Warning: Permanently added '[localhost]:61552' (ECDSA) to the list of known hosts.
2025/08/29 11:20:21 fuzzer started
2025/08/29 11:20:22 dialing manager at localhost:43077
syzkaller login: [ 59.854449] cgroup: Unknown subsys name 'net'
[ 59.901399] cgroup: Unknown subsys name 'cpuset'
[ 59.921431] cgroup: Unknown subsys name 'rlimit'
2025/08/29 11:20:32 syscalls: 2214
2025/08/29 11:20:32 code coverage: enabled
2025/08/29 11:20:32 comparison tracing: enabled
2025/08/29 11:20:32 extra coverage: enabled
2025/08/29 11:20:32 setuid sandbox: enabled
2025/08/29 11:20:32 namespace sandbox: enabled
2025/08/29 11:20:32 Android sandbox: enabled
2025/08/29 11:20:32 fault injection: enabled
2025/08/29 11:20:32 leak checking: enabled
2025/08/29 11:20:32 net packet injection: enabled
2025/08/29 11:20:32 net device setup: enabled
2025/08/29 11:20:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 11:20:32 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 11:20:32 USB emulation: enabled
2025/08/29 11:20:32 hci packet injection: enabled
2025/08/29 11:20:32 wifi device emulation: enabled
2025/08/29 11:20:32 802.15.4 emulation: enabled
2025/08/29 11:20:32 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 11:20:33 fetching corpus: 47, signal 23701/27204 (executing program)
2025/08/29 11:20:33 fetching corpus: 97, signal 35894/40751 (executing program)
2025/08/29 11:20:33 fetching corpus: 147, signal 44427/50508 (executing program)
2025/08/29 11:20:33 fetching corpus: 197, signal 51495/58732 (executing program)
2025/08/29 11:20:33 fetching corpus: 247, signal 57199/65541 (executing program)
2025/08/29 11:20:33 fetching corpus: 297, signal 59570/69121 (executing program)
2025/08/29 11:20:33 fetching corpus: 347, signal 62355/73027 (executing program)
2025/08/29 11:20:33 fetching corpus: 397, signal 66701/78311 (executing program)
2025/08/29 11:20:33 fetching corpus: 447, signal 71364/83762 (executing program)
2025/08/29 11:20:33 fetching corpus: 497, signal 74199/87498 (executing program)
2025/08/29 11:20:33 fetching corpus: 547, signal 77387/91488 (executing program)
2025/08/29 11:20:34 fetching corpus: 597, signal 79180/94201 (executing program)
2025/08/29 11:20:34 fetching corpus: 647, signal 82104/97886 (executing program)
2025/08/29 11:20:34 fetching corpus: 697, signal 83886/100550 (executing program)
2025/08/29 11:20:34 fetching corpus: 747, signal 85576/103046 (executing program)
2025/08/29 11:20:34 fetching corpus: 797, signal 88405/106482 (executing program)
2025/08/29 11:20:34 fetching corpus: 847, signal 90897/109627 (executing program)
2025/08/29 11:20:34 fetching corpus: 897, signal 93469/112756 (executing program)
2025/08/29 11:20:34 fetching corpus: 947, signal 94964/114977 (executing program)
2025/08/29 11:20:34 fetching corpus: 997, signal 97489/117903 (executing program)
2025/08/29 11:20:34 fetching corpus: 1047, signal 99096/120123 (executing program)
2025/08/29 11:20:35 fetching corpus: 1097, signal 100655/122227 (executing program)
2025/08/29 11:20:35 fetching corpus: 1147, signal 102365/124455 (executing program)
2025/08/29 11:20:35 fetching corpus: 1197, signal 103621/126317 (executing program)
2025/08/29 11:20:35 fetching corpus: 1247, signal 105248/128360 (executing program)
2025/08/29 11:20:35 fetching corpus: 1297, signal 106144/129894 (executing program)
2025/08/29 11:20:35 fetching corpus: 1347, signal 107197/131459 (executing program)
2025/08/29 11:20:35 fetching corpus: 1396, signal 108398/133160 (executing program)
2025/08/29 11:20:35 fetching corpus: 1446, signal 109645/134914 (executing program)
2025/08/29 11:20:35 fetching corpus: 1496, signal 110860/136537 (executing program)
2025/08/29 11:20:36 fetching corpus: 1546, signal 112058/138185 (executing program)
2025/08/29 11:20:36 fetching corpus: 1595, signal 113192/139784 (executing program)
2025/08/29 11:20:36 fetching corpus: 1644, signal 114769/141610 (executing program)
2025/08/29 11:20:36 fetching corpus: 1694, signal 116095/143239 (executing program)
2025/08/29 11:20:36 fetching corpus: 1744, signal 117572/144908 (executing program)
2025/08/29 11:20:36 fetching corpus: 1794, signal 118437/146197 (executing program)
2025/08/29 11:20:36 fetching corpus: 1844, signal 119538/147575 (executing program)
2025/08/29 11:20:36 fetching corpus: 1894, signal 120346/148766 (executing program)
2025/08/29 11:20:36 fetching corpus: 1944, signal 121263/150027 (executing program)
2025/08/29 11:20:36 fetching corpus: 1994, signal 122268/151320 (executing program)
2025/08/29 11:20:36 fetching corpus: 2044, signal 122984/152481 (executing program)
2025/08/29 11:20:37 fetching corpus: 2094, signal 124073/153764 (executing program)
2025/08/29 11:20:37 fetching corpus: 2144, signal 125446/155126 (executing program)
2025/08/29 11:20:37 fetching corpus: 2194, signal 126198/156189 (executing program)
2025/08/29 11:20:37 fetching corpus: 2243, signal 126950/157257 (executing program)
