Warning: Permanently added '[localhost]:46967' (ECDSA) to the list of known hosts. 2025/08/29 10:49:44 fuzzer started 2025/08/29 10:49:44 dialing manager at localhost:43077 syzkaller login: [ 58.221605] cgroup: Unknown subsys name 'net' [ 58.285230] cgroup: Unknown subsys name 'cpuset' [ 58.395279] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:49:56 syscalls: 2214 2025/08/29 10:49:56 code coverage: enabled 2025/08/29 10:49:56 comparison tracing: enabled 2025/08/29 10:49:56 extra coverage: enabled 2025/08/29 10:49:56 setuid sandbox: enabled 2025/08/29 10:49:56 namespace sandbox: enabled 2025/08/29 10:49:56 Android sandbox: enabled 2025/08/29 10:49:56 fault injection: enabled 2025/08/29 10:49:56 leak checking: enabled 2025/08/29 10:49:56 net packet injection: enabled 2025/08/29 10:49:56 net device setup: enabled 2025/08/29 10:49:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:49:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:49:56 USB emulation: enabled 2025/08/29 10:49:56 hci packet injection: enabled 2025/08/29 10:49:56 wifi device emulation: enabled 2025/08/29 10:49:56 802.15.4 emulation: enabled 2025/08/29 10:49:56 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:49:56 fetching corpus: 49, signal 22241/25751 (executing program) 2025/08/29 10:49:56 fetching corpus: 99, signal 34069/38928 (executing program) 2025/08/29 10:49:56 fetching corpus: 149, signal 39850/46106 (executing program) 2025/08/29 10:49:56 fetching corpus: 199, signal 46588/54004 (executing program) 2025/08/29 10:49:56 fetching corpus: 249, signal 55221/63528 (executing program) 2025/08/29 10:49:56 fetching corpus: 299, signal 63127/72206 (executing program) 2025/08/29 10:49:56 fetching corpus: 349, signal 67318/77334 (executing program) 2025/08/29 10:49:57 fetching corpus: 399, signal 70149/81100 (executing program) 2025/08/29 10:49:57 fetching corpus: 449, signal 73980/85686 (executing program) 2025/08/29 10:49:57 fetching corpus: 499, signal 77193/89674 (executing program) 2025/08/29 10:49:57 fetching corpus: 549, signal 79939/93218 (executing program) 2025/08/29 10:49:57 fetching corpus: 599, signal 84080/97867 (executing program) 2025/08/29 10:49:57 fetching corpus: 649, signal 86820/101228 (executing program) 2025/08/29 10:49:57 fetching corpus: 699, signal 89044/104062 (executing program) 2025/08/29 10:49:57 fetching corpus: 749, signal 91184/106822 (executing program) 2025/08/29 10:49:57 fetching corpus: 799, signal 93061/109354 (executing program) 2025/08/29 10:49:58 fetching corpus: 849, signal 95663/112349 (executing program) 2025/08/29 10:49:58 fetching corpus: 899, signal 97149/114442 (executing program) 2025/08/29 10:49:58 fetching corpus: 949, signal 98641/116560 (executing program) 2025/08/29 10:49:58 fetching corpus: 999, signal 100256/118750 (executing program) 2025/08/29 10:49:58 fetching corpus: 1049, signal 101819/120785 (executing program) 2025/08/29 10:49:58 fetching corpus: 1099, signal 104104/123433 (executing program) 2025/08/29 10:49:58 fetching corpus: 1149, signal 105020/124947 (executing program) 2025/08/29 10:49:58 fetching corpus: 1199, signal 106580/126889 (executing program) 2025/08/29 10:49:58 fetching corpus: 1249, signal 107379/128227 (executing program) 2025/08/29 10:49:58 fetching corpus: 1299, signal 108632/129942 (executing program) 2025/08/29 10:49:59 fetching corpus: 1349, signal 110138/131742 (executing program) 2025/08/29 10:49:59 fetching corpus: 1399, signal 111221/133253 (executing program) 2025/08/29 10:49:59 fetching corpus: 1449, signal 112143/134640 (executing program) 2025/08/29 10:49:59 fetching corpus: 1499, signal 113184/136005 (executing program) 2025/08/29 10:49:59 fetching corpus: 1549, signal 114332/137465 (executing program) 2025/08/29 10:49:59 fetching corpus: 1599, signal 115165/138748 (executing program) 2025/08/29 10:49:59 fetching corpus: 1649, signal 116500/140317 (executing program) 2025/08/29 10:49:59 fetching corpus: 1699, signal 117473/141595 (executing program) 2025/08/29 10:49:59 fetching corpus: 1749, signal 118548/142926 (executing program) 2025/08/29 10:49:59 fetching corpus: 1799, signal 119480/144217 (executing program) 2025/08/29 10:50:00 fetching corpus: 1849, signal 120508/145472 (executing program) 2025/08/29 10:50:00 fetching corpus: 1899, signal 121691/146845 (executing program) 2025/08/29 10:50:00 fetching corpus: 1949, signal 122395/147895 (executing program) 2025/08/29 10:50:00 fetching corpus: 1999, signal 123098/148898 (executing program) 2025/08/29 10:50:00 fetching corpus: 2049, signal 124733/150382 (executing program) 2025/08/29 10:50:00 fetching corpus: 2099, signal 125545/151411 (executing program) 2025/08/29 10:50:01 fetching corpus: 2149, signal 126641/152557 (executing program) 