Warning: Permanently added '[localhost]:3239' (ECDSA) to the list of known hosts. 2025/08/29 11:20:20 fuzzer started 2025/08/29 11:20:20 dialing manager at localhost:43077 syzkaller login: [ 52.505632] cgroup: Unknown subsys name 'net' [ 52.561852] cgroup: Unknown subsys name 'cpuset' [ 52.572080] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:20:31 syscalls: 2214 2025/08/29 11:20:31 code coverage: enabled 2025/08/29 11:20:31 comparison tracing: enabled 2025/08/29 11:20:31 extra coverage: enabled 2025/08/29 11:20:31 setuid sandbox: enabled 2025/08/29 11:20:31 namespace sandbox: enabled 2025/08/29 11:20:31 Android sandbox: enabled 2025/08/29 11:20:31 fault injection: enabled 2025/08/29 11:20:31 leak checking: enabled 2025/08/29 11:20:31 net packet injection: enabled 2025/08/29 11:20:31 net device setup: enabled 2025/08/29 11:20:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:20:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:20:31 USB emulation: enabled 2025/08/29 11:20:31 hci packet injection: enabled 2025/08/29 11:20:31 wifi device emulation: enabled 2025/08/29 11:20:31 802.15.4 emulation: enabled 2025/08/29 11:20:31 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:20:31 fetching corpus: 47, signal 25056/28483 (executing program) 2025/08/29 11:20:31 fetching corpus: 97, signal 33895/38765 (executing program) 2025/08/29 11:20:31 fetching corpus: 147, signal 42796/48932 (executing program) 2025/08/29 11:20:31 fetching corpus: 197, signal 49679/56988 (executing program) 2025/08/29 11:20:31 fetching corpus: 247, signal 56160/64567 (executing program) 2025/08/29 11:20:31 fetching corpus: 297, signal 61111/70561 (executing program) 2025/08/29 11:20:31 fetching corpus: 347, signal 65071/75594 (executing program) 2025/08/29 11:20:31 fetching corpus: 397, signal 67729/79310 (executing program) 2025/08/29 11:20:31 fetching corpus: 447, signal 71328/83804 (executing program) 2025/08/29 11:20:31 fetching corpus: 497, signal 73947/87340 (executing program) 2025/08/29 11:20:32 fetching corpus: 547, signal 76982/91182 (executing program) 2025/08/29 11:20:32 fetching corpus: 596, signal 79277/94329 (executing program) 2025/08/29 11:20:32 fetching corpus: 646, signal 80584/96611 (executing program) 2025/08/29 11:20:32 fetching corpus: 696, signal 82484/99335 (executing program) 2025/08/29 11:20:32 fetching corpus: 746, signal 84813/102364 (executing program) 2025/08/29 11:20:32 fetching corpus: 796, signal 86896/105179 (executing program) 2025/08/29 11:20:32 fetching corpus: 846, signal 88654/107641 (executing program) 2025/08/29 11:20:32 fetching corpus: 896, signal 90490/110163 (executing program) 2025/08/29 11:20:32 fetching corpus: 946, signal 93307/113414 (executing program) 2025/08/29 11:20:32 fetching corpus: 996, signal 95743/116336 (executing program) 2025/08/29 11:20:32 fetching corpus: 1046, signal 99214/119904 (executing program) 2025/08/29 11:20:32 fetching corpus: 1096, signal 100831/122175 (executing program) 2025/08/29 11:20:33 fetching corpus: 1146, signal 102662/124453 (executing program) 2025/08/29 11:20:33 fetching corpus: 1196, signal 104317/126564 (executing program) 2025/08/29 11:20:33 fetching corpus: 1246, signal 105893/128571 (executing program) 2025/08/29 11:20:33 fetching corpus: 1296, signal 107208/130388 (executing program) 2025/08/29 11:20:33 fetching corpus: 1346, signal 109223/132715 (executing program) 2025/08/29 11:20:33 fetching corpus: 1396, signal 110508/134488 (executing program) 2025/08/29 11:20:33 fetching corpus: 1446, signal 111982/136385 (executing program) 2025/08/29 11:20:33 fetching corpus: 1496, signal 113803/138415 (executing program) 2025/08/29 11:20:33 fetching corpus: 1546, signal 114728/139816 (executing program) 2025/08/29 11:20:33 fetching corpus: 1596, signal 116255/141557 (executing program) 2025/08/29 11:20:33 fetching corpus: 1646, signal 117444/143092 (executing program) 2025/08/29 11:20:34 fetching corpus: 1696, signal 118425/144492 (executing program) 2025/08/29 11:20:34 fetching corpus: 1746, signal 119532/145872 (executing program) 2025/08/29 11:20:34 fetching corpus: 1794, signal 120762/147379 (executing program) 2025/08/29 11:20:34 fetching corpus: 1844, signal 121648/148670 (executing program) 2025/08/29 11:20:34 fetching corpus: 1894, signal 122870/150107 (executing program) 2025/08/29 11:20:34 fetching corpus: 1944, signal 123745/151289 (executing program) 2025/08/29 11:20:34 fetching corpus: 1994, signal 124666/152501 (executing program) 2025/08/29 11:20:34 fetching corpus: 2044, signal 126091/153968 (executing program) 2025/08/29 11:20:34 fetching corpus: 2094, signal 127393/155357 (executing program) 2025/08/29 11:20:34 fetching corpus: 2144, signal 128547/156606 (executing program) 2025/08/29 11:20:35 fetching corpus: 2194, signal 129149/157577 (executing program) 2025/08/29 11:20:35 fetching corpus: 2244, signal 130215/158848 (executing program) 2025/08/29 11:20:35 fetching corpus: 2294, signal 131225/159977 (executing program) 2025/08/29 11:20:35 fetching corpus: 2344, signal 131854/160892 (executing program) 2025/08/29 11:20:35 fetching corpus: 2394, signal 132980/162068 (executing program) 2025/08/29 11:20:35 fetching corpus: 2444, signal 133755/162989 (executing program) 2025/08/29 11:20:35 fetching corpus: 2494, signal 134405/163863 (executing program) 2025/08/29 11:20:35 fetching corpus: 2543, signal 135245/164784 (executing program) 2025/08/29 11:20:35 fetching corpus: 2593, signal 136021/165731 (executing program) 2025/08/29 11:20:35 fetching corpus: 2643, signal 136734/166635 (executing program) 2025/08/29 11:20:36 fetching