Warning: Permanently added '[localhost]:40726' (ECDSA) to the list of known hosts.
2025/08/29 11:03:57 fuzzer started
2025/08/29 11:03:57 dialing manager at localhost:43077
syzkaller login: [   51.551402] cgroup: Unknown subsys name 'net'
[   51.606129] cgroup: Unknown subsys name 'cpuset'
[   51.626231] cgroup: Unknown subsys name 'rlimit'
2025/08/29 11:04:08 syscalls: 2214
2025/08/29 11:04:08 code coverage: enabled
2025/08/29 11:04:08 comparison tracing: enabled
2025/08/29 11:04:08 extra coverage: enabled
2025/08/29 11:04:08 setuid sandbox: enabled
2025/08/29 11:04:08 namespace sandbox: enabled
2025/08/29 11:04:08 Android sandbox: enabled
2025/08/29 11:04:08 fault injection: enabled
2025/08/29 11:04:08 leak checking: enabled
2025/08/29 11:04:08 net packet injection: enabled
2025/08/29 11:04:08 net device setup: enabled
2025/08/29 11:04:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 11:04:08 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 11:04:08 USB emulation: enabled
2025/08/29 11:04:08 hci packet injection: enabled
2025/08/29 11:04:08 wifi device emulation: enabled
2025/08/29 11:04:08 802.15.4 emulation: enabled
2025/08/29 11:04:08 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 11:04:08 fetching corpus: 50, signal 24818/28285 (executing program)
2025/08/29 11:04:08 fetching corpus: 100, signal 37592/42391 (executing program)
2025/08/29 11:04:09 fetching corpus: 150, signal 42678/48829 (executing program)
2025/08/29 11:04:09 fetching corpus: 200, signal 47631/55001 (executing program)
2025/08/29 11:04:09 fetching corpus: 250, signal 54960/63292 (executing program)
2025/08/29 11:04:09 fetching corpus: 300, signal 59039/68453 (executing program)
2025/08/29 11:04:09 fetching corpus: 350, signal 63803/74234 (executing program)
2025/08/29 11:04:09 fetching corpus: 400, signal 70929/81979 (executing program)
2025/08/29 11:04:09 fetching corpus: 450, signal 74888/86796 (executing program)
2025/08/29 11:04:09 fetching corpus: 500, signal 78141/90880 (executing program)
2025/08/29 11:04:09 fetching corpus: 550, signal 81679/95146 (executing program)
2025/08/29 11:04:09 fetching corpus: 600, signal 83960/98271 (executing program)
2025/08/29 11:04:09 fetching corpus: 650, signal 86529/101517 (executing program)
2025/08/29 11:04:09 fetching corpus: 700, signal 88338/104121 (executing program)
2025/08/29 11:04:10 fetching corpus: 750, signal 90179/106704 (executing program)
2025/08/29 11:04:10 fetching corpus: 800, signal 92091/109318 (executing program)
2025/08/29 11:04:10 fetching corpus: 850, signal 93969/111841 (executing program)
2025/08/29 11:04:10 fetching corpus: 900, signal 96157/114605 (executing program)
2025/08/29 11:04:10 fetching corpus: 950, signal 97621/116711 (executing program)
2025/08/29 11:04:10 fetching corpus: 1000, signal 99414/119043 (executing program)
2025/08/29 11:04:10 fetching corpus: 1050, signal 101564/121637 (executing program)
2025/08/29 11:04:10 fetching corpus: 1100, signal 102833/123494 (executing program)
2025/08/29 11:04:10 fetching corpus: 1150, signal 103990/125236 (executing program)
2025/08/29 11:04:10 fetching corpus: 1200, signal 105117/126939 (executing program)
2025/08/29 11:04:10 fetching corpus: 1250, signal 106042/128466 (executing program)
2025/08/29 11:04:10 fetching corpus: 1300, signal 107366/130274 (executing program)
2025/08/29 11:04:11 fetching corpus: 1350, signal 108861/132171 (executing program)
2025/08/29 11:04:11 fetching corpus: 1400, signal 109900/133690 (executing program)
2025/08/29 11:04:11 fetching corpus: 1450, signal 111923/135929 (executing program)
2025/08/29 11:04:11 fetching corpus: 1500, signal 112731/137250 (executing program)
2025/08/29 11:04:11 fetching corpus: 1550, signal 114049/138904 (executing program)
2025/08/29 11:04:11 fetching corpus: 1600, signal 115470/140605 (executing program)
2025/08/29 11:04:11 fetching corpus: 1650, signal 116100/141838 (executing program)
2025/08/29 11:04:11 fetching corpus: 1700, signal 117237/143276 (executing program)
2025/08/29 11:04:11 fetching corpus: 1750, signal 118543/144865 (executing program)
2025/08/29 11:04:11 fetching corpus: 1800, signal 119787/146367 (executing program)
2025/08/29 11:04:11 fetching corpus: 1850, signal 121072/147831 (executing program)
2025/08/29 11:04:12 fetching corpus: 1900, signal 122338/149272 (executing program)
2025/08/29 11:04:12 fetching corpus: 1950, signal 123774/150796 (executing program)
2025/08/29 11:04:12 fetching corpus: 2000, signal 124853/152065 (executing program)
2025/08/29 11:04:12 fetching corpus: 2050, signal 125708/153172 (executing program)
2025/08/29 11:04:12 fetching corpus: 2100, signal 126842/154397 (executing program)
2025/08/29 11:04:12 fetching corpus: 2150, signal 127396/155347 (executing program)
2025/08/29 11:04:12 fetching corpus: 2200, signal 128619/156631 (executing program)
2025/08/29 11:04:12 fetching corpus: 2250, signal 129402/157657 (executing program)
2025/08/29 11:04:12 fetching corpus: 2300, signal 130167/158626 (executing program)
2025/08/29 11:04:12 fetching corpus: 2350, signal 131243/159762 (executing program)
2025/08/29 11:04:12 fetching corpus: 2400, signal 131975/160712 (executing program)
2025/08/29 11:04:12 fetching corpus: 2450, signal 133028/161836 (executing program)
2025/08/29 11:04:13 fetching corpus: 2500, signal 133674/162690 (executing program)
2025/08/29 11:04:13 fetching corpus: 2550, signal 134133/163490 (executing program)
2025/08/29 11:04:13 fetching corpus: 2600, signal 134781/164326 (executing program)
2025/08/29 11:04:13 fetching corpus: 2650, signal 136074/165403 (executing program)
2025/08/29 11:04:13 fetching corpus: 2700, signal 136754/166181 (executing program)
2025/08/29 11:04:13 fetching corpus: 2750, signal 137710/167114 (executing program)
2025/08/29 11:04:13 fetching corpus: 2800, signal 138430/167946 (executing program)
2025/08/29 11:04:13 fetching corpus: 2850, signal 139047/168694 (executing program)
2025/08/29 11:04:13 fetching corpus: 2900, signal 139598/169415 (executing program)
2025/08/29 11:04:13 fetching corpus: 2950, signal 140141/170116 (executing program)
2025/08/29 11:04:13 fetching corpus: 3000, signal 140892/170857 (executing program)
2025/08/29 11:04:14 fetching corpus: 3050, signal 141762/171666 (executing program)
2025/08/29 11:04:14 fetching corpus: 3100, signal 142571/172404 (executing program)
2025/08/29 11:04:14 fetching corpus: 3150, signal 143103/173046 (executing program)
2025/08/29 11:04:14 fetching corpus: 3200, signal 143761/173717 (executing program)
2025/08/29 11:04:14 fetching corpus: 3250, signal 144374/174357 (executing program)
2025/08/29 11:04:14 fetching corpus: 3300, signal 145207/175069 (executing program)
2025/08/29 11:04:14 fetching corpus: 3350, signal 145632/175633 (executing program)
2025/08/29 11:04:14 fetching corpus: 3400, signal 146131/176206 (executing program)
2025/08/29 11:04:14 fetching corpus: 3450, signal 147125/176989 (executing program)
2025/08/29 11:04:14 fetching corpus: 3500, signal 147806/177574 (executing program)
2025/08/29 11:04:15 fetching corpus: 3550, signal 148271/178094 (executing program)
2025/08/29 11:04:15 fetching corpus: 3600, signal 148891/178644 (executing program)
2025/08/29 11:04:15 fetching corpus: 3650, signal 149476/179193 (executing program)
2025/08/29 11:04:15 fetching corpus: 3700, signal 149910/179670 (executing program)
2025/08/29 11:04:15 fetching corpus: 3750, signal 150375/180156 (executing program)
