Warning: Permanently added '[localhost]:48959' (ECDSA) to the list of known hosts.
2025/08/29 10:57:35 fuzzer started
2025/08/29 10:57:35 dialing manager at localhost:43077
syzkaller login: [   59.172220] cgroup: Unknown subsys name 'net'
[   59.243350] cgroup: Unknown subsys name 'cpuset'
[   59.259034] cgroup: Unknown subsys name 'rlimit'
2025/08/29 10:57:45 syscalls: 2214
2025/08/29 10:57:45 code coverage: enabled
2025/08/29 10:57:45 comparison tracing: enabled
2025/08/29 10:57:45 extra coverage: enabled
2025/08/29 10:57:45 setuid sandbox: enabled
2025/08/29 10:57:45 namespace sandbox: enabled
2025/08/29 10:57:45 Android sandbox: enabled
2025/08/29 10:57:45 fault injection: enabled
2025/08/29 10:57:45 leak checking: enabled
2025/08/29 10:57:45 net packet injection: enabled
2025/08/29 10:57:45 net device setup: enabled
2025/08/29 10:57:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 10:57:45 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 10:57:45 USB emulation: enabled
2025/08/29 10:57:45 hci packet injection: enabled
2025/08/29 10:57:45 wifi device emulation: enabled
2025/08/29 10:57:45 802.15.4 emulation: enabled
2025/08/29 10:57:46 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 10:57:46 fetching corpus: 50, signal 22594/26070 (executing program)
2025/08/29 10:57:46 fetching corpus: 100, signal 37507/42247 (executing program)
2025/08/29 10:57:46 fetching corpus: 150, signal 44173/50224 (executing program)
2025/08/29 10:57:46 fetching corpus: 200, signal 47702/55057 (executing program)
2025/08/29 10:57:46 fetching corpus: 250, signal 52599/61115 (executing program)
2025/08/29 10:57:46 fetching corpus: 300, signal 55934/65607 (executing program)
2025/08/29 10:57:46 fetching corpus: 350, signal 59330/70089 (executing program)
2025/08/29 10:57:46 fetching corpus: 400, signal 61657/73524 (executing program)
2025/08/29 10:57:46 fetching corpus: 450, signal 66207/78886 (executing program)
2025/08/29 10:57:46 fetching corpus: 500, signal 69051/82633 (executing program)
2025/08/29 10:57:46 fetching corpus: 550, signal 73176/87489 (executing program)
2025/08/29 10:57:47 fetching corpus: 600, signal 75491/90595 (executing program)
2025/08/29 10:57:47 fetching corpus: 650, signal 78253/94092 (executing program)
2025/08/29 10:57:47 fetching corpus: 700, signal 80975/97489 (executing program)
2025/08/29 10:57:47 fetching corpus: 750, signal 83360/100574 (executing program)
2025/08/29 10:57:47 fetching corpus: 800, signal 85644/103542 (executing program)
2025/08/29 10:57:47 fetching corpus: 850, signal 88539/107083 (executing program)
2025/08/29 10:57:47 fetching corpus: 900, signal 90996/110076 (executing program)
2025/08/29 10:57:47 fetching corpus: 950, signal 92464/112205 (executing program)
2025/08/29 10:57:47 fetching corpus: 1000, signal 95710/115651 (executing program)
2025/08/29 10:57:47 fetching corpus: 1050, signal 97178/117744 (executing program)
2025/08/29 10:57:47 fetching corpus: 1100, signal 98570/119717 (executing program)
2025/08/29 10:57:47 fetching corpus: 1150, signal 99995/121671 (executing program)
2025/08/29 10:57:48 fetching corpus: 1200, signal 101397/123580 (executing program)
2025/08/29 10:57:48 fetching corpus: 1250, signal 102720/125423 (executing program)
2025/08/29 10:57:48 fetching corpus: 1300, signal 104965/127872 (executing program)
2025/08/29 10:57:48 fetching corpus: 1350, signal 106158/129537 (executing program)
2025/08/29 10:57:48 fetching corpus: 1400, signal 107682/131440 (executing program)
2025/08/29 10:57:48 fetching corpus: 1450, signal 109481/133434 (executing program)
2025/08/29 10:57:48 fetching corpus: 1500, signal 110864/135163 (executing program)
2025/08/29 10:57:48 fetching corpus: 1550, signal 112268/136847 (executing program)
2025/08/29 10:57:48 fetching corpus: 1600, signal 113235/138238 (executing program)
2025/08/29 10:57:48 fetching corpus: 1650, signal 114355/139729 (executing program)
2025/08/29 10:57:49 fetching corpus: 1700, signal 115667/141243 (executing program)
2025/08/29 10:57:49 fetching corpus: 1750, signal 116564/142521 (executing program)
2025/08/29 10:57:49 fetching corpus: 1800, signal 117691/143859 (executing program)
2025/08/29 10:57:49 fetching corpus: 1850, signal 118399/144969 (executing program)
2025/08/29 10:57:49 fetching corpus: 1900, signal 119760/146402 (executing program)
2025/08/29 10:57:49 fetching corpus: 1950, signal 120926/147706 (executing program)