2025/08/29 10:50:01 fetching corpus: 2199, signal 127371/153518 (executing program) 2025/08/29 10:50:01 fetching corpus: 2249, signal 128046/154433 (executing program) 2025/08/29 10:50:01 fetching corpus: 2299, signal 129176/155583 (executing program) 2025/08/29 10:50:01 fetching corpus: 2349, signal 129827/156463 (executing program) 2025/08/29 10:50:01 fetching corpus: 2399, signal 130352/157254 (executing program) 2025/08/29 10:50:01 fetching corpus: 2449, signal 131208/158165 (executing program) 2025/08/29 10:50:01 fetching corpus: 2499, signal 132158/159184 (executing program) 2025/08/29 10:50:02 fetching corpus: 2549, signal 132999/160038 (executing program) 2025/08/29 10:50:02 fetching corpus: 2599, signal 133710/160808 (executing program) 2025/08/29 10:50:02 fetching corpus: 2649, signal 134895/161809 (executing program) 2025/08/29 10:50:02 fetching corpus: 2699, signal 135577/162565 (executing program) 2025/08/29 10:50:02 fetching corpus: 2749, signal 136316/163364 (executing program) 2025/08/29 10:50:02 fetching corpus: 2799, signal 137090/164184 (executing program) 2025/08/29 10:50:02 fetching corpus: 2849, signal 138182/165048 (executing program) 2025/08/29 10:50:02 fetching corpus: 2899, signal 138611/165670 (executing program) 2025/08/29 10:50:02 fetching corpus: 2949, signal 139403/166389 (executing program) 2025/08/29 10:50:02 fetching corpus: 2999, signal 140253/167097 (executing program) 2025/08/29 10:50:02 fetching corpus: 3049, signal 141001/167757 (executing program) 2025/08/29 10:50:03 fetching corpus: 3099, signal 141868/168417 (executing program) 2025/08/29 10:50:03 fetching corpus: 3149, signal 142338/168994 (executing program) 2025/08/29 10:50:03 fetching corpus: 3199, signal 142965/169566 (executing program) 2025/08/29 10:50:03 fetching corpus: 3249, signal 143765/170174 (executing program) 2025/08/29 10:50:03 fetching corpus: 3299, signal 144694/170846 (executing program) 2025/08/29 10:50:03 fetching corpus: 3349, signal 145281/171381 (executing program) 2025/08/29 10:50:03 fetching corpus: 3399, signal 145949/171877 (executing program) 2025/08/29 10:50:03 fetching corpus: 3449, signal 146341/172354 (executing program) 2025/08/29 10:50:03 fetching corpus: 3499, signal 146849/172825 (executing program) 2025/08/29 10:50:04 fetching corpus: 3549, signal 147188/173290 (executing program) 2025/08/29 10:50:04 fetching corpus: 3599, signal 147785/173752 (executing program) 2025/08/29 10:50:04 fetching corpus: 3649, signal 148222/174245 (executing program) 2025/08/29 10:50:04 fetching corpus: 3699, signal 148754/174658 (executing program) 2025/08/29 10:50:04 fetching corpus: 3749, signal 149310/175068 (executing program) 2025/08/29 10:50:04 fetching corpus: 3799, signal 149786/175487 (executing program) 2025/08/29 10:50:04 fetching corpus: 3849, signal 150384/175862 (executing program) 2025/08/29 10:50:04 fetching corpus: 3899, signal 150857/176242 (executing program) 2025/08/29 10:50:04 fetching corpus: 3949, signal 151358/176614 (executing program) 2025/08/29 10:50:04 fetching corpus: 3999, signal 152078/177201 (executing program) 2025/08/29 10:50:04 fetching corpus: 4049, signal 153061/177629 (executing program) 2025/08/29 10:50:05 fetching corpus: 4099, signal 153567/178013 (executing program) 2025/08/29 10:50:05 fetching corpus: 4149, signal 154037/178325 (executing program) 2025/08/29 10:50:05 fetching corpus: 4199, signal 154499/178687 (executing program) 2025/08/29 10:50:05 fetching corpus: 4249, signal 155080/179000 (executing program) 2025/08/29 10:50:05 fetching corpus: 4299, signal 155513/179257 (executing program) 2025/08/29 10:50:05 fetching corpus: 4349, signal 156182/179276 (executing program) 2025/08/29 10:50:05 fetching corpus: 4399, signal 156707/179292 (executing program) 2025/08/29 10:50:05 fetching corpus: 4449, signal 157200/179306 (executing program) 2025/08/29 10:50:05 fetching corpus: 4499, signal 157522/179317 (executing program) 2025/08/29 10:50:05 fetching corpus: 4549, signal 158053/179332 (executing program) 2025/08/29 10:50:05 fetching corpus: 4599, signal 158408/179345 (executing program) 2025/08/29 10:50:05 fetching corpus: 4649, signal 158849/179365 (executing program) 2025/08/29 10:50:06 fetching corpus: 4699, signal 159137/179373 (executing program) 2025/08/29 10:50:06 fetching corpus: 4749, signal 159522/179386 (executing program) 2025/08/29 10:50:06 fetching corpus: 4799, signal 159963/179388 (executing program) 2025/08/29 10:50:06 fetching corpus: 4849, signal 160323/179390 (executing program) 2025/08/29 10:50:06 fetching corpus: 4899, signal 160737/179398 (executing program) 2025/08/29 10:50:06 fetching corpus: 4949, signal 161340/179413 (executing program) 2025/08/29 10:50:06 fetching corpus: 4999, signal 161749/179426 (executing program) 2025/08/29 10:50:06 fetching corpus: 5049, signal 162221/179426 (executing program) 2025/08/29 10:50:06 fetching corpus: 5099, signal 162689/179437 (executing program) 2025/08/29 10:50:06 fetching corpus: 5149, signal 163061/179448 (executing program) 2025/08/29 10:50:06 fetching corpus: 5199, signal 163382/179454 (executing program) 2025/08/29 10:50:06 fetching corpus: 5249, signal 163894/179467 (executing program) 2025/08/29 10:50:07 fetching corpus: 5299, signal 164247/179481 (executing program) 2025/08/29 10:50:07 fetching corpus: 5349, signal 164673/179506 (executing program) 2025/08/29 10:50:07 fetching corpus: 5399, signal 165153/179524 (executing program) 2025/08/29 10:50:07 fetching corpus: 5449, signal 165565/179563 (executing program) 2025/08/29 10:50:07 fetching corpus: 5499, signal 165839/179573 (executing program) 2025/08/29 10:50:07 fetching corpus: 5549, signal 166166/179577 (executing program) 2025/08/29 10:50:07 fetching corpus: 5599, signal 166779/179586 (executing program) 2025/08/29 10:50:07 fetching corpus: 5649, signal 167117/179587 (executing program) 2025/08/29 10:50:07 fetching corpus: 5699, signal 167571/179596 (executing program) 2025/08/29 10:50:07 fetching corpus: 5749, signal 167904/179602 (executing program) 2025/08/29 10:50:08 fetching corpus: 5799, signal 168441/179726 (executing program) 2025/08/29 10:50:08 fetching corpus: 5849, signal 168663/179728 (executing program) 2025/08/29 10:50:08 fetching corpus: 5899, signal 168970/179740 (executing program) 2025/08/29 10:50:08 fetching corpus: 5949, signal 169387/179747 (executing program) 2025/08/29 10:50:08 fetching corpus: 5999, signal 170024/179763 (executing program) 2025/08/29 10:50:08 fetching corpus: 6049, signal 170457/179810 (executing program) 2025/08/29 10:50:08 fetching corpus: 6099, signal 170684/179821 (executing program) 2025/08/29 10:50:08 fetching corpus: 6149, signal 170921/179844 (executing program) 2025/08/29 10:50:08 fetching corpus: 6199, signal 171559/179855 (executing program) 2025/08/29 10:50:08 fetching corpus: 6249, signal 172993/179883 (executing program) 2025/08/29 10:50:09 fetching corpus: 6299, signal 173477/179914 (executing program) 2025/08/29 10:50:09 fetching corpus: 6349, signal 173819/179924 (executing program) 2025/08/29 10:50:09 fetching corpus: 6399, signal 174048/179952 (executing program) 2025/08/29 10:50:09 fetching corpus: 6449, signal 174373/179959 (executing program) 2025/08/29 10:50:09 fetching corpus: 6499, signal 174635/179977 (executing program) 2025/08/29 10:50:09 fetching corpus: 6549, signal 175133/179981 (executing program) 2025/08/29 10:50:09 fetching corpus: 6599, signal 175367/179988 (executing program) 2025/08/29 10:50:09 fetching corpus: 6649, signal 175637/179990 (executing program) 2025/08/29 10:50:09 fetching corpus: 6699, signal 175875/179998 (executing program) 2025/08/29 10:50:09 fetching corpus: 6749, signal 176225/180001 (executing program) 2025/08/29 10:50:09 fetching corpus: 6799, signal 176520/180005 (executing program) 2025/08/29 10:50:09 fetching corpus: 6831, signal 176736/180008 (executing program) 2025/08/29 10:50:09 fetching corpus: 6831, signal 176736/180008 (executing program) 2025/08/29 10:50:12 starting 8 fuzzer processes 10:50:12 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)) mount(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x2092020, &(0x7f0000000500)='huge=,ever') 10:50:12 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r1) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x60, r2, 0x425, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vcan0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:fuse_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @dev}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0x60}}, 0x0) 10:50:12 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x5}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 10:50:12 executing program 2: mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) 10:50:12 executing program 3: perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x401) write$evdev(r0, &(0x7f0000000200)=[{{0x77359400}}], 0x18) 10:50:12 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) 10:50:12 executing program 5: r0 = getpid() tkill(r0, 0x41) 10:50:12 executing program 6: eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r1 = memfd_create(&(0x7f00000001c0)='}}\xb3*[\\!