2025/08/29 11:04:15 fetching corpus: 3800, signal 151037/180645 (executing program)
2025/08/29 11:04:15 fetching corpus: 3850, signal 151680/181191 (executing program)
2025/08/29 11:04:15 fetching corpus: 3900, signal 152213/181659 (executing program)
2025/08/29 11:04:15 fetching corpus: 3950, signal 152626/182095 (executing program)
2025/08/29 11:04:15 fetching corpus: 4000, signal 153279/182536 (executing program)
2025/08/29 11:04:15 fetching corpus: 4050, signal 153597/182946 (executing program)
2025/08/29 11:04:16 fetching corpus: 4100, signal 154094/183332 (executing program)
2025/08/29 11:04:16 fetching corpus: 4150, signal 154535/183744 (executing program)
2025/08/29 11:04:16 fetching corpus: 4200, signal 155012/184148 (executing program)
2025/08/29 11:04:16 fetching corpus: 4250, signal 155480/184519 (executing program)
2025/08/29 11:04:16 fetching corpus: 4300, signal 156009/184895 (executing program)
2025/08/29 11:04:16 fetching corpus: 4350, signal 156500/185275 (executing program)
2025/08/29 11:04:16 fetching corpus: 4400, signal 156888/185587 (executing program)
2025/08/29 11:04:16 fetching corpus: 4450, signal 157390/185911 (executing program)
2025/08/29 11:04:16 fetching corpus: 4500, signal 158068/186152 (executing program)
2025/08/29 11:04:16 fetching corpus: 4550, signal 158479/186154 (executing program)
2025/08/29 11:04:17 fetching corpus: 4600, signal 158957/186230 (executing program)
2025/08/29 11:04:17 fetching corpus: 4650, signal 159429/186275 (executing program)
2025/08/29 11:04:17 fetching corpus: 4700, signal 160065/186292 (executing program)
2025/08/29 11:04:17 fetching corpus: 4750, signal 160712/186296 (executing program)
2025/08/29 11:04:17 fetching corpus: 4800, signal 161271/186421 (executing program)
2025/08/29 11:04:17 fetching corpus: 4850, signal 161611/186421 (executing program)
2025/08/29 11:04:17 fetching corpus: 4900, signal 162100/186435 (executing program)
2025/08/29 11:04:17 fetching corpus: 4950, signal 162855/186443 (executing program)
2025/08/29 11:04:17 fetching corpus: 5000, signal 163437/186450 (executing program)
2025/08/29 11:04:17 fetching corpus: 5050, signal 163695/186451 (executing program)
2025/08/29 11:04:18 fetching corpus: 5100, signal 164244/186494 (executing program)
2025/08/29 11:04:18 fetching corpus: 5150, signal 164740/186528 (executing program)
2025/08/29 11:04:18 fetching corpus: 5200, signal 165133/186543 (executing program)
2025/08/29 11:04:18 fetching corpus: 5250, signal 165686/186550 (executing program)
2025/08/29 11:04:18 fetching corpus: 5300, signal 166176/186555 (executing program)
2025/08/29 11:04:18 fetching corpus: 5350, signal 166416/186566 (executing program)
2025/08/29 11:04:18 fetching corpus: 5400, signal 166748/186569 (executing program)
2025/08/29 11:04:18 fetching corpus: 5450, signal 167428/186581 (executing program)
2025/08/29 11:04:18 fetching corpus: 5500, signal 168145/186612 (executing program)
2025/08/29 11:04:18 fetching corpus: 5550, signal 168384/186644 (executing program)
2025/08/29 11:04:18 fetching corpus: 5600, signal 168801/186648 (executing program)
2025/08/29 11:04:18 fetching corpus: 5650, signal 169342/186648 (executing program)
2025/08/29 11:04:19 fetching corpus: 5700, signal 169824/186650 (executing program)
2025/08/29 11:04:19 fetching corpus: 5750, signal 170168/186659 (executing program)
2025/08/29 11:04:19 fetching corpus: 5800, signal 170429/186664 (executing program)
2025/08/29 11:04:19 fetching corpus: 5850, signal 170848/186684 (executing program)
2025/08/29 11:04:19 fetching corpus: 5900, signal 171132/186699 (executing program)
2025/08/29 11:04:19 fetching corpus: 5950, signal 171430/186713 (executing program)
2025/08/29 11:04:19 fetching corpus: 6000, signal 171751/186749 (executing program)
2025/08/29 11:04:19 fetching corpus: 6050, signal 172105/186772 (executing program)
2025/08/29 11:04:19 fetching corpus: 6100, signal 172532/186777 (executing program)
2025/08/29 11:04:19 fetching corpus: 6150, signal 173086/186782 (executing program)
2025/08/29 11:04:19 fetching corpus: 6200, signal 173314/186793 (executing program)
2025/08/29 11:04:20 fetching corpus: 6250, signal 173690/186796 (executing program)
2025/08/29 11:04:20 fetching corpus: 6300, signal 174135/186800 (executing program)
2025/08/29 11:04:20 fetching corpus: 6350, signal 174443/186804 (executing program)
2025/08/29 11:04:20 fetching corpus: 6400, signal 174758/186826 (executing program)
2025/08/29 11:04:20 fetching corpus: 6450, signal 175012/186871 (executing program)
2025/08/29 11:04:20 fetching corpus: 6500, signal 175256/186878 (executing program)
2025/08/29 11:04:20 fetching corpus: 6550, signal 175632/186902 (executing program)
2025/08/29 11:04:20 fetching corpus: 6600, signal 175982/186908 (executing program)
2025/08/29 11:04:20 fetching corpus: 6650, signal 176274/186937 (executing program)
2025/08/29 11:04:20 fetching corpus: 6700, signal 176547/186956 (executing program)
2025/08/29 11:04:20 fetching corpus: 6750, signal 176822/186976 (executing program)
2025/08/29 11:04:20 fetching corpus: 6800, signal 177075/186997 (executing program)
2025/08/29 11:04:21 fetching corpus: 6850, signal 177385/187004 (executing program)
2025/08/29 11:04:21 fetching corpus: 6900, signal 177631/187012 (executing program)
2025/08/29 11:04:21 fetching corpus: 6950, signal 177962/187015 (executing program)
2025/08/29 11:04:21 fetching corpus: 7000, signal 178382/187022 (executing program)
2025/08/29 11:04:21 fetching corpus: 7050, signal 178692/187025 (executing program)
2025/08/29 11:04:21 fetching corpus: 7100, signal 178930/187030 (executing program)
2025/08/29 11:04:21 fetching corpus: 7150, signal 179267/187036 (executing program)
2025/08/29 11:04:21 fetching corpus: 7200, signal 179487/187084 (executing program)
2025/08/29 11:04:21 fetching corpus: 7250, signal 179829/187086 (executing program)
2025/08/29 11:04:21 fetching corpus: 7300, signal 180118/187104 (executing program)
2025/08/29 11:04:21 fetching corpus: 7350, signal 180367/187120 (executing program)
2025/08/29 11:04:21 fetching corpus: 7400, signal 180622/187136 (executing program)
2025/08/29 11:04:22 fetching corpus: 7450, signal 180978/187151 (executing program)
2025/08/29 11:04:22 fetching corpus: 7500, signal 181261/187155 (executing program)
2025/08/29 11:04:22 fetching corpus: 7550, signal 181745/187162 (executing program)
2025/08/29 11:04:22 fetching corpus: 7600, signal 181985/187162 (executing program)
2025/08/29 11:04:22 fetching corpus: 7650, signal 182366/187204 (executing program)
2025/08/29 11:04:22 fetching corpus: 7700, signal 182584/187222 (executing program)
2025/08/29 11:04:22 fetching corpus: 7750, signal 182840/187223 (executing program)
2025/08/29 11:04:22 fetching corpus: 7800, signal 183130/187237 (executing program)
2025/08/29 11:04:22 fetching corpus: 7850, signal 183463/187244 (executing program)
2025/08/29 11:04:22 fetching corpus: 7900, signal 183657/187254 (executing program)
2025/08/29 11:04:22 fetching corpus: 7950, signal 183886/187257 (executing program)
2025/08/29 11:04:22 fetching corpus: 7980, signal 184042/187257 (executing program)
2025/08/29 11:04:22 fetching corpus: 7980, signal 184042/187257 (executing program)
2025/08/29 11:04:24 starting 8 fuzzer processes
11:04:24 executing program 0:
keyctl$set_reqkey_keyring(0xe, 0x1)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

