830876] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   77.832202] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   77.835862] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   77.840865] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   77.843846] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   77.849628] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   77.866283] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   77.870645] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   79.765010] Bluetooth: hci1: command tx timeout
[   79.766054] Bluetooth: hci0: command tx timeout
[   79.830608] Bluetooth: hci2: command tx timeout
[   79.892676] Bluetooth: hci7: command tx timeout
[   79.893490] Bluetooth: hci4: command tx timeout
[   79.894186] Bluetooth: hci3: command tx timeout
[   79.956786] Bluetooth: hci5: command tx timeout
[   79.958488] Bluetooth: hci6: command tx timeout
[   81.813663] Bluetooth: hci0: command tx timeout
[   81.813695] Bluetooth: hci1: command tx timeout
[   81.876625] Bluetooth: hci2: command tx timeout
[   81.940617] Bluetooth: hci4: command tx timeout
[   81.940659] Bluetooth: hci3: command tx timeout
[   81.941025] Bluetooth: hci7: command tx timeout
[   82.004692] Bluetooth: hci6: command tx timeout
[   82.005093] Bluetooth: hci5: command tx timeout
[   83.862605] Bluetooth: hci1: command tx timeout
[   83.863067] Bluetooth: hci0: command tx timeout
[   83.925598] Bluetooth: hci2: command tx timeout
[   83.988626] Bluetooth: hci7: command tx timeout
[   83.989763] Bluetooth: hci3: command tx timeout
[   83.990418] Bluetooth: hci4: command tx timeout
[   84.052728] Bluetooth: hci5: command tx timeout
[   84.052868] Bluetooth: hci6: command tx timeout
[   85.911689] Bluetooth: hci0: command tx timeout
[   85.911715] Bluetooth: hci1: command tx timeout
[   85.973009] Bluetooth: hci2: command tx timeout
[   86.038649] Bluetooth: hci4: command tx timeout
[   86.038765] Bluetooth: hci3: command tx timeout
[   86.039118] Bluetooth: hci7: command tx timeout
[   86.100830] Bluetooth: hci5: command tx timeout
[   86.101896] Bluetooth: hci6: command tx timeout
[  113.831468] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.833492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.974607] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.975242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.086356] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.087451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.294712] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.295349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.368390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.369056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.465273] audit: type=1400 audit(1756464097.569:8): avc:  denied  { open } for  pid=3779 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  114.474822] audit: type=1400 audit(1756464097.569:9): avc:  denied  { kernel } for  pid=3779 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  114.506672] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.507301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:41:37 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}}, 0x0)

10:41:37 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}}, 0x0)

10:41:38 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}}, 0x0)

10:41:38 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GETSTATE(r0, 0xc0185879, &(0x7f0000002a00))

10:41:38 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000a80), 0x101)
write$binfmt_elf32(r0, 0x0, 0x0)
clock_gettime(0x0, 0x0)

10:41:38 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GETSTATE(r0, 0xc0185879, &(0x7f0000002a00))

10:41:38 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000a80), 0x101)
write$binfmt_elf32(r0, 0x0, 0x0)
clock_gettime(0x0, 0x0)

10:41:38 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind(r0, &(0x7f0000000040)=@nl=@unspec={0x0, 0x2}, 0x80)

[  115.545883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.546511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.621538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.622490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.704080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.704727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.795761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.796407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.848345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.849097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.885076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.885931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.942745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.943343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.985363] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.985972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.035335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.035956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.070108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.070707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.170088] audit: type=1400 audit(1756464099.277:10): avc:  denied  { write } for  pid=3908 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
10:41:39 executing program 0:
setresgid(0x0, 0x0, 0xee01)
setfsgid(0xee01)

10:41:39 executing program 7:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GETSTATE(r0, 0xc0185879, &(0x7f0000002a00))

10:41:39 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

10:41:39 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000a80), 0x101)
write$binfmt_elf32(r0, 0x0, 0x0)
clock_gettime(0x0, 0x0)

10:41:39 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind(r0, &(0x7f0000000040)=@nl=@unspec={0x0, 0x2}, 0x80)

10:41:39 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0x4)

10:41:39 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000100)={{}, {0x2}})
fremovexattr(0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x80045300, 0x0)

10:41:39 executing program 6:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, r0)

10:41:39 executing program 0:
setresgid(0x0, 0x0, 0xee01)
setfsgid(0xee01)