+{\'${/\\\x00', 0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) [ 85.639016] audit: type=1400 audit(1756464612.541:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 86.797116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.801083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.802840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.807234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.809913] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.857675] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.860402] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.868473] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.870111] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.876068] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.879004] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.880569] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.882643] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.885309] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.888183] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.890354] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.898903] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.902404] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.905653] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.907066] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.908835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.925351] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.928521] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.944917] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.952585] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.954265] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 86.966373] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 86.968369] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 86.971962] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.980556] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 86.984247] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 86.984334] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.990607] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 86.992806] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 86.997377] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.998573] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.021425] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.021638] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.034349] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.062348] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.893892] Bluetooth: hci0: command tx timeout [ 88.957079] Bluetooth: hci2: command tx timeout [ 88.958077] Bluetooth: hci3: command tx timeout [ 89.021375] Bluetooth: hci1: command tx timeout [ 89.022469] Bluetooth: hci4: command tx timeout [ 89.085169] Bluetooth: hci5: command tx timeout [ 89.149093] Bluetooth: hci7: command tx timeout [ 89.150019] Bluetooth: hci6: command tx timeout [ 90.942114] Bluetooth: hci0: command tx timeout [ 91.005033] Bluetooth: hci3: command tx timeout [ 91.005471] Bluetooth: hci2: command tx timeout [ 91.069047] Bluetooth: hci1: command tx timeout [ 91.069463] Bluetooth: hci4: command tx timeout [ 91.133013] Bluetooth: hci5: command tx timeout [ 91.197009] Bluetooth: hci6: command tx timeout [ 91.197426] Bluetooth: hci7: command tx timeout [ 92.989048] Bluetooth: hci0: command tx timeout [ 93.053104] Bluetooth: hci2: command tx timeout [ 93.053562] Bluetooth: hci3: command tx timeout [ 93.117211] Bluetooth: hci4: command tx timeout [ 93.117647] Bluetooth: hci1: command tx timeout [ 93.180966] Bluetooth: hci5: command tx timeout [ 93.244992] Bluetooth: hci7: command tx timeout [ 93.245411] Bluetooth: hci6: command tx timeout [ 95.037095] Bluetooth: hci0: command tx timeout [ 95.101084] Bluetooth: hci3: command tx timeout [ 95.101513] Bluetooth: hci2: command tx timeout [ 95.165952] Bluetooth: hci1: command tx timeout [ 95.166402] Bluetooth: hci4: command tx timeout [ 95.230954] Bluetooth: hci5: command tx timeout [ 95.293120] Bluetooth: hci6: command tx timeout [ 95.293580] Bluetooth: hci7: command tx timeout [ 122.984526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.985220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.165891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.166535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:50:50 executing program 5: r0 = getpid() tkill(r0, 0x41) [ 123.587987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.588575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:50:50 executing program 5: r0 = getpid() tkill(r0, 0x41) 10:50:50 executing program 5: r0 = getpid() tkill(r0, 0x41) [ 123.783967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.784553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:50:50 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)}, 0x18142) [ 124.005058] audit: type=1400 audit(1756464650.907:8): avc: denied { open } for pid=3830 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.019043] audit: type=1400 audit(1756464650.907:9): avc: denied { kernel } for pid=3830 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.093165] tmpfs: Bad value for 'huge' [ 124.402968] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.403591] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.547855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.548954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.623548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.624190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.642959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.643519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.758504] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.759598] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.799459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.800419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.909689] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.910425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.002190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.002802] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.046516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.047427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.120803] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.121912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.191351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.191981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.289745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.290365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.397387] audit: type=1326 audit(1756464652.300:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3899 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6be673eb19 code=0x0 [ 125.447025] audit: type=1326 audit(1756464652.349:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3899 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=3 compat=0 ip=0x7f6be66f172b code=0x0 10:50:52 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$CDROM_SEND_PACKET(r0, 0x5312, 0x0) 10:50:52 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001480)}, 0x18142) 10:50:52 executing program 2: mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) 10:50:52 executing program 6: eventfd2(0x0, 0x0) io_setup(0x2, &(0x7f0000000080)=0x0) r1 = memfd_create(&(0x7f00000001c0)='}}\xb3*[\\!+{\'${/\\\x00', 0x0) io_submit(r0, 0x1, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 10:50:52 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)) mount(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x2092020, &(0x7f0000000500)='huge=,ever') 10:50:52 executing program 1: sigaltstack(&(0x7f0000ffe000/0x2000)=nil, 0x0) move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil], &(0x7f0000000080), &(0x7f00000000c0), 0x0) 10:50:52 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) 10:50:52 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x5}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 10:50:52 executing program 2: mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14) 10:50:52 executing program 1: sigaltstack(&(0x7f0000ffe000/0x2000)=nil, 0x0) move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil], &(0x7f0000000080), &(0x7f00000000c0), 0x0) 10:50:52 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$CDROM_SEND_PACKET(r0, 0x5312, 0x0) [ 125.583458] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 125.584380] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 125.585062] CPU: 0 UID: 0 PID: 3921 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.586799] Tainted: [W]=WARN [ 125.587712] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.589659] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.591008] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.594382] RSP: 0018:ffff888046897600 EFLAGS: 00010212 [ 125.595357] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900034a4000 [ 125.595920] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 125.596481] RBP: ffff888046897870 R08: ffff88806ce31340 R09: ffffe8ffffc16138 [ 125.597044] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 125.597606] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 125.598173] FS: 00007f3483327700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.598810] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.599283] CR2: 000055557329fc18 CR3: 000000000e414000 CR4: 0000000000350ef0 [ 125.599848] Call Trace: [ 125.600060] [ 125.600255] ? __pfx_perf_tp_event+0x10/0x10 [ 125.600638] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.601044] perf_trace_run_bpf_submit+0xef/0x180 [ 125.601439] perf_trace_lock_acquire+0x3c2/0x700 [ 125.601831] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 