Warning: Permanently added '[localhost]:34085' (ECDSA) to the list of known hosts. 2025/08/29 11:46:07 fuzzer started 2025/08/29 11:46:07 dialing manager at localhost:43077 syzkaller login: [ 50.352401] cgroup: Unknown subsys name 'net' [ 50.420060] cgroup: Unknown subsys name 'cpuset' [ 50.436548] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:46:18 syscalls: 2214 2025/08/29 11:46:18 code coverage: enabled 2025/08/29 11:46:18 comparison tracing: enabled 2025/08/29 11:46:18 extra coverage: enabled 2025/08/29 11:46:18 setuid sandbox: enabled 2025/08/29 11:46:18 namespace sandbox: enabled 2025/08/29 11:46:18 Android sandbox: enabled 2025/08/29 11:46:18 fault injection: enabled 2025/08/29 11:46:18 leak checking: enabled 2025/08/29 11:46:18 net packet injection: enabled 2025/08/29 11:46:18 net device setup: enabled 2025/08/29 11:46:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:46:18 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:46:18 USB emulation: enabled 2025/08/29 11:46:18 hci packet injection: enabled 2025/08/29 11:46:18 wifi device emulation: enabled 2025/08/29 11:46:18 802.15.4 emulation: enabled 2025/08/29 11:46:18 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:46:18 fetching corpus: 50, signal 22933/26450 (executing program) 2025/08/29 11:46:18 fetching corpus: 100, signal 34643/39517 (executing program) 2025/08/29 11:46:18 fetching corpus: 150, signal 43945/50091 (executing program) 2025/08/29 11:46:18 fetching corpus: 200, signal 52036/59285 (executing program) 2025/08/29 11:46:18 fetching corpus: 250, signal 56506/64894 (executing program) 2025/08/29 11:46:18 fetching corpus: 300, signal 59978/69520 (executing program) 2025/08/29 11:46:19 fetching corpus: 350, signal 64033/74646 (executing program) 2025/08/29 11:46:19 fetching corpus: 400, signal 69521/80933 (executing program) 2025/08/29 11:46:19 fetching corpus: 450, signal 72203/84607 (executing program) 2025/08/29 11:46:19 fetching corpus: 500, signal 75305/88561 (executing program) 2025/08/29 11:46:19 fetching corpus: 550, signal 77521/91792 (executing program) 2025/08/29 11:46:19 fetching corpus: 600, signal 79055/94326 (executing program) 2025/08/29 11:46:19 fetching corpus: 650, signal 80865/97014 (executing program) 2025/08/29 11:46:19 fetching corpus: 700, signal 83110/100065 (executing program) 2025/08/29 11:46:19 fetching corpus: 750, signal 85965/103666 (executing program) 2025/08/29 11:46:19 fetching corpus: 800, signal 88113/106536 (executing program) 2025/08/29 11:46:20 fetching corpus: 850, signal 90832/109871 (executing program) 2025/08/29 11:46:20 fetching corpus: 900, signal 92989/112687 (executing program) 2025/08/29 11:46:20 fetching corpus: 950, signal 94325/114753 (executing program) 2025/08/29 11:46:20 fetching corpus: 1000, signal 97223/118091 (executing program) 2025/08/29 11:46:20 fetching corpus: 1050, signal 99419/120736 (executing program) 2025/08/29 11:46:20 fetching corpus: 1100, signal 100908/122827 (executing program) 2025/08/29 11:46:20 fetching corpus: 1150, signal 102244/124751 (executing program) 2025/08/29 11:46:20 fetching corpus: 1200, signal 104292/127229 (executing program) 2025/08/29 11:46:20 fetching corpus: 1250, signal 105916/129267 (executing program) 2025/08/29 11:46:20 fetching corpus: 1300, signal 107315/131163 (executing program) 2025/08/29 11:46:20 fetching corpus: 1350, signal 109385/133553 (executing program) 2025/08/29 11:46:21 fetching corpus: 1400, signal 110639/135289 (executing program) 2025/08/29 11:46:21 fetching corpus: 1450, signal 111899/136990 (executing program) 2025/08/29 11:46:21 fetching corpus: 1500, signal 112916/138483 (executing program) 2025/08/29 11:46:21 fetching corpus: 1550, signal 114132/140108 (executing program) 2025/08/29 11:46:21 fetching corpus: 1600, signal 115745/142056 (executing program) 2025/08/29 11:46:21 fetching corpus: 1650, signal 117256/143856 (executing program) 2025/08/29 11:46:21 fetching corpus: 1700, signal 118657/145536 (executing program) 2025/08/29 11:46:21 fetching corpus: 1750, signal 119447/146819 (executing program) 2025/08/29 11:46:21 fetching corpus: 1800, signal 121015/148590 (executing program) 2025/08/29 11:46:22 fetching corpus: 1850, signal 122137/150036 (executing program) 2025/08/29 11:46:22 fetching corpus: 1900, signal 122970/151256 (executing program) 2025/08/29 11:46:22 fetching corpus: 1950, signal 123996/152565 (executing program) 2025/08/29 11:46:22 fetching corpus: 2000, signal 124949/153867 (executing program) 2025/08/29 11:46:22 fetching corpus: 2050, signal 125867/155084 (executing program) 2025/08/29 11:46:22 fetching corpus: 2100, signal 126583/156247 (executing program) 2025/08/29 11:46:22 fetching corpus: 2150, signal 127693/157564 (executing program) 2025/08/29 11:46:22 fetching corpus: 2200, signal 128537/158707 (executing program) 2025/08/29 11:46:22 fetching corpus: 2250, signal 129909/160101 (executing program) 2025/08/29 11:46:22 fetching corpus: 2300, signal 130790/161161 (executing program) 2025/08/29 11:46:23 fetching corpus: 2350, signal 131666/162220 (executing program) 2025/08/29 11:46:23 fetching corpus: 2400, signal 132535/163318 (executing program) 2025/08/29 11:46:23 fetching corpus: 2450, signal 133214/164270 (executing program) 2025/08/29 11:46:23 fetching corpus: 2500, signal 133823/165187 (executing program) 2025/08/29 11:46:23 fetching corpus: 2550, signal 134629/166165 (executing program) 2025/08/29 11:46:23 