2025/08/29 10:57:49 fetching corpus: 2000, signal 122052/148951 (executing program)
2025/08/29 10:57:49 fetching corpus: 2050, signal 123018/150180 (executing program)
2025/08/29 10:57:49 fetching corpus: 2100, signal 123865/151223 (executing program)
2025/08/29 10:57:49 fetching corpus: 2150, signal 124638/152340 (executing program)
2025/08/29 10:57:50 fetching corpus: 2200, signal 125378/153375 (executing program)
2025/08/29 10:57:50 fetching corpus: 2250, signal 126311/154464 (executing program)
2025/08/29 10:57:50 fetching corpus: 2300, signal 127006/155419 (executing program)
2025/08/29 10:57:50 fetching corpus: 2350, signal 127949/156487 (executing program)
2025/08/29 10:57:50 fetching corpus: 2400, signal 128594/157347 (executing program)
2025/08/29 10:57:50 fetching corpus: 2450, signal 129194/158214 (executing program)
2025/08/29 10:57:50 fetching corpus: 2500, signal 130031/159137 (executing program)
2025/08/29 10:57:50 fetching corpus: 2550, signal 130916/160082 (executing program)
2025/08/29 10:57:50 fetching corpus: 2600, signal 131610/160932 (executing program)
2025/08/29 10:57:50 fetching corpus: 2650, signal 134272/162606 (executing program)
2025/08/29 10:57:50 fetching corpus: 2700, signal 134906/163378 (executing program)
2025/08/29 10:57:51 fetching corpus: 2750, signal 136401/164470 (executing program)
2025/08/29 10:57:51 fetching corpus: 2800, signal 137802/165497 (executing program)
2025/08/29 10:57:51 fetching corpus: 2850, signal 138335/166160 (executing program)
2025/08/29 10:57:51 fetching corpus: 2900, signal 138875/166788 (executing program)
2025/08/29 10:57:51 fetching corpus: 2950, signal 139566/167498 (executing program)
2025/08/29 10:57:51 fetching corpus: 3000, signal 140867/168341 (executing program)
2025/08/29 10:57:51 fetching corpus: 3050, signal 142060/169169 (executing program)
2025/08/29 10:57:51 fetching corpus: 3100, signal 142676/169777 (executing program)
2025/08/29 10:57:51 fetching corpus: 3150, signal 143268/170408 (executing program)
2025/08/29 10:57:52 fetching corpus: 3200, signal 143763/171060 (executing program)
2025/08/29 10:57:52 fetching corpus: 3250, signal 144490/171640 (executing program)
2025/08/29 10:57:52 fetching corpus: 3300, signal 144930/172153 (executing program)
2025/08/29 10:57:52 fetching corpus: 3350, signal 145583/172723 (executing program)
2025/08/29 10:57:52 fetching corpus: 3400, signal 146089/173200 (executing program)
2025/08/29 10:57:52 fetching corpus: 3450, signal 146522/173686 (executing program)
2025/08/29 10:57:52 fetching corpus: 3500, signal 147514/174302 (executing program)
2025/08/29 10:57:52 fetching corpus: 3550, signal 148068/174811 (executing program)
2025/08/29 10:57:52 fetching corpus: 3600, signal 148626/175310 (executing program)
2025/08/29 10:57:52 fetching corpus: 3650, signal 149243/175811 (executing program)
2025/08/29 10:57:52 fetching corpus: 3700, signal 149870/176320 (executing program)
2025/08/29 10:57:53 fetching corpus: 3750, signal 150514/176795 (executing program)
2025/08/29 10:57:53 fetching corpus: 3800, signal 151144/177232 (executing program)
2025/08/29 10:57:53 fetching corpus: 3850, signal 151815/177641 (executing program)
2025/08/29 10:57:53 fetching corpus: 3900, signal 152261/178053 (executing program)
2025/08/29 10:57:53 fetching corpus: 3950, signal 152835/178453 (executing program)
2025/08/29 10:57:53 fetching corpus: 4000, signal 153333/178836 (executing program)
2025/08/29 10:57:53 fetching corpus: 4050, signal 154122/179240 (executing program)
2025/08/29 10:57:53 fetching corpus: 4100, signal 154632/179651 (executing program)
2025/08/29 10:57:53 fetching corpus: 4150, signal 154980/179983 (executing program)
2025/08/29 10:57:53 fetching corpus: 4200, signal 155753/180296 (executing program)
2025/08/29 10:57:54 fetching corpus: 4250, signal 156416/180600 (executing program)
2025/08/29 10:57:54 fetching corpus: 4300, signal 157104/180890 (executing program)
2025/08/29 10:57:54 fetching corpus: 4350, signal 157438/181169 (executing program)
2025/08/29 10:57:54 fetching corpus: 4400, signal 157891/181193 (executing program)
2025/08/29 10:57:54 fetching corpus: 4450, signal 158385/181200 (executing program)
2025/08/29 10:57:54 fetching corpus: 4500, signal 158982/181205 (executing program)
2025/08/29 10:57:54 fetching corpus: 4550, signal 159585/181216 (executing program)
2025/08/29 10:57:54 fetching corpus: 4600, signal 159894/181219 (executing program)
