Warning: Permanently added '[localhost]:49114' (ECDSA) to the list of known hosts.
2025/08/29 11:12:14 fuzzer started
2025/08/29 11:12:14 dialing manager at localhost:43077
syzkaller login: [   49.841968] cgroup: Unknown subsys name 'net'
[   49.885888] cgroup: Unknown subsys name 'cpuset'
[   49.902247] cgroup: Unknown subsys name 'rlimit'
2025/08/29 11:12:24 syscalls: 2214
2025/08/29 11:12:24 code coverage: enabled
2025/08/29 11:12:24 comparison tracing: enabled
2025/08/29 11:12:24 extra coverage: enabled
2025/08/29 11:12:24 setuid sandbox: enabled
2025/08/29 11:12:24 namespace sandbox: enabled
2025/08/29 11:12:24 Android sandbox: enabled
2025/08/29 11:12:24 fault injection: enabled
2025/08/29 11:12:24 leak checking: enabled
2025/08/29 11:12:24 net packet injection: enabled
2025/08/29 11:12:24 net device setup: enabled
2025/08/29 11:12:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 11:12:24 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 11:12:24 USB emulation: enabled
2025/08/29 11:12:24 hci packet injection: enabled
2025/08/29 11:12:24 wifi device emulation: enabled
2025/08/29 11:12:24 802.15.4 emulation: enabled
2025/08/29 11:12:24 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 11:12:24 fetching corpus: 50, signal 22843/26376 (executing program)
2025/08/29 11:12:24 fetching corpus: 99, signal 35947/40806 (executing program)
2025/08/29 11:12:24 fetching corpus: 149, signal 46337/52379 (executing program)
2025/08/29 11:12:25 fetching corpus: 199, signal 50687/58017 (executing program)
2025/08/29 11:12:25 fetching corpus: 249, signal 54003/62580 (executing program)
2025/08/29 11:12:25 fetching corpus: 299, signal 59381/68982 (executing program)
2025/08/29 11:12:25 fetching corpus: 349, signal 63792/74394 (executing program)
2025/08/29 11:12:25 fetching corpus: 399, signal 67029/78613 (executing program)
2025/08/29 11:12:25 fetching corpus: 449, signal 69370/82042 (executing program)
2025/08/29 11:12:25 fetching corpus: 499, signal 72889/86390 (executing program)
2025/08/29 11:12:25 fetching corpus: 549, signal 75600/89966 (executing program)
2025/08/29 11:12:25 fetching corpus: 599, signal 78321/93446 (executing program)
2025/08/29 11:12:25 fetching corpus: 649, signal 82437/98099 (executing program)
2025/08/29 11:12:26 fetching corpus: 699, signal 84274/100762 (executing program)
2025/08/29 11:12:26 fetching corpus: 749, signal 86012/103305 (executing program)
2025/08/29 11:12:26 fetching corpus: 799, signal 88181/106150 (executing program)
2025/08/29 11:12:26 fetching corpus: 849, signal 89549/108345 (executing program)
2025/08/29 11:12:26 fetching corpus: 899, signal 91541/110943 (executing program)
2025/08/29 11:12:26 fetching corpus: 949, signal 92983/113126 (executing program)
2025/08/29 11:12:26 fetching corpus: 999, signal 94355/115192 (executing program)
2025/08/29 11:12:26 fetching corpus: 1049, signal 96510/117821 (executing program)
2025/08/29 11:12:26 fetching corpus: 1099, signal 98199/120073 (executing program)
2025/08/29 11:12:27 fetching corpus: 1149, signal 99414/121926 (executing program)
2025/08/29 11:12:27 fetching corpus: 1199, signal 100580/123656 (executing program)
2025/08/29 11:12:27 fetching corpus: 1249, signal 101904/125552 (executing program)
2025/08/29 11:12:27 fetching corpus: 1299, signal 103060/127343 (executing program)
2025/08/29 11:12:27 fetching corpus: 1349, signal 104585/129336 (executing program)
2025/08/29 11:12:27 fetching corpus: 1399, signal 106091/131317 (executing program)
2025/08/29 11:12:27 fetching corpus: 1449, signal 108150/133563 (executing program)
2025/08/29 11:12:27 fetching corpus: 1499, signal 109620/135405 (executing program)
2025/08/29 11:12:27 fetching corpus: 1549, signal 110850/137061 (executing program)