2025/08/29 11:20:37 fetching corpus: 2293, signal 127673/158299 (executing program)
2025/08/29 11:20:37 fetching corpus: 2343, signal 128541/159327 (executing program)
2025/08/29 11:20:37 fetching corpus: 2393, signal 129410/160428 (executing program)
2025/08/29 11:20:37 fetching corpus: 2442, signal 130274/161386 (executing program)
2025/08/29 11:20:37 fetching corpus: 2492, signal 131044/162338 (executing program)
2025/08/29 11:20:37 fetching corpus: 2542, signal 132369/163517 (executing program)
2025/08/29 11:20:37 fetching corpus: 2592, signal 133170/164453 (executing program)
2025/08/29 11:20:37 fetching corpus: 2642, signal 134310/165470 (executing program)
2025/08/29 11:20:37 fetching corpus: 2692, signal 135219/166461 (executing program)
2025/08/29 11:20:37 fetching corpus: 2740, signal 136641/167720 (executing program)
2025/08/29 11:20:38 fetching corpus: 2790, signal 137222/168516 (executing program)
2025/08/29 11:20:38 fetching corpus: 2840, signal 138032/169409 (executing program)
2025/08/29 11:20:38 fetching corpus: 2890, signal 138760/170186 (executing program)
2025/08/29 11:20:38 fetching corpus: 2939, signal 139700/171052 (executing program)
2025/08/29 11:20:38 fetching corpus: 2989, signal 140257/171799 (executing program)
2025/08/29 11:20:38 fetching corpus: 3039, signal 141031/172534 (executing program)
2025/08/29 11:20:38 fetching corpus: 3088, signal 141624/173238 (executing program)
2025/08/29 11:20:38 fetching corpus: 3138, signal 142239/173954 (executing program)
2025/08/29 11:20:38 fetching corpus: 3188, signal 143148/174784 (executing program)
2025/08/29 11:20:38 fetching corpus: 3237, signal 143832/175446 (executing program)
2025/08/29 11:20:38 fetching corpus: 3287, signal 144571/176161 (executing program)
2025/08/29 11:20:39 fetching corpus: 3337, signal 144896/176702 (executing program)
2025/08/29 11:20:39 fetching corpus: 3387, signal 145431/177342 (executing program)
2025/08/29 11:20:39 fetching corpus: 3436, signal 146056/177994 (executing program)
2025/08/29 11:20:39 fetching corpus: 3486, signal 147093/178710 (executing program)
2025/08/29 11:20:39 fetching corpus: 3534, signal 147743/179332 (executing program)
2025/08/29 11:20:39 fetching corpus: 3584, signal 150047/180292 (executing program)
2025/08/29 11:20:39 fetching corpus: 3634, signal 150610/180820 (executing program)
2025/08/29 11:20:39 fetching corpus: 3683, signal 151376/181446 (executing program)
2025/08/29 11:20:39 fetching corpus: 3733, signal 151959/181970 (executing program)
2025/08/29 11:20:39 fetching corpus: 3782, signal 152433/182419 (executing program)
2025/08/29 11:20:40 fetching corpus: 3832, signal 153088/182919 (executing program)
2025/08/29 11:20:40 fetching corpus: 3882, signal 153810/183447 (executing program)
2025/08/29 11:20:40 fetching corpus: 3932, signal 154422/183928 (executing program)
2025/08/29 11:20:40 fetching corpus: 3981, signal 154964/184354 (executing program)
2025/08/29 11:20:40 fetching corpus: 4031, signal 155473/184819 (executing program)
2025/08/29 11:20:40 fetching corpus: 4081, signal 156124/185263 (executing program)
2025/08/29 11:20:40 fetching corpus: 4131, signal 156679/185724 (executing program)
2025/08/29 11:20:40 fetching corpus: 4181, signal 157109/186100 (executing program)
2025/08/29 11:20:40 fetching corpus: 4231, signal 157478/186465 (executing program)
2025/08/29 11:20:40 fetching corpus: 4281, signal 157901/186823 (executing program)
2025/08/29 11:20:40 fetching corpus: 4329, signal 158243/187199 (executing program)
2025/08/29 11:20:41 fetching corpus: 4379, signal 158628/187560 (executing program)
2025/08/29 11:20:41 fetching corpus: 4429, signal 158953/187878 (executing program)
2025/08/29 11:20:41 fetching corpus: 4479, signal 159447/188216 (executing program)
2025/08/29 11:20:41 fetching corpus: 4529, signal 160498/188461 (executing program)
2025/08/29 11:20:41 fetching corpus: 4579, signal 160819/188475 (executing program)
2025/08/29 11:20:41 fetching corpus: 4629, signal 161107/188497 (executing program)
2025/08/29 11:20:41 fetching corpus: 4679, signal 161571/188506 (executing program)
2025/08/29 11:20:41 fetching corpus: 4729, signal 162080/188525 (executing program)
2025/08/29 11:20:41 fetching corpus: 4779, signal 162717/188666 (executing program)
2025/08/29 11:20:41 fetching corpus: 4829, signal 163089/188667 (executing program)
2025/08/29 11:20:41 fetching corpus: 4878, signal 163505/188693 (executing program)
2025/08/29 11:20:42 fetching corpus: 4928, signal 164154/188713 (executing program)
2025/08/29 11:20:42 fetching corpus: 4978, signal 164469/188716 (executing program)
2025/08/29 11:20:42 fetching corpus: 5028, signal 164792/188723 (executing program)
2025/08/29 11:20:42 fetching corpus: 5078, signal 165354/188740 (executing program)
2025/08/29 11:20:42 fetching corpus: 5128, signal 165642/188776 (executing program)
2025/08/29 11:20:42 fetching corpus: 5178, signal 166027/188801 (executing program)
