Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:55814' (ECDSA) to the list of known hosts. 2025/08/29 11:01:52 fuzzer started 2025/08/29 11:01:53 dialing manager at localhost:43077 syzkaller login: [ 43.487137] cgroup: Unknown subsys name 'net' [ 43.522110] cgroup: Unknown subsys name 'cpuset' [ 43.528700] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:02:02 syscalls: 2214 2025/08/29 11:02:02 code coverage: enabled 2025/08/29 11:02:02 comparison tracing: enabled 2025/08/29 11:02:02 extra coverage: enabled 2025/08/29 11:02:02 setuid sandbox: enabled 2025/08/29 11:02:02 namespace sandbox: enabled 2025/08/29 11:02:02 Android sandbox: enabled 2025/08/29 11:02:02 fault injection: enabled 2025/08/29 11:02:02 leak checking: enabled 2025/08/29 11:02:02 net packet injection: enabled 2025/08/29 11:02:02 net device setup: enabled 2025/08/29 11:02:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:02:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:02:02 USB emulation: enabled 2025/08/29 11:02:02 hci packet injection: enabled 2025/08/29 11:02:02 wifi device emulation: enabled 2025/08/29 11:02:02 802.15.4 emulation: enabled 2025/08/29 11:02:02 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:02:02 fetching corpus: 41, signal 16853/20481 (executing program) 2025/08/29 11:02:02 fetching corpus: 88, signal 30270/35303 (executing program) 2025/08/29 11:02:02 fetching corpus: 138, signal 43951/50055 (executing program) 2025/08/29 11:02:02 fetching corpus: 188, signal 54543/61611 (executing program) 2025/08/29 11:02:02 fetching corpus: 238, signal 57578/65866 (executing program) 2025/08/29 11:02:02 fetching corpus: 288, signal 61816/71142 (executing program) 2025/08/29 11:02:03 fetching corpus: 338, signal 66089/76416 (executing program) 2025/08/29 11:02:03 fetching corpus: 388, signal 68666/80038 (executing program) 2025/08/29 11:02:03 fetching corpus: 438, signal 72220/84433 (executing program) 2025/08/29 11:02:03 fetching corpus: 488, signal 74616/87757 (executing program) 2025/08/29 11:02:03 fetching corpus: 538, signal 77838/91770 (executing program) 2025/08/29 11:02:03 fetching corpus: 588, signal 81464/96027 (executing program) 2025/08/29 11:02:03 fetching corpus: 638, signal 83190/98690 (executing program) 2025/08/29 11:02:03 fetching corpus: 688, signal 85696/101871 (executing program) 2025/08/29 11:02:03 fetching corpus: 738, signal 88560/105294 (executing program) 2025/08/29 11:02:03 fetching corpus: 787, signal 90046/107522 (executing program) 2025/08/29 11:02:03 fetching corpus: 837, signal 91245/109514 (executing program) 2025/08/29 11:02:03 fetching corpus: 887, signal 93011/111936 (executing program) 2025/08/29 11:02:04 fetching corpus: 937, signal 94363/114016 (executing program) 2025/08/29 11:02:04 fetching corpus: 987, signal 95970/116285 (executing program) 2025/08/29 11:02:04 fetching corpus: 1036, signal 97949/118781 (executing program) 2025/08/29 11:02:04 fetching corpus: 1085, signal 99147/120654 (executing program) 2025/08/29 11:02:04 fetching corpus: 1135, signal 101882/123624 (executing program) 2025/08/29 11:02:04 fetching corpus: 1185, signal 103076/125384 (executing program) 2025/08/29 11:02:04 fetching corpus: 1234, signal 104372/127197 (executing program) 2025/08/29 11:02:04 fetching corpus: 1284, signal 105952/129208 (executing program) 2025/08/29 11:02:04 fetching corpus: 1333, signal 107253/131005 (executing program) 2025/08/29 11:02:05 fetching corpus: 1383, signal 108185/132523 (executing program) 2025/08/29 11:02:05 fetching corpus: 1433, signal 109539/134259 (executing program) 2025/08/29 11:02:05 fetching corpus: 1483, signal 111493/136408 (executing program) 2025/08/29 11:02:05 fetching corpus: 1533, signal 112441/137836 (executing program) 2025/08/29 11:02:05 fetching corpus: 1583, signal 113884/139522 (executing program) 2025/08/29 11:02:05 fetching corpus: 1633, signal 115145/141128 (executing program) 2025/08/29 11:02:05 fetching corpus: 1683, signal 116803/142904 (executing program) 2025/08/29 11:02:05 fetching corpus: 1733, signal 118240/144505 (executing program) 2025/08/29 11:02:05 fetching corpus: 1783, signal 119076/145715 (executing program) 2025/08/29 11:02:05 fetching corpus: 1833, signal 120414/147192 (executing program) 2025/08/29 11:02:05 fetching corpus: 1883, signal 121512/148496 (executing program) 2025/08/29 11:02:05 fetching corpus: 1933, signal 122779/149995 (executing program) 2025/08/29 11:02:06 fetching corpus: 1983, signal 123704/151221 (executing program) 2025/08/29 11:02:06 fetching corpus: 2033, signal 125035/152578 (executing program) 2025/08/29 11:02:06 fetching corpus: 2083, signal 125866/153685 (executing program) 2025/08/29 11:02:06 fetching corpus: 2133, signal 126634/154778 (executing program) 2025/08/29 11:02:06 fetching corpus: 2183, signal 127571/155945 (executing program) 2025/08/29 11:02:06 fetching corpus: 2233, signal 128170/156876 (executing program) 2025/08/29 11:02:06 fetching corpus: 2283, signal 128641/157718 (executing program) 2025/08/29 11:02:06 fetching corpus: 2333, signal 129876/158904 (executing program) 2025/08/29 11:02:06 fetching corpus: 2383, signal 130998/160018 (executing program) 2025/08/29 11:02:06 fetching corpus: 2433, signal 132079/161141 (executing program) 2025/08/29 11:02:06 fetching corpus: 2483, signal 132890/162105 (executing program) 2025/08/29 11:02:07 fetching corpus: 2533, signal 133708/163038 (executing program) 2025/08/29 11:02:07 fetching corpus: 2583, signal 134578/164020 (executing program) 2025/08/29 11:02:07 fetching corpus: 2633, signal 135206/164819 (executing program) 2025/08/29 11:02:07 fetching corpus: 2683, signal 136019/165663 (executing program) 2025/08/29 11:02:07 fetching corpus: 2733, signal 136863/166573 (executing program) 2025/08/29 11:02:07 fetching corpus: 2782, signal 137915/167530 (executing program) 2025/08/29 11:02:07 fetching corpus: 2832, signal 138486/168302 (executing program) 2025/08/29 11:02:07 fetching corpus: 2882, signal 139096/169033 (executing program) 2025/08/29 11:02:07 fetching corpus: 2932, signal 139641/169755 (executing program) 2025/08/29 11:02:07 fetching corpus: 2982, signal 140424/170530 (executing program) 2025/08/29 11:02:07 fetching corpus: 3032, signal 141209/171314 (executing program) 2025/08/29 11:02:08 fetching corpus: 3082, signal 141774/171981 (executing program) 2025/08/29 11:02:08 fetching corpus: 3132, signal 142607/172756 (executing program) 2025/08/29 11:02:08 fetching corpus: 3182, signal 143571/173519 (executing program) 2025/08/29 11:02:08 fetching corpus: 3232, signal 144058/174135 (executing program) 2025/08/29 11:02:08 fetching corpus: 3282, signal 144746/174785 (executing program) 2025/08/29 11:02:08 fetching corpus: 3332, signal 145270/175407 (executing program) 2025/08/29 11:02:08 fetching corpus: 3382, signal 145758/175962 (executing program) 2025/08/29 11:02:08 fetching corpus: 3432, signal 146260/176503 (executing program) 2025/08/29 11:02:08 fetching corpus: 3482, signal 146956/177131 (executing program) 2025/08/29 11:02:08 fetching corpus: 3532, signal 147689/177758 (executing program) 2025/08/29 11:02:08 fetching corpus: 3582, signal 148349/178303 (executing program) 2025/08/29 11:02:08 fetching corpus: 3632, signal 148725/178786 (executing program) 2025/08/29 11:02:08 fetching corpus: 3682, signal 149386/179328 (executing program) 2025/08/29 11:02:09 fetching corpus: 3732, signal 149748/179749 (executing program) 2025/08/29 11:02:09 fetching corpus: 3782, signal 150416/180338 (executing program) 2025/08/29 11:02:09 fetching corpus: 3832, signal 150917/180844 (executing program) 2025/08/29 11:02:09 fetching corpus: 3882, signal 151413/181295 (executing program) 2025/08/29 11:02:09 fetching corpus: 3932, signal 151969/181761 (executing program) 2025/08/29 11:02:09 fetching corpus: 3982, signal 152450/182188 (executing program) 2025/08/29 11:02:09 fetching corpus: 4032, signal 152961/182646 (executing program) 2025/08/29 11:02:09 fetching corpus: 4082, signal 153377/183041 (executing program) 2025/08/29 11:02:09 fetching corpus: 4132, signal 153964/183485 (executing program) 2025/08/29 11:02:09 fetching corpus: 4182, signal 154708/183918 (executing program) 2025/08/29 11:02:09 fetching corpus: 4231, signal 155126/184274 (executing program) 2025/08/29 11:02:10 fetching corpus: 4281, signal 155603/184720 (executing program) 2025/08/29 11:02:10 fetching corpus: 4331, signal 156168/185127 (executing program) 2025/08/29 11:02:10 fetching corpus: 4381, signal 156830/185463 (executing program) 2025/08/29 11:02:10 fetching corpus: 4431, signal 157498/185770 (executing program) 2025/08/29 11:02:10 fetching corpus: 4480, signal 158109/186056 (executing program) 2025/08/29 11:02:10 fetching corpus: 4530, signal 158469/186063 (executing program) 2025/08/29 11:02:10 fetching corpus: 4580, signal 158966/186070 (executing program) 2025/08/29 11:02:10 fetching corpus: 4630, signal 159817/186079 (executing program) 2025/08/29 11:02:10 fetching