2025/08/29 10:57:54 fetching corpus: 4650, signal 160281/181221 (executing program)
2025/08/29 10:57:54 fetching corpus: 4700, signal 160638/181240 (executing program)
2025/08/29 10:57:54 fetching corpus: 4750, signal 160980/181252 (executing program)
2025/08/29 10:57:54 fetching corpus: 4800, signal 161330/181274 (executing program)
2025/08/29 10:57:55 fetching corpus: 4850, signal 161761/181279 (executing program)
2025/08/29 10:57:55 fetching corpus: 4900, signal 162348/181284 (executing program)
2025/08/29 10:57:55 fetching corpus: 4950, signal 162816/181290 (executing program)
2025/08/29 10:57:55 fetching corpus: 5000, signal 163373/181306 (executing program)
2025/08/29 10:57:55 fetching corpus: 5050, signal 163796/181330 (executing program)
2025/08/29 10:57:55 fetching corpus: 5100, signal 164605/181401 (executing program)
2025/08/29 10:57:55 fetching corpus: 5150, signal 165367/181411 (executing program)
2025/08/29 10:57:55 fetching corpus: 5200, signal 165768/181415 (executing program)
2025/08/29 10:57:55 fetching corpus: 5250, signal 166224/181454 (executing program)
2025/08/29 10:57:55 fetching corpus: 5300, signal 166667/181469 (executing program)
2025/08/29 10:57:56 fetching corpus: 5350, signal 167017/181491 (executing program)
2025/08/29 10:57:56 fetching corpus: 5400, signal 167405/181493 (executing program)
2025/08/29 10:57:56 fetching corpus: 5450, signal 167733/181500 (executing program)
2025/08/29 10:57:56 fetching corpus: 5500, signal 168130/181508 (executing program)
2025/08/29 10:57:56 fetching corpus: 5550, signal 168439/181518 (executing program)
2025/08/29 10:57:56 fetching corpus: 5600, signal 168752/181527 (executing program)
2025/08/29 10:57:56 fetching corpus: 5650, signal 169214/181527 (executing program)
2025/08/29 10:57:56 fetching corpus: 5700, signal 169563/181528 (executing program)
2025/08/29 10:57:56 fetching corpus: 5750, signal 169819/181535 (executing program)
2025/08/29 10:57:56 fetching corpus: 5800, signal 170181/181540 (executing program)
2025/08/29 10:57:56 fetching corpus: 5850, signal 170586/181541 (executing program)
2025/08/29 10:57:56 fetching corpus: 5900, signal 170802/181556 (executing program)
2025/08/29 10:57:57 fetching corpus: 5950, signal 171184/181662 (executing program)
2025/08/29 10:57:57 fetching corpus: 6000, signal 171521/181691 (executing program)
2025/08/29 10:57:57 fetching corpus: 6050, signal 171864/181700 (executing program)
2025/08/29 10:57:57 fetching corpus: 6100, signal 172321/181716 (executing program)
2025/08/29 10:57:57 fetching corpus: 6150, signal 172631/181743 (executing program)
2025/08/29 10:57:57 fetching corpus: 6200, signal 172926/181767 (executing program)
2025/08/29 10:57:57 fetching corpus: 6250, signal 173239/181775 (executing program)
2025/08/29 10:57:57 fetching corpus: 6300, signal 173529/181808 (executing program)
2025/08/29 10:57:57 fetching corpus: 6350, signal 173857/181808 (executing program)
2025/08/29 10:57:57 fetching corpus: 6400, signal 174069/181812 (executing program)
2025/08/29 10:57:57 fetching corpus: 6450, signal 174411/181821 (executing program)
2025/08/29 10:57:57 fetching corpus: 6500, signal 174664/181824 (executing program)
2025/08/29 10:57:58 fetching corpus: 6550, signal 174946/181828 (executing program)
2025/08/29 10:57:58 fetching corpus: 6600, signal 175342/181830 (executing program)
2025/08/29 10:57:58 fetching corpus: 6650, signal 175627/181843 (executing program)
2025/08/29 10:57:58 fetching corpus: 6700, signal 176016/181846 (executing program)
2025/08/29 10:57:58 fetching corpus: 6750, signal 176282/181853 (executing program)
2025/08/29 10:57:58 fetching corpus: 6800, signal 176679/181865 (executing program)
2025/08/29 10:57:58 fetching corpus: 6850, signal 176937/181869 (executing program)
2025/08/29 10:57:58 fetching corpus: 6900, signal 177325/181883 (executing program)
2025/08/29 10:57:58 fetching corpus: 6950, signal 177651/181887 (executing program)
2025/08/29 10:57:58 fetching corpus: 7000, signal 177922/181911 (executing program)
2025/08/29 10:57:58 fetching corpus: 7050, signal 178180/181914 (executing program)
2025/08/29 10:57:58 fetching corpus: 7100, signal 178495/181917 (executing program)
2025/08/29 10:57:59 fetching corpus: 7121, signal 178603/181940 (executing program)
2025/08/29 10:57:59 fetching corpus: 7121, signal 178603/181940 (executing program)
2025/08/29 10:58:00 starting 8 fuzzer processes
10:58:00 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getflags(r0, 0x1)