10:41:39 executing program 6:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, r0)

10:41:39 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind(r0, &(0x7f0000000040)=@nl=@unspec={0x0, 0x2}, 0x80)

10:41:39 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

10:41:39 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000100)={{}, {0x2}})
fremovexattr(0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x80045300, 0x0)

10:41:39 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0x4)

10:41:39 executing program 7:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, r0)

[  116.416507] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  116.417537] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  116.418150] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.1 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  116.419772] Tainted: [W]=WARN
[  116.420262] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.421520] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.422193] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.424706] RSP: 0018:ffff8880165a7800 EFLAGS: 00010212
[  116.425515] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001df4000
[  116.426548] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  116.428013] RBP: ffff8880165a7a70 R08: ffff88806cf31340 R09: ffffe8ffffd166a0
[  116.429059] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.430117] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.431174] FS:  00007fe404422700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  116.432339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.433138] CR2: 00007fe406fc0018 CR3: 0000000044479000 CR4: 0000000000350ef0
[  116.434324] Call Trace:
[  116.434562]  <TASK>
[  116.434779]  ? __pfx_perf_tp_event+0x10/0x10
[  116.435191]  ? lock_is_held_type+0x9e/0x120
[  116.435592]  ? lock_is_held_type+0x9e/0x120
[  116.435989]  ? perf_trace_lock+0xb5/0x5d0
[  116.436376]  ? perf_trace_lock+0xb5/0x5d0
[  116.436765]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.437185]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.437605]  ? find_held_lock+0x2b/0x80
[  116.437973]  ? find_held_lock+0x2b/0x80
[  116.438343]  ? __perf_install_in_context+0x503/0xb90
[  116.438803]  ? lock_release+0xc8/0x290
[  116.439161]  ? do_raw_spin_unlock+0x53/0x220
[  116.439572]  ? perf_trace_run_bpf_submit+0xef/0x180
[  116.440033]  perf_trace_run_bpf_submit+0xef/0x180
[  116.440488]  perf_trace_lock+0x337/0x5d0
[  116.440951]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.441373]  ? lock_acquire+0x15e/0x2f0
[  116.441736]  ? futex_ref_get+0x48/0x300
[  116.442100]  ? futex_ref_get+0x114/0x300
[  116.442465]  ? futex_hash+0x15c/0x390
[  116.442814]  lock_release+0x1ab/0x290
[  116.443166]  ? futex_hash+0x15c/0x390
[  116.443512]  futex_ref_get+0x119/0x300
[  116.443869]  ? futex_hash+0x15c/0x390
[  116.444216]  futex_hash+0x70/0x390
[  116.444546]  futex_wake+0x143/0x540
[  116.445136]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.445923]  ? __pfx_futex_wake+0x10/0x10
[  116.446637]  ? __do_sys_perf_event_open+0x44d/0x2c20
[  116.447490]  ? lock_release+0xc8/0x290
[  116.448157]  do_futex+0x26d/0x370
[  116.448800]  ? __pfx_do_futex+0x10/0x10
[  116.449436]  ? __pfx___do_sys_perf_event_open+0x10/0x10
[  116.450226]  ? find_held_lock+0x2b/0x80
[  116.450835]  __x64_sys_futex+0x1c9/0x4d0
[  116.451450]  ? __pfx___x64_sys_futex+0x10/0x10
[  116.452143]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  116.452938]  do_syscall_64+0xbf/0x360
[  116.453518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.454283] RIP: 0033:0x7fe406eacb19
[  116.454842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  116.457555] RSP: 002b:00007fe404422218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  116.458680] RAX: ffffffffffffffda RBX: 00007fe406fbff68 RCX: 00007fe406eacb19
[  116.459738] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe406fbff6c
[  116.460801] RBP: 00007fe406fbff60 R08: 000000000000000e R09: 0000000000000000
[  116.461852] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe406fbff6c
[  116.462908] R13: 00007ffecdea021f R14: 00007fe404422300 R15: 0000000000022000
[  116.463980]  </TASK>
[  116.464338] Modules linked in:
[  116.464874] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  116.466522] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  116.467642] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.1 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  116.469434] Tainted: [D]=DIE, [W]=WARN