11:04:24 executing program 3:
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x23, 0x0, [@multicast1, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @empty, @remote, @empty, @remote]}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)

11:04:24 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9e012000e000520153f0a0003000010b90007000400"], 0x17)
syz_emit_vhci(&(0x7f0000000340)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="03c80024d0a4f59906c11a26eaec30126ea2650838b69877c8fa4b2915a255a1000801000700a23b012515fc1a260979e1003e5ec1134905ae3527ff6192"], 0x3e)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x1a)
init_module(0x0, 0xfffc2, 0x0)
init_module(&(0x7f00000001c0)=')^{}\xdc)\'-\x00', 0x9, &(0x7f0000000200)='-\x00\x02T\xb0V>\x8d\x99\xcb\x94\xd5\xb0\x01\x98\x01\xa5x\xf7v8q\xf1P\xf4(\x7f\xbc\r\x1e$\r\xcf\'\x8aGQR`\xad\x1fT\xfc\x1a\x06\xe7\xb8vva\x11\xb7\x19\xd8\xc9\xa35D\xf6g\xa2\x8fU<\xcc\x01\x9b~2\x12\xc3y\x87>\xbc\xbd\xf8\xc7\x86\xaa\xcaHv)l\xc4\x1b$\x8e}\xe5\xdb,')
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x7, 0x0, 0x406}}}, 0x7)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
r0 = syz_open_dev$vcsa(&(0x7f0000000400), 0x8, 0x40000)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04000700000000"], 0x6)
bind$802154_dgram(r0, &(0x7f0000000100)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0102}}}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000200)={0x81, 0x0, 0x40})
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000600))
syz_emit_vhci(&(0x7f0000000480)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xb8}, "d133c9e09cc40737df92573b1a92858ddbbec0d4db659b3492aa8d5c8c20b4d42ea8c08637dea9f54deb236116de135f75e9aecd02db1587641c58a591cb3d4fc86475e0a748b4683d76e41f04444e6080d0dbf85f9325de44a36cc630d66a51438b12e2ca5c5a064094988853d562ff7b4fd17598b2990c7c2588f7790c00bb9d288b1776dc401022626fb5cff26509372de57addd5530615adc98ad0cf6a422e0be3a6bc8ba64b8e4de6fb197d89b9ac4a04b63ed76a3a"}, 0xbc)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xa)