2025/08/29 11:20:42 fetching corpus: 5228, signal 166494/188809 (executing program)
2025/08/29 11:20:42 fetching corpus: 5278, signal 166870/188830 (executing program)
2025/08/29 11:20:42 fetching corpus: 5328, signal 167281/188846 (executing program)
2025/08/29 11:20:42 fetching corpus: 5378, signal 167836/188865 (executing program)
2025/08/29 11:20:43 fetching corpus: 5428, signal 168188/188876 (executing program)
2025/08/29 11:20:43 fetching corpus: 5478, signal 168555/188880 (executing program)
2025/08/29 11:20:43 fetching corpus: 5528, signal 168916/188887 (executing program)
2025/08/29 11:20:43 fetching corpus: 5578, signal 169429/188888 (executing program)
2025/08/29 11:20:43 fetching corpus: 5628, signal 169706/188897 (executing program)
2025/08/29 11:20:43 fetching corpus: 5678, signal 170231/188916 (executing program)
2025/08/29 11:20:43 fetching corpus: 5728, signal 170687/188940 (executing program)
2025/08/29 11:20:43 fetching corpus: 5778, signal 171069/188944 (executing program)
2025/08/29 11:20:43 fetching corpus: 5828, signal 171505/188994 (executing program)
2025/08/29 11:20:43 fetching corpus: 5878, signal 171864/189006 (executing program)
2025/08/29 11:20:43 fetching corpus: 5928, signal 172370/189035 (executing program)
2025/08/29 11:20:44 fetching corpus: 5978, signal 172646/189048 (executing program)
2025/08/29 11:20:44 fetching corpus: 6028, signal 172913/189064 (executing program)
2025/08/29 11:20:44 fetching corpus: 6078, signal 173284/189085 (executing program)
2025/08/29 11:20:44 fetching corpus: 6128, signal 173571/189097 (executing program)
2025/08/29 11:20:44 fetching corpus: 6178, signal 174012/189101 (executing program)
2025/08/29 11:20:44 fetching corpus: 6228, signal 174627/189115 (executing program)
2025/08/29 11:20:44 fetching corpus: 6278, signal 174933/189131 (executing program)
2025/08/29 11:20:44 fetching corpus: 6327, signal 175513/189134 (executing program)
2025/08/29 11:20:44 fetching corpus: 6376, signal 175735/189141 (executing program)
2025/08/29 11:20:44 fetching corpus: 6426, signal 176179/189160 (executing program)
2025/08/29 11:20:45 fetching corpus: 6476, signal 176395/189171 (executing program)
2025/08/29 11:20:45 fetching corpus: 6526, signal 176685/189174 (executing program)
2025/08/29 11:20:45 fetching corpus: 6576, signal 176942/189192 (executing program)
2025/08/29 11:20:45 fetching corpus: 6626, signal 177248/189192 (executing program)
2025/08/29 11:20:45 fetching corpus: 6676, signal 177488/189201 (executing program)
2025/08/29 11:20:45 fetching corpus: 6726, signal 177783/189213 (executing program)
2025/08/29 11:20:45 fetching corpus: 6776, signal 178129/189221 (executing program)
2025/08/29 11:20:45 fetching corpus: 6826, signal 178381/189226 (executing program)
2025/08/29 11:20:45 fetching corpus: 6876, signal 178665/189234 (executing program)
2025/08/29 11:20:45 fetching corpus: 6925, signal 179039/189245 (executing program)
2025/08/29 11:20:45 fetching corpus: 6974, signal 179362/189333 (executing program)
2025/08/29 11:20:46 fetching corpus: 7024, signal 179646/189348 (executing program)
2025/08/29 11:20:46 fetching corpus: 7074, signal 179931/189350 (executing program)
2025/08/29 11:20:46 fetching corpus: 7124, signal 180194/189374 (executing program)
2025/08/29 11:20:46 fetching corpus: 7174, signal 180418/189379 (executing program)
2025/08/29 11:20:46 fetching corpus: 7224, signal 180632/189387 (executing program)
2025/08/29 11:20:46 fetching corpus: 7274, signal 180933/189391 (executing program)
2025/08/29 11:20:46 fetching corpus: 7324, signal 181309/189394 (executing program)
2025/08/29 11:20:46 fetching corpus: 7374, signal 181554/189402 (executing program)
2025/08/29 11:20:46 fetching corpus: 7424, signal 181838/189409 (executing program)
2025/08/29 11:20:46 fetching corpus: 7474, signal 182027/189409 (executing program)
2025/08/29 11:20:46 fetching corpus: 7524, signal 182376/189413 (executing program)
2025/08/29 11:20:46 fetching corpus: 7574, signal 182566/189423 (executing program)
2025/08/29 11:20:46 fetching corpus: 7624, signal 182824/189428 (executing program)
2025/08/29 11:20:47 fetching corpus: 7674, signal 183106/189430 (executing program)
2025/08/29 11:20:47 fetching corpus: 7723, signal 183376/189447 (executing program)
2025/08/29 11:20:47 fetching corpus: 7773, signal 183684/189461 (executing program)
2025/08/29 11:20:47 fetching corpus: 7822, signal 184084/189469 (executing program)
2025/08/29 11:20:47 fetching corpus: 7872, signal 184292/189472 (executing program)
2025/08/29 11:20:47 fetching corpus: 7921, signal 184670/189477 (executing program)
2025/08/29 11:20:47 fetching corpus: 7971, signal 184969/189477 (executing program)
2025/08/29 11:20:47 fetching corpus: 8021, signal 185170/189486 (executing program)
2025/08/29 11:20:47 fetching corpus: 8071, signal 185387/189486 (executing program)
2025/08/29 11:20:47 fetching corpus: 8121, signal 185550/189490 (executing program)