2025/08/29 11:12:27 fetching corpus: 1599, signal 112580/138980 (executing program)
2025/08/29 11:12:28 fetching corpus: 1649, signal 114216/140913 (executing program)
2025/08/29 11:12:28 fetching corpus: 1699, signal 114972/142122 (executing program)
2025/08/29 11:12:28 fetching corpus: 1749, signal 116111/143632 (executing program)
2025/08/29 11:12:28 fetching corpus: 1799, signal 117346/145104 (executing program)
2025/08/29 11:12:28 fetching corpus: 1849, signal 118926/146848 (executing program)
2025/08/29 11:12:28 fetching corpus: 1899, signal 119914/148085 (executing program)
2025/08/29 11:12:28 fetching corpus: 1949, signal 121324/149590 (executing program)
2025/08/29 11:12:29 fetching corpus: 1999, signal 122083/150703 (executing program)
2025/08/29 11:12:29 fetching corpus: 2049, signal 122701/151758 (executing program)
2025/08/29 11:12:29 fetching corpus: 2099, signal 124036/153174 (executing program)
2025/08/29 11:12:29 fetching corpus: 2149, signal 125035/154391 (executing program)
2025/08/29 11:12:29 fetching corpus: 2199, signal 125897/155554 (executing program)
2025/08/29 11:12:29 fetching corpus: 2249, signal 126646/156608 (executing program)
2025/08/29 11:12:29 fetching corpus: 2299, signal 127405/157622 (executing program)
2025/08/29 11:12:29 fetching corpus: 2349, signal 128850/158938 (executing program)
2025/08/29 11:12:29 fetching corpus: 2399, signal 129780/160013 (executing program)
2025/08/29 11:12:29 fetching corpus: 2449, signal 132665/161887 (executing program)
2025/08/29 11:12:29 fetching corpus: 2499, signal 133350/162825 (executing program)
2025/08/29 11:12:30 fetching corpus: 2549, signal 134516/163934 (executing program)
2025/08/29 11:12:30 fetching corpus: 2599, signal 135488/164888 (executing program)
2025/08/29 11:12:30 fetching corpus: 2649, signal 136072/165705 (executing program)
2025/08/29 11:12:30 fetching corpus: 2699, signal 136993/166719 (executing program)
2025/08/29 11:12:30 fetching corpus: 2749, signal 137875/167636 (executing program)
2025/08/29 11:12:30 fetching corpus: 2799, signal 138728/168485 (executing program)
2025/08/29 11:12:30 fetching corpus: 2849, signal 139591/169329 (executing program)
2025/08/29 11:12:30 fetching corpus: 2899, signal 140307/170140 (executing program)
2025/08/29 11:12:30 fetching corpus: 2949, signal 141157/170916 (executing program)
2025/08/29 11:12:30 fetching corpus: 2999, signal 141677/171611 (executing program)
2025/08/29 11:12:30 fetching corpus: 3049, signal 142341/172285 (executing program)
2025/08/29 11:12:31 fetching corpus: 3099, signal 142894/172987 (executing program)
2025/08/29 11:12:31 fetching corpus: 3149, signal 143480/173669 (executing program)
2025/08/29 11:12:31 fetching corpus: 3199, signal 143998/174345 (executing program)
2025/08/29 11:12:31 fetching corpus: 3249, signal 144643/174999 (executing program)
2025/08/29 11:12:31 fetching corpus: 3299, signal 144965/175523 (executing program)
2025/08/29 11:12:31 fetching corpus: 3349, signal 145703/176194 (executing program)
2025/08/29 11:12:31 fetching corpus: 3399, signal 146510/176888 (executing program)
2025/08/29 11:12:31 fetching corpus: 3449, signal 146942/177430 (executing program)
2025/08/29 11:12:31 fetching corpus: 3499, signal 147405/177970 (executing program)
2025/08/29 11:12:31 fetching corpus: 3549, signal 148361/178622 (executing program)
2025/08/29 11:12:31 fetching corpus: 3599, signal 149130/179286 (executing program)
2025/08/29 11:12:31 fetching corpus: 3649, signal 149686/179820 (executing program)
2025/08/29 11:12:32 fetching corpus: 3699, signal 150207/180310 (executing program)
2025/08/29 11:12:32 fetching corpus: 3749, signal 150967/180845 (executing program)