corpus: 4680, signal 160379/186094 (executing program) 2025/08/29 11:02:10 fetching corpus: 4729, signal 160742/186097 (executing program) 2025/08/29 11:02:10 fetching corpus: 4779, signal 161240/186186 (executing program) 2025/08/29 11:02:11 fetching corpus: 4829, signal 161762/186220 (executing program) 2025/08/29 11:02:11 fetching corpus: 4879, signal 162174/186235 (executing program) 2025/08/29 11:02:11 fetching corpus: 4929, signal 162762/186243 (executing program) 2025/08/29 11:02:11 fetching corpus: 4978, signal 163259/186258 (executing program) 2025/08/29 11:02:11 fetching corpus: 5028, signal 163532/186269 (executing program) 2025/08/29 11:02:11 fetching corpus: 5078, signal 163892/186272 (executing program) 2025/08/29 11:02:11 fetching corpus: 5128, signal 164611/186285 (executing program) 2025/08/29 11:02:11 fetching corpus: 5178, signal 165304/186316 (executing program) 2025/08/29 11:02:11 fetching corpus: 5228, signal 165613/186340 (executing program) 2025/08/29 11:02:11 fetching corpus: 5278, signal 166057/186344 (executing program) 2025/08/29 11:02:11 fetching corpus: 5328, signal 166576/186345 (executing program) 2025/08/29 11:02:11 fetching corpus: 5378, signal 167045/186348 (executing program) 2025/08/29 11:02:11 fetching corpus: 5428, signal 167393/186359 (executing program) 2025/08/29 11:02:12 fetching corpus: 5478, signal 167793/186362 (executing program) 2025/08/29 11:02:12 fetching corpus: 5528, signal 168106/186382 (executing program) 2025/08/29 11:02:12 fetching corpus: 5578, signal 168398/186397 (executing program) 2025/08/29 11:02:12 fetching corpus: 5628, signal 168702/186411 (executing program) 2025/08/29 11:02:12 fetching corpus: 5678, signal 169111/186447 (executing program) 2025/08/29 11:02:12 fetching corpus: 5728, signal 169492/186471 (executing program) 2025/08/29 11:02:12 fetching corpus: 5778, signal 170017/186478 (executing program) 2025/08/29 11:02:12 fetching corpus: 5828, signal 170496/186488 (executing program) 2025/08/29 11:02:12 fetching corpus: 5877, signal 170882/186537 (executing program) 2025/08/29 11:02:12 fetching corpus: 5927, signal 171283/186541 (executing program) 2025/08/29 11:02:12 fetching corpus: 5976, signal 171591/186549 (executing program) 2025/08/29 11:02:12 fetching corpus: 6026, signal 171970/186558 (executing program) 2025/08/29 11:02:13 fetching corpus: 6076, signal 172229/186571 (executing program) 2025/08/29 11:02:13 fetching corpus: 6126, signal 172472/186591 (executing program) 2025/08/29 11:02:13 fetching corpus: 6176, signal 172787/186598 (executing program) 2025/08/29 11:02:13 fetching corpus: 6226, signal 173087/186623 (executing program) 2025/08/29 11:02:13 fetching corpus: 6276, signal 173430/186657 (executing program) 2025/08/29 11:02:13 fetching corpus: 6326, signal 173712/186668 (executing program) 2025/08/29 11:02:13 fetching corpus: 6376, signal 174022/186685 (executing program) 2025/08/29 11:02:13 fetching corpus: 6426, signal 174314/186704 (executing program) 2025/08/29 11:02:13 fetching corpus: 6476, signal 174603/186726 (executing program) 2025/08/29 11:02:13 fetching corpus: 6526, signal 174862/186740 (executing program) 2025/08/29 11:02:13 fetching corpus: 6576, signal 175198/186743 (executing program) 2025/08/29 11:02:13 fetching corpus: 6626, signal 175503/186756 (executing program) 2025/08/29 11:02:14 fetching corpus: 6676, signal 175997/186762 (executing program) 2025/08/29 11:02:14 fetching corpus: 6726, signal 176206/186764 (executing program) 2025/08/29 11:02:14 fetching corpus: 6776, signal 176459/186773 (executing program) 2025/08/29 11:02:14 fetching corpus: 6826, signal 176832/186821 (executing program) 2025/08/29 11:02:14 fetching corpus: 6876, signal 177159/186829 (executing program) 2025/08/29 11:02:14 fetching corpus: 6925, signal 177385/186837 (executing program) 2025/08/29 11:02:14 fetching corpus: 6975, signal 177711/186859 (executing program) 2025/08/29 11:02:14 fetching corpus: 7025, signal 177971/186870 (executing program) 2025/08/29 11:02:14 fetching corpus: 7075, signal 178286/186887 (executing program) 2025/08/29 11:02:14 fetching corpus: 7125, signal 178637/186899 (executing program) 2025/08/29 11:02:14 fetching corpus: 7175, signal 179015/186900 (executing program) 2025/08/29 11:02:14 fetching corpus: 7225, signal 179384/186907 (executing program) 2025/08/29 11:02:14 fetching corpus: 7275, signal 179807/186923 (executing program) 2025/08/29 11:02:14 fetching corpus: 7325, signal 180337/186950 (executing program) 2025/08/29 11:02:15 fetching corpus: 7375, signal 180561/186968 (executing program) 2025/08/29 11:02:15 fetching corpus: 7425, signal 180819/186970 (executing program) 2025/08/29 11:02:15 fetching corpus: 7475, signal 181240/186988 (executing program) 2025/08/29 11:02:15 fetching corpus: 7525, signal 181481/187005 (executing program) 2025/08/29 11:02:15 fetching corpus: 7575, signal 181698/187012 (executing program) 2025/08/29 11:02:15 fetching corpus: 7624, signal 181941/187024 (executing program) 2025/08/29 11:02:15 fetching corpus: 7674, signal 182312/187045 (executing program) 2025/08/29 11:02:15 fetching corpus: 7724, signal 182697/187084 (executing program) 2025/08/29 11:02:15 fetching corpus: 7774, signal 182955/187089 (executing program) 2025/08/29 11:02:15 fetching corpus: 7824, signal 183165/187093 (executing program) 2025/08/29 11:02:15 fetching corpus: 7874, signal 183527/187093 (executing program) 2025/08/29 11:02:16 fetching corpus: 7924, signal 183733/187097 (executing program) 2025/08/29 11:02:16 fetching corpus: 7957, signal 183890/187105 (executing program) 2025/08/29 11:02:16 fetching corpus: 7957, signal 183890/187105 (executing program) 2025/08/29 11:02:18 starting 8 fuzzer processes 11:02:18 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setuid(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:18 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1f, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000200)) 11:02:18 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x40181, 0x0) write$P9_RREAD(r0, &(0x7f0000000100)={0x30, 0x75, 0x0, {0xa000000}}, 0xb) 11:02:18 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x2, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 11:02:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x40002000}, 0xc) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup2(r1, r0) [ 68.957826] audit: type=1400 audit(1756465338.750:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:02:18 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setstatus(r0, 0x4, 0x2800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r0) 11:02:18 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, 0x0) 11:02:18 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000640), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}}, 0x0) [ 70.142975] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.145205] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.146984] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.150224] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.152638] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.154467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.161768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.171973] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.177159] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.180810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.205268] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.208187] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.215491] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.231263] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.237614] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.263636] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.267303] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.275294] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.284287] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.289272] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.364677] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.375621] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.378653] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.379649] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.380702] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.384338] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.388509] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.388520] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.389729] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 70.393604] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.395825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.405296] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 