Warning: Permanently added '[localhost]:60144' (ECDSA) to the list of known hosts. 2025/08/29 10:50:55 fuzzer started 2025/08/29 10:50:56 dialing manager at localhost:43077 syzkaller login: [ 50.289575] cgroup: Unknown subsys name 'net' [ 50.386687] cgroup: Unknown subsys name 'cpuset' [ 50.402175] cgroup: Unknown subsys name 'rlimit' 2025/08/29 10:51:06 syscalls: 2214 2025/08/29 10:51:06 code coverage: enabled 2025/08/29 10:51:06 comparison tracing: enabled 2025/08/29 10:51:06 extra coverage: enabled 2025/08/29 10:51:06 setuid sandbox: enabled 2025/08/29 10:51:06 namespace sandbox: enabled 2025/08/29 10:51:06 Android sandbox: enabled 2025/08/29 10:51:06 fault injection: enabled 2025/08/29 10:51:06 leak checking: enabled 2025/08/29 10:51:06 net packet injection: enabled 2025/08/29 10:51:06 net device setup: enabled 2025/08/29 10:51:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 10:51:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 10:51:06 USB emulation: enabled 2025/08/29 10:51:06 hci packet injection: enabled 2025/08/29 10:51:06 wifi device emulation: enabled 2025/08/29 10:51:06 802.15.4 emulation: enabled 2025/08/29 10:51:06 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 10:51:06 fetching corpus: 50, signal 23837/27312 (executing program) 2025/08/29 10:51:06 fetching corpus: 100, signal 36457/41266 (executing program) 2025/08/29 10:51:06 fetching corpus: 150, signal 46059/52020 (executing program) 2025/08/29 10:51:06 fetching corpus: 200, signal 49612/56847 (executing program) 2025/08/29 10:51:07 fetching corpus: 250, signal 54848/63180 (executing program) 2025/08/29 10:51:07 fetching corpus: 300, signal 58199/67639 (executing program) 2025/08/29 10:51:07 fetching corpus: 350, signal 63625/73954 (executing program) 2025/08/29 10:51:07 fetching corpus: 400, signal 67185/78498 (executing program) 2025/08/29 10:51:07 fetching corpus: 450, signal 70665/82888 (executing program) 2025/08/29 10:51:07 fetching corpus: 500, signal 73757/86803 (executing program) 2025/08/29 10:51:07 fetching corpus: 550, signal 75529/89513 (executing program) 2025/08/29 10:51:08 fetching corpus: 600, signal 78362/93069 (executing program) 2025/08/29 10:51:08 fetching corpus: 650, signal 80300/95868 (executing program) 2025/08/29 10:51:08 fetching corpus: 700, signal 82271/98555 (executing program) 2025/08/29 10:51:08 fetching corpus: 750, signal 84501/101475 (executing program) 2025/08/29 10:51:08 fetching corpus: 800, signal 86318/104019 (executing program) 2025/08/29 10:51:08 fetching corpus: 850, signal 88310/106650 (executing program) 2025/08/29 10:51:08 fetching corpus: 900, signal 90094/109070 (executing program) 2025/08/29 10:51:08 fetching corpus: 950, signal 92435/111922 (executing program) 2025/08/29 10:51:08 fetching corpus: 1000, signal 94617/114590 (executing program) 2025/08/29 10:51:08 fetching corpus: 1050, signal 96318/116792 (executing program) 2025/08/29 10:51:09 fetching corpus: 1100, signal 99328/119982 (executing program) 2025/08/29 10:51:09 fetching corpus: 1150, signal 100858/122019 (executing program) 2025/08/29 10:51:09 fetching corpus: 1200, signal 102985/124416 (executing program) 2025/08/29 10:51:09 fetching corpus: 1250, signal 104017/126030 (executing program) 2025/08/29 10:51:09 fetching corpus: 1300, signal 106008/128288 (executing program) 2025/08/29 10:51:09 fetching corpus: 1350, signal 108373/130728 (executing program) 2025/08/29 10:51:09 fetching corpus: 1400, signal 109352/132221 (executing program) 2025/08/29 10:51:09 fetching corpus: 1450, signal 110360/133697 (executing program) 2025/08/29 10:51:09 fetching corpus: 1500, signal 111412/135161 (executing program) 2025/08/29 10:51:10 fetching corpus: 1550, signal 113114/137038 (executing program) 2025/08/29 10:51:10 fetching corpus: 1600, signal 114331/138538 (executing program) 2025/08/29 10:51:10 fetching corpus: 1650, signal 115192/139782 (executing program) 2025/08/29 10:51:10 fetching corpus: 1700, signal 116752/141385 (executing program) 2025/08/29 10:51:10 fetching corpus: 1750, signal 117609/142623 (executing program) 2025/08/29 10:51:10 fetching corpus: 1800, signal 118869/144058 (executing program) 2025/08/29 10:51:10 fetching corpus: 1850, signal 120075/145411 (executing program) 2025/08/29 10:51:10 fetching corpus: 1900, signal 120988/146613 (executing program) 2025/08/29 10:51:10 fetching corpus: 1950, signal 121806/147715 (executing program) 2025/08/29 10:51:10 fetching corpus: 2000, signal 122952/149013 (executing program) 2025/08/29 10:51:11 fetching corpus: 2050, signal 124140/150240 (executing program) 2025/08/29 10:51:11 fetching corpus: 2100, signal 125370/151454 (executing program) 2025/08/29 10:51:11 fetching corpus: 2150, signal 126802/152786 (executing program) 2025/08/29 10:51:11 fetching corpus: 2200, signal 127929/153911 (executing program) 2025/08/29 10:51:11 fetching corpus: 2250, signal 128659/154862 (executing program) 2025/08/29 10:51:11 fetching corpus: 2300, signal 130084/156128 (executing program) 2025/08/29 10:51:11 fetching corpus: 2350, signal 130948/157073 (executing program) 2025/08/29 10:51:11 fetching corpus: 2400, signal 131698/157956 (executing program) 2025/08/29 10:51:11 fetching corpus: 2450, signal 132454/158813 (executing program) 2025/08/29 10:51:11 fetching corpus: 2500, signal 133011/159603 (executing program) 2025/08/29 10:51:11 fetching corpus: 2550, signal 133564/160338 (executing program) 2025/08/29 10:51:12 fetching corpus: 2600, signal 134053/161083 (executing program) 2025/08/29 10:51:12 fetching corpus: 2650, signal 134781/161933 (executing program) 2025/08/29 10:51:12 fetching corpus: 2700, signal 135460/162686 (executing program) 2025/08/29 10:51:12 fetching corpus: 2750, signal 136198/163421 (executing program) 2025/08/29 10:51:12 fetching corpus: 2800, signal 137049/164186 (executing program) 2025/08/29 10:51:12 fetching corpus: 2850, signal 137578/164792 (executing program) 2025/08/29 10:51:12 fetching corpus: 2900, signal 138373/165541 (executing program) 2025/08/29 10:51:12 fetching corpus: 2950, signal 138969/166183 (executing program) 2025/08/29 10:51:12 fetching corpus: 3000, signal 139748/167016 (executing program) 2025/08/29 10:51:12 fetching corpus: 3050, signal 140579/167739 (executing program) 2025/08/29 10:51:13 fetching corpus: 3100, signal 141713/168565 (executing program) 2025/08/29 10:51:13 fetching corpus: 3150, signal 142289/169160 (executing program) 2025/08/29 10:51:13 fetching corpus: 3200, signal 142826/169710 (executing program) 2025/08/29 10:51:13 fetching corpus: 3250, signal 143379/170325 (executing program) 2025/08/29 10:51:13 fetching corpus: 3300, signal 144150/170904 (executing program) 2025/08/29 10:51:13 fetching corpus: 3350, signal 144712/171434 (executing program) 2025/08/29 10:51:13 fetching corpus: 3400, signal 145521/172003 (executing program) 2025/08/29 10:51:13 fetching corpus: 3450, signal 146280/172591 (executing program) 2025/08/29 10:51:13 fetching corpus: 3500, signal 146873/173073 (executing program) 2025/08/29 10:51:13 fetching corpus: 3550, signal 147228/173539 (executing program) 2025/08/29 10:51:13 fetching corpus: 3600, signal 147931/174029 (executing program) 2025/08/29 10:51:14 fetching corpus: 3650, signal 148436/174448 (executing program) 2025/08/29 10:51:14 fetching corpus: 3700, signal 148996/174905 (executing program) 2025/08/29 10:51:14 fetching corpus: 3750, signal 149480/175299 (executing program) 2025/08/29 10:51:14 fetching corpus: 3800, signal 149966/175735 (executing program) 2025/08/29 10:51:14 fetching corpus: 3850, signal 150457/176143 (executing program) 2025/08/29 10:51:14 fetching corpus: 3900, signal 151143/176553 (executing program) 2025/08/29 10:51:14 fetching corpus: 3950, signal 151778/176955 (executing program) 2025/08/29 10:51:14 fetching corpus: 4000, signal 152533/177372 (executing program) 2025/08/29 10:51:14 fetching corpus: 4050, signal 152843/177722 (executing program) 2025/08/29 10:51:14 fetching corpus: 4100, signal 153381/178043 (executing program) 2025/08/29 10:51:14 fetching corpus: 4150, signal 153949/178358 (executing program) 2025/08/29 10:51:14 fetching corpus: 4200, signal 154298/178667 (executing program) 2025/08/29 10:51:15 fetching corpus: 4250, signal 154882/178981 (executing program) 2025/08/29 10:51:15 fetching corpus: 4300, signal 155282/179264 (executing program) 2025/08/29 10:51:15 fetching corpus: 4350, signal 155722/179294 (executing program) 2025/08/29 10:51:15 fetching corpus: 4400, signal 156314/179306 (executing program) 2025/08/29 10:51:15 fetching corpus: 4450, signal 156792/179354 (executing program) 2025/08/29 10:51:15 fetching corpus: 4500, signal 157272/179363 (executing program) 2025/08/29 10:51:15 fetching corpus: 4550, signal 157658/179373 (executing program) 2025/08/29 10:51:15 fetching corpus: 4600, signal 158037/179387 (executing program) 2025/08/29 10:51:15 fetching corpus: 4650, signal 158680/179388 (executing program) 2025/08/29 10:51:15 fetching corpus: 4700, signal 159061/179389 (executing program) 2025/08/29 10:51:15 fetching corpus: 4750, signal 159579/179397 (executing program) 2025/08/29 10:51:16 fetching corpus: 4800, signal 159998/179432 (executing program) 2025/08/29 10:51:16 fetching corpus: 4850, signal 160509/179527 (executing program) 2025/08/29 10:51:16 fetching corpus: 4900, signal 160721/179532 (executing program) 2025/08/29 10:51:16 fetching corpus: 4950, signal 161205/179544 (executing program) 2025/08/29 10:51:16 fetching corpus: 5000, signal 161659/179558 (executing program) 2025/08/29 10:51:16 fetching corpus: 5050, signal 162403/179608 (executing program) 2025/08/29 10:51:16 fetching corpus: 5100, signal 162741/179619 (executing program) 2025/08/29 10:51:16 fetching corpus: 5150, signal 163010/179631 (executing program) 2025/08/29 10:51:16 fetching corpus: 5200, signal 163441/179697 (executing program) 2025/08/29 10:51:16 fetching corpus: 5250, signal 164070/179698 (executing program) 2025/08/29 10:51:17 fetching corpus: 5300, signal 165711/179748 (executing program) 2025/08/29 10:51:17 fetching corpus: 5350, signal 166142/179770 (executing program) 2025/08/29 10:51:17 