10:58:00 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_audit(0x10, 0x3, 0x9)
mq_timedreceive(r0, 0x0, 0x0, 0x0, 0x0)

10:58:00 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x8, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

10:58:00 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)=0x6d)

10:58:00 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd)

10:58:00 executing program 3:
r0 = io_uring_setup(0x3e96, &(0x7f0000000240))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000c80), 0x80000, 0x0)
recvmmsg$unix(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10:58:00 executing program 4:
syz_open_dev$vcsa(&(0x7f0000000240), 0x0, 0x0)

10:58:00 executing program 6:
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1}, {&(0x7f00000004c0)="ef", 0x1}], 0x0, &(0x7f00000006c0)={[{@rodir}], [{@euid_lt}, {@context={'context', 0x3d, 'staff_u'}}, {@fowner_eq}]})

[   84.605028] audit: type=1400 audit(1756465080.987:7): avc:  denied  { execmem } for  pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   85.809694] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.813759] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   85.815863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.823494] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.828796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.872597] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   85.879623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   85.887352] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   85.891495] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   85.895850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   85.897943] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   85.900016] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   85.903314] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   85.905990] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   85.907323] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   85.911209] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   85.913973] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   85.916981] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   85.918829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   85.920807] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   85.925327] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   85.939193] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   85.941207] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   85.947552] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   85.950735] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   85.957482] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   85.970173] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   85.971973] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   85.975910] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.978547] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   85.980697] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   85.982879] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   85.985396] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   85.986714] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   85.993874] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   85.996264] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   86.019714] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   86.027327] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   86.034257] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   86.061977] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   87.904095] Bluetooth: hci0: command tx timeout
[   87.967708] Bluetooth: hci4: command tx timeout
[   87.967734] Bluetooth: hci1: command tx timeout
[   88.031976] Bluetooth: hci2: command tx timeout
[   88.096678] Bluetooth: hci7: command tx timeout
[   88.096705] Bluetooth: hci5: command tx timeout
[   88.097478] Bluetooth: hci3: command tx timeout
[   88.098347] Bluetooth: hci6: command tx timeout
[   89.952373] Bluetooth: hci0: command tx timeout
[   90.017628] Bluetooth: hci4: command tx timeout
[   90.018160] Bluetooth: hci1: command tx timeout
[   90.079667] Bluetooth: hci2: command tx timeout
[   90.143684] Bluetooth: hci7: command tx timeout
[   90.144142] Bluetooth: hci3: command tx timeout
[   90.144527] Bluetooth: hci6: command tx timeout
[   90.145257] Bluetooth: hci5: command tx timeout
[   91.999740] Bluetooth: hci0: command tx timeout
[   92.064678] Bluetooth: hci1: command tx timeout
[   92.065112] Bluetooth: hci4: command tx timeout
[   92.127647] Bluetooth: hci2: command tx timeout
[   92.192724] Bluetooth: hci6: command tx timeout
[   92.193159] Bluetooth: hci7: command tx timeout
[   92.193538] Bluetooth: hci5: command tx timeout
[   92.194387] Bluetooth: hci3: command tx timeout
[   94.048648] Bluetooth: hci0: command tx timeout
[   94.113701] Bluetooth: hci1: command tx timeout
[   94.113825] Bluetooth: hci4: command tx timeout
[   94.177958] Bluetooth: hci2: command tx timeout
[   94.240786] Bluetooth: hci3: command tx timeout
[   94.240811] Bluetooth: hci5: command tx timeout
[   94.240843] Bluetooth: hci7: command tx timeout
[   94.240870] Bluetooth: hci6: command tx timeout
[  125.038292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.039537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.394135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.395272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.710631] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.711370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.888385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.889079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:58:42 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd)

10:58:42 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd)

[  126.116001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.116623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:58:42 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0xd)

10:58:42 executing program 7:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pidfd_getfd(r1, r1, 0x0)

[  126.313094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.313725] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.375666] audit: type=1400 audit(1756465122.756:8): avc:  denied  { open } for  pid=3859 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
10:58:42 executing program 7:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pidfd_getfd(r1, r1, 0x0)

[  126.387917] audit: type=1400 audit(1756465122.756:9): avc:  denied  { kernel } for  pid=3859 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  126.407047] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
10:58:42 executing program 7:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pidfd_getfd(r1, r1, 0x0)

[  126.475544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.476587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:58:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)=0x6d)

10:58:42 executing program 7:
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pidfd_getfd(r1, r1, 0x0)

[  126.627131] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  126.645418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.646284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.709322] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  126.728985] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  126.730174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.731022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.779907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.780546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.840429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.841128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.873449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.874066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.961119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.961759] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.998426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.999046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.020088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.020819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.062626] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.063280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:58:44 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_audit(0x10, 0x3, 0x9)
mq_timedreceive(r0, 0x0, 0x0, 0x0, 0x0)

10:58:44 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getflags(r0, 0x1)

10:58:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1}, {&(0x7f00000004c0)="ef", 0x1}], 0x0, &(0x7f00000006c0)={[{@rodir}], [{@euid_lt}, {@context={'context', 0x3d, 'staff_u'}}, {@fowner_eq}]})

10:58:44 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)=0x6d)

10:58:44 executing program 3:
r0 = io_uring_setup(0x3e96, &(0x7f0000000240))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000c80), 0x80000, 0x0)
recvmmsg$unix(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10:58:44 executing program 7:
io_setup(0x8, &(0x7f0000000140)=<r0=>0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])
io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:58:44 executing program 4:
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "409d26", 0x10, 0x88, 0x0, @private0, @local, {[@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6c1c}], {0x0, 0x0, 0x8}}}}}}, 0x0)

10:58:44 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x8, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

10:58:44 executing program 4:
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "409d26", 0x10, 0x88, 0x0, @private0, @local, {[@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6c1c}], {0x0, 0x0, 0x8}}}}}}, 0x0)

[  127.987101] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
10:58:44 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getflags(r0, 0x1)