125.602256] ? futex_ref_get+0x48/0x300 [ 125.602576] ? find_held_lock+0x2b/0x80 [ 125.602905] lock_acquire+0xc5/0x2f0 [ 125.603220] ? futex_wait_setup+0xbe/0x550 [ 125.603570] _raw_spin_lock+0x2b/0x40 [ 125.603885] ? futex_wait_setup+0xbe/0x550 [ 125.604229] futex_wait_setup+0xbe/0x550 [ 125.604565] __futex_wait+0x151/0x300 [ 125.604880] ? __pfx___futex_wait+0x10/0x10 [ 125.605229] ? __pfx_futex_wake_mark+0x10/0x10 [ 125.605611] futex_wait+0xde/0x380 [ 125.605906] ? __pfx_futex_wait+0x10/0x10 [ 125.606246] ? __lock_acquire+0x694/0x1b70 [ 125.606586] ? perf_trace_lock_acquire+0xc9/0x700 [ 125.606977] ? perf_trace_lock_acquire+0xc9/0x700 [ 125.607388] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 125.607810] do_futex+0x2ee/0x370 [ 125.608098] ? __pfx_do_futex+0x10/0x10 [ 125.608418] ? do_raw_spin_lock+0x123/0x260 [ 125.608771] __x64_sys_futex+0x1c9/0x4d0 [ 125.609102] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 125.609523] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.609893] ? kcov_ioctl+0x386/0x6c0 [ 125.610210] ? fput+0x6a/0x100 [ 125.610482] do_syscall_64+0xbf/0x360 [ 125.610789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.611210] RIP: 0033:0x7f3485db1b19 [ 125.611508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.612944] RSP: 002b:00007f3483327218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.613549] RAX: ffffffffffffffda RBX: 00007f3485ec4f68 RCX: 00007f3485db1b19 [ 125.614117] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3485ec4f68 [ 125.614676] RBP: 00007f3485ec4f60 R08: 00007f3483327700 R09: 0000000000000000 [ 125.615251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3485ec4f6c [ 125.615817] R13: 00007ffdd1c0adef R14: 00007f3483327300 R15: 0000000000022000 [ 125.616394] [ 125.616580] Modules linked in: [ 125.616844] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 125.618738] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 125.619902] CPU: 1 UID: 0 PID: 3914 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.621749] Tainted: [D]=DIE, [W]=WARN [ 125.622371] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.623597] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.624308] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.626961] RSP: 0018:ffff888017c5f7c0 EFLAGS: 00010212 [ 125.627753] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 125.628787] RDX: ffff888013da8000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 125.629837] RBP: ffff888017c5fa30 R08: ffff88806cf31340 R09: ffffe8ffffd16138 [ 125.630879] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 125.631937] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 125.632978] FS: 000055555fe2f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 125.634177] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.635026] CR2: 000055555fe30c18 CR3: 000000000d988000 CR4: 0000000000350ef0 [ 125.636108] Call Trace: [ 125.636494] [ 125.636857] ? __pfx_perf_tp_event+0x10/0x10 [ 125.637561] ? cpu_util.constprop.0+0x17d/0x340 [ 125.638298] ? __asan_memset+0x24/0x50 [ 125.638887] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 125.639711] ? lock_release+0x1c7/0x290 [ 125.640334] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 125.641223] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.641983] ? trace_pelt_se_tp+0xdf/0x130 [ 125.642624] perf_trace_run_bpf_submit+0xef/0x180 [ 125.643381] perf_trace_lock_acquire+0x3c2/0x700 [ 125.644115] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 125.644914] lock_acquire+0xc5/0x2f0 [ 125.645526] ? futex_private_hash_put+0x4c/0x2d0 [ 125.646237] ? lock_release+0x1c7/0x290 [ 125.646826] futex_private_hash_put+0x5d/0x2d0 [ 125.647502] ? futex_private_hash_put+0x4c/0x2d0 [ 125.648219] futex_hash_put+0x3f/0x50 [ 125.648799] futex_wake+0x1bb/0x540 [ 125.649367] ? kernel_clone+0x204/0x7f0 [ 125.649969] ? __pfx_futex_wake+0x10/0x10 [ 125.650596] ? __pfx_kernel_clone+0x10/0x10 [ 125.651259] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 125.652045] ? __pfx___handle_mm_fault+0x10/0x10 [ 125.652767] do_futex+0x26d/0x370 [ 125.653305] ? __pfx_do_futex+0x10/0x10 [ 125.653909] ? __pfx___do_sys_clone+0x10/0x10 [ 125.654582] ? count_memcg_events+0x32b/0x420 [ 125.655276] __x64_sys_futex+0x1c9/0x4d0 [ 125.655888] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.656587] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 125.657381] do_syscall_64+0xbf/0x360 [ 125.657961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.658728] RIP: 0033:0x7f80f89a1b19 [ 125.659299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.661955] RSP: 002b:00007ffeb5464468 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.663069] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80f89a1b19 [ 