[  116.470007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.471225] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.471937] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.474620] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[  116.475409] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  116.476462] RDX: ffff888016790000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  116.477519] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd166a0
[  116.478575] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000
[  116.479626] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000
[  116.480682] FS:  00007fe404422700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  116.481874] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.482739] CR2: 00007fe406fc0018 CR3: 0000000044479000 CR4: 0000000000350ef0
[  116.483796] Call Trace:
[  116.484188]  <IRQ>
[  116.484523]  ? arch_stack_walk+0x9c/0xf0
[  116.485156]  ? __pfx_perf_tp_event+0x10/0x10
[  116.485830]  ? stack_trace_save+0x8e/0xc0
[  116.486464]  ? stack_depot_save_flags+0x2c/0xa20
[  116.487185]  ? kasan_save_stack+0x34/0x50
[  116.487820]  ? kasan_save_stack+0x24/0x50
[  116.488455]  ? kasan_save_track+0x14/0x30
[  116.489089]  ? __kasan_save_free_info+0x3a/0x60
[  116.489795]  ? __kasan_slab_free+0x3f/0x50
[  116.490442]  ? kmem_cache_free+0x2a1/0x540
[  116.491078]  ? rcu_core+0x7c8/0x1800
[  116.491651]  ? handle_softirqs+0x1b1/0x770
[  116.492306]  ? do_softirq+0x48/0x80
[  116.492863]  ? __local_bh_enable_ip+0xf1/0x110
[  116.493558]  ? tcp_sendmsg+0x3a/0x50
[  116.494137]  ? inet_sendmsg+0xb9/0x150
[  116.494736]  ? sock_write_iter+0x4c9/0x5c0
[  116.495374]  ? vfs_write+0xbe9/0x1150
[  116.495958]  ? ksys_write+0x1ef/0x240
[  116.496545]  ? do_syscall_64+0xbf/0x360
[  116.497159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.497985]  ? perf_trace_run_bpf_submit+0xef/0x180
[  116.498751]  perf_trace_run_bpf_submit+0xef/0x180
[  116.499505]  perf_trace_lock+0x337/0x5d0
[  116.500130]  ? place_entity+0x1c/0x410
[  116.500739]  ? kvm_sched_clock_read+0x16/0x30
[  116.501428]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.502128]  ? check_preempt_wakeup_fair+0x6e/0x950
[  116.502891]  ? sched_ttwu_pending+0x2e0/0x4a0
[  116.503589]  lock_release+0x1ab/0x290
[  116.504177]  ? ttwu_do_activate+0x1a4/0x8a0
[  116.504852]  _raw_spin_unlock+0x16/0x40
[  116.505464]  sched_ttwu_pending+0x2e0/0x4a0
[  116.506132]  ? __pfx_sched_ttwu_pending+0x10/0x10
[  116.506879]  ? mark_held_locks+0x49/0x80
[  116.507502]  __flush_smp_call_function_queue+0x434/0x740
[  116.508337]  __sysvec_call_function_single+0x6d/0x370
[  116.509136]  sysvec_call_function_single+0xa1/0xc0
[  116.509887]  </IRQ>
[  116.510235]  <TASK>
[  116.510588]  asm_sysvec_call_function_single+0x1a/0x20
[  116.511372] RIP: 0010:oops_exit+0x0/0x50
[  116.512002] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[  116.514704] RSP: 0018:ffff8880165a7690 EFLAGS: 00000202
[  116.515497] RAX: 000000000002d753 RBX: 0000000000000212 RCX: ffffc90001df4000
[  116.516555] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[  116.517630] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[  116.518697] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880165a7758
[  116.519769] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  116.520848]  ? oops_end+0x4a/0xe0
[  116.521396]  oops_end+0x65/0xe0
[  116.521922]  exc_general_protection+0x1a2/0x330
[  116.522641]  asm_exc_general_protection+0x26/0x30
[  116.523375] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.524088] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.526805] RSP: 0018:ffff8880165a7800 EFLAGS: 00010212
[  116.527609] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001df4000
[  116.528677] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  116.529750] RBP: ffff8880165a7a70 R08: ffff88806cf31340 R09: ffffe8ffffd166a0
[  116.530814] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.531886] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.532962]  ? perf_tp_event+0x167/0xe70
[  116.533606]  ? __pfx_perf_tp_event+0x10/0x10
[  116.534287]  ? lock_is_held_type+0x9e/0x120
[  116.534957]  ? lock_is_held_type+0x9e/0x120
[  116.535623]  ? perf_trace_lock+0xb5/0x5d0