11:04:24 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)={0x24, 0x24, 0xa01, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x5, 0x0, 0x0, 0x1, [@generic='K']}]}, 0x24}], 0x1}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000140)={{0x7f}})
fsmount(0xffffffffffffffff, 0x1, 0x80)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000140)={{0x7f}})
accept4$packet(0xffffffffffffffff, &(0x7f00000054c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000005500)=0x14, 0x800)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = getpgid(0x0)
r3 = fork()
kcmp(r2, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

11:04:24 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x25}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)
flock(0xffffffffffffffff, 0x0)

11:04:24 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x3, 0x0, &(0x7f00000018c0))

11:04:24 executing program 5:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r0, 0x107, 0x8, 0x0, &(0x7f0000000240))

11:04:24 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x50, 0x1, 0x2, 0x5, 0x0, 0x0, {0xa}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x28, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)

[   78.808931] audit: type=1400 audit(1756465464.999:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   79.996762] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   79.999487] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.001233] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.005128] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.007932] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   80.017496] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.019961] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.031548] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.034962] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.037358] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.064012] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   80.069616] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   80.073587] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   80.083754] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   80.087102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   80.126969] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   80.128972] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   80.136649] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   80.141822] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   80.144229] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   80.149773] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   80.154605] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   80.169625] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   80.170997] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   80.172974] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   80.180109] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   80.186716] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   80.190113] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   80.193556] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   80.195072] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   80.205487] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   80.212882] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   80.214152] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   80.217026] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   80.219989] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   80.227414] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   80.231864] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   80.238659] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   80.262667] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   80.286581] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   82.087064] Bluetooth: hci1: command tx timeout
[   82.087069] Bluetooth: hci0: command tx timeout
[   82.150422] Bluetooth: hci2: command tx timeout
[   82.215308] Bluetooth: hci6: command tx timeout
[   82.278418] Bluetooth: hci5: command tx timeout
[   82.343337] Bluetooth: hci7: command tx timeout
[   82.343370] Bluetooth: hci3: command tx timeout
[   82.406349] Bluetooth: hci4: command tx timeout
[   84.134467] Bluetooth: hci0: command tx timeout
[   84.134956] Bluetooth: hci1: command tx timeout
[   84.198323] Bluetooth: hci2: command tx timeout
[   84.264341] Bluetooth: hci6: command tx timeout
[   84.327536] Bluetooth: hci5: command tx timeout
[   84.390908] Bluetooth: hci3: command tx timeout
[   84.391326] Bluetooth: hci7: command tx timeout
[   84.454384] Bluetooth: hci4: command tx timeout
[   86.183395] Bluetooth: hci1: command tx timeout
[   86.183426] Bluetooth: hci0: command tx timeout
[   86.246432] Bluetooth: hci2: command tx timeout
[   86.311397] Bluetooth: hci6: command tx timeout
[   86.374452] Bluetooth: hci5: command tx timeout
[   86.438347] Bluetooth: hci7: command tx timeout
[   86.438775] Bluetooth: hci3: command tx timeout
[   86.502334] Bluetooth: hci4: command tx timeout
[   88.230362] Bluetooth: hci0: command tx timeout
[   88.230433] Bluetooth: hci1: command tx timeout
[   88.294384] Bluetooth: hci2: command tx timeout
[   88.359363] Bluetooth: hci6: command tx timeout
[   88.423416] Bluetooth: hci5: command tx timeout
[   88.487448] Bluetooth: hci3: command tx timeout
[   88.487479] Bluetooth: hci7: command tx timeout
[   88.550376] Bluetooth: hci4: command tx timeout
[  115.749386] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.750052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.911885] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.912626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.061408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.062049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.206969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.208032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.288981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.289645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.341240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.342020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.418735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.419405] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.515661] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.516522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.554767] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.555659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.616906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.617594] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.638908] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.639585] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.681634] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.682201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.730184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.730989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.748104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.748807] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.772869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.773805] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.839638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.840230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.033551] audit: type=1400 audit(1756465503.223:8): avc:  denied  { open } for  pid=3894 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  117.039869] audit: type=1400 audit(1756465503.224:9): avc:  denied  { kernel } for  pid=3894 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  117.060739] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  117.086063] Bluetooth: hci1: Received unexpected HCI Event 0x00
11:05:03 executing program 0:
keyctl$set_reqkey_keyring(0xe, 0x1)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

11:05:03 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x25}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)
flock(0xffffffffffffffff, 0x0)