2025/08/29 11:12:32 fetching corpus: 3799, signal 151554/181334 (executing program)
2025/08/29 11:12:32 fetching corpus: 3849, signal 152054/181780 (executing program)
2025/08/29 11:12:32 fetching corpus: 3899, signal 153140/182326 (executing program)
2025/08/29 11:12:32 fetching corpus: 3949, signal 153494/182754 (executing program)
2025/08/29 11:12:32 fetching corpus: 3999, signal 153942/183212 (executing program)
2025/08/29 11:12:32 fetching corpus: 4049, signal 154593/183608 (executing program)
2025/08/29 11:12:32 fetching corpus: 4099, signal 154999/184021 (executing program)
2025/08/29 11:12:32 fetching corpus: 4149, signal 155541/184425 (executing program)
2025/08/29 11:12:33 fetching corpus: 4199, signal 156211/184847 (executing program)
2025/08/29 11:12:33 fetching corpus: 4249, signal 156850/185264 (executing program)
2025/08/29 11:12:33 fetching corpus: 4299, signal 157288/185640 (executing program)
2025/08/29 11:12:33 fetching corpus: 4349, signal 157666/185967 (executing program)
2025/08/29 11:12:33 fetching corpus: 4399, signal 158222/186310 (executing program)
2025/08/29 11:12:33 fetching corpus: 4449, signal 158738/186611 (executing program)
2025/08/29 11:12:33 fetching corpus: 4499, signal 159272/186872 (executing program)
2025/08/29 11:12:33 fetching corpus: 4549, signal 159785/186887 (executing program)
2025/08/29 11:12:33 fetching corpus: 4599, signal 160234/186897 (executing program)
2025/08/29 11:12:33 fetching corpus: 4649, signal 160748/186947 (executing program)
2025/08/29 11:12:33 fetching corpus: 4699, signal 161175/186949 (executing program)
2025/08/29 11:12:34 fetching corpus: 4749, signal 161827/186972 (executing program)
2025/08/29 11:12:34 fetching corpus: 4799, signal 162140/186986 (executing program)
2025/08/29 11:12:34 fetching corpus: 4849, signal 162463/187003 (executing program)
2025/08/29 11:12:34 fetching corpus: 4899, signal 162875/187023 (executing program)
2025/08/29 11:12:34 fetching corpus: 4949, signal 163218/187036 (executing program)
2025/08/29 11:12:34 fetching corpus: 4999, signal 163750/187040 (executing program)
2025/08/29 11:12:34 fetching corpus: 5049, signal 164200/187092 (executing program)
2025/08/29 11:12:34 fetching corpus: 5099, signal 164561/187109 (executing program)
2025/08/29 11:12:34 fetching corpus: 5149, signal 165195/187120 (executing program)
2025/08/29 11:12:34 fetching corpus: 5199, signal 165491/187128 (executing program)
2025/08/29 11:12:34 fetching corpus: 5249, signal 166002/187161 (executing program)
2025/08/29 11:12:35 fetching corpus: 5299, signal 166293/187167 (executing program)
2025/08/29 11:12:35 fetching corpus: 5349, signal 166587/187175 (executing program)
2025/08/29 11:12:35 fetching corpus: 5399, signal 166894/187193 (executing program)
2025/08/29 11:12:35 fetching corpus: 5449, signal 167219/187193 (executing program)
2025/08/29 11:12:35 fetching corpus: 5499, signal 167522/187203 (executing program)
2025/08/29 11:12:35 fetching corpus: 5549, signal 168026/187220 (executing program)
2025/08/29 11:12:35 fetching corpus: 5599, signal 168383/187222 (executing program)
2025/08/29 11:12:35 fetching corpus: 5649, signal 168726/187229 (executing program)
2025/08/29 11:12:35 fetching corpus: 5699, signal 169036/187236 (executing program)
2025/08/29 11:12:35 fetching corpus: 5749, signal 169474/187241 (executing program)
2025/08/29 11:12:35 fetching corpus: 5799, signal 169881/187340 (executing program)
2025/08/29 11:12:36 fetching corpus: 5849, signal 170242/187341 (executing program)
2025/08/29 11:12:36 fetching corpus: 5899, signal 170583/187355 (executing program)
2025/08/29 11:12:36 fetching corpus: 5949, signal 170891/187380 (executing program)