70.412916] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.416615] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.420733] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.423636] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.429139] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.445323] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.448492] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 70.455172] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.173576] Bluetooth: hci1: command tx timeout [ 72.239975] Bluetooth: hci0: command tx timeout [ 72.301123] Bluetooth: hci2: command tx timeout [ 72.365051] Bluetooth: hci3: command tx timeout [ 72.493220] Bluetooth: hci6: command tx timeout [ 72.494130] Bluetooth: hci7: command tx timeout [ 72.494616] Bluetooth: hci4: command tx timeout [ 72.557168] Bluetooth: hci5: command tx timeout [ 74.221885] Bluetooth: hci1: command tx timeout [ 74.285082] Bluetooth: hci0: command tx timeout [ 74.349108] Bluetooth: hci2: command tx timeout [ 74.414652] Bluetooth: hci3: command tx timeout [ 74.541116] Bluetooth: hci4: command tx timeout [ 74.541571] Bluetooth: hci7: command tx timeout [ 74.541946] Bluetooth: hci6: command tx timeout [ 74.605077] Bluetooth: hci5: command tx timeout [ 76.269473] Bluetooth: hci1: command tx timeout [ 76.333533] Bluetooth: hci0: command tx timeout [ 76.397119] Bluetooth: hci2: command tx timeout [ 76.462178] Bluetooth: hci3: command tx timeout [ 76.589069] Bluetooth: hci6: command tx timeout [ 76.589485] Bluetooth: hci7: command tx timeout [ 76.589865] Bluetooth: hci4: command tx timeout [ 76.655090] Bluetooth: hci5: command tx timeout [ 78.317144] Bluetooth: hci1: command tx timeout [ 78.381179] Bluetooth: hci0: command tx timeout [ 78.445141] Bluetooth: hci2: command tx timeout [ 78.509055] Bluetooth: hci3: command tx timeout [ 78.637180] Bluetooth: hci4: command tx timeout [ 78.637613] Bluetooth: hci7: command tx timeout [ 78.637987] Bluetooth: hci6: command tx timeout [ 78.701063] Bluetooth: hci5: command tx timeout [ 106.836299] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.836965] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.039438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.040063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:57 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000640), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}}, 0x0) 11:02:57 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000640), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}}, 0x0) 11:02:57 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000640), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}}, 0x0) [ 108.026128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.026754] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:57 executing program 4: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{&(0x7f0000000580)=""/199, 0xc7}], 0x1) 11:02:57 executing program 4: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{&(0x7f0000000580)=""/199, 0xc7}], 0x1) [ 108.234916] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.235910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:58 executing program 4: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{&(0x7f0000000580)=""/199, 0xc7}], 0x1) [ 108.400048] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.400673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:58 executing program 4: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x1b, &(0x7f0000001680)=[{&(0x7f0000000580)=""/199, 0xc7}], 0x1) 11:02:58 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5335, &(0x7f0000000040)) [ 108.585113] audit: type=1400 audit(1756465378.377:8): avc: denied { open } for pid=3830 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.593090] audit: type=1400 audit(1756465378.377:9): avc: denied { kernel } for pid=3830 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.599470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.600014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.906323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.906892] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.980335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.980902] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.108545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.109266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.168655] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.169218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.360498] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.361157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.500516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.501204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.572238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.572866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.617455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.618098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.681717] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.682510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.762410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.763268] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:02:59 