corpus: 2693, signal 137461/167498 (executing program) 2025/08/29 11:20:36 fetching corpus: 2742, signal 138200/168308 (executing program) 2025/08/29 11:20:36 fetching corpus: 2792, signal 138786/169064 (executing program) 2025/08/29 11:20:36 fetching corpus: 2842, signal 139475/169825 (executing program) 2025/08/29 11:20:36 fetching corpus: 2892, signal 140640/170852 (executing program) 2025/08/29 11:20:36 fetching corpus: 2942, signal 141186/171548 (executing program) 2025/08/29 11:20:36 fetching corpus: 2992, signal 141670/172223 (executing program) 2025/08/29 11:20:36 fetching corpus: 3042, signal 142495/173001 (executing program) 2025/08/29 11:20:36 fetching corpus: 3092, signal 143256/173784 (executing program) 2025/08/29 11:20:36 fetching corpus: 3142, signal 143857/174437 (executing program) 2025/08/29 11:20:37 fetching corpus: 3192, signal 144847/175250 (executing program) 2025/08/29 11:20:37 fetching corpus: 3242, signal 145633/175965 (executing program) 2025/08/29 11:20:37 fetching corpus: 3292, signal 146087/176581 (executing program) 2025/08/29 11:20:37 fetching corpus: 3342, signal 146895/177292 (executing program) 2025/08/29 11:20:37 fetching corpus: 3392, signal 147350/177829 (executing program) 2025/08/29 11:20:37 fetching corpus: 3442, signal 148093/178430 (executing program) 2025/08/29 11:20:37 fetching corpus: 3492, signal 148580/178991 (executing program) 2025/08/29 11:20:37 fetching corpus: 3542, signal 149229/179634 (executing program) 2025/08/29 11:20:37 fetching corpus: 3592, signal 149634/180172 (executing program) 2025/08/29 11:20:37 fetching corpus: 3642, signal 150118/180679 (executing program) 2025/08/29 11:20:37 fetching corpus: 3691, signal 150653/181166 (executing program) 2025/08/29 11:20:38 fetching corpus: 3741, signal 151657/181816 (executing program) 2025/08/29 11:20:38 fetching corpus: 3791, signal 152247/182322 (executing program) 2025/08/29 11:20:38 fetching corpus: 3840, signal 152890/182830 (executing program) 2025/08/29 11:20:38 fetching corpus: 3889, signal 153275/183265 (executing program) 2025/08/29 11:20:38 fetching corpus: 3939, signal 154019/183816 (executing program) 2025/08/29 11:20:38 fetching corpus: 3989, signal 154378/184250 (executing program) 2025/08/29 11:20:38 fetching corpus: 4038, signal 154878/184696 (executing program) 2025/08/29 11:20:38 fetching corpus: 4087, signal 155405/185125 (executing program) 2025/08/29 11:20:38 fetching corpus: 4137, signal 155945/185534 (executing program) 2025/08/29 11:20:39 fetching corpus: 4187, signal 156282/185943 (executing program) 2025/08/29 11:20:39 fetching corpus: 4237, signal 156858/186352 (executing program) 2025/08/29 11:20:39 fetching corpus: 4286, signal 157260/186723 (executing program) 2025/08/29 11:20:39 fetching corpus: 4336, signal 157779/187100 (executing program) 2025/08/29 11:20:39 fetching corpus: 4386, signal 158187/187476 (executing program) 2025/08/29 11:20:39 fetching corpus: 4436, signal 158662/187812 (executing program) 2025/08/29 11:20:39 fetching corpus: 4483, signal 159089/188230 (executing program) 2025/08/29 11:20:39 fetching corpus: 4533, signal 159713/188426 (executing program) 2025/08/29 11:20:39 fetching corpus: 4582, signal 160165/188455 (executing program) 2025/08/29 11:20:39 fetching corpus: 4631, signal 160621/188493 (executing program) 2025/08/29 11:20:39 fetching corpus: 4681, signal 161103/188504 (executing program) 2025/08/29 11:20:39 fetching corpus: 4731, signal 161450/188512 (executing program) 2025/08/29 11:20:40 fetching corpus: 4781, signal 161897/188519 (executing program) 2025/08/29 11:20:40 fetching corpus: 4831, signal 162531/188524 (executing program) 2025/08/29 11:20:40 fetching corpus: 4881, signal 162972/188539 (executing program) 2025/08/29 11:20:40 fetching corpus: 4931, signal 163407/188579 (executing program) 2025/08/29 11:20:40 fetching corpus: 4981, signal 163655/188579 (executing program) 2025/08/29 11:20:40 fetching corpus: 5031, signal 164187/188582 (executing program) 2025/08/29 11:20:40 fetching corpus: 5081, signal 164486/188593 (executing program) 2025/08/29 11:20:40 fetching corpus: 5131, signal 164856/188600 (executing program) 2025/08/29 11:20:40 fetching corpus: 5181, signal 165249/188602 (executing program) 2025/08/29 11:20:40 fetching corpus: 5231, signal 165630/188621 (executing program) 2025/08/29 11:20:40 fetching corpus: 5281, signal 166057/188638 (executing program) 2025/08/29 11:20:40 fetching corpus: 5330, signal 166594/188649 (executing program) 2025/08/29 11:20:41 fetching corpus: 5380, signal 166919/188652 (executing program) 2025/08/29 11:20:41 fetching corpus: 5429, signal 167383/188662 (executing program) 2025/08/29 11:20:41 fetching corpus: 5479, signal 167777/188662 (executing program) 2025/08/29 11:20:41 fetching corpus: 5529, signal 168029/188671 (executing program) 2025/08/29 11:20:41 fetching corpus: 5579, signal 168429/188671 (executing program) 2025/08/29 11:20:41 fetching corpus: 5629, signal 168698/188682 (executing program) 2025/08/29 11:20:41 fetching corpus: 5679, signal 169046/188706 (executing program) 2025/08/29 11:20:41 fetching corpus: 5729, signal 169587/188709 (executing program) 2025/08/29 11:20:41 fetching corpus: 5779, signal 170028/188773 (executing program) 2025/08/29 11:20:41 fetching corpus: 5829, signal 170426/188773 (executing program) 2025/08/29 11:20:41 fetching corpus: 5878, signal 170789/188783 (executing program) 2025/08/29 11:20:42 fetching corpus: 5928, signal 171148/188790 (executing program) 2025/08/29 11:20:42 fetching corpus: 5978, signal 171553/188795 (executing program) 2025/08/29 11:20:42 