2025/08/29 11:12:36 fetching corpus: 5999, signal 171187/187381 (executing program)
2025/08/29 11:12:36 fetching corpus: 6049, signal 171465/187387 (executing program)
2025/08/29 11:12:36 fetching corpus: 6099, signal 171950/187393 (executing program)
2025/08/29 11:12:36 fetching corpus: 6149, signal 172272/187399 (executing program)
2025/08/29 11:12:36 fetching corpus: 6199, signal 172607/187421 (executing program)
2025/08/29 11:12:36 fetching corpus: 6249, signal 172855/187424 (executing program)
2025/08/29 11:12:36 fetching corpus: 6299, signal 173279/187425 (executing program)
2025/08/29 11:12:37 fetching corpus: 6349, signal 173531/187429 (executing program)
2025/08/29 11:12:37 fetching corpus: 6399, signal 173832/187440 (executing program)
2025/08/29 11:12:37 fetching corpus: 6449, signal 174130/187443 (executing program)
2025/08/29 11:12:37 fetching corpus: 6499, signal 174420/187456 (executing program)
2025/08/29 11:12:37 fetching corpus: 6549, signal 174779/187468 (executing program)
2025/08/29 11:12:37 fetching corpus: 6599, signal 175246/187478 (executing program)
2025/08/29 11:12:37 fetching corpus: 6649, signal 175523/187486 (executing program)
2025/08/29 11:12:37 fetching corpus: 6699, signal 175944/187495 (executing program)
2025/08/29 11:12:37 fetching corpus: 6749, signal 176325/187497 (executing program)
2025/08/29 11:12:37 fetching corpus: 6799, signal 176563/187499 (executing program)
2025/08/29 11:12:37 fetching corpus: 6849, signal 176800/187506 (executing program)
2025/08/29 11:12:37 fetching corpus: 6899, signal 177003/187506 (executing program)
2025/08/29 11:12:38 fetching corpus: 6949, signal 177312/187526 (executing program)
2025/08/29 11:12:38 fetching corpus: 6999, signal 177641/187539 (executing program)
2025/08/29 11:12:38 fetching corpus: 7049, signal 177988/187554 (executing program)
2025/08/29 11:12:38 fetching corpus: 7099, signal 178345/187554 (executing program)
2025/08/29 11:12:38 fetching corpus: 7149, signal 178658/187560 (executing program)
2025/08/29 11:12:38 fetching corpus: 7199, signal 178883/187567 (executing program)
2025/08/29 11:12:38 fetching corpus: 7249, signal 179229/187572 (executing program)
2025/08/29 11:12:38 fetching corpus: 7299, signal 179476/187577 (executing program)
2025/08/29 11:12:38 fetching corpus: 7349, signal 179704/187584 (executing program)
2025/08/29 11:12:38 fetching corpus: 7399, signal 180037/187587 (executing program)
2025/08/29 11:12:39 fetching corpus: 7449, signal 180837/187627 (executing program)
2025/08/29 11:12:39 fetching corpus: 7499, signal 181104/187639 (executing program)
2025/08/29 11:12:39 fetching corpus: 7549, signal 181401/187642 (executing program)
2025/08/29 11:12:39 fetching corpus: 7599, signal 181784/187644 (executing program)
2025/08/29 11:12:39 fetching corpus: 7649, signal 182072/187656 (executing program)
2025/08/29 11:12:39 fetching corpus: 7699, signal 182328/187675 (executing program)
2025/08/29 11:12:39 fetching corpus: 7749, signal 182550/187675 (executing program)
2025/08/29 11:12:39 fetching corpus: 7799, signal 183004/187704 (executing program)
2025/08/29 11:12:39 fetching corpus: 7849, signal 183276/187710 (executing program)
2025/08/29 11:12:39 fetching corpus: 7899, signal 183512/187715 (executing program)
2025/08/29 11:12:39 fetching corpus: 7949, signal 183967/187717 (executing program)
2025/08/29 11:12:40 fetching corpus: 7999, signal 184282/187744 (executing program)
2025/08/29 11:12:40 fetching corpus: 8037, signal 184537/187753 (executing program)
2025/08/29 11:12:40 fetching corpus: 8037, signal 184537/187753 (executing program)
2025/08/29 11:12:42 starting 8 fuzzer processes
11:12:42 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0)