[  128.055989] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
10:58:45 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_audit(0x10, 0x3, 0x9)
mq_timedreceive(r0, 0x0, 0x0, 0x0, 0x0)

10:58:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1}, {&(0x7f00000004c0)="ef", 0x1}], 0x0, &(0x7f00000006c0)={[{@rodir}], [{@euid_lt}, {@context={'context', 0x3d, 'staff_u'}}, {@fowner_eq}]})

10:58:45 executing program 4:
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "409d26", 0x10, 0x88, 0x0, @private0, @local, {[@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6c1c}], {0x0, 0x0, 0x8}}}}}}, 0x0)

10:58:45 executing program 7:
io_setup(0x8, &(0x7f0000000140)=<r0=>0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])
io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:58:45 executing program 3:
r0 = io_uring_setup(0x3e96, &(0x7f0000000240))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000c80), 0x80000, 0x0)
recvmmsg$unix(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10:58:45 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x8, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

10:58:45 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)=0x6d)

10:58:45 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getflags(r0, 0x1)

[  128.933803] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  128.943029] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
10:58:45 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x8, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)

10:58:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f00000003c0)="a5", 0x1}, {&(0x7f00000004c0)="ef", 0x1}], 0x0, &(0x7f00000006c0)={[{@rodir}], [{@euid_lt}, {@context={'context', 0x3d, 'staff_u'}}, {@fowner_eq}]})

10:58:45 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_audit(0x10, 0x3, 0x9)
mq_timedreceive(r0, 0x0, 0x0, 0x0, 0x0)