fetching corpus: 6028, signal 171922/188837 (executing program) 2025/08/29 11:20:42 fetching corpus: 6078, signal 172213/188844 (executing program) 2025/08/29 11:20:42 fetching corpus: 6128, signal 172543/188847 (executing program) 2025/08/29 11:20:42 fetching corpus: 6178, signal 173408/188891 (executing program) 2025/08/29 11:20:42 fetching corpus: 6228, signal 173687/188902 (executing program) 2025/08/29 11:20:42 fetching corpus: 6278, signal 174057/188908 (executing program) 2025/08/29 11:20:42 fetching corpus: 6328, signal 174387/188910 (executing program) 2025/08/29 11:20:42 fetching corpus: 6378, signal 174785/188922 (executing program) 2025/08/29 11:20:42 fetching corpus: 6428, signal 175090/188930 (executing program) 2025/08/29 11:20:42 fetching corpus: 6478, signal 175303/188947 (executing program) 2025/08/29 11:20:43 fetching corpus: 6528, signal 175663/188948 (executing program) 2025/08/29 11:20:43 fetching corpus: 6578, signal 176026/188982 (executing program) 2025/08/29 11:20:43 fetching corpus: 6628, signal 176314/188988 (executing program) 2025/08/29 11:20:43 fetching corpus: 6678, signal 176697/189000 (executing program) 2025/08/29 11:20:43 fetching corpus: 6728, signal 177083/189001 (executing program) 2025/08/29 11:20:43 fetching corpus: 6778, signal 177407/189038 (executing program) 2025/08/29 11:20:43 fetching corpus: 6828, signal 177757/189043 (executing program) 2025/08/29 11:20:43 fetching corpus: 6877, signal 178054/189058 (executing program) 2025/08/29 11:20:43 fetching corpus: 6927, signal 178406/189105 (executing program) 2025/08/29 11:20:43 fetching corpus: 6977, signal 178688/189119 (executing program) 2025/08/29 11:20:43 fetching corpus: 7027, signal 178851/189133 (executing program) 2025/08/29 11:20:43 fetching corpus: 7076, signal 179097/189167 (executing program) 2025/08/29 11:20:44 fetching corpus: 7126, signal 179458/189181 (executing program) 2025/08/29 11:20:44 fetching corpus: 7176, signal 179729/189192 (executing program) 2025/08/29 11:20:44 fetching corpus: 7226, signal 180152/189197 (executing program) 2025/08/29 11:20:44 fetching corpus: 7276, signal 180553/189243 (executing program) 2025/08/29 11:20:44 fetching corpus: 7326, signal 180958/189289 (executing program) 2025/08/29 11:20:44 fetching corpus: 7376, signal 181434/189298 (executing program) 2025/08/29 11:20:44 fetching corpus: 7426, signal 181715/189300 (executing program) 2025/08/29 11:20:44 fetching corpus: 7476, signal 182101/189302 (executing program) 2025/08/29 11:20:44 fetching corpus: 7525, signal 182355/189303 (executing program) 2025/08/29 11:20:44 fetching corpus: 7575, signal 182588/189312 (executing program) 2025/08/29 11:20:44 fetching corpus: 7625, signal 182883/189323 (executing program) 2025/08/29 11:20:45 fetching corpus: 7675, signal 183194/189324 (executing program) 2025/08/29 11:20:45 fetching corpus: 7725, signal 183522/189324 (executing program) 2025/08/29 11:20:45 fetching corpus: 7775, signal 183748/189345 (executing program) 2025/08/29 11:20:45 fetching corpus: 7825, signal 184028/189378 (executing program) 2025/08/29 11:20:45 fetching corpus: 7875, signal 184285/189386 (executing program) 2025/08/29 11:20:45 fetching corpus: 7925, signal 184504/189392 (executing program) 2025/08/29 11:20:45 fetching corpus: 7974, signal 184734/189393 (executing program) 2025/08/29 11:20:45 fetching corpus: 8024, signal 185026/189394 (executing program) 2025/08/29 11:20:45 fetching corpus: 8074, signal 185380/189482 (executing program) 2025/08/29 11:20:45 fetching corpus: 8124, signal 185567/189485 (executing program) 2025/08/29 11:20:45 fetching corpus: 8172, signal 185877/189501 (executing program) 2025/08/29 11:20:45 fetching corpus: 8222, signal 186082/189515 (executing program) 2025/08/29 11:20:45 fetching corpus: 8258, signal 186340/189520 (executing program) 2025/08/29 11:20:45 fetching corpus: 8258, signal 186340/189520 (executing program) 2025/08/29 11:20:47 starting 8 fuzzer processes 11:20:47 executing program 0: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:20:47 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_mr_vif\x00') pread64(r0, &(0x7f0000000240)=""/217, 0xd9, 0x1) 11:20:47 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockname(0xffffffffffffffff, &(0x7f0000000080)=@nfc_llcp, 0x0) r0 = socket$inet(0x2, 0x80003, 0xff) sendto$inet(r0, &(0x7f00000000c0)="f9ef228853802bdb858bff046848ec6b1fd74b8ca5173303669c19f29e0c1c37a1ecb808", 0x24, 0x0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) [ 79.442871] audit: type=1400 audit(1756466447.902:7): avc: denied { execmem } for pid=270 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:20:47 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) setresuid(0x0, r1, 0x0) sendmmsg$unix(r0, &(0x7f0000001500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001100)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x20}}], 0x2, 0x0) 11:20:47 executing program 6: openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000019280), 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) 11:20:47 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000080)='m', 0x1}], 0x1}}], 0x3, 0x44894) sendmmsg$inet6(r1, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)='\'', 0x1}], 0x1}}], 0x1, 0x1) dup2(r0, r1) 11:20:48 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x20102) write$sndseq(r0, &(0x7f0000000300)=[{0x0, 0xda, 0x0, 0x0, @time, {}, {}, @result}], 0x1c) 11:20:48 executing program 7: r0 = gettid() setpgid(r0, 0x0) [ 