11:12:42 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'})

11:12:42 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)

11:12:42 executing program 7:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x4)

11:12:42 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "304d7bb14af5b65b"})

11:12:42 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffc, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

11:12:42 executing program 4:
r0 = io_uring_setup(0xe6, &(0x7f0000000140))
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
recvmsg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11:12:42 executing program 6:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$user(&(0x7f0000000040), &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='r', 0x1, r1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000)={0x0, <r4=>0x0}, &(0x7f0000000040)=0x5)
setuid(r4)
keyctl$chown(0x4, r2, 0x0, 0xee00)

[   77.592047] audit: type=1400 audit(1756465962.614:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   78.872737] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   78.875446] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.885261] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.887287] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   78.889084] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.891571] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   78.895598] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   78.897479] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.897932] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   78.899500] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.900308] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   78.903526] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   78.904877] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.906023] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   78.910595] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   78.914502] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.916886] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.918333] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   78.920183] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   78.920250] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   78.926303] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   78.928219] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   78.929022] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.932159] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.933519] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   78.935225] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   78.937407] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   78.943504] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   78.948620] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   78.949919] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   78.951271] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   78.955000] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   78.960829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   78.962833] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   78.967711] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   78.974182] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   78.974886] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   78.986135] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   79.002107] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   79.018956] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   80.962288] Bluetooth: hci2: command tx timeout
[   81.026156] Bluetooth: hci4: command tx timeout
[   81.026727] Bluetooth: hci7: command tx timeout
[   81.029018] Bluetooth: hci0: command tx timeout
[   81.029555] Bluetooth: hci3: command tx timeout
[   81.030532] Bluetooth: hci1: command tx timeout
[   81.089814] Bluetooth: hci6: command tx timeout
[   81.090361] Bluetooth: hci5: command tx timeout
[   83.010070] Bluetooth: hci2: command tx timeout
[   83.074654] Bluetooth: hci0: command tx timeout
[   83.075195] Bluetooth: hci7: command tx timeout
[   83.075244] Bluetooth: hci1: command tx timeout
[   83.075581] Bluetooth: hci3: command tx timeout
[   83.076843] Bluetooth: hci4: command tx timeout
[   83.138829] Bluetooth: hci6: command tx timeout
[   83.139283] Bluetooth: hci5: command tx timeout
[   85.058063] Bluetooth: hci2: command tx timeout
[   85.121871] Bluetooth: hci0: command tx timeout
[   85.122294] Bluetooth: hci3: command tx timeout
[   85.122672] Bluetooth: hci7: command tx timeout
[   85.123188] Bluetooth: hci1: command tx timeout
[   85.123576] Bluetooth: hci4: command tx timeout
[   85.186806] Bluetooth: hci5: command tx timeout
[   85.186820] Bluetooth: hci6: command tx timeout
[   87.105820] Bluetooth: hci2: command tx timeout
[   87.169898] Bluetooth: hci4: command tx timeout
[   87.169921] Bluetooth: hci1: command tx timeout
[   87.170366] Bluetooth: hci7: command tx timeout
[   87.170809] Bluetooth: hci3: command tx timeout
[   87.171553] Bluetooth: hci0: command tx timeout
[   87.233828] Bluetooth: hci5: command tx timeout
[   87.234696] Bluetooth: hci6: command tx timeout
[  118.031071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.031697] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.322545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.323164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.027878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.029490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.280226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.280859] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:13:24 executing program 7:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x4)

11:13:24 executing program 7:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x4)

[  119.958577] audit: type=1400 audit(1756466004.978:8): avc:  denied  { open } for  pid=3775 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  119.978866] audit: type=1400 audit(1756466004.978:9): avc:  denied  { kernel } for  pid=3775 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  119.996636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.997529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:13:25 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x1, 0x0, &(0x7f00000000c0))

[  120.127588] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
11:13:25 executing program 7:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
r1 = pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x4)