11:05:03 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x50, 0x1, 0x2, 0x5, 0x0, 0x0, {0xa}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x28, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)

11:05:03 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x3, 0x0, &(0x7f00000018c0))

11:05:03 executing program 5:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r0, 0x107, 0x8, 0x0, &(0x7f0000000240))

11:05:03 executing program 3:
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x23, 0x0, [@multicast1, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @empty, @remote, @empty, @remote]}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)

11:05:03 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)={0x24, 0x24, 0xa01, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x5, 0x0, 0x0, 0x1, [@generic='K']}]}, 0x24}], 0x1}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000140)={{0x7f}})
fsmount(0xffffffffffffffff, 0x1, 0x80)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000140)={{0x7f}})
accept4$packet(0xffffffffffffffff, &(0x7f00000054c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000005500)=0x14, 0x800)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = getpgid(0x0)
r3 = fork()
kcmp(r2, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

11:05:03 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9e012000e000520153f0a0003000010b90007000400"], 0x17)
syz_emit_vhci(&(0x7f0000000340)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="03c80024d0a4f59906c11a26eaec30126ea2650838b69877c8fa4b2915a255a1000801000700a23b012515fc1a260979e1003e5ec1134905ae3527ff6192"], 0x3e)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x1a)
init_module(0x0, 0xfffc2, 0x0)
init_module(&(0x7f00000001c0)=')^{}\xdc)\'-\x00', 0x9, &(0x7f0000000200)='-\x00\x02T\xb0V>\x8d\x99\xcb\x94\xd5\xb0\x01\x98\x01\xa5x\xf7v8q\xf1P\xf4(\x7f\xbc\r\x1e$\r\xcf\'\x8aGQR`\xad\x1fT\xfc\x1a\x06\xe7\xb8vva\x11\xb7\x19\xd8\xc9\xa35D\xf6g\xa2\x8fU<\xcc\x01\x9b~2\x12\xc3y\x87>\xbc\xbd\xf8\xc7\x86\xaa\xcaHv)l\xc4\x1b$\x8e}\xe5\xdb,')
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x7, 0x0, 0x406}}}, 0x7)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
r0 = syz_open_dev$vcsa(&(0x7f0000000400), 0x8, 0x40000)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04000700000000"], 0x6)
bind$802154_dgram(r0, &(0x7f0000000100)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0102}}}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000200)={0x81, 0x0, 0x40})
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000600))
syz_emit_vhci(&(0x7f0000000480)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xb8}, "d133c9e09cc40737df92573b1a92858ddbbec0d4db659b3492aa8d5c8c20b4d42ea8c08637dea9f54deb236116de135f75e9aecd02db1587641c58a591cb3d4fc86475e0a748b4683d76e41f04444e6080d0dbf85f9325de44a36cc630d66a51438b12e2ca5c5a064094988853d562ff7b4fd17598b2990c7c2588f7790c00bb9d288b1776dc401022626fb5cff26509372de57addd5530615adc98ad0cf6a422e0be3a6bc8ba64b8e4de6fb197d89b9ac4a04b63ed76a3a"}, 0xbc)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xa)

11:05:03 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x3, 0x0, &(0x7f00000018c0))

11:05:03 executing program 3:
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x23, 0x0, [@multicast1, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @empty, @remote, @empty, @remote]}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)

11:05:03 executing program 5:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r0, 0x107, 0x8, 0x0, &(0x7f0000000240))

11:05:03 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x50, 0x1, 0x2, 0x5, 0x0, 0x0, {0xa}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x28, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)

11:05:03 executing program 0:
keyctl$set_reqkey_keyring(0xe, 0x1)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

[  117.281475] Bluetooth: hci1: Received unexpected HCI Event 0x00
11:05:03 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x25}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)
flock(0xffffffffffffffff, 0x0)

11:05:03 executing program 3:
syz_emit_ethernet(0x7e, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x23, 0x0, [@multicast1, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @empty, @remote, @empty, @remote]}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)

11:05:03 executing program 5:
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_buf(r0, 0x107, 0x8, 0x0, &(0x7f0000000240))

11:05:03 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x6, 0x3, 0x0, &(0x7f00000018c0))

11:05:03 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
creat(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x25}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0)
flock(0xffffffffffffffff, 0x0)

11:05:03 executing program 5:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9e012000e000520153f0a0003000010b90007000400"], 0x17)
syz_emit_vhci(&(0x7f0000000340)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="03c80024d0a4f59906c11a26eaec30126ea2650838b69877c8fa4b2915a255a1000801000700a23b012515fc1a260979e1003e5ec1134905ae3527ff6192"], 0x3e)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x1a)
init_module(0x0, 0xfffc2, 0x0)
init_module(&(0x7f00000001c0)=')^{}\xdc)\'-\x00', 0x9, &(0x7f0000000200)='-\x00\x02T\xb0V>\x8d\x99\xcb\x94\xd5\xb0\x01\x98\x01\xa5x\xf7v8q\xf1P\xf4(\x7f\xbc\r\x1e$\r\xcf\'\x8aGQR`\xad\x1fT\xfc\x1a\x06\xe7\xb8vva\x11\xb7\x19\xd8\xc9\xa35D\xf6g\xa2\x8fU<\xcc\x01\x9b~2\x12\xc3y\x87>\xbc\xbd\xf8\xc7\x86\xaa\xcaHv)l\xc4\x1b$\x8e}\xe5\xdb,')
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x7, 0x0, 0x406}}}, 0x7)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
r0 = syz_open_dev$vcsa(&(0x7f0000000400), 0x8, 0x40000)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04000700000000"], 0x6)
bind$802154_dgram(r0, &(0x7f0000000100)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0102}}}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000200)={0x81, 0x0, 0x40})
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000600))
syz_emit_vhci(&(0x7f0000000480)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xb8}, "d133c9e09cc40737df92573b1a92858ddbbec0d4db659b3492aa8d5c8c20b4d42ea8c08637dea9f54deb236116de135f75e9aecd02db1587641c58a591cb3d4fc86475e0a748b4683d76e41f04444e6080d0dbf85f9325de44a36cc630d66a51438b12e2ca5c5a064094988853d562ff7b4fd17598b2990c7c2588f7790c00bb9d288b1776dc401022626fb5cff26509372de57addd5530615adc98ad0cf6a422e0be3a6bc8ba64b8e4de6fb197d89b9ac4a04b63ed76a3a"}, 0xbc)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xa)