2025/08/29 11:20:47 fetching corpus: 8170, signal 185827/189506 (executing program)
2025/08/29 11:20:48 fetching corpus: 8220, signal 186148/189507 (executing program)
2025/08/29 11:20:48 fetching corpus: 8260, signal 186347/189520 (executing program)
2025/08/29 11:20:48 fetching corpus: 8260, signal 186347/189520 (executing program)
2025/08/29 11:20:50 starting 8 fuzzer processes
11:20:50 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r1, 0x0)
sigaltstack(&(0x7f0000ffc000/0x3000)=nil, 0x0)
syz_io_uring_submit(r2, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0)
11:20:50 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/igmp\x00')
pread64(r0, &(0x7f0000000200)=""/183, 0xb7, 0x0)
11:20:50 executing program 3:
r0 = io_uring_setup(0x7383, &(0x7f00000003c0))
syz_io_uring_setup(0x4c65, &(0x7f0000000440)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f00000004c0), &(0x7f0000000500))
11:20:50 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
11:20:50 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
setrlimit(0x0, &(0x7f00000000c0))
[ 87.823139] audit: type=1400 audit(1756466450.657:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:20:50 executing program 4:
syz_emit_ethernet(0x42, &(0x7f0000000140)={@multicast, @link_local, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @private=0xa010100, {[@lsrr={0x83, 0x3, 0x5f}]}}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @private}}}}}}, 0x0)
11:20:50 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, 0x0)
11:20:50 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
[ 88.998429] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 89.000424] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 89.002738] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 89.004874] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 89.011670] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 89.013070] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 89.016070] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 89.018318] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 89.027026] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 89.029877] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 89.121391] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 89.143832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 89.146874] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 89.153131] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 89.155403] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 89.192807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 89.194545] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 89.196208] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 89.198825] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 89.205886] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 89.208809] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 89.208830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 89.210109] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 89.212932] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 89.213663] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 89.215475] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 89.215685] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 89.224940] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 89.228298] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 89.234018] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 89.240170] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 89.242261] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 89.244255] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 89.260346] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 89.262106] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 89.273017] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 89.281468] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 89.310103] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 89.316620] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 89.321985] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 91.089029] Bluetooth: hci0: command tx timeout
[ 91.089674] Bluetooth: hci1: command tx timeout
[ 91.217657] Bluetooth: hci2: command tx timeout
[ 91.280659] Bluetooth: hci5: command tx timeout
[ 91.346080] Bluetooth: hci6: command tx timeout
[ 91.346097] Bluetooth: hci4: command tx timeout
[ 91.346247] Bluetooth: hci3: command tx timeout
[ 91.856744] Bluetooth: hci7: command tx timeout
[ 93.137718] Bluetooth: hci0: command tx timeout
[ 93.137784] Bluetooth: hci1: command tx timeout
[ 93.264665] Bluetooth: hci2: command tx timeout
[ 93.328651] Bluetooth: hci5: command tx timeout
[ 93.392675] Bluetooth: hci6: command tx timeout
[ 93.393094] Bluetooth: hci4: command tx timeout
[ 93.393821] Bluetooth: hci3: command tx timeout
[ 93.905764] Bluetooth: hci7: command tx timeout
[ 95.184628] Bluetooth: hci0: command tx timeout