fetching corpus: 2600, signal 135337/167039 (executing program) 2025/08/29 11:46:23 fetching corpus: 2650, signal 136438/168122 (executing program) 2025/08/29 11:46:23 fetching corpus: 2700, signal 137613/169186 (executing program) 2025/08/29 11:46:23 fetching corpus: 2750, signal 139096/170341 (executing program) 2025/08/29 11:46:23 fetching corpus: 2800, signal 139767/171162 (executing program) 2025/08/29 11:46:24 fetching corpus: 2850, signal 140484/172010 (executing program) 2025/08/29 11:46:24 fetching corpus: 2900, signal 141126/172766 (executing program) 2025/08/29 11:46:24 fetching corpus: 2950, signal 142544/173827 (executing program) 2025/08/29 11:46:24 fetching corpus: 3000, signal 143224/174662 (executing program) 2025/08/29 11:46:24 fetching corpus: 3050, signal 143906/175421 (executing program) 2025/08/29 11:46:24 fetching corpus: 3100, signal 144384/176076 (executing program) 2025/08/29 11:46:24 fetching corpus: 3150, signal 144894/176730 (executing program) 2025/08/29 11:46:24 fetching corpus: 3200, signal 145535/177461 (executing program) 2025/08/29 11:46:24 fetching corpus: 3250, signal 146071/178148 (executing program) 2025/08/29 11:46:24 fetching corpus: 3300, signal 146665/178843 (executing program) 2025/08/29 11:46:24 fetching corpus: 3350, signal 147888/179763 (executing program) 2025/08/29 11:46:24 fetching corpus: 3400, signal 148387/180383 (executing program) 2025/08/29 11:46:25 fetching corpus: 3450, signal 149009/181015 (executing program) 2025/08/29 11:46:25 fetching corpus: 3500, signal 149628/181661 (executing program) 2025/08/29 11:46:25 fetching corpus: 3550, signal 150084/182173 (executing program) 2025/08/29 11:46:25 fetching corpus: 3600, signal 150806/182786 (executing program) 2025/08/29 11:46:25 fetching corpus: 3650, signal 151345/183356 (executing program) 2025/08/29 11:46:25 fetching corpus: 3700, signal 152014/183972 (executing program) 2025/08/29 11:46:25 fetching corpus: 3750, signal 152615/184549 (executing program) 2025/08/29 11:46:25 fetching corpus: 3800, signal 153207/185073 (executing program) 2025/08/29 11:46:25 fetching corpus: 3850, signal 153772/185588 (executing program) 2025/08/29 11:46:25 fetching corpus: 3900, signal 154621/186116 (executing program) 2025/08/29 11:46:25 fetching corpus: 3950, signal 155102/186598 (executing program) 2025/08/29 11:46:26 fetching corpus: 4000, signal 155582/187052 (executing program) 2025/08/29 11:46:26 fetching corpus: 4050, signal 156119/187540 (executing program) 2025/08/29 11:46:26 fetching corpus: 4100, signal 156490/187977 (executing program) 2025/08/29 11:46:26 fetching corpus: 4150, signal 156978/188419 (executing program) 2025/08/29 11:46:26 fetching corpus: 4200, signal 157515/188839 (executing program) 2025/08/29 11:46:26 fetching corpus: 4250, signal 157830/189243 (executing program) 2025/08/29 11:46:26 fetching corpus: 4300, signal 158296/189677 (executing program) 2025/08/29 11:46:26 fetching corpus: 4350, signal 158575/190058 (executing program) 2025/08/29 11:46:26 fetching corpus: 4400, signal 159054/190420 (executing program) 2025/08/29 11:46:26 fetching corpus: 4450, signal 159764/190832 (executing program) 2025/08/29 11:46:27 fetching corpus: 4500, signal 160128/191184 (executing program) 2025/08/29 11:46:27 fetching corpus: 4550, signal 160464/191530 (executing program) 2025/08/29 11:46:27 fetching corpus: 4600, signal 160807/191904 (executing program) 2025/08/29 11:46:27 fetching corpus: 4650, signal 161290/192032 (executing program) 2025/08/29 11:46:27 fetching corpus: 4700, signal 161665/192042 (executing program) 2025/08/29 11:46:27 fetching corpus: 4750, signal 161980/192051 (executing program) 2025/08/29 11:46:27 fetching corpus: 4800, signal 162392/192068 (executing program) 2025/08/29 11:46:27 fetching corpus: 4850, signal 162754/192080 (executing program) 2025/08/29 11:46:27 fetching corpus: 4900, signal 163138/192089 (executing program) 2025/08/29 11:46:27 fetching corpus: 4950, signal 163431/192104 (executing program) 2025/08/29 11:46:27 fetching corpus: 5000, signal 163853/192112 (executing program) 2025/08/29 11:46:28 fetching corpus: 5050, signal 164402/192119 (executing program) 2025/08/29 11:46:28 fetching corpus: 5100, signal 165160/192122 (executing program) 2025/08/29 11:46:28 fetching corpus: 5150, signal 165580/192145 (executing program) 2025/08/29 11:46:28 fetching corpus: 5200, signal 165977/192152 (executing program) 2025/08/29 11:46:28 fetching corpus: 5250, signal 166450/192160 (executing program) 2025/08/29 11:46:28 fetching corpus: 5300, signal 166852/192164 (executing program) 2025/08/29 11:46:28 fetching corpus: 5350, signal 167179/192166 (executing program) 2025/08/29 11:46:28 fetching corpus: 5400, signal 167680/192168 (executing program) 2025/08/29 11:46:28 fetching corpus: 5450, signal 168053/192178 (executing program) 2025/08/29 11:46:28 fetching corpus: 5500, signal 168451/192217 (executing program) 2025/08/29 11:46:28 fetching corpus: 5550, signal 168801/192246 (executing program) 2025/08/29 11:46:28 fetching corpus: 5600, signal 169133/192253 (executing program) 2025/08/29 11:46:28 fetching corpus: 5650, signal 169498/192264 (executing program) 2025/08/29 11:46:29 fetching corpus: 5700, signal 170007/192296 (executing program) 2025/08/29 11:46:29 fetching corpus: 5750, signal 170261/192300 (executing program) 2025/08/29 11:46:29 fetching corpus: 5800, signal 170623/192302 (executing program) 2025/08/29 11:46:29 