80.617516] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.619125] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.621068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.627759] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.632922] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.633626] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.634735] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.638870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.641329] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.645923] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.753027] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.755160] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.763616] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.769763] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.771989] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.821625] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.832063] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.842859] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.853557] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.856722] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.857309] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.863593] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.864187] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.865783] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.867025] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.869786] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.871086] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.872686] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.873862] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.883669] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.885316] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.891675] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.901923] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.908227] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.911743] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.918626] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.920902] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.935654] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.954716] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.957202] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.713038] Bluetooth: hci1: command tx timeout [ 82.714168] Bluetooth: hci0: command tx timeout [ 82.841584] Bluetooth: hci2: command tx timeout [ 82.906427] Bluetooth: hci4: command tx timeout [ 82.968555] Bluetooth: hci5: command tx timeout [ 82.969507] Bluetooth: hci6: command tx timeout [ 83.032447] Bluetooth: hci3: command tx timeout [ 83.032935] Bluetooth: hci7: command tx timeout [ 84.760435] Bluetooth: hci0: command tx timeout [ 84.760877] Bluetooth: hci1: command tx timeout [ 84.888409] Bluetooth: hci2: command tx timeout [ 84.953334] Bluetooth: hci4: command tx timeout [ 85.016483] Bluetooth: hci6: command tx timeout [ 85.016886] Bluetooth: hci5: command tx timeout [ 85.080420] Bluetooth: hci3: command tx timeout [ 85.080799] Bluetooth: hci7: command tx timeout [ 86.808544] Bluetooth: hci1: command tx timeout [ 86.808977] Bluetooth: hci0: command tx timeout [ 86.936495] Bluetooth: hci2: command tx timeout [ 87.000417] Bluetooth: hci4: command tx timeout [ 87.064500] Bluetooth: hci5: command tx timeout [ 87.064905] Bluetooth: hci6: command tx timeout [ 87.128969] Bluetooth: hci7: command tx timeout [ 87.129389] Bluetooth: hci3: command tx timeout [ 88.856455] Bluetooth: hci0: command tx timeout [ 88.856892] Bluetooth: hci1: command tx timeout [ 88.985406] Bluetooth: hci2: command tx timeout [ 89.048475] Bluetooth: hci4: command tx timeout [ 89.112620] Bluetooth: hci6: command tx timeout [ 89.113011] Bluetooth: hci5: command tx timeout [ 89.176425] Bluetooth: hci3: command tx timeout [ 89.176822] Bluetooth: hci7: command tx timeout [ 117.381306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.381990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.570856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.571518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:26 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000080)='m', 0x1}], 0x1}}], 0x3, 0x44894) sendmmsg$inet6(r1, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)='\'', 0x1}], 0x1}}], 0x1, 0x1) dup2(r0, r1) 11:21:26 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000080)='m', 0x1}], 0x1}}], 0x3, 0x44894) sendmmsg$inet6(r1, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)='\'', 0x1}], 0x1}}], 0x1, 0x1) dup2(r0, r1) 11:21:27 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000080)='m', 0x1}], 0x1}}], 0x3, 0x44894) sendmmsg$inet6(r1, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)='\'', 0x1}], 0x1}}], 0x1, 0x1) dup2(r0, r1) 11:21:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@fat=@time_offset={'time_offset', 0x3d, 0x2000}}]}) [ 118.942449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.943022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@fat=@time_offset={'time_offset', 0x3d, 0x2000}}]}) 11:21:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@fat=@time_offset={'time_offset', 0x3d, 0x2000}}]}) [ 119.102125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.102935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@fat=@time_offset={'time_offset', 0x3d, 0x2000}}]}) [ 119.378767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.379400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:27 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @multicast}, 0x10) [ 119.440195] audit: type=1400 