[ 95.185918] Bluetooth: hci1: command tx timeout
[ 95.312710] Bluetooth: hci2: command tx timeout
[ 95.376634] Bluetooth: hci5: command tx timeout
[ 95.440700] Bluetooth: hci6: command tx timeout
[ 95.441703] Bluetooth: hci3: command tx timeout
[ 95.441717] Bluetooth: hci4: command tx timeout
[ 95.952655] Bluetooth: hci7: command tx timeout
[ 97.233674] Bluetooth: hci1: command tx timeout
[ 97.233692] Bluetooth: hci0: command tx timeout
[ 97.361743] Bluetooth: hci2: command tx timeout
[ 97.426606] Bluetooth: hci5: command tx timeout
[ 97.490687] Bluetooth: hci4: command tx timeout
[ 97.490815] Bluetooth: hci3: command tx timeout
[ 97.491090] Bluetooth: hci6: command tx timeout
[ 98.000691] Bluetooth: hci7: command tx timeout
[ 124.646918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.647544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.810052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.810734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.996842] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.997454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 125.140626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.141240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:21:28 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
11:21:28 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
[ 125.332713] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.333265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:21:28 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
[ 125.444815] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.445447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:21:28 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
11:21:28 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
11:21:28 executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
splice(r0, &(0x7f00000003c0), r1, 0x0, 0x6, 0x0)
11:21:28 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
sched_setparam(0x0, &(0x7f0000000000))
[ 125.900694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.901300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.007105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.008116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.594161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.594999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.673915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.674487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.697230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.697860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.742547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.743270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.771097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.771689] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.806485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.807091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.873206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.873987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.940527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.941281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.042951] audit: type=1400 audit(1756466489.877:8): avc: denied { open } for pid=3910 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 127.046841] audit: type=1400 audit(1756466489.877:9): avc: denied { kernel } for pid=3910 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
11:21:29 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
11:21:29 executing program 4:
syz_io_uring_complete(0x0)
11:21:29 executing program 2:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
keyctl$link(0xb, r0, 0xfffffffffffffffd)
11:21:29 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
11:21:29 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
setrlimit(0x0, &(0x7f00000000c0))
11:21:29 executing program 3:
r0 = io_uring_setup(0x7383, &(0x7f00000003c0))
syz_io_uring_setup(0x4c65, &(0x7f0000000440)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f00000004c0), &(0x7f0000000500))
11:21:29 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
11:21:29 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x8}}]})
[ 127.144659] EXT4-fs: Invalid journal IO priority (must be 0-7)
[ 127.151816] EXT4-fs: Invalid journal IO priority (must be 0-7)
11:21:30 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5334, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
11:21:30 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
11:21:30 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
setrlimit(0x0, &(0x7f00000000c0))
11:21:30 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
write$binfmt_script(r0, 0x0, 0xfdef)
11:21:30 executing program 3:
r0 = io_uring_setup(0x7383, &(0x7f00000003c0))
syz_io_uring_setup(0x4c65, &(0x7f0000000440)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f00000004c0), &(0x7f0000000500))