fetching corpus: 5400, signal 166446/179782 (executing program) 2025/08/29 10:51:17 fetching corpus: 5450, signal 166803/179805 (executing program) 2025/08/29 10:51:17 fetching corpus: 5500, signal 167125/179812 (executing program) 2025/08/29 10:51:17 fetching corpus: 5550, signal 167429/179833 (executing program) 2025/08/29 10:51:17 fetching corpus: 5600, signal 168006/179838 (executing program) 2025/08/29 10:51:17 fetching corpus: 5650, signal 168318/179842 (executing program) 2025/08/29 10:51:17 fetching corpus: 5700, signal 168570/179844 (executing program) 2025/08/29 10:51:17 fetching corpus: 5750, signal 168869/179855 (executing program) 2025/08/29 10:51:17 fetching corpus: 5800, signal 169207/179860 (executing program) 2025/08/29 10:51:17 fetching corpus: 5850, signal 169604/179864 (executing program) 2025/08/29 10:51:17 fetching corpus: 5900, signal 170123/179867 (executing program) 2025/08/29 10:51:18 fetching corpus: 5950, signal 170504/179867 (executing program) 2025/08/29 10:51:18 fetching corpus: 6000, signal 170908/179883 (executing program) 2025/08/29 10:51:18 fetching corpus: 6050, signal 171397/179901 (executing program) 2025/08/29 10:51:18 fetching corpus: 6100, signal 171818/179915 (executing program) 2025/08/29 10:51:18 fetching corpus: 6150, signal 172235/179923 (executing program) 2025/08/29 10:51:18 fetching corpus: 6200, signal 172485/179925 (executing program) 2025/08/29 10:51:18 fetching corpus: 6250, signal 172767/179925 (executing program) 2025/08/29 10:51:18 fetching corpus: 6300, signal 173006/179926 (executing program) 2025/08/29 10:51:18 fetching corpus: 6350, signal 173445/179926 (executing program) 2025/08/29 10:51:18 fetching corpus: 6400, signal 173829/179930 (executing program) 2025/08/29 10:51:18 fetching corpus: 6450, signal 174266/179940 (executing program) 2025/08/29 10:51:19 fetching corpus: 6500, signal 174590/179954 (executing program) 2025/08/29 10:51:19 fetching corpus: 6550, signal 174880/179960 (executing program) 2025/08/29 10:51:19 fetching corpus: 6600, signal 175287/179964 (executing program) 2025/08/29 10:51:19 fetching corpus: 6650, signal 175583/179965 (executing program) 2025/08/29 10:51:19 fetching corpus: 6700, signal 175960/179969 (executing program) 2025/08/29 10:51:19 fetching corpus: 6750, signal 176303/180007 (executing program) 2025/08/29 10:51:19 fetching corpus: 6800, signal 176539/180008 (executing program) 2025/08/29 10:51:19 fetching corpus: 6832, signal 176737/180010 (executing program) 2025/08/29 10:51:19 fetching corpus: 6832, signal 176737/180010 (executing program) 2025/08/29 10:51:21 starting 8 fuzzer processes 10:51:21 executing program 0: creat(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:51:21 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x600}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00') read$char_usb(r0, 0x0, 0x0) 10:51:21 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x301, 0x0) 10:51:22 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) clock_gettime(0x0, &(0x7f0000000180)) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 10:51:22 executing program 4: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) [ 76.159448] audit: type=1400 audit(1756464682.062:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:51:22 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000780)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x0, 0x0, {0x25}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}]}, 0x1c}}, 0x0) 10:51:22 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0xee01, 0x4000) 10:51:22 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000080)) [ 77.281459] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.286110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.287914] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.291338] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.295127] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.345115] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.352101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.358976] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.363129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.366532] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.417144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.435284] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.440066] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.444789] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.460614] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.613416] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.616070] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.622774] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.625563] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.632416] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.634113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.636885] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.640206] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.642659] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