11:05:03 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x50, 0x1, 0x2, 0x5, 0x0, 0x0, {0xa}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x28, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)

11:05:03 executing program 0:
keyctl$set_reqkey_keyring(0xe, 0x1)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

11:05:03 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9e012000e000520153f0a0003000010b90007000400"], 0x17)
syz_emit_vhci(&(0x7f0000000340)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="03c80024d0a4f59906c11a26eaec30126ea2650838b69877c8fa4b2915a255a1000801000700a23b012515fc1a260979e1003e5ec1134905ae3527ff6192"], 0x3e)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x1a)
init_module(0x0, 0xfffc2, 0x0)
init_module(&(0x7f00000001c0)=')^{}\xdc)\'-\x00', 0x9, &(0x7f0000000200)='-\x00\x02T\xb0V>\x8d\x99\xcb\x94\xd5\xb0\x01\x98\x01\xa5x\xf7v8q\xf1P\xf4(\x7f\xbc\r\x1e$\r\xcf\'\x8aGQR`\xad\x1fT\xfc\x1a\x06\xe7\xb8vva\x11\xb7\x19\xd8\xc9\xa35D\xf6g\xa2\x8fU<\xcc\x01\x9b~2\x12\xc3y\x87>\xbc\xbd\xf8\xc7\x86\xaa\xcaHv)l\xc4\x1b$\x8e}\xe5\xdb,')
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x7, 0x0, 0x406}}}, 0x7)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
r0 = syz_open_dev$vcsa(&(0x7f0000000400), 0x8, 0x40000)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04000700000000"], 0x6)
bind$802154_dgram(r0, &(0x7f0000000100)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0102}}}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000200)={0x81, 0x0, 0x40})
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000600))
syz_emit_vhci(&(0x7f0000000480)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xb8}, "d133c9e09cc40737df92573b1a92858ddbbec0d4db659b3492aa8d5c8c20b4d42ea8c08637dea9f54deb236116de135f75e9aecd02db1587641c58a591cb3d4fc86475e0a748b4683d76e41f04444e6080d0dbf85f9325de44a36cc630d66a51438b12e2ca5c5a064094988853d562ff7b4fd17598b2990c7c2588f7790c00bb9d288b1776dc401022626fb5cff26509372de57addd5530615adc98ad0cf6a422e0be3a6bc8ba64b8e4de6fb197d89b9ac4a04b63ed76a3a"}, 0xbc)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xa)

11:05:03 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9e012000e000520153f0a0003000010b90007000400"], 0x17)
syz_emit_vhci(&(0x7f0000000340)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="03c80024d0a4f59906c11a26eaec30126ea2650838b69877c8fa4b2915a255a1000801000700a23b012515fc1a260979e1003e5ec1134905ae3527ff6192"], 0x3e)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0x1a)
init_module(0x0, 0xfffc2, 0x0)
init_module(&(0x7f00000001c0)=')^{}\xdc)\'-\x00', 0x9, &(0x7f0000000200)='-\x00\x02T\xb0V>\x8d\x99\xcb\x94\xd5\xb0\x01\x98\x01\xa5x\xf7v8q\xf1P\xf4(\x7f\xbc\r\x1e$\r\xcf\'\x8aGQR`\xad\x1fT\xfc\x1a\x06\xe7\xb8vva\x11\xb7\x19\xd8\xc9\xa35D\xf6g\xa2\x8fU<\xcc\x01\x9b~2\x12\xc3y\x87>\xbc\xbd\xf8\xc7\x86\xaa\xcaHv)l\xc4\x1b$\x8e}\xe5\xdb,')
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x7, 0x0, 0x406}}}, 0x7)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{0x17, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
r0 = syz_open_dev$vcsa(&(0x7f0000000400), 0x8, 0x40000)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000440)=0x1, 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04000700000000"], 0x6)
bind$802154_dgram(r0, &(0x7f0000000100)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0102}}}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000200)={0x81, 0x0, 0x40})
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000600))
syz_emit_vhci(&(0x7f0000000480)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xb8}, "d133c9e09cc40737df92573b1a92858ddbbec0d4db659b3492aa8d5c8c20b4d42ea8c08637dea9f54deb236116de135f75e9aecd02db1587641c58a591cb3d4fc86475e0a748b4683d76e41f04444e6080d0dbf85f9325de44a36cc630d66a51438b12e2ca5c5a064094988853d562ff7b4fd17598b2990c7c2588f7790c00bb9d288b1776dc401022626fb5cff26509372de57addd5530615adc98ad0cf6a422e0be3a6bc8ba64b8e4de6fb197d89b9ac4a04b63ed76a3a"}, 0xbc)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xa)

11:05:03 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)={0x24, 0x24, 0xa01, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @nested={0x5, 0x0, 0x0, 0x1, [@generic='K']}]}, 0x24}], 0x1}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000140)={{0x7f}})
fsmount(0xffffffffffffffff, 0x1, 0x80)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000140)={{0x7f}})
accept4$packet(0xffffffffffffffff, &(0x7f00000054c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000005500)=0x14, 0x800)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = getpgid(0x0)
r3 = fork()
kcmp(r2, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