11:13:25 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x1, 0x0, &(0x7f00000000c0))

[  120.232820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.233611] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:13:25 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x1, 0x0, &(0x7f00000000c0))

11:13:25 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x1, 0x0, &(0x7f00000000c0))

11:13:25 executing program 7:
kexec_load(0x0, 0x0, 0x0, 0x2a0000)

[  120.937846] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.938435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.028700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.029318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.240856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.241439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.424664] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.425379] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.696849] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.697477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.771638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.772624] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.933932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.934577] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.999131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.999933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.590604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.591347] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.614160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.614797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:13:27 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0)

11:13:27 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, 0x0)

11:13:27 executing program 3:
socketpair$nbd(0x1, 0x1, 0x0, 0xfffffffffffffffc)

11:13:27 executing program 7:
kexec_load(0x0, 0x0, 0x0, 0x2a0000)

11:13:27 executing program 4:
r0 = io_uring_setup(0xe6, &(0x7f0000000140))
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
recvmsg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11:13:27 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'})

11:13:27 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)

11:13:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffc, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

11:13:27 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'})

11:13:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffc, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

11:13:27 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)

11:13:27 executing program 7:
kexec_load(0x0, 0x0, 0x0, 0x2a0000)

11:13:27 executing program 3:
socketpair$nbd(0x1, 0x1, 0x0, 0xfffffffffffffffc)

11:13:27 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0)

11:13:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000022c0)={0x53, 0xfffffffc, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000001240)="05ae46670f9d", 0x0, 0x0, 0x0, 0x0, 0x0})

11:13:27 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0xeb, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, 0x0)

11:13:27 executing program 4:
r0 = io_uring_setup(0xe6, &(0x7f0000000140))
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
recvmsg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11:13:27 executing program 3:
socketpair$nbd(0x1, 0x1, 0x0, 0xfffffffffffffffc)

11:13:27 executing program 7:
kexec_load(0x0, 0x0, 0x0, 0x2a0000)

11:13:27 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'})

11:13:27 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)