11:21:30 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x8}}]})
11:21:30 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
11:21:30 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
[ 127.380397] EXT4-fs: Invalid journal IO priority (must be 0-7)
11:21:30 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x8}}]})
11:21:30 executing program 3:
r0 = io_uring_setup(0x7383, &(0x7f00000003c0))
syz_io_uring_setup(0x4c65, &(0x7f0000000440)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff6000/0xa000)=nil, &(0x7f00000004c0), &(0x7f0000000500))
[ 127.468531] EXT4-fs: Invalid journal IO priority (must be 0-7)
11:21:30 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
setrlimit(0x0, &(0x7f00000000c0))
11:21:30 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
[ 127.500305] kmemleak: Found object by alias at 0x607f1a639a14
[ 127.500322] CPU: 1 UID: 0 PID: 3938 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 127.500340] Tainted: [W]=WARN
[ 127.500343] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 127.500351] Call Trace:
[ 127.500355]
[ 127.500359] dump_stack_lvl+0xca/0x120
[ 127.500384] __lookup_object+0x94/0xb0
[ 127.500400] delete_object_full+0x27/0x70
[ 127.500416] free_percpu+0x30/0x1160
[ 127.500432] ? arch_uprobe_clear_state+0x16/0x140
[ 127.500452] futex_hash_free+0x38/0xc0
[ 127.500467] mmput+0x2d3/0x390
[ 127.500485] do_exit+0x79d/0x2970
[ 127.500499] ? lock_release+0xc8/0x290
[ 127.500514] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 127.500536] ? __pfx_do_exit+0x10/0x10
[ 127.500549] ? find_held_lock+0x2b/0x80
[ 127.500566] ? get_signal+0x835/0x2340
[ 127.500591] do_group_exit+0xd3/0x2a0
[ 127.500606] get_signal+0x2315/0x2340
[ 127.500628] ? __pfx_get_signal+0x10/0x10
[ 127.500643] ? do_futex+0x135/0x370
[ 127.500657] ? __pfx_do_futex+0x10/0x10
[ 127.500672] arch_do_signal_or_restart+0x80/0x790
[ 127.500689] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 127.500705] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 127.500725] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 127.500744] ? __pfx___x64_sys_futex+0x10/0x10
[ 127.500756] ? __x64_sys_memfd_create+0x1cd/0x280
[ 127.500774] ? xfd_validate_state+0x55/0x180
[ 127.500795] exit_to_user_mode_loop+0x8b/0x110
[ 127.500807] do_syscall_64+0x2f7/0x360
[ 127.500820] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.500832] RIP: 0033:0x7fbe5df8eb19
[ 127.500841] Code: Unable to access opcode bytes at 0x7fbe5df8eaef.
[ 127.500846] RSP: 002b:00007fbe5b504218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 127.500858] RAX: fffffffffffffe00 RBX: 00007fbe5e0a1f68 RCX: 00007fbe5df8eb19
[ 127.500865] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbe5e0a1f68
[ 127.500872] RBP: 00007fbe5e0a1f60 R08: 0000000000000000 R09: 0000000000000000
[ 127.500879] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe5e0a1f6c
[ 127.500886] R13: 00007fff944801df R14: 00007fbe5b504300 R15: 0000000000022000
[ 127.500902]
[ 127.500906] kmemleak: Object (percpu) 0x607f1a639a10 (size 8):
[ 127.500912] kmemleak: comm "syz-executor.3", pid 3950, jiffies 4294794424
[ 127.500919] kmemleak: min_count = 1
[ 127.500923] kmemleak: count = 0
[ 127.500926] kmemleak: flags = 0x21
[ 127.500930] kmemleak: checksum = 0
[ 127.500934] kmemleak: backtrace:
[ 127.500937] pcpu_alloc_noprof+0x87a/0x1170
[ 127.500951] percpu_ref_init+0x37/0x400
[ 127.500969] io_uring_setup+0x44c/0x2000
[ 127.500981] __x64_sys_io_uring_setup+0xc8/0x170
[ 127.500991] do_syscall_64+0xbf/0x360
[ 127.501000] entry_SYSCALL_64_after_hwframe+0x77/0x7f
11:21:30 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
11:21:30 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001)
dup2(r1, r0)
write$binfmt_script(r0, 0x0, 0xfdef)
11:21:30 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5334, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
11:21:30 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x8}}]})
[ 127.578076] EXT4-fs: Invalid journal IO priority (must be 0-7)
11:21:30 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
r1 = memfd_create(&(0x7f0000000040)='\t\x9d/\x00', 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)
[ 127.627383] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 127.628332] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 127.629042] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 127.631181] Tainted: [W]=WARN
[ 127.631940] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 127.633604] RIP: 0010:perf_tp_event+0x175/0xe70
[ 127.634833] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 127.638647] RSP: 0018:ffff888046b57780 EFLAGS: 00010012
[ 127.639080] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000904d000
[ 127.639659] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 127.640237] RBP: ffff888046b579f0 R08: ffff88806cf31340 R09: ffffe8ffffd16a10