executing program 6: syz_io_uring_setup(0x4523, &(0x7f0000000280)={0x0, 0x80000000, 0x8, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) 11:02:59 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setuid(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:02:59 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x40181, 0x0) write$P9_RREAD(r0, &(0x7f0000000100)={0x30, 0x75, 0x0, {0xa000000}}, 0xb) 11:02:59 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1f, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000200)) 11:02:59 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5335, &(0x7f0000000040)) 11:02:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setstatus(r0, 0x4, 0x2800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r0) 11:02:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x40002000}, 0xc) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup2(r1, r0) 11:02:59 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x2, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 11:02:59 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setstatus(r0, 0x4, 0x2800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r0) 11:03:00 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setuid(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:03:00 executing program 6: syz_io_uring_setup(0x4523, &(0x7f0000000280)={0x0, 0x80000000, 0x8, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) 11:03:00 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendto$packet(r0, 0x0, 0x2, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 11:03:00 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x40181, 0x0) write$P9_RREAD(r0, &(0x7f0000000100)={0x30, 0x75, 0x0, {0xa000000}}, 0xb) 11:03:00 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1f, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000200)) 11:03:00 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5335, &(0x7f0000000040)) 11:03:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x40002000}, 0xc) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup2(r1, r0) 11:03:00 executing program 0: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setuid(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setuid(0x0) close_range(r0, 0xffffffffffffffff, 0x0) 11:03:00 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setstatus(r0, 0x4, 0x2800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r0) [ 110.410004] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 110.410856] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 110.411529] CPU: 1 UID: 0 PID: 3953 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.413056] Tainted: [W]=WARN [ 110.413877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.415553] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.416570] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.420578] RSP: 0018:ffff8880482c7780 EFLAGS: 00010012 [ 110.421005] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90008cd0000 [ 110.421558] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.422110] RBP: ffff8880482c79f0 R08: ffff88806cf31340 R09: ffffe8ffffd163b0 [ 110.422665] R10: 0000000000000000 R11: ffff88800f07e898 R12: dffffc0000000000 [ 110.423215] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.423768] FS: 00007febfc032700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.424392] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.424848] CR2: 00007febfebd0018 CR3: 0000000046a52000 CR4: 0000000000350ef0 [ 110.425401] Call Trace: [ 110.425606] [ 110.425786] ? lock_release+0xc8/0x290 [ 110.426102] ? __pfx_perf_tp_event+0x10/0x10 [ 110.426455] ? unwind_get_return_address+0x59/0xa0 [ 110.426849] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 110.427276] ? arch_stack_walk+0x9c/0xf0 [ 110.427597] ? __lock_acquire+0x694/0x1b70 [ 110.427938] ? __lock_acquire+0x694/0x1b70 [ 110.428273] ? lock_acquire+0x15e/0x2f0 [ 