.643514] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.644432] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.647412] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.652366] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.653276] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.654331] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.655097] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.661752] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.663118] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.663417] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.668004] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.675229] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.677545] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.677601] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.691219] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.695396] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.314357] Bluetooth: hci0: command tx timeout [ 79.442869] Bluetooth: hci1: command tx timeout [ 79.505897] Bluetooth: hci2: command tx timeout [ 79.826864] Bluetooth: hci6: command tx timeout [ 79.827538] Bluetooth: hci3: command tx timeout [ 79.828041] Bluetooth: hci4: command tx timeout [ 79.828495] Bluetooth: hci7: command tx timeout [ 79.828980] Bluetooth: hci5: command tx timeout [ 81.362243] Bluetooth: hci0: command tx timeout [ 81.489850] Bluetooth: hci1: command tx timeout [ 81.553879] Bluetooth: hci2: command tx timeout [ 81.873891] Bluetooth: hci7: command tx timeout [ 81.874347] Bluetooth: hci5: command tx timeout [ 81.874725] Bluetooth: hci4: command tx timeout [ 81.875154] Bluetooth: hci3: command tx timeout [ 81.875534] Bluetooth: hci6: command tx timeout [ 83.409973] Bluetooth: hci0: command tx timeout [ 83.538831] Bluetooth: hci1: command tx timeout [ 83.602555] Bluetooth: hci2: command tx timeout [ 83.922423] Bluetooth: hci4: command tx timeout [ 83.922902] Bluetooth: hci7: command tx timeout [ 83.923296] Bluetooth: hci6: command tx timeout [ 83.923677] Bluetooth: hci3: command tx timeout [ 83.924195] Bluetooth: hci5: command tx timeout [ 85.457852] Bluetooth: hci0: command tx timeout [ 85.585923] Bluetooth: hci1: command tx timeout [ 85.650703] Bluetooth: hci2: command tx timeout [ 85.969991] Bluetooth: hci3: command tx timeout [ 85.970447] Bluetooth: hci5: command tx timeout [ 85.971696] Bluetooth: hci6: command tx timeout [ 85.972200] Bluetooth: hci7: command tx timeout [ 85.972247] Bluetooth: hci4: command tx timeout [ 115.402829] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.403498] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.604702] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.605922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.019399] audit: type=1400 audit(1756464721.921:8): avc: denied { open } for pid=3787 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.028531] audit: type=1400 audit(1756464721.921:9): avc: denied { kernel } for pid=3787 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:52:02 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0xee01, 0x4000) 10:52:02 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0xee01, 0x4000) 10:52:02 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0xee01, 0x4000) [ 116.383729] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.384333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.462197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.462815] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:52:02 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) 10:52:02 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) [ 116.615508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.616131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:52:02 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) 10:52:02 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) [ 116.789715] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.790927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:52:02 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) [ 116.914041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.914635] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.105156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.106376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.194167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.195492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.260964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.261554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.303083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.303674] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.356912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.357485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.599910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.600568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.707313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.707919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.752574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.753161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.799693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.800733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:52:04 