[ 127.640830] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 127.641429] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 127.642022] FS: 00007fbe5b504700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 127.642687] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 127.643185] CR2: 00007fbe5e0a2018 CR3: 00000000163de000 CR4: 0000000000350ef0
[ 127.643794] Call Trace:
[ 127.644012]
[ 127.644202] ? __pfx_perf_tp_event+0x10/0x10
[ 127.644574] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 127.645079] ? lock_acquire+0x15e/0x2f0
[ 127.645420] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 127.645943] ? lock_is_held_type+0x9e/0x120
[ 127.646322] ? lock_is_held_type+0x9e/0x120
[ 127.646685] ? ctx_sched_in+0x134/0x9b0
[ 127.647020] ? __pfx_ctx_sched_in+0x10/0x10
[ 127.647384] ? arch_stack_walk+0x9c/0xf0
[ 127.647721] ? find_held_lock+0x2b/0x80
[ 127.648072] ? perf_trace_run_bpf_submit+0xef/0x180
[ 127.648489] perf_trace_run_bpf_submit+0xef/0x180
[ 127.648893] perf_trace_preemptirq_template+0x259/0x430
[ 127.649345] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 127.649804] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 127.650308] ? __pfx___resched_curr+0x10/0x10
[ 127.650688] ? find_held_lock+0x2b/0x80
[ 127.651024] ? try_to_wake_up+0x8ae/0x11d0
[ 127.651380] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 127.651810] trace_irq_enable.constprop.0+0xa6/0x100
[ 127.652231] trace_hardirqs_on+0x26/0x40
[ 127.652565] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 127.652977] try_to_wake_up+0x8ae/0x11d0
[ 127.653321] ? __pfx_try_to_wake_up+0x10/0x10
[ 127.653703] ? plist_del+0x122/0x270
[ 127.654020] ? find_held_lock+0x2b/0x80
[ 127.654358] ? futex_wake+0x474/0x540
[ 127.654697] wake_up_q+0xa1/0x130
[ 127.655000] futex_wake+0x47e/0x540
[ 127.655315] ? __pfx_futex_wake+0x10/0x10
[ 127.655661] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 127.656089] ? lock_release+0xc8/0x290
[ 127.656411] do_futex+0x26d/0x370
[ 127.656716] ? __pfx_do_futex+0x10/0x10
[ 127.657052] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 127.657502] ? find_held_lock+0x2b/0x80
[ 127.657854] __x64_sys_futex+0x1c9/0x4d0
[ 127.658207] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 127.658724] ? __pfx___x64_sys_futex+0x10/0x10
[ 127.659120] do_syscall_64+0xbf/0x360
[ 127.659450] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.659892] RIP: 0033:0x7fbe5df8eb19
[ 127.660203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 127.661706] RSP: 002b:00007fbe5b504218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 127.662328] RAX: ffffffffffffffda RBX: 00007fbe5e0a1f68 RCX: 00007fbe5df8eb19
[ 127.662917] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbe5e0a1f6c
[ 127.663494] RBP: 00007fbe5e0a1f60 R08: 000000000000000e R09: 0000000000000000
[ 127.664089] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbe5e0a1f6c
[ 127.664672] R13: 00007fff944801df R14: 00007fbe5b504300 R15: 0000000000022000
[ 127.665264]
[ 127.665460] Modules linked in:
[ 127.665731] ---[ end trace 0000000000000000 ]---
[ 127.666114] RIP: 0010:perf_tp_event+0x175/0xe70
[ 127.666502] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 127.668009] RSP: 0018:ffff888046b57780 EFLAGS: 00010012
[ 127.668466] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000904d000
[ 127.669050] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 127.669644] RBP: ffff888046b579f0 R08: ffff88806cf31340 R09: ffffe8ffffd16a10
[ 127.670219] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 127.670807] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 127.671415] FS: 00007fbe5b504700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 127.672110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 127.672613] CR2: 00007fbe5e0a2018 CR3: 00000000163de000 CR4: 0000000000350ef0
[ 127.673190] note: syz-executor.6[3964] exited with irqs disabled
[ 127.673729] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 127.674609] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 127.675294] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 127.676258] Tainted: [D]=DIE, [W]=WARN
[ 127.676579] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 127.677231] RIP: 0010:perf_tp_event+0x175/0xe70
[ 127.677613] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 127.679063] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[ 127.679491] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 127.680073] RDX: ffff888045ed5280 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 127.680651] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16a10
[ 127.681220] R10: 0000000000000000 R11: ffff888019df2c98 R12: dffffc0000000000
[ 127.681800] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[ 127.682364] FS: 00007fbe5b504700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 127.683011] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 127.683501] CR2: 00007fbe5e0a2018 CR3: 00000000163de000 CR4: 0000000000350ef0
[ 127.684111] Call Trace:
[ 127.684340]