125.664118] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f80f8ab4f68 [ 125.665153] RBP: 00007f80f8ab4f60 R08: 00007f80f5f17700 R09: 0000000000000000 [ 125.666209] R10: 00007f80f5f17700 R11: 0000000000000246 R12: 00007f80f8ab9060 [ 125.667262] R13: 00007ffeb5464570 R14: 00007f80f8ab4f60 R15: 000000000001e9f4 [ 125.668329] [ 125.668715] Modules linked in: [ 125.669214] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 125.670091] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 125.670753] CPU: 0 UID: 0 PID: 3921 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.671700] Tainted: [D]=DIE, [W]=WARN [ 125.672004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.672642] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.673015] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.674440] RSP: 0018:ffff88806ce08a40 EFLAGS: 00010012 [ 125.674860] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 125.675426] RDX: ffff88800e650000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 125.675985] RBP: ffff88806ce08cb0 R08: ffff88806ce31490 R09: ffffe8ffffc16138 [ 125.676541] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 125.677096] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000 [ 125.677660] FS: 00007f3483327700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.678286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.678744] CR2: 000055557329fc18 CR3: 000000000e414000 CR4: 0000000000350ef0 [ 125.679320] Call Trace: [ 125.679526] [ 125.679707] ? __kernel_text_address+0xd/0x40 [ 125.680073] ? __pfx_perf_tp_event+0x10/0x10 [ 125.680430] ? perf_trace_lock_acquire+0xc9/0x700 [ 125.680817] ? __lock_acquire+0x694/0x1b70 [ 125.681156] ? trace_softirq_raise+0xbe/0x100 [ 125.681524] ? lock_acquire+0x15e/0x2f0 [ 125.681843] ? select_task_rq_fair+0x2b6/0x38b0 [ 125.682218] ? find_held_lock+0x2b/0x80 [ 125.682543] ? select_task_rq_fair+0x48c/0x38b0 [ 125.682917] ? __pfx_call_function_single_prep_ipi+0x10/0x10 [ 125.683385] ? trace_ipi_send_cpu.constprop.0+0x158/0x1c0 [ 125.683828] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.684230] perf_trace_run_bpf_submit+0xef/0x180 [ 125.684622] perf_trace_lock_acquire+0x3c2/0x700 [ 125.684999] ? do_raw_spin_unlock+0x53/0x220 [ 125.685356] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 125.685774] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.686147] ? __pfx_try_to_wake_up+0x10/0x10 [ 125.686517] lock_acquire+0xc5/0x2f0 [ 125.686821] ? sched_ttwu_pending+0xa1/0x4a0 [ 125.687184] ? trace_rcu_utilization+0x26/0x190 [ 125.687558] ? rcu_core+0xa98/0x1800 [ 125.687863] _raw_spin_lock_nested+0x29/0x40 [ 125.688216] ? sched_ttwu_pending+0xa1/0x4a0 [ 125.688569] sched_ttwu_pending+0xa1/0x4a0 [ 125.688909] ? __pfx_rcu_core+0x10/0x10 [ 125.689227] ? clockevents_program_event+0x135/0x360 [ 125.689640] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 125.690027] ? mark_held_locks+0x49/0x80 [ 125.690354] __flush_smp_call_function_queue+0x434/0x740 [ 125.690786] __sysvec_call_function_single+0x6d/0x370 [ 125.691216] sysvec_call_function_single+0xa1/0xc0 [ 125.691606] [ 125.691791] [ 125.691977] asm_sysvec_call_function_single+0x1a/0x20 [ 125.692405] RIP: 0010:oops_exit+0x0/0x50 [ 125.692748] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 125.694205] RSP: 0018:ffff888046897490 EFLAGS: 00000202 [ 125.694644] RAX: 00000000000269fe RBX: 0000000000000216 RCX: ffffc900034a4000 [ 125.695248] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 125.695837] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 125.696432] R10: 0000000000000000 R11: 000000000000002c R12: ffff888046897558 [ 125.697018] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 125.697611] ? oops_end+0x4a/0xe0 [ 125.697910] oops_end+0x65/0xe0 [ 125.698194] exc_general_protection+0x1a2/0x330 [ 125.698593] asm_exc_general_protection+0x26/0x30 [ 125.698993] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.699399] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.700873] RSP: 0018:ffff888046897600 EFLAGS: 00010212 [ 125.701317] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900034a4000 [ 125.701909] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 125.702489] RBP: ffff888046897870 R08: ffff88806ce31340 R09: ffffe8ffffc16138 [ 125.703080] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 125.703647] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 125.704199] ? perf_tp_event+0x167/0xe70 [ 125.704526] ? __pfx_perf_tp_event+0x10/0x10 [ 125.704894] ? perf_trace_run_bpf_submit+0xef/0x180 [ 125.705284] perf_trace_run_bpf_submit+0xef/0x180 [ 125.705664] perf_trace_lock_acquire+0x3c2/0x700 [ 125.706038] ? __pfx_perf_trace_lock_acquire+0x10/0x10 [ 125.706447] ? futex_ref_get+0x48/0x300 [ 125.706757] ? find_held_lock+0x2b/0x80 [ 125.707081] lock_acquire+0xc5/0x2f0 [ 125.707374] ? futex_wait_setup+0xbe/0x550 [ 125.707711] _raw_spin_lock+0x2b/0x40 [ 125.708009] ? futex_wait_setup+0xbe/0x550 [ 125.708345] futex_wait_setup+0xbe/0x550 [ 125.708668] __futex_wait+0x151/0x300 [ 125.708969] ? __pfx___futex_wait+0x10/0x10 [ 125.709309] ? __pfx_futex_wake_mark+0x10/0x10 [ 125.709676] futex_wait+0xde/0x380 [ 125.709960] ? __pfx_futex_wait+0x10/0x10 [ 125.710288] ? __lock_acquire+0x694/0x1b70 [ 125.710619] ? perf_trace_lock_acquire+0xc9/0x700 [ 125.710998] ? perf_trace_lock_acquire+0xc9/0x700 [ 125.711387] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 125.711793] do_futex+0x2ee/0x370 [ 125.712068] ? __pfx_do_futex+0x10/0x10 [ 125.712380] ? do_raw_spin_lock+0x123/0x260 [ 125.712719] __x64_sys_futex+0x1c9/0x4d0 [ 125.713039] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 125.713444] ? __pfx___x64_sys_futex+0x10/0x10 [ 125.713801] ? kcov_ioctl+0x386/0x6c0 [ 125.714100] ? fput+0x6a/0x100 [ 125.714362] do_syscall_64+0xbf/0x360 [ 125.714660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.715066] RIP: 0033:0x7f3485db1b19 [ 125.715356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.716734] RSP: 002b:00007f3483327218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.717322] RAX: ffffffffffffffda RBX: 00007f3485ec4f68 RCX: 00007f3485db1b19 [ 125.717868] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3485ec4f68 [ 125.718442] RBP: 00007f3485ec4f60 R08: 00007f3483327700 R09: 0000000000000000 [ 125.719025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3485ec4f6c [ 125.719619] R13: 00007ffdd1c0adef R14: 00007f3483327300 R15: 0000000000022000 [ 125.720212] [ 125.720409] Modules linked in: [ 125.720678] ---[ end trace 0000000000000000 ]--- [ 125.720681] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 125.721060] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.722618] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 125.722995] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.724074] CPU: 1 UID: 0 PID: 3914 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 125.725522] RSP: 0018:ffff888046897600 EFLAGS: 00010212 [ 125.727175] Tainted: [D]=DIE, [W]=WARN [ 125.727600] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900034a4000 [ 125.728148] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 125.728722] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 125.729857] RIP: 0010:perf_tp_event+0x175/0xe70 [ 125.730439] RBP: ffff888046897870 R08: ffff88806ce31340 R09: ffffe8ffffc16138 [ 125.731109] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 125.731668] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000 [ 125.734195] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 125.734750] R13: 0000000000000024 R14: ffff88806ce31340 R15: dffffc0000000000 [ 125.734754] [ 125.734763] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 125.735197] FS: 00007f3483327700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 125.736185] RDX: ffff888013da8000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 125.736333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.737336] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16138 [ 125.737999] CR2: 000055557329fc18 CR3: 000000000e414000 CR4: 0000000000350ef0 [ 125.738991] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000 [ 125.739479] Kernel panic - not syncing: Fatal exception in interrupt [ 126.783944] Shutting down cpus with NMI [ 126.796593] Kernel Offset: disabled [ 126.796896] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:50:52 Registers: info registers vcpu 0 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888046896f58 R8 =0000000000000000 R9 =ffffed100141d046 R10=0000000000000037 R11=000000000000002c R12=0000000000000037 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3483327700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055557329fc18 CR3=000000000e414000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f3485e987c000007f3485e987c8 XMM02=00007f3485e987e000007f3485e987c0 XMM03=00007f3485e987c800007f3485e987c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=fffffbfff0f0ec09 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=fffffbfff0f0ec08 RSP=ffff888017c5f558 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11002f8beaf R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888017c5f5a8 RIP=ffffffff81aff057 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555fe2f400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555fe30c18 CR3=000000000d988000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f80f8a887c000007f80f8a887c8 XMM02=00007f80f8a887e000007f80f8a887c0 XMM03=00007f80f8a887c800007f80f8a887c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000