executing program 3: syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0x7f}, {0x9, [{@none, 0x80, 0x2, "2571ac", 0x6, 0x1}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0x40, "f3e2f6", 0x69, 0x8}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6, 0xfc, "3a4303", 0x800, 0x5}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x3, 0x9, "d597d2", 0x6, 0x13}, {@any, 0x20, 0x0, "acc749", 0x5, 0x5a}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3, 0x2, "b88488", 0xa8c, 0x3}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x6, 0x1f, "cfc133", 0xa60e, 0x1}, {@any, 0x4, 0x5, "f76e7a", 0x2, 0xff}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x7f, 0x67, "a58ea6", 0xff, 0x6}]}}}, 0x82) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x27, 0xc8, {0x4, 0x5, 0x1, 0x2, 0x800}}}}, 0x17) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_req={{0x17, 0x40, 0xc}, {0x2, 0x6a7, 0x4, 0xff, [0x1, 0x6]}}}}, 0x19) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="030000502bbbe9325c2f4825ed4e2e792fdda73f228ffd7503c16d40f44ecf7770235540cb73eb566be07629ad9d0d92926932bbae11c89a05bab2b57521c5d80fdc4c248dbc73be336b0e1cb2cf1f2859a4c280e00466"], 0x54) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c91014001000050017000ce4bd85cf500772f10001800400ccc3cf49b6000300"], 0x19) getdents64(r0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x15c) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x14}, @l2cap_cid_signaling={{0x10}, [@l2cap_move_chan_cfm={{0x10, 0x7f, 0x4}, {0x8, 0xfe00}}, @l2cap_disconn_req={{0x6, 0x3, 0x4}, {0xfff8, 0x1}}]}}, 0x19) syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="04480f080003c8000112ef3d4d14eb3114007b684370cc7d3452897f7ab2858cc15eecd1795cd8d512b4b2d079160da36d8af86516c82f10a07ae00a50e3939ae66917d70b26a628859ba31307f7efc3b4a19dc6be12a274d95a86cf06918a3c6f34636c4d0796b442f79d0599db6299814695da1bc36fbef4621e954eceeee4b704ece077754414eb21c03e8de4e561b3e304698dba04ebe4ae35f024703e469a0b761d2589728911e51735f57ccfe2690b0ab7c57c73b08eeffa96d63b9b05b159d1389e65cf36628ebc0b57c4160c12bc4b09367d9844c2167b59713a5d3c2d3094ca4126e88d05dc0e8f175218fd8283a542cb39242e5a9411ba82aaeb4f21b9489a1d749c5342a811cc222b2673e6bee0dafee069d12c776da0"], 0x12) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2) syz_open_dev$sg(&(0x7f0000000380), 0x1fb, 0x2000) 10:52:04 executing program 0: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 10:52:04 executing program 6: r0 = io_uring_setup(0x3e96, &(0x7f0000000240)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:52:04 executing program 4: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 10:52:04 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) 10:52:04 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000080)) 10:52:04 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x301, 0x0) 10:52:04 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x600}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00') read$char_usb(r0, 0x0, 0x0) [ 118.941256] Bluetooth: Unexpected continuation frame (len 20) [ 118.942621] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 118.942683] Bluetooth: Unexpected continuation frame (len 20) [ 118.944603] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 118.945460] Bluetooth: Wrong link type (-22) 10:52:05 executing program 3: setuid(0xee01) prctl$PR_SET_SECUREBITS(0x1c, 0x0) 10:52:05 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x301, 0x0) 10:52:05 executing program 6: r0 = io_uring_setup(0x3e96, &(0x7f0000000240)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:52:05 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil) shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000) 10:52:05 executing program 0: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 10:52:05 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000080)) 10:52:05 executing program 4: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vlan0\x00'}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 10:52:05 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x600}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00') read$char_usb(r0, 0x0, 0x0) [ 119.189221] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 119.190862] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.191976] CPU: 0 UID: 0 PID: 3954 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.192010] Tainted: [W]=WARN [ 119.192018] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.192031] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.192067] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.192088] RSP: 0018:ffff888047d17780 EFLAGS: 00010012 [ 119.192107] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000741b000 [ 119.192122] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.192136] RBP: ffff888047d179f0 R08: ffff88806ce31340 R09: ffffe8ffffc161d0 [ 119.192151] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.192165] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.192182] FS: 00007f4123e0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 119.192203] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.192218] CR2: 0000555587b3cc18 CR3: 0000000013e1a000 CR4: 0000000000350ef0 [ 119.192232] Call Trace: [ 119.192240] [ 119.192252] ? __pfx_perf_tp_event+0x10/0x10 [ 119.192286] ? __lock_acquire+0xc65/0x1b70 [ 119.192316] ? lock_acquire+0x15e/0x2f0 [ 119.192340] ? find_held_lock+0x2b/0x80 [ 119.192372] ? finish_task_switch.isra.0+0x201/0x840 [ 119.192406] ? lock_release+0xc8/0x290 [ 119.192431] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 119.192454] ? finish_task_switch.isra.0+0x206/0x840 [ 119.192490] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.192520] perf_trace_run_bpf_submit+0xef/0x180 [ 119.192552] perf_trace_preemptirq_template+0x259/0x430 [ 119.192590] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.192631] ? _raw_spin_lock_irqsave+0x53/0x60 [ 119.192659] trace_irq_disable.constprop.0+0xa6/0x100 [ 119.192681] _raw_spin_lock_irqsave+0x53/0x60 [ 119.192707] try_to_wake_up+0xa0/0x11d0 [ 119.192740] ? __pfx_try_to_wake_up+0x10/0x10 [ 119.192769] ? plist_del+0x122/0x270 [ 119.192795] ? find_held_lock+0x2b/0x80 [ 119.192826] ? futex_wake+0x474/0x540 [ 119.192856] wake_up_q+0xa1/0x130 [ 119.192887] futex_wake+0x47e/0x540 [ 119.192916] ? __pfx_futex_wake+0x10/0x10 [ 119.192947] ? io_uring_setup+0x16e0/0x2000 [ 119.192972] do_futex+0x26d/0x370 [ 119.192996] ? __pfx_do_futex+0x10/0x10 [ 119.193024] __x64_sys_futex+0x1c9/0x4d0 [ 119.193049] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.193085] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.193110] ? xfd_validate_state+0x55/0x180 [ 119.193146] do_syscall_64+0xbf/0x360 [ 119.193165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.193187] RIP: 0033:0x7f4126899b19 [ 119.193203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.193223] RSP: 002b:00007f4123e0f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.193244] RAX: ffffffffffffffda RBX: 00007f41269acf68 RCX: 00007f4126899b19 [ 119.193259] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f41269acf6c [ 119.193273] RBP: 00007f41269acf60 R08: 000000000000000e R09: 0000000000000000 [ 119.193286] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f41269acf6c [ 119.193300] R13: 00007ffdeb694bbf R14: 00007f4123e0f300 R15: 0000000000022000 [ 119.193321] [ 119.193328] Modules linked in: [ 119.193341] ---[ end trace 0000000000000000 ]--- [ 119.193344] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 119.193351] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.193365] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 119.193382] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.193382] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.193404] Tainted: [D]=DIE, [W]=WARN [ 119.193404] RSP: 0018:ffff888047d17780 EFLAGS: 00010012 [ 119.193410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.193421] [ 119.193427] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000741b000 [ 119.193420] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.193442] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.193448] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.193458] RBP: ffff888047d179f0 R08: ffff88806ce31340 R09: ffffe8ffffc161d0 [ 119.193462] RSP: 0018:ffff88801a137780 EFLAGS: 00010012 [ 119.193476] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 119.193476] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.193485] RDX: ffff888045b71b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 119.193491] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.193494] RBP: ffff88801a1379f0 R08: ffff88806cf31340 R09: ffffe8ffffd161d0 [ 119.193504] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 119.193513] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 119.193513] FS: 00007f4123e0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 119.193523] FS: 000055558feb0400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 119.193536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.193535] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.193545] CR2: 00007fe505e56d58 CR3: 000000001d17b000 CR4: 0000000000350ef0 [ 119.193554] Call Trace: [ 119.193552] CR2: 0000555587b3cc18 CR3: 0000000013e1a000 CR4: 0000000000350ef0 [ 119.193558] [ 119.193564] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.193569] note: syz-executor.6[3954] exited with irqs disabled [ 119.193585] ? __pfx_perf_tp_event+0x10/0x10 [ 119.193600] ? __mutex_trylock_common+0xf9/0x260 [ 119.193617] ? arch_scale_cpu_capacity+0x17/0xa0 [ 119.193637] ? cpu_util.constprop.0+0x17d/0x340 [ 119.193657] ? __asan_memset+0x24/0x50 [ 119.193671] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 119.193684] ? lock_release+0x1c7/0x290 [ 119.193700] ? __pfx___mutex_lock+0x10/0x10 [ 119.193719] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 