[  117.458255] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  117.459222] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  117.459915] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  117.461728] Tainted: [W]=WARN
[  117.462510] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.464268] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.465681] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.469026] RSP: 0018:ffff888017197800 EFLAGS: 00010212
[  117.469452] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900084cc000
[  117.470016] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  117.470582] RBP: ffff888017197a70 R08: ffff88806cf31340 R09: ffffe8ffffd083c8
[  117.471152] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  117.471715] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  117.472281] FS:  00007f33c2301700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  117.472916] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.473388] CR2: 00007f33c4e9f018 CR3: 0000000044d74000 CR4: 0000000000350ef0
[  117.473951] Call Trace:
[  117.474166]  <TASK>
[  117.474351]  ? kernel_text_address+0x5b/0xc0
[  117.474718]  ? __pfx_perf_tp_event+0x10/0x10
[  117.475081]  ? perf_trace_lock+0xb5/0x5d0
[  117.475421]  ? __mutex_add_waiter+0x202/0x220
[  117.475784]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.476158]  ? lock_acquire+0x15e/0x2f0
[  117.476483]  ? __is_insn_slot_addr+0x2e/0x290
[  117.476851]  ? find_held_lock+0x2b/0x80
[  117.477192]  ? __is_insn_slot_addr+0x136/0x290
[  117.477565]  ? lock_release+0xc8/0x290
[  117.477882]  ? __is_insn_slot_addr+0x140/0x290
[  117.478260]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.478662]  perf_trace_run_bpf_submit+0xef/0x180
[  117.479055]  perf_trace_lock+0x337/0x5d0
[  117.479389]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.479759]  ? lock_acquire+0x15e/0x2f0
[  117.480083]  ? futex_ref_get+0x48/0x300
[  117.480409]  ? futex_ref_get+0x114/0x300
[  117.480736]  ? futex_hash+0x15c/0x390
[  117.481054]  lock_release+0x1ab/0x290
[  117.481368]  ? futex_hash+0x15c/0x390
[  117.481675]  futex_ref_get+0x119/0x300
[  117.481990]  ? futex_hash+0x15c/0x390
[  117.482297]  futex_hash+0x70/0x390
[  117.482587]  futex_wake+0x143/0x540
[  117.482888]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  117.483264]  ? kmem_cache_alloc_noprof+0x264/0x690
[  117.483664]  ? __pfx_futex_wake+0x10/0x10
[  117.484010]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.484388]  do_futex+0x26d/0x370
[  117.484678]  ? __pfx_do_futex+0x10/0x10
[  117.485009]  ? lock_release+0xc8/0x290
[  117.485330]  __x64_sys_futex+0x1c9/0x4d0
[  117.485660]  ? __sys_socket+0x9f/0x260
[  117.485979]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.486355]  do_syscall_64+0xbf/0x360
[  117.486663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.487075] RIP: 0033:0x7f33c4d8bb19
[  117.487373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.488812] RSP: 002b:00007f33c2301218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.489414] RAX: ffffffffffffffda RBX: 00007f33c4e9ef68 RCX: 00007f33c4d8bb19
[  117.489975] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f33c4e9ef6c
[  117.490541] RBP: 00007f33c4e9ef60 R08: 000000000000000e R09: 0000000000000000
[  117.491109] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f33c4e9ef6c
[  117.491670] R13: 00007fffa44d558f R14: 00007f33c2301300 R15: 0000000000022000
[  117.492241]  </TASK>
[  117.492432] Modules linked in:
[  117.492742] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  117.493631] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  117.494318] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  117.495260] Tainted: [D]=DIE, [W]=WARN
[  117.495562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.496208] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.496582] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.498015] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[  117.498433] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  117.498991] RDX: ffff888015adb700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  117.499551] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd083c8
[  117.500114] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000
[  117.500671] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000
[  117.501237] FS:  00007f33c2301700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  117.501865] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.502321] CR2: 00007f33c4e9f018 CR3: 0000000044d74000 CR4: 0000000000350ef0
[  117.502879] Call Trace:
[  117.503087]  <IRQ>
[  117.503271]  ? __pfx_perf_tp_event+0x10/0x10
[  117.503634]  ? sched_clock_cpu+0x6c/0x4e0
[  117.503970]  ? trace_pelt_se_tp+0xdf/0x130
[  117.504311]  ? __update_load_avg_se+0x428/0xa40
[  117.504688]  ? match_held_lock+0xb1/0xd0
[  117.505025]  ? update_load_avg+0x17d/0x1ef0
[  117.505368]  ? perf_trace_lock+0xb5/0x5d0
[  117.505699]  ? perf_trace_lock+0xb5/0x5d0
[  117.506026]  ? update_cfs_group+0x11d/0x260
[  117.506374]  ? kvm_sched_clock_read+0x16/0x30
[  117.506735]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.507101]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.507471]  ? lock_is_held_type+0x9e/0x120
[  117.507823]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.508221]  perf_trace_run_bpf_submit+0xef/0x180
[  117.508611]  perf_trace_lock+0x337/0x5d0
[  117.508944]  ? place_entity+0x300/0x410
[  117.509263]  ? kvm_sched_clock_read+0x16/0x30
[  117.509629]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.509997]  ? check_preempt_wakeup_fair+0x6e/0x950
[  117.510400]  ? sched_ttwu_pending+0x2e0/0x4a0
[  117.510766]  lock_release+0x1ab/0x290
[  117.511075]  ? ttwu_do_activate+0x1a4/0x8a0
[  117.511424]  _raw_spin_unlock+0x16/0x40
[  117.511747]  sched_ttwu_pending+0x2e0/0x4a0
[  117.512094]  ? __pfx_sched_ttwu_pending+0x10/0x10
[  117.512482]  ? hrtimer_interrupt+0x652/0x830
[  117.512839]  __flush_smp_call_function_queue+0x434/0x740
[  117.513283]  __sysvec_call_function_single+0x6d/0x370
[  117.513699]  sysvec_call_function_single+0xa1/0xc0
[  117.514092]  </IRQ>
[  117.514274]  <TASK>
[  117.514456]  asm_sysvec_call_function_single+0x1a/0x20