[  129.050756] Oops: general protection fault, probably for non-canonical address 0xeefffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  129.051653] KASAN: maybe wild-memory-access in range [0x7800000000000190-0x7800000000000197]
[  129.052306] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.1 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  129.054260] Tainted: [W]=WARN
[  129.054884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  129.056432] RIP: 0010:perf_tp_event+0x175/0xe70
[  129.057663] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  129.060734] RSP: 0018:ffff88804630f780 EFLAGS: 00010012
[  129.061152] RAX: 0f00000000000032 RBX: 77ffffffffffffa0 RCX: ffffc90003815000
[  129.061705] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 7800000000000190
[  129.062268] RBP: ffff88804630f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16378
[  129.062822] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  129.063384] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[  129.063939] FS:  00007fc07125c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  129.064563] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.065019] CR2: 00007fc073dfa018 CR3: 000000001f6ef000 CR4: 0000000000350ef0
[  129.065572] Call Trace:
[  129.065777]  <TASK>
10:58:45 executing program 7:
io_setup(0x8, &(0x7f0000000140)=<r0=>0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])
io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  129.065960]  ? __pfx_perf_tp_event+0x10/0x10
[  129.066481]  ? __asan_memcpy+0x3d/0x60
[  129.066843]  ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[  129.067346]  ? lock_is_held_type+0x9e/0x120
[  129.067691]  ? ctx_sched_in+0x134/0x9b0
[  129.068005]  ? css_rstat_updated+0x1b8/0x4d0
[  129.068357]  ? lock_is_held_type+0x9e/0x120
[  129.068703]  ? perf_trace_run_bpf_submit+0xef/0x180
[  129.069101]  ? lock_is_held_type+0x9e/0x120
[  129.069443]  perf_trace_run_bpf_submit+0xef/0x180
[  129.069835]  perf_trace_preemptirq_template+0x259/0x430
[  129.070261]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  129.070720]  ? check_preempt_wakeup_fair+0x406/0x950
[  129.071127]  ? find_held_lock+0x2b/0x80
[  129.071452]  ? try_to_wake_up+0x8ae/0x11d0
[  129.071791]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  129.072194]  trace_irq_enable.constprop.0+0xa6/0x100
[  129.072595]  trace_hardirqs_on+0x26/0x40
[  129.072912]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  129.073301]  try_to_wake_up+0x8ae/0x11d0
[  129.073628]  ? __pfx_try_to_wake_up+0x10/0x10
[  129.073996]  ? plist_del+0x122/0x270
[  129.074295]  ? find_held_lock+0x2b/0x80
[  129.074616]  ? futex_wake+0x474/0x540
[  129.074929]  wake_up_q+0xa1/0x130
[  129.075212]  futex_wake+0x47e/0x540
[  129.075506]  ? __pfx_futex_wake+0x10/0x10
[  129.075837]  ? __do_sys_perf_event_open+0x44d/0x2c20
[  129.076240]  ? lock_release+0xc8/0x290
[  129.076548]  do_futex+0x26d/0x370
[  129.076827]  ? __pfx_do_futex+0x10/0x10
[  129.077145]  __x64_sys_futex+0x1c9/0x4d0
[  129.077465]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  129.077929]  ? __pfx___x64_sys_futex+0x10/0x10
[  129.078294]  ? xfd_validate_state+0x55/0x180
[  129.078650]  do_syscall_64+0xbf/0x360
[  129.078955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.079358] RIP: 0033:0x7fc073ce6b19
[  129.079650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  129.081056] RSP: 002b:00007fc07125c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  129.081640] RAX: ffffffffffffffda RBX: 00007fc073df9f68 RCX: 00007fc073ce6b19
[  129.082188] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc073df9f6c
[  129.082744] RBP: 00007fc073df9f60 R08: 000000000000000e R09: 0000000000000000