fetching corpus: 5850, signal 171000/192349 (executing program) 2025/08/29 11:46:29 fetching corpus: 5900, signal 171349/192374 (executing program) 2025/08/29 11:46:29 fetching corpus: 5950, signal 171868/192384 (executing program) 2025/08/29 11:46:29 fetching corpus: 6000, signal 172289/192385 (executing program) 2025/08/29 11:46:29 fetching corpus: 6050, signal 172599/192402 (executing program) 2025/08/29 11:46:29 fetching corpus: 6100, signal 172925/192409 (executing program) 2025/08/29 11:46:29 fetching corpus: 6150, signal 173455/192410 (executing program) 2025/08/29 11:46:29 fetching corpus: 6200, signal 173790/192434 (executing program) 2025/08/29 11:46:29 fetching corpus: 6250, signal 174059/192437 (executing program) 2025/08/29 11:46:30 fetching corpus: 6300, signal 174586/192440 (executing program) 2025/08/29 11:46:30 fetching corpus: 6350, signal 174923/192446 (executing program) 2025/08/29 11:46:30 fetching corpus: 6400, signal 175164/192454 (executing program) 2025/08/29 11:46:30 fetching corpus: 6450, signal 175526/192457 (executing program) 2025/08/29 11:46:30 fetching corpus: 6500, signal 175839/192462 (executing program) 2025/08/29 11:46:30 fetching corpus: 6550, signal 176045/192474 (executing program) 2025/08/29 11:46:30 fetching corpus: 6600, signal 176405/192477 (executing program) 2025/08/29 11:46:30 fetching corpus: 6650, signal 176741/192486 (executing program) 2025/08/29 11:46:30 fetching corpus: 6700, signal 177090/192511 (executing program) 2025/08/29 11:46:30 fetching corpus: 6750, signal 177414/192520 (executing program) 2025/08/29 11:46:30 fetching corpus: 6800, signal 177676/192525 (executing program) 2025/08/29 11:46:30 fetching corpus: 6850, signal 177953/192526 (executing program) 2025/08/29 11:46:31 fetching corpus: 6900, signal 178395/192608 (executing program) 2025/08/29 11:46:31 fetching corpus: 6950, signal 178751/192608 (executing program) 2025/08/29 11:46:31 fetching corpus: 7000, signal 179056/192615 (executing program) 2025/08/29 11:46:31 fetching corpus: 7050, signal 179399/192619 (executing program) 2025/08/29 11:46:31 fetching corpus: 7100, signal 179730/192620 (executing program) 2025/08/29 11:46:31 fetching corpus: 7150, signal 180144/192626 (executing program) 2025/08/29 11:46:31 fetching corpus: 7200, signal 180415/192660 (executing program) 2025/08/29 11:46:31 fetching corpus: 7250, signal 180699/192664 (executing program) 2025/08/29 11:46:31 fetching corpus: 7300, signal 181054/192696 (executing program) 2025/08/29 11:46:31 fetching corpus: 7350, signal 181444/192700 (executing program) 2025/08/29 11:46:32 fetching corpus: 7400, signal 181803/192705 (executing program) 2025/08/29 11:46:32 fetching corpus: 7450, signal 182011/192709 (executing program) 2025/08/29 11:46:32 fetching corpus: 7500, signal 182275/192715 (executing program) 2025/08/29 11:46:32 fetching corpus: 7550, signal 182625/192717 (executing program) 2025/08/29 11:46:32 fetching corpus: 7600, signal 182924/192747 (executing program) 2025/08/29 11:46:32 fetching corpus: 7650, signal 183203/192780 (executing program) 2025/08/29 11:46:32 fetching corpus: 7700, signal 183396/192780 (executing program) 2025/08/29 11:46:32 fetching corpus: 7750, signal 183631/192786 (executing program) 2025/08/29 11:46:32 fetching corpus: 7800, signal 183917/192792 (executing program) 2025/08/29 11:46:32 fetching corpus: 7850, signal 184144/192797 (executing program) 2025/08/29 11:46:32 fetching corpus: 7900, signal 184492/192798 (executing program) 2025/08/29 11:46:32 fetching corpus: 7950, signal 184751/192800 (executing program) 2025/08/29 11:46:33 fetching corpus: 8000, signal 185292/192801 (executing program) 2025/08/29 11:46:33 fetching corpus: 8050, signal 185649/192801 (executing program) 2025/08/29 11:46:33 fetching corpus: 8100, signal 185982/192811 (executing program) 2025/08/29 11:46:33 fetching corpus: 8150, signal 186200/192815 (executing program) 2025/08/29 11:46:33 fetching corpus: 8200, signal 186454/192817 (executing program) 2025/08/29 11:46:33 fetching corpus: 8250, signal 186789/192817 (executing program) 2025/08/29 11:46:33 fetching corpus: 8300, signal 187038/192818 (executing program) 2025/08/29 11:46:33 fetching corpus: 8350, signal 187422/192818 (executing program) 2025/08/29 11:46:33 fetching corpus: 8400, signal 187636/192824 (executing program) 2025/08/29 11:46:33 fetching corpus: 8450, signal 187909/192842 (executing program) 2025/08/29 11:46:33 fetching corpus: 8500, signal 188155/192846 (executing program) 2025/08/29 11:46:34 fetching corpus: 8550, signal 188369/192874 (executing program) 2025/08/29 11:46:34 fetching corpus: 8600, signal 188678/192904 (executing program) 2025/08/29 11:46:34 fetching corpus: 8650, signal 188943/192960 (executing program) 2025/08/29 11:46:34 fetching corpus: 8700, signal 189126/192960 (executing program) 2025/08/29 11:46:34 fetching corpus: 8750, signal 189409/192979 (executing program) 2025/08/29 11:46:34 fetching corpus: 8784, signal 189606/192986 (executing program) 2025/08/29 11:46:34 fetching corpus: 8784, signal 189606/192986 (executing program) 2025/08/29 11:46:36 starting 8 fuzzer processes 11:46:36 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_vm_readv(0x0, &(0x7f0000000d80)=[{&(0x7f0000000b40)=""/213, 0xd5}, {0x0}], 0x2, &(0x7f0000000e00)=[{&(0x7f0000000dc0)=""/48, 0x30}], 0x1, 0x0) 11:46:36 executing program 3: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000040)) 