119.193730] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 119.193749] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.193764] ? sched_clock+0x37/0x60 [ 119.193780] ? sched_clock_cpu+0x6c/0x4e0 [ 119.193795] perf_trace_run_bpf_submit+0xef/0x180 [ 119.193812] perf_trace_preemptirq_template+0x259/0x430 [ 119.193834] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.193854] ? kvm_sched_clock_read+0x16/0x30 [ 119.193870] ? sched_clock+0x37/0x60 [ 119.193886] ? _raw_spin_lock_irqsave+0x53/0x60 [ 119.193900] trace_irq_disable.constprop.0+0xa6/0x100 [ 119.193911] _raw_spin_lock_irqsave+0x53/0x60 [ 119.193925] try_to_wake_up+0xa0/0x11d0 [ 119.193941] ? lock_acquire+0x18c/0x2f0 [ 119.193955] ? __pfx_try_to_wake_up+0x10/0x10 [ 119.193970] ? plist_del+0x122/0x270 [ 119.193986] ? __futex_unqueue+0xda/0x1c0 [ 119.194000] wake_up_q+0xa1/0x130 [ 119.194016] futex_wake+0x47e/0x540 [ 119.194032] ? __pfx_futex_wake+0x10/0x10 [ 119.194046] ? xfd_validate_state+0x55/0x180 [ 119.194063] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 119.194074] ? finish_task_switch.isra.0+0x206/0x840 [ 119.194094] do_futex+0x26d/0x370 [ 119.194107] ? __pfx_do_futex+0x10/0x10 [ 119.194120] ? __pfx___schedule+0x10/0x10 [ 119.194135] __x64_sys_futex+0x1c9/0x4d0 [ 119.194148] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.194167] ? __pfx___x64_sys_futex+0x10/0x10 [ 119.194180] ? xfd_validate_state+0x55/0x180 [ 119.194197] do_syscall_64+0xbf/0x360 [ 119.194209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.194219] RIP: 0033:0x7fa08122cb19 [ 119.194228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.194239] RSP: 002b:00007ffc116d9498 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.194250] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa08122cb19 [ 119.194257] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa08133ff68 [ 119.194264] RBP: 00007fa08133ff60 R08: 00007fa07e7a2700 R09: 0000000000000000 [ 119.194272] R10: 00007fa07e7a2700 R11: 0000000000000246 R12: 00007fa081344108 [ 119.194279] R13: 00007ffc116d95a0 R14: 00007fa08133ff60 R15: 000000000001d0c8 [ 119.194290] [ 119.194294] Modules linked in: [ 119.194303] ---[ end trace 0000000000000000 ]--- [ 119.194308] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.194305] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 119.194324] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.194337] RSP: 0018:ffff888047d17780 EFLAGS: 00010012 [ 119.194335] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 119.194345] [ 119.194348] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000741b000 [ 119.194357] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.194364] RBP: ffff888047d179f0 R08: ffff88806ce31340 R09: ffffe8ffffc161d0 [ 119.194359] CPU: 0 UID: 0 PID: 3954 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.194372] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.194381] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.194393] FS: 000055558feb0400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 119.194398] Tainted: [D]=DIE, [W]=WARN [ 119.194405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.194408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.194415] CR2: 00007fe505e56d58 CR3: 000000001d17b000 CR4: 0000000000350ef0 [ 119.194424] note: syz-executor.4[3952] exited with irqs disabled [ 119.194565] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.194599] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.194621] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010012 [ 119.194641] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 119.194656] RDX: ffff8880142e9b80 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.194671] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc161d0 [ 119.194686] R10: 0000000000000000 R11: ffff88800f520098 R12: dffffc0000000000 [ 119.194700] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 119.194718] FS: 00007f4123e0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 119.194739] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.194754] CR2: 0000555587b3cc18 CR3: 0000000013e1a000 CR4: 0000000000350ef0 [ 119.194769] Call Trace: [ 119.194776] [ 119.194788] ? __pfx_perf_tp_event+0x10/0x10 [ 119.194820] ? update_load_avg+0x17d/0x1ef0 [ 119.194843] ? update_cfs_group+0x11d/0x260 [ 119.194868] ? kvm_sched_clock_read+0x16/0x30 [ 119.194899] ? enqueue_task_fair+0xded/0x1e00 [ 119.194926] ? check_preempt_wakeup_fair+0x6e/0x950 [ 119.194954] ? wakeup_preempt+0x140/0x2a0 [ 119.194976] ? lock_release+0x1c7/0x290 [ 119.195000] ? lock_release+0x1c7/0x290 [ 119.195025] ? do_raw_spin_unlock+0x53/0x220 [ 119.195055] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 119.195084] ? try_to_wake_up+0x8ae/0x11d0 [ 119.195119] ? perf_trace_run_bpf_submit+0xef/0x180 [ 119.195149] ? lock_release+0x1c7/0x290 [ 119.195174] perf_trace_run_bpf_submit+0xef/0x180 [ 119.195208] perf_trace_preemptirq_template+0x259/0x430 [ 119.195247] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 119.195284] ? read_tsc+0x9/0x20 [ 119.195310] ? ktime_get+0x16d/0x270 [ 119.195336] ? __pfx_lapic_next_deadline+0x10/0x10 [ 119.195364] ? clockevents_program_event+0x135/0x360 [ 119.195396] ? _raw_spin_lock_irq+0x42/0x50 [ 119.195422] trace_irq_disable.constprop.0+0xa6/0x100 [ 119.195444] _raw_spin_lock_irq+0x42/0x50 [ 119.195483] run_timer_softirq+0x10f/0x210 [ 119.195512] handle_softirqs+0x1b1/0x770 [ 119.195550] __irq_exit_rcu+0xc4/0x100 [ 119.195584] irq_exit_rcu+0x9/0x20 [ 119.195602] sysvec_apic_timer_interrupt+0x70/0x80 [ 119.195633] [ 119.195640] [ 119.195648] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 119.195672] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 119.195700] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 119.195721] RSP: 0018:ffff888047d17f28 EFLAGS: 00000246 [ 119.195739] RAX: 0000000000000001 RBX: ffff8880142e9b80 RCX: ffffffff817c2b86 [ 119.195754] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 119.195768] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 119.195781] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880142e9b80 [ 119.195796] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 119.195813] ? trace_irq_enable.constprop.0+0x26/0x100 [ 119.195837] ? make_task_dead+0x214/0x3b0 [ 119.195864] ? make_task_dead+0x214/0x3b0 [ 119.195890] ? do_syscall_64+0xbf/0x360 [ 119.195910] rewind_stack_and_make_dead+0x16/0x20 [ 119.195941] RIP: 0033:0x7f4126899b19 [ 119.195956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.195978] RSP: 002b:00007f4123e0f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 119.195999] RAX: ffffffffffffffda RBX: 00007f41269acf68 RCX: 00007f4126899b19 [ 119.196014] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f41269acf6c [ 119.196028] RBP: 00007f41269acf60 R08: 000000000000000e R09: 0000000000000000 [ 119.196043] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f41269acf6c [ 119.196057] R13: 00007ffdeb694bbf R14: 00007f4123e0f300 R15: 0000000000022000 [ 119.196078] [ 119.196085] Modules linked in: [ 119.196099] ---[ end trace 0000000000000000 ]--- [ 119.196108] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.196138] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.196159] RSP: 0018:ffff888047d17780 EFLAGS: 00010012 [ 119.196172] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 119.196177] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000741b000 [ 119.196190] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 119.196193] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 119.196205] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 119.196209] RBP: ffff888047d179f0 R08: ffff88806ce31340 R09: ffffe8ffffc161d0 [ 119.196229] Tainted: [D]=DIE, [W]=WARN [ 119.196228] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 119.196235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 119.196244] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 119.196244] RIP: 0010:perf_tp_event+0x175/0xe70 [ 119.196264] FS: 00007f4123e0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 119.196266] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 119.196281] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012 [ 119.196287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.196293] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 119.196304] RDX: ffff888045b71b80 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 119.196303] CR2: 0000555587b3cc18 CR3: 0000000013e1a000 CR4: 0000000000350ef0 [ 119.196314] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd161d0 [ 119.196322] Kernel panic - not syncing: Fatal exception in interrupt [ 120.310830] Shutting down cpus with NMI [ 120.311026] Kernel Offset: disabled [ 120.546774] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:52:05 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000051 RCX=ffffffff84b9133f RDX=ffff8880142e9b80 RSI=ffffffff84b9138a RDI=1ffff1100d9c10ab RBP=ffff88806ce085e0 RSP=ffff88806ce084f8 R8 =0000000000000001 R9 =fffffbfff1062800 R10=0000000000000051 R11=0000000000000001 R12=0000000000000050 R13=0000000000000400 R14=0000000000000000 R15=ffffffff88314008 RIP=ffffffff84b913b1 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4123e0f700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555587b3cc18 CR3=0000000013e1a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f41269807c000007f41269807c8 XMM02=00007f41269807e000007f41269807c0 XMM03=00007f41269807c800007f41269807c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff88806cf08870 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff1100d9e110f R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff88806cf088a8 RIP=ffffffff84bded9e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558feb0400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe505e56d58 CR3=000000001d17b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fa0813137c000007fa0813137c8 XMM02=00007fa0813137e000007fa0813137c0 XMM03=00007fa0813137c800007fa0813137c0 XMM04=320000000000000000c57ae032ab8503 XMM05=4ebcf945b07ce40af01c4533dba468f2 XMM06=773d043b4207ca66761eee19d38051f9 XMM07=121da5a1eb328158cf35c3df995d362e XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000