audit(1756466487.900:8): avc: denied { open } for pid=3837 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.446508] audit: type=1400 audit(1756466487.901:9): avc: denied { kernel } for pid=3837 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.465488] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 119.466348] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 119.532371] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 119.533319] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 119.576292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.577074] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.810006] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.119508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.120121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.153262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.153961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.191974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.192690] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.201948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.202773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.262760] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.263639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.292556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.293145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.359570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.360130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.386602] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.387165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.468780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.469492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.532985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.533697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:21:29 executing program 1: prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffb000/0x4000)=nil) 11:21:29 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @multicast}, 0x10) 11:21:29 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) readv(r0, 0x0, 0x0) 11:21:29 executing program 0: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:21:29 executing program 7: r0 = gettid() setpgid(r0, 0x0) 11:21:29 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x20102) write$sndseq(r0, &(0x7f0000000300)=[{0x0, 0xda, 0x0, 0x0, @time, {}, {}, @result}], 0x1c) 11:21:29 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_mr_vif\x00') pread64(r0, &(0x7f0000000240)=""/217, 0xd9, 0x1) 11:21:29 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 120.778459] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 120.799823] mac80211_hwsim hwsim3 wlan1: left promiscuous mode 11:21:29 executing program 3: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:21:29 executing program 7: r0 = gettid() setpgid(r0, 0x0) 11:21:29 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 11:21:29 executing program 1: prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffb000/0x4000)=nil) 11:21:29 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x20102) write$sndseq(r0, &(0x7f0000000300)=[{0x0, 0xda, 0x0, 0x0, @time, {}, {}, @result}], 0x1c) 11:21:29 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_mr_vif\x00') pread64(r0, &(0x7f0000000240)=""/217, 0xd9, 0x1) 11:21:29 executing program 0: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:21:29 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @multicast}, 0x10) [ 120.935814] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 120.938628] mac80211_hwsim hwsim3 wlan1: left promiscuous mode 11:21:29 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 11:21:29 executing program 7: r0 = gettid() setpgid(r0, 0x0) 11:21:29 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x20102) write$sndseq(r0, &(0x7f0000000300)=[{0x0, 0xda, 0x0, 0x0, @time, {}, {}, @result}], 0x1c) 11:21:29 executing program 1: prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffb000/0x4000)=nil) 11:21:29 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_mr_vif\x00') pread64(r0, &(0x7f0000000240)=""/217, 0xd9, 0x1) 11:21:29 executing program 3: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:21:29 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6, @multicast}, 0x10) [ 121.067127] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 121.069283] mac80211_hwsim hwsim3 wlan1: left promiscuous mode 11:21:29 executing program 7: setresuid(0x0, 0xee00, 0x0) setrlimit(0xd, &(0x7f0000000080)={0x0, 0x81}) 11:21:29 executing program 1: prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffb000/0x4000)=nil) 11:21:29 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 11:21:29 executing program 3: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:21:29 executing program 4: futex(0x0, 0x4, 0x0, &(0x7f0000010980)={0x0, 0x989680}, 0x0, 0x0) 11:21:29 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r3, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16d5}]]}, 0x30}}, 0x0) 11:21:29 executing program 2: sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0xc8, 0x3ed, 0x0, 0x0, 0x0, "efea6d00d6417b99ab6c5457e382d513d37f9cfac5190d19f4780afaf9107d5a5ad0ea6cd7781f35cff65ab070422043433941f4309ffecc5d321c5c61d686aa270feb581ad00361a360cbf6bd999c9fd9b4cd1ead6ff4e846ef810679cc8a5eccd1133c786827f3beddcd4624765d7cedbf64f68516b8c12f553c107751411f6766ea710992d99b88f78d2d1af3082c73b7850384c248c1f3b9c82910429d8f12db6dcc0e6803aebaf62a94179b2963a097f2f31f"}, 0xc8}}, 0x0) r0 = io_uring_setup(0x1ff, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r0, 