[  122.983568] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  122.984529] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  122.985218] CPU: 0 UID: 0 PID: 3970 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  122.986790] Tainted: [W]=WARN
[  122.987526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  122.989190] RIP: 0010:perf_tp_event+0x175/0xe70
[  122.990547] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  122.994195] RSP: 0018:ffff88801d6e7780 EFLAGS: 00010012
[  122.994625] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  122.995196] RDX: ffff888016f23700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  122.995758] RBP: ffff88801d6e79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15e30
[  122.996320] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  122.996883] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  122.997456] FS:  000055558ed59400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  122.998092] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.998552] CR2: 000055558ed5ac18 CR3: 000000001ec9a000 CR4: 0000000000350ef0
[  122.999123] Call Trace:
[  122.999334]  <TASK>
[  122.999521]  ? __pfx_perf_tp_event+0x10/0x10
[  122.999887]  ? perf_trace_lock+0xb5/0x5d0
[  123.000222]  ? arch_scale_cpu_capacity+0x17/0xa0
[  123.000623]  ? cpu_util.constprop.0+0x17d/0x340
[  123.001005]  ? __asan_memset+0x24/0x50
[  123.001326]  ? sched_balance_find_dst_group+0xa9a/0x1c00
[  123.001765]  ? perf_trace_lock+0xb5/0x5d0
[  123.002100]  ? perf_trace_run_bpf_submit+0xef/0x180
[  123.002505]  ? sched_clock+0x37/0x60
[  123.002822]  ? sched_clock_cpu+0x6c/0x4e0
[  123.003157]  perf_trace_run_bpf_submit+0xef/0x180
[  123.003558]  perf_trace_preemptirq_template+0x259/0x430
[  123.003993]  ? perf_trace_lock+0xb5/0x5d0
[  123.004334]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  123.004807]  ? perf_trace_lock+0xb5/0x5d0
[  123.005143]  ? _raw_spin_lock_irqsave+0x53/0x60
[  123.005524]  trace_irq_disable.constprop.0+0xa6/0x100
[  123.005937]  _raw_spin_lock_irqsave+0x53/0x60
[  123.006302]  try_to_wake_up+0xa0/0x11d0
[  123.006635]  ? __pfx_try_to_wake_up+0x10/0x10
[  123.007009]  ? plist_del+0x122/0x270
[  123.007315]  ? find_held_lock+0x2b/0x80
[  123.007641]  ? futex_wake+0x474/0x540
[  123.007954]  wake_up_q+0xa1/0x130
[  123.008241]  futex_wake+0x47e/0x540
[  123.008549]  ? __pfx_futex_wake+0x10/0x10
[  123.008891]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  123.009313]  ? finish_task_switch.isra.0+0x206/0x840
[  123.009730]  do_futex+0x26d/0x370
[  123.010018]  ? __pfx_do_futex+0x10/0x10
[  123.010342]  ? __pfx___schedule+0x10/0x10
[  123.010686]  __x64_sys_futex+0x1c9/0x4d0
[  123.011017]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  123.011499]  ? __pfx___x64_sys_futex+0x10/0x10
[  123.011872]  ? xfd_validate_state+0x55/0x180
[  123.012232]  do_syscall_64+0xbf/0x360
[  123.012540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.012956] RIP: 0033:0x7f5f9929fb19
[  123.013254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  123.014714] RSP: 002b:00007fffdd813538 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  123.015304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f9929fb19
[  123.015857] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5f993b2f68
[  123.016414] RBP: 00007f5f993b2f60 R08: 00007f5f96815700 R09: 0000000000000000
[  123.016969] R10: 00007f5f96815700 R11: 0000000000000246 R12: 00007f5f993b7078
[  123.017525] R13: 00007fffdd813640 R14: 00007f5f993b2f60 R15: 000000000001dfa2
[  123.018085]  </TASK>
[  123.018273] Modules linked in:
[  123.018535] ---[ end trace 0000000000000000 ]---
[  123.018913] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.019286] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.020704] RSP: 0018:ffff88801d6e7780 EFLAGS: 00010012
[  123.021121] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  123.021678] RDX: ffff888016f23700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.022236] RBP: ffff88801d6e79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15e30
[  123.022804] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  123.023356] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  123.023913] FS:  000055558ed59400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  123.024537] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.024991] CR2: 000055558ed5ac18 CR3: 000000001ec9a000 CR4: 0000000000350ef0
[  123.025553] note: syz-executor.7[3970] exited with irqs disabled
[  123.026104] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  123.026980] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  123.027654] CPU: 0 UID: 0 PID: 3970 Comm: syz-executor.7 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  123.028588] Tainted: [D]=DIE, [W]=WARN
[  123.028890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  123.029531] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.029907] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.031321] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010012
[  123.031739] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  123.032295] RDX: ffff888016f23700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.032852] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc15e30
[  123.033411] R10: 0000000000000000 R11: ffff88800b3e7098 R12: dffffc0000000000
[  123.033969] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  123.034527] FS:  000055558ed59400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  123.035157] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.035615] CR2: 000055558ed5ac18 CR3: 000000001ec9a000 CR4: 0000000000350ef0