[  129.083317] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc073df9f6c
[  129.083903] R13: 00007ffd816052af R14: 00007fc07125c300 R15: 0000000000022000
[  129.084483]  </TASK>
[  129.084678] Modules linked in:
[  129.084944] ---[ end trace 0000000000000000 ]---
[  129.085318] RIP: 0010:perf_tp_event+0x175/0xe70
[  129.085691] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  129.087088] RSP: 0018:ffff88804630f780 EFLAGS: 00010012
[  129.087500] RAX: 0f00000000000032 RBX: 77ffffffffffffa0 RCX: ffffc90003815000
[  129.088049] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 7800000000000190
[  129.088597] RBP: ffff88804630f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16378
[  129.089146] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  129.089692] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[  129.090246] FS:  00007fc07125c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  129.090874] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.091327] CR2: 00007fc073dfa018 CR3: 000000001f6ef000 CR4: 0000000000350ef0
[  129.091886] note: syz-executor.1[3960] exited with irqs disabled
[  129.092403] Oops: general protection fault, probably for non-canonical address 0xeefffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  129.093258] KASAN: maybe wild-memory-access in range [0x7800000000000190-0x7800000000000197]
[  129.093908] CPU: 0 UID: 0 PID: 3960 Comm: syz-executor.1 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  129.094825] Tainted: [D]=DIE, [W]=WARN
[  129.095131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  129.095763] RIP: 0010:perf_tp_event+0x175/0xe70
[  129.096130] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  129.097510] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  129.097920] RAX: 0f00000000000032 RBX: 77ffffffffffffa0 RCX: ffffffff81898973
[  129.098463] RDX: ffff888015b9b700 RSI: ffffffff818995b7 RDI: 7800000000000190
[  129.099018] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16378
[  129.099563] R10: 0000000000000000 R11: ffff88800f81e498 R12: dffffc0000000000
[  129.100107] R13: 0000000000000000 R14: ffff88806ce313e8 R15: dffffc0000000000
[  129.100651] FS:  00007fc07125c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  129.101263] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.101721] CR2: 00007fc073dfa018 CR3: 000000001f6ef000 CR4: 0000000000350ef0
[  129.102277] Call Trace:
[  129.102483]  <IRQ>
[  129.102662]  ? __pfx_perf_tp_event+0x10/0x10
[  129.103024]  ? trace_pelt_se_tp+0xdf/0x130
[  129.103357]  ? place_entity+0x300/0x410
[  129.103676]  ? lock_acquire+0x18c/0x2f0
[  129.103991]  ? update_cfs_group+0x11d/0x260
[  129.104328]  ? lock_release+0x1c7/0x290
[  129.104639]  ? trace_softirq_raise+0xbe/0x100
[  129.104995]  ? run_posix_cpu_timers+0x160/0x7d0
[  129.105355]  ? __raise_softirq_irqoff+0x5f/0x90
[  129.105714]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[  129.106100]  ? sched_balance_trigger+0x1ac/0xcb0
[  129.106471]  ? sched_tick+0x27c/0x6c0
[  129.106773]  ? do_raw_spin_lock+0x123/0x260
[  129.107117]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  129.107482]  ? perf_trace_run_bpf_submit+0xef/0x180
[  129.107876]  perf_trace_run_bpf_submit+0xef/0x180
[  129.108253]  perf_trace_preemptirq_template+0x259/0x430
[  129.108671]  ? read_tsc+0x9/0x20
[  129.108940]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  129.109399]  ? clockevents_program_event+0x135/0x360
[  129.109797]  ? tick_program_event+0xac/0x140
[  129.110140]  ? handle_softirqs+0x16e/0x770
[  129.110472]  trace_irq_enable.constprop.0+0xa6/0x100
[  129.110872]  trace_hardirqs_on+0x26/0x40
[  129.111188]  handle_softirqs+0x16e/0x770
[  129.111518]  __irq_exit_rcu+0xc4/0x100
[  129.111833]  irq_exit_rcu+0x9/0x20
[  129.112115]  sysvec_apic_timer_interrupt+0x70/0x80