11:46:36 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x31, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:46:36 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) bind$packet(r0, &(0x7f00000002c0)={0x11, 0x1, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) 11:46:36 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) getpeername(r0, 0x0, &(0x7f0000000100)) 11:46:36 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x572, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r2, 0x0) io_submit(r0, 0x3, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 11:46:36 executing program 6: munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil) 11:46:36 executing program 4: r0 = clone3(&(0x7f0000000400)={0x0, &(0x7f00000001c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) clone3(&(0x7f0000005d00)={0x0, &(0x7f0000005b00), &(0x7f0000005b40), &(0x7f0000005b80), {0x3}, &(0x7f0000005bc0)=""/110, 0x6e, &(0x7f0000005c40)=""/124, &(0x7f0000005cc0)=[0x0, 0x0, 0x0, 0x0, 0x0, r0], 0x6}, 0x58) [ 79.294528] audit: type=1400 audit(1756467996.949:7): avc: denied { execmem } for pid=270 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 80.586297] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.588731] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.590596] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.595494] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.597567] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.600346] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.604041] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.611959] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.618280] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.629401] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.677590] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.686749] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.694064] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.698028] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.703306] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.705112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.707065] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.710906] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.713551] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 80.716366] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.723284] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.734409] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 80.736045] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.737340] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.744867] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.746968] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.749186] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 80.751319] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.754565] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.758952] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.764023] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.768253] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.769683] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 80.772558] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 80.783383] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.784939] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.787715] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.790213] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.792483] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.799341] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.677960] Bluetooth: hci0: command tx timeout [ 82.678430] Bluetooth: hci1: command tx timeout [ 82.805231] Bluetooth: hci7: command tx timeout [ 82.806114] Bluetooth: hci2: command tx timeout [ 82.869139] Bluetooth: hci6: command tx timeout [ 82.870110] Bluetooth: hci3: command tx timeout [ 82.870652] Bluetooth: hci5: command tx timeout [ 82.871573] Bluetooth: hci4: command tx timeout [ 84.724876] Bluetooth: hci0: command tx timeout [ 84.725905] Bluetooth: hci1: command tx timeout [ 84.852894] Bluetooth: hci2: command tx timeout [ 84.853840] Bluetooth: hci7: command tx timeout [ 84.916822] Bluetooth: hci4: command tx timeout [ 84.916917] Bluetooth: hci5: command tx timeout [ 84.917234] Bluetooth: hci3: command tx timeout [ 84.917679] Bluetooth: hci6: command tx timeout [ 86.773931] Bluetooth: hci1: command tx timeout [ 86.774650] Bluetooth: hci0: command tx timeout [ 86.901834] Bluetooth: hci7: command tx timeout [ 86.902485] Bluetooth: hci2: command tx timeout [ 86.965332] Bluetooth: hci6: command tx timeout [ 86.966650] Bluetooth: hci3: command tx timeout [ 86.967283] Bluetooth: hci5: command tx timeout [ 86.967325] Bluetooth: hci4: command tx timeout [ 88.822789] Bluetooth: hci0: command tx timeout [ 88.822829] Bluetooth: hci1: command tx timeout [ 88.949015] Bluetooth: hci2: command tx timeout [ 88.949059] Bluetooth: hci7: command tx timeout [ 89.012839] Bluetooth: hci4: command tx timeout [ 89.012994] Bluetooth: hci5: command tx timeout [ 89.013254] Bluetooth: hci3: command tx timeout [ 89.013746] Bluetooth: hci6: command tx timeout [ 116.535946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.536613] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.715333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.716220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:47:14 