[ 127.684531] ? css_rstat_updated+0x1b8/0x4d0
[ 127.684916] ? __pfx_perf_tp_event+0x10/0x10
[ 127.685287] ? trace_pelt_se_tp+0xdf/0x130
[ 127.685640] ? __cgroup_account_cputime+0x31/0xc0
[ 127.686055] ? lock_acquire+0x18c/0x2f0
[ 127.686387] ? update_cfs_group+0x11d/0x260
[ 127.686757] ? lock_release+0x1c7/0x290
[ 127.687108] ? run_posix_cpu_timers+0x160/0x7d0
[ 127.687503] ? __pfx_run_posix_cpu_timers+0x10/0x10
[ 127.687931] ? sched_balance_trigger+0x1ac/0xcb0
[ 127.688335] ? sched_tick+0x27c/0x6c0
[ 127.688670] ? do_raw_spin_lock+0x123/0x260
[ 127.689043] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 127.689450] ? perf_trace_run_bpf_submit+0xef/0x180
[ 127.689887] perf_trace_run_bpf_submit+0xef/0x180
[ 127.690306] perf_trace_preemptirq_template+0x259/0x430
[ 127.690762] ? read_tsc+0x9/0x20
[ 127.691066] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 127.691569] ? clockevents_program_event+0x135/0x360
[ 127.692009] ? tick_program_event+0xac/0x140
[ 127.692394] ? handle_softirqs+0x16e/0x770
[ 127.692778] trace_irq_enable.constprop.0+0xa6/0x100
[ 127.693218] trace_hardirqs_on+0x26/0x40
[ 127.693562] handle_softirqs+0x16e/0x770
[ 127.693919] __irq_exit_rcu+0xc4/0x100
[ 127.694262] irq_exit_rcu+0x9/0x20
[ 127.694573] sysvec_apic_timer_interrupt+0x70/0x80
[ 127.695000]
[ 127.695202]
[ 127.695395] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 127.695847] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 127.696253] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 127.697765] RSP: 0018:ffff888046b57f28 EFLAGS: 00000246
[ 127.698212] RAX: 0000000000000001 RBX: ffff888045ed5280 RCX: ffffffff817c2b86
[ 127.698815] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 127.699416] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 127.700020] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888045ed5280
[ 127.700612] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 127.701214] ? trace_irq_enable.constprop.0+0x26/0x100
[ 127.701661] ? make_task_dead+0x214/0x3b0
[ 127.702017] ? make_task_dead+0x214/0x3b0
[ 127.702372] ? do_syscall_64+0xbf/0x360
[ 127.702709] rewind_stack_and_make_dead+0x16/0x20
[ 127.703121] RIP: 0033:0x7fbe5df8eb19
[ 127.703436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 127.704974] RSP: 002b:00007fbe5b504218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 127.705610] RAX: ffffffffffffffda RBX: 00007fbe5e0a1f68 RCX: 00007fbe5df8eb19
[ 127.706213] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbe5e0a1f6c
[ 127.706812] RBP: 00007fbe5e0a1f60 R08: 000000000000000e R09: 0000000000000000
[ 127.707415] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbe5e0a1f6c
[ 127.708028] R13: 00007fff944801df R14: 00007fbe5b504300 R15: 0000000000022000
[ 127.708637]
[ 127.708842] Modules linked in:
[ 127.709117] ---[ end trace 0000000000000000 ]---
[ 127.709511] RIP: 0010:perf_tp_event+0x175/0xe70
[ 127.709914] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 127.711407] RSP: 0018:ffff888046b57780 EFLAGS: 00010012
[ 127.711852] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000904d000
[ 127.712418] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 127.712985] RBP: ffff888046b579f0 R08: ffff88806cf31340 R09: ffffe8ffffd16a10
[ 127.713550] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 127.714125] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 127.714702] FS: 00007fbe5b504700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 127.715336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 127.715812] CR2: 00007fbe5e0a2018 CR3: 00000000163de000 CR4: 0000000000350ef0
[ 127.716380] Kernel panic - not syncing: Fatal exception in interrupt
[ 127.717085] Kernel Offset: disabled
[ 127.717378] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
11:21:30 Registers:
info registers vcpu 0
RAX=00000000000193c9 RBX=ffff88806cf3c300 RCX=ffffc90006035000 RDX=0000000000040000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88800f6275a8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1
R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fb32b182700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe4400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb32dd20018 CR3=0000000045255000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fb32dcf37c000007fb32dcf37c8
XMM02=00007fb32dcf37e000007fb32dcf37c0 XMM03=00007fb32dcf37c800007fb32dcf37c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888046b57070
R8 =0000000000000000 R9 =ffffed100156b046 R10=0000000000000020 R11=0000000065646f43
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fbe5b504700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe4c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbe5e0a2018 CR3=00000000163de000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fbe5e0757c000007fbe5e0757c8
XMM02=00007fbe5e0757e000007fbe5e0757c0 XMM03=00007fbe5e0757c800007fbe5e0757c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000