[  129.112506]  </IRQ>
[  129.112687]  <TASK>
[  129.112867]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  129.113277] RIP: 0010:make_task_dead+0xa2/0x3b0
[  129.113649] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 <e8> b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[  129.115059] RSP: 0018:ffff88804630ff28 EFLAGS: 00000246
[  129.115471] RAX: 0000000000000001 RBX: ffff888015b9b700 RCX: ffffffff817c2b86
[  129.116023] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  129.116572] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  129.117121] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888015b9b700
[  129.117669] R13: 0000000000000000 R14: eefffc0000000032 R15: 0000000000000000
[  129.118220]  ? trace_irq_enable.constprop.0+0x26/0x100
[  129.118628]  ? make_task_dead+0x214/0x3b0
[  129.118963]  ? make_task_dead+0x214/0x3b0
[  129.119290]  ? do_syscall_64+0xbf/0x360
[  129.119608]  rewind_stack_and_make_dead+0x16/0x20
[  129.119990] RIP: 0033:0x7fc073ce6b19
[  129.120280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  129.121709] RSP: 002b:00007fc07125c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  129.122315] RAX: ffffffffffffffda RBX: 00007fc073df9f68 RCX: 00007fc073ce6b19
[  129.122896] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc073df9f6c
[  129.123466] RBP: 00007fc073df9f60 R08: 000000000000000e R09: 0000000000000000
[  129.124046] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc073df9f6c
[  129.124619] R13: 00007ffd816052af R14: 00007fc07125c300 R15: 0000000000022000
[  129.125205]  </TASK>
[  129.125397] Modules linked in:
[  129.125665] ---[ end trace 0000000000000000 ]---
[  129.126047] RIP: 0010:perf_tp_event+0x175/0xe70
[  129.126440] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  129.127894] RSP: 0018:ffff88804630f780 EFLAGS: 00010012
[  129.128330] RAX: 0f00000000000032 RBX: 77ffffffffffffa0 RCX: ffffc90003815000
[  129.128944] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 7800000000000190
[  129.129559] RBP: ffff88804630f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16378
[  129.130145] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  129.130727] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[  129.131336] FS:  00007fc07125c700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  129.132007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.132491] CR2: 00007fc073dfa018 CR3: 000000001f6ef000 CR4: 0000000000350ef0
[  129.133112] Kernel panic - not syncing: Fatal exception in interrupt
[  129.133763] Kernel Offset: disabled
[  129.134060] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
10:58:45  Registers:
info registers vcpu 0
RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804630f0d8
R8 =0000000000000000 R9 =ffffed10013c1046 R10=0000000000000035 R11=30376578302f4952
R12=0000000000000035 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fc07125c700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe1900000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc073dfa018 CR3=000000001f6ef000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fc073dcd7c000007fc073dcd7c8
XMM02=00007fc073dcd7e000007fc073dcd7c0 XMM03=00007fc073dcd7c800007fc073dcd7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000000 RBX=ffff888009dc1b80 RCX=ffffffff8143cbaf RDX=1ffff110013b843d
RSI=ffffffff8143cbb8 RDI=ffff888009dc21e8 RBP=0000000000200000 RSP=ffff88800a307db8
R8 =0000000000000001 R9 =ffffed1001460fa8 R10=0000000000200000 R11=1ffff1100d9e6f7b
R12=ffff8880095dd179 R13=ffff88800956e128 R14=ffff888009dc1b80 R15=0000000000000086
RIP=ffffffff8143cbd4 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffff4fabd58 CR3=00000000421f3000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000