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) bind$packet(r0, &(0x7f00000002c0)={0x11, 0x1, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) [ 117.212741] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.213447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:47:14 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) bind$packet(r0, &(0x7f00000002c0)={0x11, 0x1, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) [ 117.315032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.315659] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:47:15 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) bind$packet(r0, &(0x7f00000002c0)={0x11, 0x1, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) [ 117.464381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.465386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:47:15 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r1 = fork() ptrace(0x10, r1) wait4(r1, 0x0, 0x80000000, &(0x7f0000000240)) r2 = fork() ptrace(0x10, r2) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x1, r1}) [ 117.550067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.550652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.564112] audit: type=1400 audit(1756468035.218:8): avc: denied { open } for pid=3728 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 117.572888] audit: type=1400 audit(1756468035.218:9): avc: denied { kernel } for pid=3728 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:47:15 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:15 executing program 6: munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil) 11:47:15 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:15 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) [ 118.966579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.967218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.065332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.065954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.157251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.157905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.214583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.215299] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.269142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.269736] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.336582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.337181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.642997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.643627] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.693097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.693676] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.753299] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.754026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.795783] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.796343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:47:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4) 11:47:17 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[]) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchownat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0xee01, 0x0) 11:47:17 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:17 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:17 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:17 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x31, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:47:17 executing program 3: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000040)) 11:47:17 executing program 6: munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil) 11:47:17 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[]) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchownat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0xee01, 0x0) 11:47:17 executing program 6: munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil) 11:47:17 executing program 3: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000040)) 11:47:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4) 11:47:17 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:17 executing program 7: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:17 executing program 3: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000040)) 11:47:17 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:17 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:17 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x31, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:47:17 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[]) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchownat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0xee01, 0x0) [ 120.242129] audit: type=1400 audit(1756468037.897:10): avc: denied { read } for pid=3952 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:47:17 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x31, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:47:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4) 11:47:17 executing program 3: syz_emit_ethernet(0x22, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @broadcast}}}}}, 0x0) 11:47:17 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[]) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchownat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0xee01, 0x0) 11:47:17 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:18 