110.428588] ? __is_insn_slot_addr+0x2e/0x290 [ 110.428955] ? find_held_lock+0x2b/0x80 [ 110.429274] ? __is_insn_slot_addr+0x136/0x290 [ 110.429640] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.430033] perf_trace_run_bpf_submit+0xef/0x180 [ 110.430414] perf_trace_preemptirq_template+0x259/0x430 [ 110.430843] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 110.431276] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.431736] ? __pfx___resched_curr+0x10/0x10 [ 110.432097] ? find_held_lock+0x2b/0x80 [ 110.432413] ? try_to_wake_up+0x8ae/0x11d0 [ 110.432756] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 110.433158] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.433551] trace_hardirqs_on+0x26/0x40 [ 110.433873] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 110.434258] try_to_wake_up+0x8ae/0x11d0 [ 110.434582] ? __pfx_try_to_wake_up+0x10/0x10 [ 110.434945] ? plist_del+0x122/0x270 [ 110.435242] ? find_held_lock+0x2b/0x80 [ 110.435561] ? futex_wake+0x474/0x540 [ 110.435868] wake_up_q+0xa1/0x130 [ 110.436153] futex_wake+0x47e/0x540 [ 110.436448] ? __pfx_futex_wake+0x10/0x10 [ 110.436782] ? __lock_acquire+0x694/0x1b70 [ 110.437118] ? file_init_path+0x506/0x770 [ 110.437452] do_futex+0x26d/0x370 [ 110.437736] ? __pfx_do_futex+0x10/0x10 [ 110.438055] ? lock_release+0xc8/0x290 [ 110.438364] __x64_sys_futex+0x1c9/0x4d0 [ 110.438686] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.439150] ? __pfx___x64_sys_futex+0x10/0x10 [ 110.439512] do_syscall_64+0xbf/0x360 [ 110.439811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.440214] RIP: 0033:0x7febfeabcb19 [ 110.440506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.441907] RSP: 002b:00007febfc032218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.442490] RAX: ffffffffffffffda RBX: 00007febfebcff68 RCX: 00007febfeabcb19 [ 110.443039] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007febfebcff6c [ 110.443588] RBP: 00007febfebcff60 R08: 000000000000000e R09: 0000000000000000 [ 110.444148] R10: 0000000000000003 R11: 0000000000000246 R12: 00007febfebcff6c [ 110.444699] R13: 00007ffea2ad0acf R14: 00007febfc032300 R15: 0000000000022000 [ 110.445262] [ 110.445448] Modules linked in: [ 110.445703] ---[ end trace 0000000000000000 ]--- [ 110.446072] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.446442] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.447838] RSP: 0018:ffff8880482c7780 EFLAGS: 00010012 [ 110.448253] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90008cd0000 [ 110.448811] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.449363] RBP: ffff8880482c79f0 R08: ffff88806cf31340 R09: ffffe8ffffd163b0 [ 110.449914] R10: 0000000000000000 R11: ffff88800f07e898 R12: dffffc0000000000 [ 110.450467] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.451018] FS: 00007febfc032700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.451639] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.452092] CR2: 00007febfebd0018 CR3: 0000000046a52000 CR4: 0000000000350ef0 [ 110.452645] note: syz-executor.5[3953] exited with irqs disabled [ 110.453174] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 110.454038] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 110.454706] CPU: 1 UID: 0 PID: 3953 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.455629] Tainted: [D]=DIE, [W]=WARN [ 110.455929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.456563] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.456950] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.458353] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 110.458773] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 110.459323] RDX: ffff8880466d5280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.459877] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd163b0 [ 110.460425] R10: 0000000000000000 R11: ffff88801bcd3498 R12: dffffc0000000000 [ 110.460978] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 110.461530] FS: 00007febfc032700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.462148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.462599] CR2: 00007febfebd0018 CR3: 0000000046a52000 CR4: 0000000000350ef0 [ 110.463148] Call Trace: [ 110.463352] [ 110.463529] ? __pfx_perf_tp_event+0x10/0x10 [ 110.463883] ? enqueue_task_fair+0xded/0x1e00 [ 110.464239] ? check_preempt_wakeup_fair+0x6e/0x950 [ 110.464634] ? wakeup_preempt+0x140/0x2a0 [ 110.464969] ? lock_release+0x1c7/0x290 [ 110.465285] ? lock_release+0x1c7/0x290 [ 