[  116.536261]  ? perf_trace_lock+0xb5/0x5d0
[  116.536906]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.537605]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.538311]  ? find_held_lock+0x2b/0x80
[  116.538926]  ? find_held_lock+0x2b/0x80
[  116.539547]  ? __perf_install_in_context+0x503/0xb90
[  116.540319]  ? lock_release+0xc8/0x290
[  116.540926]  ? do_raw_spin_unlock+0x53/0x220
[  116.541611]  ? perf_trace_run_bpf_submit+0xef/0x180
[  116.542377]  perf_trace_run_bpf_submit+0xef/0x180
[  116.543125]  perf_trace_lock+0x337/0x5d0
[  116.543753]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.544462]  ? lock_acquire+0x15e/0x2f0
[  116.545078]  ? futex_ref_get+0x48/0x300
[  116.545689]  ? futex_ref_get+0x114/0x300
[  116.546304]  ? futex_hash+0x15c/0x390
[  116.546885]  lock_release+0x1ab/0x290
[  116.547473]  ? futex_hash+0x15c/0x390
[  116.548054]  futex_ref_get+0x119/0x300
[  116.548656]  ? futex_hash+0x15c/0x390
[  116.549240]  futex_hash+0x70/0x390
[  116.549795]  futex_wake+0x143/0x540
[  116.550359]  ? __pfx_perf_trace_lock+0x10/0x10
[  116.551062]  ? __pfx_futex_wake+0x10/0x10
[  116.551710]  ? __do_sys_perf_event_open+0x44d/0x2c20
[  116.552477]  ? lock_release+0xc8/0x290
[  116.553089]  do_futex+0x26d/0x370
[  116.553627]  ? __pfx_do_futex+0x10/0x10
[  116.554236]  ? __pfx___do_sys_perf_event_open+0x10/0x10
[  116.555042]  ? find_held_lock+0x2b/0x80
[  116.555666]  __x64_sys_futex+0x1c9/0x4d0
[  116.556297]  ? __pfx___x64_sys_futex+0x10/0x10
[  116.557011]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  116.557809]  do_syscall_64+0xbf/0x360
[  116.558399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.559178] RIP: 0033:0x7fe406eacb19
[  116.559736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  116.562458] RSP: 002b:00007fe404422218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  116.563602] RAX: ffffffffffffffda RBX: 00007fe406fbff68 RCX: 00007fe406eacb19
[  116.564684] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe406fbff6c
[  116.565754] RBP: 00007fe406fbff60 R08: 000000000000000e R09: 0000000000000000
[  116.566815] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe406fbff6c
[  116.567880] R13: 00007ffecdea021f R14: 00007fe404422300 R15: 0000000000022000
[  116.568957]  </TASK>
[  116.569312] Modules linked in:
[  116.569800] ---[ end trace 0000000000000000 ]---
[  116.570498] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.571191] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.573834] RSP: 0018:ffff8880165a7800 EFLAGS: 00010212
[  116.574614] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90001df4000
[  116.575662] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  116.576707] RBP: ffff8880165a7a70 R08: ffff88806cf31340 R09: ffffe8ffffd166a0
[  116.577745] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.578802] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.579821] FS:  00007fe404422700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  116.580972] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.581836] CR2: 00007fe406fc0018 CR3: 0000000044479000 CR4: 0000000000350ef0
[  116.582844] Kernel panic - not syncing: Fatal exception in interrupt
[  117.690269] Shutting down cpus with NMI
[  117.691117] Kernel Offset: disabled
[  117.691615] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
10:41:39  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000039a8c RCX=ffffffff819cd6b4 RDX=ffff888016f65280
RSI=0000000000000000 RDI=0000000000000000 RBP=1ffff11002e72ebb RSP=ffff8880173975d0
R8 =0000000000000000 R9 =fffff940001cd45e R10=0000000000000001 R11=1ffff1100d9c6f7b
R12=8000000039a8c007 R13=ffff88800d080000 R14=00007f695da80000 R15=0000000000000000
RIP=ffffffff8173e2b8 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe7400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d420000 CR3=00000000431a5000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880165a7170
R8 =0000000000000000 R9 =ffffed10013f7046 R10=0000000000000030 R11=3030303030302043
R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fe404422700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe6000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fe406fc0018 CR3=0000000044479000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fe406f937c000007fe406f937c8
XMM02=00007fe406f937e000007fe406f937c0 XMM03=00007fe406f937c800007fe406f937c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000