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:18 executing program 1: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') 11:47:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0xffffff7f, 0x4) 11:47:18 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:18 executing program 1: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') 11:47:18 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:18 executing program 4: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x30, 0x9, 0x7e, 0x3, 0x0, 0x1f, 0x125, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf1ef, 0x2, @perf_config_ext={0x100}, 0x6004, 0x7, 0x1000, 0x3, 0x1f, 0x3f, 0x7, 0x0, 0x1000, 0x0, 0x134c}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) uname(&(0x7f0000000400)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x3}, 0x0, 0x0, &(0x7f0000000080)=""/22, 0x0}, 0x58) 11:47:18 executing program 5: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0) read$usbmon(r0, 0x0, 0x0) 11:47:18 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) r1 = dup2(r0, r0) ioctl$BLKTRACESETUP(r1, 0x1274, 0x0) 11:47:18 executing program 7: munmap(&(0x7f0000dea000/0x6000)=nil, 0x6000) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000dec000/0x4000)=nil) 11:47:18 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f00000000c0)={"9672497e53bbc6c5c2b2869d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11:47:18 executing program 3: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:18 executing program 1: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') 11:47:18 executing program 6: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1) 11:47:18 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') preadv(r0, &(0x7f0000001600)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1, 0x0, 0x0) 11:47:18 executing program 1: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') 11:47:18 executing program 7: fchmodat(0xffffffffffffffff, 0x0, 0x0) 11:47:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40003, 0x0) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000040)={0x16, @multicast1, 0x4e21, 0x0, 'nq\x00', 0x21, 0x0, 0x73}, 0x2c) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl(r1, 0xfffffffd, &(0x7f00000001c0)="07ef783ad8c2a553e0c5ab3eda2a642d6969a47ba78047b78eda69e738701da0be4a8d417a1e6ac368f94426fd2525968aa4f9d793918bf3ab36ca9c6b57a6455a0a44b2ce5bee390c8c3c3fc113197fd81c76bf4f2ad1c5662f7b087a97b06de0246cca45b30f0622bef20cd79a5b66538d3045a0906acc88d6d1a8f6a20025e5f317131edeb34139e119d3779e1d11cd03f2b146bf82ecafd5be6ad8d40c8152715c82cdaa86f39b2dfa0afba83721f0454ed3b5bb0c67809165cc385b961842ef073fc3d8ba36245994dfa6c6351c81156b5a2155a8f692da2a6ee26ce0acb063c13d88d8484ff560b6093a80") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0xc0502100, &(0x7f0000000100)) clone3(&(0x7f0000005880)={0x61020100, 0x0, &(0x7f0000005700), 0x0, {}, 0x0, 0x0, &(0x7f0000005800)=""/32, 0x0}, 0x58) 11:47:18 executing program 6: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 11:47:18 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r2) ioctl$CDROM_SEND_PACKET(r0, 0x5393, &(0x7f00000000c0)={"9672497e53bbc6c5c2b2869d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11:47:18 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) connect(r0, &(0x7f0000000000)=@nl=@unspec, 0x80) 11:47:18 executing program 7: fchmodat(0xffffffffffffffff, 0x0, 0x0) 11:47:18 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000040)={0x1, 0x0, 0x13, 0x1f, 0x170, &(0x7f0000001880)}) 11:47:18 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) r1 = dup2(r0, r0) ioctl$BLKTRACESETUP(r1, 0x1274, 0x0) 11:47:18 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed}, 0xe) r1 = dup(r0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0x0) 11:47:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40003, 0x0) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000040)={0x16, @multicast1, 0x4e21, 0x0, 'nq\x00', 0x21, 0x0, 0x73}, 0x2c) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl(r1, 0xfffffffd, &(0x7f00000001c0)="07ef783ad8c2a553e0c5ab3eda2a642d6969a47ba78047b78eda69e738701da0be4a8d417a1e6ac368f94426fd2525968aa4f9d793918bf3ab36ca9c6b57a6455a0a44b2ce5bee390c8c3c3fc113197fd81c76bf4f2ad1c5662f7b087a97b06de0246cca45b30f0622bef20cd79a5b66538d3045a0906acc88d6d1a8f6a20025e5f317131edeb34139e119d3779e1d11cd03f2b146bf82ecafd5be6ad8d40c8152715c82cdaa86f39b2dfa0afba83721f0454ed3b5bb0c67809165cc385b961842ef073fc3d8ba36245994dfa6c6351c81156b5a2155a8f692da2a6ee26ce0acb063c13d88d8484ff560b6093a80") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0xc0502100, &(0x7f0000000100)) clone3(&(0x7f0000005880)={0x61020100, 0x0, &(0x7f0000005700), 0x0, {}, 0x0, 0x0, &(0x7f0000005800)=""/32, 0x0}, 0x58) [ 120.873566] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 120.874477] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 120.875181] CPU: 1 UID: 0 PID: 4022 Comm: syz-executor.2 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.876428] Tainted: [W]=WARN [ 120.877169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.878906] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.880021] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.884588] RSP: 0018:ffff888047bdf600 EFLAGS: 00010212 [ 120.885595] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90004407000 [ 120.886178] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.886756] RBP: ffff888047bdf870 R08: ffff88806cf31340 