110.465601] ? do_raw_spin_unlock+0x53/0x220 [ 110.465960] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 110.466363] ? try_to_wake_up+0x8ae/0x11d0 [ 110.466703] ? do_raw_spin_lock+0x123/0x260 [ 110.467047] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.467420] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.467816] perf_trace_run_bpf_submit+0xef/0x180 [ 110.468202] perf_trace_preemptirq_template+0x259/0x430 [ 110.468628] ? read_tsc+0x9/0x20 [ 110.468911] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.469380] ? clockevents_program_event+0x135/0x360 [ 110.469783] ? tick_program_event+0xac/0x140 [ 110.470131] ? handle_softirqs+0x16e/0x770 [ 110.470472] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.470870] trace_hardirqs_on+0x26/0x40 [ 110.471189] handle_softirqs+0x16e/0x770 [ 110.471517] __irq_exit_rcu+0xc4/0x100 [ 110.471840] irq_exit_rcu+0x9/0x20 [ 110.472123] sysvec_apic_timer_interrupt+0x70/0x80 [ 110.472513] [ 110.472695] [ 110.472881] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 110.473295] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 110.473667] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 110.475066] RSP: 0018:ffff8880482c7f28 EFLAGS: 00000246 [ 110.475482] RAX: 0000000000000001 RBX: ffff8880466d5280 RCX: ffffffff817c2b86 [ 110.476033] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 110.476581] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 110.477141] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff8880466d5280 [ 110.477689] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 110.478247] ? trace_irq_enable.constprop.0+0x26/0x100 [ 110.478657] ? make_task_dead+0x214/0x3b0 [ 110.478988] ? make_task_dead+0x214/0x3b0 [ 110.479318] ? do_syscall_64+0xbf/0x360 [ 110.479632] rewind_stack_and_make_dead+0x16/0x20 [ 110.480019] RIP: 0033:0x7febfeabcb19 [ 110.480310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.481714] RSP: 002b:00007febfc032218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.482300] RAX: ffffffffffffffda RBX: 00007febfebcff68 RCX: 00007febfeabcb19 [ 110.482849] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007febfebcff6c [ 110.483402] RBP: 00007febfebcff60 R08: 000000000000000e R09: 0000000000000000 [ 110.483950] R10: 0000000000000003 R11: 0000000000000246 R12: 00007febfebcff6c [ 110.484509] R13: 00007ffea2ad0acf R14: 00007febfc032300 R15: 0000000000022000 [ 110.485068] [ 110.485255] Modules linked in: [ 110.485511] ---[ end trace 0000000000000000 ]--- [ 110.485875] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.486246] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.487639] RSP: 0018:ffff8880482c7780 EFLAGS: 00010012 [ 110.488058] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90008cd0000 [ 110.488610] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.489168] RBP: ffff8880482c79f0 R08: ffff88806cf31340 R09: ffffe8ffffd163b0 [ 110.489720] R10: 0000000000000000 R11: ffff88800f07e898 R12: dffffc0000000000 [ 110.490270] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.490828] FS: 00007febfc032700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 110.491451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.491904] CR2: 00007febfebd0018 CR3: 0000000046a52000 CR4: 0000000000350ef0 [ 110.492456] Kernel panic - not syncing: Fatal exception in interrupt [ 110.493070] Kernel Offset: disabled [ 110.493354] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:03:00 Registers: info registers vcpu 0 RAX=0000000000000002 RBX=0000000000000001 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88806ce31850 RBP=ffff888048207330 RSP=ffff888048207258 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003be53 R11=0000000000024ac7 R12=0000000000000000 R13=ffff888048207320 R14=ffff888045953700 R15=ffff8880482072d8 RIP=ffffffff84bb8d6a RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555566a58400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa999a53004 CR3=000000001e0c9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880482c7070 R8 =0000000000000000 R9 =ffffed1001650046 R10=0000000000000062 R11=0000000065646f43 R12=0000000000000062 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007febfc032700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007febfebd0018 CR3=0000000046a52000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007febfeba37c000007febfeba37c8 XMM02=00007febfeba37e000007febfeba37c0 XMM03=00007febfeba37c800007febfeba37c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000