[  117.514874] RIP: 0010:oops_exit+0x0/0x50
[  117.515203] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[  117.516647] RSP: 0018:ffff888017197690 EFLAGS: 00000202
[  117.517077] RAX: 0000000000029619 RBX: 0000000000000212 RCX: ffffc900084cc000
[  117.517640] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[  117.518201] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[  117.518764] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888017197758
[  117.519328] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  117.519899]  ? oops_end+0x4a/0xe0
[  117.520190]  oops_end+0x65/0xe0
[  117.520465]  exc_general_protection+0x1a2/0x330
[  117.520847]  asm_exc_general_protection+0x26/0x30
[  117.521242] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.521617] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.523052] RSP: 0018:ffff888017197800 EFLAGS: 00010212
[  117.523474] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900084cc000
[  117.524042] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  117.524613] RBP: ffff888017197a70 R08: ffff88806cf31340 R09: ffffe8ffffd083c8
[  117.525298] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  117.525884] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  117.526469]  ? perf_tp_event+0x167/0xe70
[  117.526812]  ? kernel_text_address+0x5b/0xc0
[  117.527186]  ? __pfx_perf_tp_event+0x10/0x10
[  117.527558]  ? perf_trace_lock+0xb5/0x5d0
[  117.527900]  ? __mutex_add_waiter+0x202/0x220
[  117.528272]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.528657]  ? lock_acquire+0x15e/0x2f0
[  117.529001]  ? __is_insn_slot_addr+0x2e/0x290
[  117.529380]  ? find_held_lock+0x2b/0x80
[  117.529712]  ? __is_insn_slot_addr+0x136/0x290
[  117.530094]  ? lock_release+0xc8/0x290
[  117.530421]  ? __is_insn_slot_addr+0x140/0x290
[  117.530813]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.531224]  perf_trace_run_bpf_submit+0xef/0x180
[  117.531626]  perf_trace_lock+0x337/0x5d0
[  117.531965]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.532347]  ? lock_acquire+0x15e/0x2f0
[  117.532673]  ? futex_ref_get+0x48/0x300
[  117.533006]  ? futex_ref_get+0x114/0x300
[  117.533341]  ? futex_hash+0x15c/0x390
[  117.533660]  lock_release+0x1ab/0x290
[  117.533976]  ? futex_hash+0x15c/0x390
[  117.534291]  futex_ref_get+0x119/0x300
[  117.534609]  ? futex_hash+0x15c/0x390
[  117.534923]  futex_hash+0x70/0x390
[  117.535221]  futex_wake+0x143/0x540
[  117.535525]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  117.535911]  ? kmem_cache_alloc_noprof+0x264/0x690
[  117.536318]  ? __pfx_futex_wake+0x10/0x10
[  117.536664]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.537053]  do_futex+0x26d/0x370
[  117.537346]  ? __pfx_do_futex+0x10/0x10
[  117.537671]  ? lock_release+0xc8/0x290
[  117.537993]  __x64_sys_futex+0x1c9/0x4d0
[  117.538328]  ? __sys_socket+0x9f/0x260
[  117.538653]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.539033]  do_syscall_64+0xbf/0x360
[  117.539351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.539777] RIP: 0033:0x7f33c4d8bb19
[  117.540084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.541562] RSP: 002b:00007f33c2301218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.542179] RAX: ffffffffffffffda RBX: 00007f33c4e9ef68 RCX: 00007f33c4d8bb19
[  117.542756] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f33c4e9ef6c
[  117.543333] RBP: 00007f33c4e9ef60 R08: 000000000000000e R09: 0000000000000000
[  117.543912] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f33c4e9ef6c
[  117.544487] R13: 00007fffa44d558f R14: 00007f33c2301300 R15: 0000000000022000
[  117.545080]  </TASK>
[  117.545276] Modules linked in:
[  117.545549] ---[ end trace 0000000000000000 ]---
[  117.545932] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.546314] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.547777] RSP: 0018:ffff888017197800 EFLAGS: 00010212
[  117.548210] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900084cc000
[  117.548781] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  117.549365] RBP: ffff888017197a70 R08: ffff88806cf31340 R09: ffffe8ffffd083c8
[  117.549943] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  117.550523] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  117.551106] FS:  00007f33c2301700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  117.551770] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.552249] CR2: 00007f33c4e9f018 CR3: 0000000044d74000 CR4: 0000000000350ef0
[  117.552830] Kernel panic - not syncing: Fatal exception in interrupt
[  118.594833] Shutting down cpus with NMI
[  118.595396] Kernel Offset: disabled
[  118.595691] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
11:05:03  Registers:
info registers vcpu 0
RAX=00007f289aa742c0 RBX=00007f289aa742b8 RCX=ffffffff83b5d0ce RDX=ffffffff83b5cf9a
RSI=00007f289aa742c0 RDI=ffffffff83b5d0ce RBP=00007f289aa74240 RSP=00007ffdf0a31190
R8 =00007f289aa742e0 R9 =0000001b2ce225d8 R10=0000000000000a88 R11=00000000343bca89
R12=00007f289aa74238 R13=00007f289aa742b8 R14=00007f289aa74230 R15=000000000000000b
RIP=00007f289aca89c8 RFL=00000283 [--S---C] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555c2a6400 00000000 00000000
GS =0000 0000000000000000 00000000 00000000
LDT=0000 fffffe4400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f289ad4e088 CR3=000000000cebe000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000000000ff00000000 XMM01=73646e732474616e65706f00746f6873
XMM02=00000000000000000000000000000000 XMM03=ffffffff81be5308ffffffff81be51be
XMM04=ffffffff81be5747ffffffff81be55c9 XMM05=ffffffff81be5325ffffffff81be5308
XMM06=ffffffff81be51beffffffff81be5193 XMM07=ffffffff81be514dffffffff81bafd0e
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880171970f0
R8 =0000000000000000 R9 =ffffed100134b046 R10=0000000000000038 R11=0000000065646f43
R12=0000000000000038 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f33c2301700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f33c4e9f018 CR3=0000000044d74000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f33c4e727c000007f33c4e727c8
XMM02=00007f33c4e727e000007f33c4e727c0 XMM03=00007f33c4e727c800007f33c4e727c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000