R09: ffffe8ffffd16608 [ 120.887331] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.887891] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.888470] FS: 00007f99face6700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.889106] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.889565] CR2: 00007f57141d9000 CR3: 0000000047aa0000 CR4: 0000000000350ef0 [ 120.890128] Call Trace: [ 120.890343] [ 120.890532] ? __pfx_perf_tp_event+0x10/0x10 [ 120.890920] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.891329] perf_trace_run_bpf_submit+0xef/0x180 [ 120.891724] perf_trace_lock+0x337/0x5d0 [ 120.892061] ? __pfx_perf_trace_lock+0x10/0x10 [ 120.892430] ? lock_acquire+0x15e/0x2f0 [ 120.892764] ? futex_ref_get+0x48/0x300 [ 120.893104] ? futex_ref_get+0x114/0x300 [ 120.893440] ? futex_hash+0x15c/0x390 [ 120.893748] lock_release+0x1ab/0x290 [ 120.894059] ? futex_hash+0x15c/0x390 [ 120.894365] futex_ref_get+0x119/0x300 [ 120.894677] ? futex_hash+0x15c/0x390 [ 120.894981] futex_hash+0x70/0x390 [ 120.895283] futex_wait_setup+0xae/0x550 [ 120.895624] __futex_wait+0x151/0x300 [ 120.895935] ? __pfx___futex_wait+0x10/0x10 [ 120.896283] ? __pfx_futex_wake_mark+0x10/0x10 [ 120.896661] futex_wait+0xde/0x380 [ 120.896952] ? __pfx_futex_wait+0x10/0x10 [ 120.897292] ? perf_trace_lock+0xb5/0x5d0 [ 120.897625] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.898096] do_futex+0x2ee/0x370 [ 120.898381] ? __pfx_do_futex+0x10/0x10 [ 120.898703] __x64_sys_futex+0x1c9/0x4d0 [ 120.899028] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.899500] ? __pfx___x64_sys_futex+0x10/0x10 [ 120.899862] ? kcov_ioctl+0x386/0x6c0 [ 120.900172] do_syscall_64+0xbf/0x360 [ 120.900483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.900887] RIP: 0033:0x7f99fd770b19 [ 120.901182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.902586] RSP: 002b:00007f99face6218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.903177] RAX: ffffffffffffffda RBX: 00007f99fd883f68 RCX: 00007f99fd770b19 [ 120.903747] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f99fd883f68 [ 120.904305] RBP: 00007f99fd883f60 R08: 00007f99face6700 R09: 0000000000000000 [ 120.904864] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99fd883f6c [ 120.905417] R13: 00007ffe12b0402f R14: 00007f99face6300 R15: 0000000000022000 [ 120.905980] [ 120.906169] Modules linked in: [ 120.906462] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 120.907325] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 120.907998] CPU: 1 UID: 0 PID: 4022 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.908918] Tainted: [D]=DIE, [W]=WARN [ 120.909219] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.909854] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.910225] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.911633] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 120.912046] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 120.912597] RDX: ffff888016225280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.913149] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16608 [ 120.913702] R10: 0000000000000000 R11: ffff88806cf37018 R12: dffffc0000000000 [ 120.914272] R13: 0000000000000024 R14: ffff88806cf31490 R15: dffffc0000000000 [ 120.914859] FS: 00007f99face6700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.915535] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.916024] CR2: 00007f57141d9000 CR3: 0000000047aa0000 CR4: 0000000000350ef0 [ 120.916611] Call Trace: [ 120.916829] [ 120.917021] ? __pfx_perf_tp_event+0x10/0x10 [ 120.917401] ? stack_depot_save_flags+0x2c/0xa20 [ 120.917805] ? kasan_save_stack+0x34/0x50 [ 120.918158] ? kasan_save_stack+0x24/0x50 [ 120.918508] ? kasan_save_track+0x14/0x30 [ 120.918855] ? __kasan_save_free_info+0x3a/0x60 [ 120.919244] ? __kasan_slab_free+0x3f/0x50 [ 120.919606] ? kmem_cache_free+0x2a1/0x540 [ 120.919962] ? rcu_core+0x7c8/0x1800 [ 120.920282] ? handle_softirqs+0x1b1/0x770 [ 120.920647] ? __irq_exit_rcu+0xc4/0x100 [ 120.920995] ? irq_exit_rcu+0x9/0x20 [ 120.921306] ? sysvec_apic_timer_interrupt+0x70/0x80 [ 120.921735] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 120.922178] ? _raw_spin_unlock_irqrestore+0x34/0x50 [ 120.922606] ? kcov_ioctl+0x37e/0x6c0 [ 120.922929] ? __x64_sys_ioctl+0x18f/0x210 [ 120.923289] ? do_syscall_64+0xbf/0x360 [ 120.923627] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.924069] ? perf_trace_lock+0xb5/0x5d0 [ 120.924417] ? entry_SYSCALL_64_after_hwframe+0x49/0x7f [ 120.924860] ? __pfx_perf_trace_lock+0x10/0x10 [ 120.925249] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.925669] perf_trace_run_bpf_submit+0xef/0x180 [ 120.926077] perf_trace_lock+0x337/0x5d0 [ 120.926420] ? place_entity+0x1c/0x410 [ 120.926749] ? kvm_sched_clock_read+0x16/0x30 [ 120.927131] ? __pfx_perf_trace_lock+0x10/0x10 [ 120.927518] ? check_preempt_wakeup_fair+0x6e/0x950 [ 120.927934] ? rcu_core+0x7c3/0x1800 [ 120.928251] ? sched_ttwu_pending+0x2e0/0x4a0 [ 120.928636] lock_release+0x1ab/0x290 [ 120.928957] ? ttwu_do_activate+0x1a4/0x8a0 [ 120.929325] _raw_spin_unlock+0x16/0x40 [ 120.929661] sched_ttwu_pending+0x2e0/0x4a0 [ 120.930030] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 120.930436] ? flush_tlb_func+0x24d/0x560 [ 120.930787] __flush_smp_call_function_queue+0x434/0x740 [ 120.931250] __sysvec_call_function_single+0x6d/0x370 [ 120.931694] sysvec_call_function_single+0xa1/0xc0 [ 120.932104] [ 120.932295] [ 