[  123.036174] Call Trace:
[  123.036386]  <IRQ>
[  123.036567]  ? __pfx_perf_tp_event+0x10/0x10
[  123.036928]  ? perf_trace_lock+0xb5/0x5d0
[  123.037259]  ? perf_trace_lock+0xb5/0x5d0
[  123.037589]  ? update_cfs_group+0x11d/0x260
[  123.037932]  ? kvm_sched_clock_read+0x16/0x30
[  123.038293]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.038657]  ? __pfx_perf_trace_lock+0x10/0x10
[  123.039029]  ? check_preempt_wakeup_fair+0x6e/0x950
[  123.039426]  ? try_to_wake_up+0x8ae/0x11d0
[  123.039766]  ? lock_release+0x1c7/0x290
[  123.040082]  ? lock_release+0x1c7/0x290
[  123.040400]  ? do_raw_spin_unlock+0x53/0x220
[  123.040758]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  123.041164]  ? try_to_wake_up+0x8ae/0x11d0
[  123.041528]  ? perf_trace_lock+0xb5/0x5d0
[  123.041883]  ? perf_trace_run_bpf_submit+0xef/0x180
[  123.042309]  ? lock_release+0x1c7/0x290
[  123.042647]  ? perf_trace_lock+0xb5/0x5d0
[  123.042989]  perf_trace_run_bpf_submit+0xef/0x180
[  123.043383]  perf_trace_preemptirq_template+0x259/0x430
[  123.043819]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  123.044299]  ? read_tsc+0x9/0x20
[  123.044585]  ? ktime_get+0x16d/0x270
[  123.044891]  ? __pfx_lapic_next_deadline+0x10/0x10
[  123.045288]  ? clockevents_program_event+0x135/0x360
[  123.045701]  ? _raw_spin_lock_irq+0x42/0x50
[  123.046050]  trace_irq_disable.constprop.0+0xa6/0x100
[  123.046468]  _raw_spin_lock_irq+0x42/0x50
[  123.046814]  run_timer_softirq+0x10f/0x210
[  123.047162]  handle_softirqs+0x1b1/0x770
[  123.047501]  __irq_exit_rcu+0xc4/0x100
[  123.047826]  irq_exit_rcu+0x9/0x20
[  123.048117]  sysvec_apic_timer_interrupt+0x70/0x80
[  123.048515]  </IRQ>
[  123.048704]  <TASK>
[  123.048889]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  123.049312] RIP: 0010:make_task_dead+0xa2/0x3b0
[  123.049692] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 <e8> b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[  123.051134] RSP: 0018:ffff88801d6e7f28 EFLAGS: 00000246
[  123.051563] RAX: 0000000000000001 RBX: ffff888016f23700 RCX: ffffffff817c2b86
[  123.052130] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  123.052695] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  123.053258] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016f23700
[  123.053824] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  123.054391]  ? trace_irq_enable.constprop.0+0x26/0x100
[  123.054820]  ? make_task_dead+0x214/0x3b0
[  123.055158]  ? make_task_dead+0x214/0x3b0
[  123.055489]  ? do_syscall_64+0xbf/0x360
[  123.055809]  rewind_stack_and_make_dead+0x16/0x20
[  123.056200] RIP: 0033:0x7f5f9929fb19
[  123.056501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  123.057926] RSP: 002b:00007fffdd813538 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  123.058525] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f9929fb19
[  123.059094] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5f993b2f68
[  123.059660] RBP: 00007f5f993b2f60 R08: 00007f5f96815700 R09: 0000000000000000
[  123.060225] R10: 00007f5f96815700 R11: 0000000000000246 R12: 00007f5f993b7078
[  123.060789] R13: 00007fffdd813640 R14: 00007f5f993b2f60 R15: 000000000001dfa2
[  123.061358]  </TASK>
[  123.061549] Modules linked in:
[  123.061813] ---[ end trace 0000000000000000 ]---
[  123.062193] RIP: 0010:perf_tp_event+0x175/0xe70
[  123.062578] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  123.064029] RSP: 0018:ffff88801d6e7780 EFLAGS: 00010012
[  123.064462] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  123.065025] RDX: ffff888016f23700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  123.065588] RBP: ffff88801d6e79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15e30
[  123.066158] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  123.066731] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  123.067296] FS:  000055558ed59400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  123.067935] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.068395] CR2: 000055558ed5ac18 CR3: 000000001ec9a000 CR4: 0000000000350ef0
[  123.068960] Kernel panic - not syncing: Fatal exception in interrupt
[  123.069674] Kernel Offset: disabled
[  123.069965] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
11:13:28  Registers:
info registers vcpu 0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88801d6e7080
R8 =0000000000000000 R9 =ffffed1001662046 R10=00000000000fe503 R11=30376578302f4952
R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e4882 R15=dffffc0000000000
RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558ed59400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe3d00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055558ed5ac18 CR3=000000001ec9a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f5f993867c000007f5f993867c8
XMM02=00007f5f993867e000007f5f993867c0 XMM03=00007f5f993867c800007f5f993867c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=00000000000000c8 RBX=ffff888046998000 RCX=ffffffff81609654 RDX=ffff88800a813700
RSI=ffffffff81609687 RDI=0000000000000005 RBP=ffff888046998030 RSP=ffff888009a6fd50
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000030d40 R11=0000000000000000
R12=00000000000000c8 R13=ffff88804699800e R14=ffff888046998000 R15=0000000000000001
RIP=ffffffff8160968b RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555a3c6400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe6a00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055555a3cfc58 CR3=000000003fa97000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000