0x1d, &(0x7f0000000140), 0x0) 11:21:29 executing program 0: write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f08d6c2cf47288f8895dca6e85d1f1f7d4666d7035828c4690bca329e"], 0x52) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETTXFILTER(r0, 0x400454da, 0x0) 11:21:29 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0x1}], 0x1, 0x0, 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8c101, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r1, r2, 0x0, 0x80000) 11:21:29 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup2(r1, r0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c) [ 121.325902] Oops: general protection fault, probably for non-canonical address 0xeafffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 121.326796] KASAN: maybe wild-memory-access in range [0x5800000000000190-0x5800000000000197] [ 121.327455] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.7 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.328389] Tainted: [W]=WARN [ 121.328648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.330434] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.331480] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.336075] RSP: 0018:ffff888047dcf780 EFLAGS: 00010012 [ 121.337355] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90007cc8000 [ 121.338362] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 5800000000000190 [ 121.338927] RBP: ffff888047dcf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16358 [ 121.339494] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.340058] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.340631] FS: 00007f7e9f5fd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.341268] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.341732] CR2: 00007f7ea219b018 CR3: 000000001f87b000 CR4: 0000000000350ef0 [ 121.342297] Call Trace: [ 121.342504] [ 121.342689] ? merge_sched_in+0xcb/0x1810 [ 121.343023] ? __pfx_perf_tp_event+0x10/0x10 [ 121.343382] ? __asan_memcpy+0x3d/0x60 [ 121.343698] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 121.344213] ? lock_is_held_type+0x9e/0x120 [ 121.344576] ? ctx_sched_in+0x134/0x9b0 [ 121.344894] ? tracing_gen_ctx_irq_test+0x167/0x1f0 [ 121.345297] ? perf_swevent_event+0x63/0x3f0 [ 121.345657] ? perf_tp_event+0x807/0xe70 [ 121.345989] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.346394] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.346867] perf_trace_run_bpf_submit+0xef/0x180 [ 121.347259] perf_trace_preemptirq_template+0x259/0x430 [ 121.347695] ? mark_held_locks+0x49/0x80 [ 121.348023] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.348510] ? _raw_spin_lock_irqsave+0x53/0x60 [ 121.348884] trace_irq_disable.constprop.0+0xa6/0x100 [ 121.349294] _raw_spin_lock_irqsave+0x53/0x60 [ 121.349657] try_to_wake_up+0xa0/0x11d0 [ 121.349986] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.350351] ? plist_del+0x122/0x270 [ 121.350662] ? find_held_lock+0x2b/0x80 [ 121.350988] ? futex_wake+0x474/0x540 [ 121.351299] wake_up_q+0xa1/0x130 [ 121.351586] futex_wake+0x47e/0x540 [ 121.351886] ? __pfx_futex_wake+0x10/0x10 [ 121.352228] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 121.352643] ? lock_release+0xc8/0x290 [ 121.352961] do_futex+0x26d/0x370 [ 121.353249] ? __pfx_do_futex+0x10/0x10 [ 121.353569] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.353971] __x64_sys_futex+0x1c9/0x4d0 [ 121.354300] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.354769] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.355241] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.355610] do_syscall_64+0xbf/0x360 [ 121.355916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.356328] RIP: 0033:0x7f7ea2087b19 [ 121.356632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.358075] RSP: 002b:00007f7e9f5fd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.358679] RAX: ffffffffffffffda RBX: 00007f7ea219af68 RCX: 00007f7ea2087b19 [ 121.359243] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7ea219af6c [ 121.359811] RBP: 00007f7ea219af60 R08: 000000000000000e R09: 0000000000000000 [ 121.360372] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7ea219af6c [ 121.360940] R13: 00007ffdb27f249f R14: 00007f7e9f5fd300 R15: 0000000000022000 [ 121.361504] [ 121.361692] Modules linked in: [ 121.361953] ---[ end trace 0000000000000000 ]--- [ 121.361957] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 121.362327] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.363247] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.363615] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.364212] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.365635] RSP: 0018:ffff888047dcf780 EFLAGS: 00010012 [ 121.366559] Tainted: [D]=DIE, [W]=WARN [ 121.366978] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90007cc8000 [ 121.367282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.367839] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 5800000000000190 [ 121.368496] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.369052] RBP: ffff888047dcf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16358 [ 121.369415] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.369975] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.371397] RSP: 0018:ffff88800f407780 EFLAGS: 00010012 [ 121.371966] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.372381] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.372953] FS: 00007f7e9f5fd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.373507] RDX: ffff88800f1f0000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.374144] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.374696] RBP: ffff88800f4079f0 R08: ffff88806cf31340 R09: ffffe8ffffd094d0 [ 121.375152] CR2: 00007f7ea219b018 CR3: 000000001f87b000 CR4: 0000000000350ef0 [ 121.375711] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 121.376271] note: syz-executor.7[3972] exited with irqs disabled [ 121.376831] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 121.377867] FS: 000055558a20f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.378506] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.378967] CR2: 0000001b2cb22000 CR3: 0000000013e86000 CR4: 0000000000350ef0 [ 121.379531] Call Trace: [ 121.379738] [ 121.379922] ? __pfx_perf_tp_event+0x10/0x10 [ 121.380284] ? arch_scale_cpu_capacity+0x17/0xa0 [ 121.380679] ? cpu_util.constprop.0+0x17d/0x340 [ 121.381060] ? __asan_memset+0x24/0x50 [ 121.381378] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 121.381804] ? lock_release+0xc8/0x290 [ 121.382123] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 121.382572] ? __lock_acquire+0x694/0x1b70 [ 121.382930] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.383347] ? sched_clock+0x37/0x60 [ 121.383669] ? sched_clock_cpu+0x6c/0x4e0 [ 121.384009] perf_trace_run_bpf_submit+0xef/0x180 [ 121.384398] perf_trace_preemptirq_template+0x259/0x430 [ 121.384861] ? __pick_eevdf+0x326/0x570 [ 121.385182] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.385685] ? update_curr+0x39e/0x500 [ 121.386017] ? check_preempt_wakeup_fair+0x406/0x950 [ 121.386427] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 121.386834] trace_irq_enable.constprop.0+0xa6/0x100 [ 121.387236] trace_hardirqs_on+0x26/0x40 [ 121.387560] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 121.387957] try_to_wake_up+0x8ae/0x11d0 [ 121.388288] ? __pfx_try_to_wake_up+0x10/0x10 [ 121.388656] ? plist_del+0x122/0x270 [ 121.388959] ? __futex_unqueue+0xda/0x1c0 [ 121.389298] wake_up_q+0xa1/0x130 [ 121.389582] futex_wake+0x47e/0x540 [ 121.389879] ? __pfx_futex_wake+0x10/0x10 [ 121.390210] ? xfd_validate_state+0x55/0x180 [ 121.390568] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 121.390978] ? finish_task_switch.isra.0+0x206/0x840 [ 121.391391] do_futex+0x26d/0x370 [ 121.391670] ? __pfx_do_futex+0x10/0x10 [ 121.391990] ? __pfx___schedule+0x10/0x10 [ 121.392324] __x64_sys_futex+0x1c9/0x4d0 [ 121.392656] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.393121] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.393595] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.393979] ? xfd_validate_state+0x55/0x180 [ 121.394349] do_syscall_64+0xbf/0x360 [ 121.394657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.395065] RIP: 0033:0x7ff56bf9db19 [ 121.395379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.396871] RSP: 002b:00007ffcec67acc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.397498] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff56bf9db19 [ 121.398082] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff56c0b0f68 [ 121.398658] RBP: 00007ff56c0b0f60 R08: 00007ff569513700 R09: 0000000000000000 [ 121.399238] R10: 00007ff569513700 R11: 0000000000000246 R12: 00007ff56c0b50f8 [ 121.399823] R13: 00007ffcec67add0 R14: 00007ff56c0b0f60 R15: 000000000001d983 [ 121.400406] [ 121.400613] Modules linked in: [ 121.400884] ---[ end trace 0000000000000000 ]--- [ 121.400885] Oops: general protection fault, probably for non-canonical address 0xeafffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 121.401278] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.402178] KASAN: maybe wild-memory-access in range [0x5800000000000190-0x5800000000000197] [ 121.402556] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.403231] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.404711] RSP: 0018:ffff888047dcf780 EFLAGS: 00010012 [ 121.405645] Tainted: [D]=DIE, [W]=WARN [ 121.406079] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90007cc8000 [ 121.406389] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.406971] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 5800000000000190 [ 121.407624] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.408172] RBP: ffff888047dcf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16358 [ 121.408539] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.409084] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.410499] RSP: 0018:ffff88806ce08b40 EFLAGS: 00010012 [ 121.411046] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.411057] FS: 000055558a20f400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 121.411462] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffffff81898973 [ 121.412013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.412641] RDX: ffff8880170fd280 RSI: ffffffff818995b7 RDI: 5800000000000190 [ 121.413194] CR2: 0000001b2cb22000 CR3: 0000000013e86000 CR4: 0000000000350ef0 [ 121.413640] RBP: ffff88806ce08db0 R08: ffff88806ce313e8 R09: ffffe8ffffc16358 [ 121.414198] note: syz-executor.4[3965] exited with irqs disabled [ 121.414745] R10: 0000000000000000 R11: ffff88800d52cc98 R12: dffffc0000000000 [ 121.416317] R13: 0000000000000000 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 121.416883] FS: 00007f7e9f5fd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.417522] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.417980] CR2: 00007f7ea219b018 CR3: 000000001f87b000 CR4: 0000000000350ef0 [ 121.418560] Call Trace: [ 121.418770] [ 121.418952] ? lock_release+0x1c7/0x290 [ 121.419283] ? __pfx_perf_tp_event+0x10/0x10 [ 121.419657] ? trace_pelt_se_tp+0xdf/0x130 [ 121.420009] ? update_load_avg+0x17d/0x1ef0 [ 121.420349] ? place_entity+0x1c/0x410 [ 121.420667] ? check_preempt_wakeup_fair+0x6e/0x950 [ 121.421059] ? lock_release+0x1c7/0x290 [ 121.421373] ? lock_release+0x1c7/0x290 [ 121.421685] ? do_raw_spin_unlock+0x53/0x220 [ 121.422036] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 121.422436] ? try_to_wake_up+0x8ae/0x11d0 [ 121.422774] ? perf_trace_run_bpf_submit+0xef/0x180 [ 121.423168] ? lock_release+0x1c7/0x290 [ 121.423484] perf_trace_run_bpf_submit+0xef/0x180 [ 121.423871] perf_trace_preemptirq_template+0x259/0x430 [ 121.424299] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.424767] ? read_tsc+0x9/0x20 [ 121.425045] ? ktime_get+0x16d/0x270 [ 121.425344] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 121.425807] ? __pfx_lapic_next_deadline+0x10/0x10 [ 121.426193] ? clockevents_program_event+0x135/0x360 [ 121.426597] ? _raw_spin_lock_irq+0x42/0x50 [ 121.426942] trace_irq_disable.constprop.0+0xa6/0x100 [ 121.427345] _raw_spin_lock_irq+0x42/0x50 [ 121.427671] run_timer_softirq+0x10f/0x210 [ 121.428009] handle_softirqs+0x1b1/0x770 [ 121.428341] __irq_exit_rcu+0xc4/0x100 [ 121.428658] irq_exit_rcu+0x9/0x20 [ 121.428940] sysvec_apic_timer_interrupt+0x70/0x80 [ 121.429328] [ 121.429508] [ 121.429689] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 121.430102] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 121.430473] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 121.431870] RSP: 0018:ffff888047dcff28 EFLAGS: 00000246 [ 121.432303] RAX: 0000000000000001 RBX: ffff8880170fd280 RCX: ffffffff817c2b86 [ 121.432888] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 121.433473] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 121.434060] R10: ffffffff8643ac57 R11: 7973203a65746f6e R12: ffff8880170fd280 [ 121.434624] R13: 0000000000000000 R14: eafffc0000000032 R15: 0000000000000000 [ 121.435187] ? trace_irq_enable.constprop.0+0x26/0x100 [ 121.435603] ? make_task_dead+0x214/0x3b0 [ 121.435948] ? make_task_dead+0x214/0x3b0 [ 121.436295] ? do_syscall_64+0xbf/0x360 [ 121.436630] rewind_stack_and_make_dead+0x16/0x20 [ 121.437037] RIP: 0033:0x7f7ea2087b19 [ 121.437341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.438818] RSP: 002b:00007f7e9f5fd218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.439445] RAX: ffffffffffffffda RBX: 00007f7ea219af68 RCX: 00007f7ea2087b19 [ 121.440024] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7ea219af6c [ 121.440610] RBP: 00007f7ea219af60 R08: 000000000000000e R09: 0000000000000000 [ 121.441196] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7ea219af6c [ 121.441765] R13: 00007ffdb27f249f R14: 00007f7e9f5fd300 R15: 0000000000022000 [ 121.442357] [ 121.442549] Modules linked in: [ 121.442818] ---[ end trace 0000000000000000 ]--- [ 121.442819] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 121.443193] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.444049] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 121.444410] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.445001] CPU: 1 UID: 0 PID: 3965 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 121.446415] RSP: 0018:ffff888047dcf780 EFLAGS: 00010012 [ 121.447332] Tainted: [D]=DIE, [W]=WARN [ 121.447755] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90007cc8000 [ 121.448065] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.448645] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 5800000000000190 [ 121.449319] RIP: 0010:perf_tp_event+0x175/0xe70 [ 121.449871] RBP: ffff888047dcf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16358 [ 121.450232] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 121.450797] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 121.452290] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 121.452863] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 121.453306] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 121.453868] FS: 00007f7e9f5fd700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 121.454432] RDX: ffff88800f1f0000 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 121.455064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.455630] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd094d0 [ 121.456088] CR2: 00007f7ea219b018 CR3: 000000001f87b000 CR4: 0000000000350ef0 [ 121.456670] R10: 0000000000000000 R11: ffff88801f86d098 R12: dffffc0000000000 [ 121.457230] Kernel panic - not syncing: Fatal exception in interrupt [ 122.503615] Shutting down cpus with NMI [ 122.504545] Kernel Offset: disabled [ 122.504834] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:21:29 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888047dcf070 R8 =0000000000000000 R9 =ffffed10013ff046 R10=0000000000000038 R11=0000000065646f43 R12=0000000000000038 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7e9f5fd700 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7ea219b018 CR3=000000001f87b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7ea216e7c000007f7ea216e7c8 XMM02=00007f7ea216e7e000007f7ea216e7c0 XMM03=00007f7ea216e7c800007f7ea216e7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff88800f407530 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11001e80ea7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff88800f407568 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558a20f400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2cb22000 CR3=0000000013e86000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007ff56c0847c000007ff56c0847c8 XMM02=00007ff56c0847e000007ff56c0847c0 XMM03=00007ff56c0847c800007ff56c0847c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000