120.932485] asm_sysvec_call_function_single+0x1a/0x20 [ 120.932921] RIP: 0010:oops_exit+0x0/0x50 [ 120.933265] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27 [ 120.934707] RSP: 0018:ffff888047bdf490 EFLAGS: 00000202 [ 120.935123] RAX: 0000000000025707 RBX: 0000000000000202 RCX: ffffc90004407000 [ 120.935684] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 120.936241] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90 [ 120.936795] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888047bdf558 [ 120.937349] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 120.937909] ? oops_end+0x4a/0xe0 [ 120.938197] oops_end+0x65/0xe0 [ 120.938471] exc_general_protection+0x1a2/0x330 [ 120.938847] asm_exc_general_protection+0x26/0x30 [ 120.939228] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.939608] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.941010] RSP: 0018:ffff888047bdf600 EFLAGS: 00010212 [ 120.941423] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90004407000 [ 120.941974] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.942528] RBP: ffff888047bdf870 R08: ffff88806cf31340 R09: ffffe8ffffd16608 [ 120.943080] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.943640] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.944200] ? perf_tp_event+0x167/0xe70 [ 120.944531] ? __pfx_perf_tp_event+0x10/0x10 [ 120.944905] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.945302] perf_trace_run_bpf_submit+0xef/0x180 [ 120.945688] perf_trace_lock+0x337/0x5d0 [ 120.946014] ? __pfx_perf_trace_lock+0x10/0x10 [ 120.946380] ? lock_acquire+0x15e/0x2f0 [ 120.946699] ? futex_ref_get+0x48/0x300 [ 120.947013] ? futex_ref_get+0x114/0x300 [ 120.947340] ? futex_hash+0x15c/0x390 [ 120.947643] lock_release+0x1ab/0x290 [ 120.947947] ? futex_hash+0x15c/0x390 [ 120.948248] futex_ref_get+0x119/0x300 [ 120.948557] ? futex_hash+0x15c/0x390 [ 120.948857] futex_hash+0x70/0x390 [ 120.949142] futex_wait_setup+0xae/0x550 [ 120.949470] __futex_wait+0x151/0x300 [ 120.949778] ? __pfx___futex_wait+0x10/0x10 [ 120.950125] ? __pfx_futex_wake_mark+0x10/0x10 [ 120.950499] futex_wait+0xde/0x380 [ 120.950788] ? __pfx_futex_wait+0x10/0x10 [ 120.951121] ? perf_trace_lock+0xb5/0x5d0 [ 120.951457] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.951926] do_futex+0x2ee/0x370 [ 120.952207] ? __pfx_do_futex+0x10/0x10 [ 120.952527] __x64_sys_futex+0x1c9/0x4d0 [ 120.952851] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.953313] ? __pfx___x64_sys_futex+0x10/0x10 [ 120.953677] ? kcov_ioctl+0x386/0x6c0 [ 120.953986] do_syscall_64+0xbf/0x360 [ 120.954290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.954693] RIP: 0033:0x7f99fd770b19 [ 120.954988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.956394] RSP: 002b:00007f99face6218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.956983] RAX: ffffffffffffffda RBX: 00007f99fd883f68 RCX: 00007f99fd770b19 [ 120.957537] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f99fd883f68 [ 120.958092] RBP: 00007f99fd883f60 R08: 00007f99face6700 R09: 0000000000000000 [ 120.958645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99fd883f6c [ 120.959198] R13: 00007ffe12b0402f R14: 00007f99face6300 R15: 0000000000022000 [ 120.959762] [ 120.959949] Modules linked in: [ 120.960207] ---[ end trace 0000000000000000 ]--- [ 120.960575] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.960948] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.962350] RSP: 0018:ffff888047bdf600 EFLAGS: 00010212 [ 120.962767] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90004407000 [ 120.963328] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.963884] RBP: ffff888047bdf870 R08: ffff88806cf31340 R09: ffffe8ffffd16608 [ 120.964437] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.964991] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.965547] FS: 00007f99face6700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.966169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.966625] CR2: 00007f57141d9000 CR3: 0000000047aa0000 CR4: 0000000000350ef0 [ 120.967179] Kernel panic - not syncing: Fatal exception in interrupt [ 122.011674] Shutting down cpus with NMI [ 122.012090] Kernel Offset: disabled [ 122.012375] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:47:18 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000006 RDX=1ffff11001ee6816 RSI=ffffffff81e0f4d2 RDI=ffff88800f734038 RBP=ffff88800f734000 RSP=ffff888016757b08 R8 =ffffffff84c93ca0 R9 =ffffed10017491b3 R10=0000000000000001 R11=0000000000000000 R12=ffff88800f732000 R13=0000000000000010 R14=ffff88800f732618 R15=ffff88800f732000 RIP=ffffffff81e0f504 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558e757400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4a5b7a9543 CR3=0000000047469000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ffff00000000000000000000ffff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000ff0000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888047bdef70 R8 =0000000000000000 R9 =ffffed10016d2046 R10=0000000000000038 R11=313030203a505352 R12=0000000000000038 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f99face6700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f57141d9000 CR3=0000000047aa0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f99fd8577c000007f99fd8577c8 XMM02=00007f99fd8577e000007f99fd8577c0 XMM03=00007f99fd8577c800007f99fd8577c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000