Warning: Permanently added '[localhost]:60829' (ECDSA) to the list of known hosts. 2025/08/29 11:58:41 fuzzer started 2025/08/29 11:58:41 dialing manager at localhost:43077 syzkaller login: [ 52.076688] cgroup: Unknown subsys name 'net' [ 52.143240] cgroup: Unknown subsys name 'cpuset' [ 52.158957] cgroup: Unknown subsys name 'rlimit' 2025/08/29 11:58:52 syscalls: 2214 2025/08/29 11:58:52 code coverage: enabled 2025/08/29 11:58:52 comparison tracing: enabled 2025/08/29 11:58:52 extra coverage: enabled 2025/08/29 11:58:52 setuid sandbox: enabled 2025/08/29 11:58:52 namespace sandbox: enabled 2025/08/29 11:58:52 Android sandbox: enabled 2025/08/29 11:58:52 fault injection: enabled 2025/08/29 11:58:52 leak checking: enabled 2025/08/29 11:58:52 net packet injection: enabled 2025/08/29 11:58:52 net device setup: enabled 2025/08/29 11:58:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 11:58:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 11:58:52 USB emulation: enabled 2025/08/29 11:58:52 hci packet injection: enabled 2025/08/29 11:58:52 wifi device emulation: enabled 2025/08/29 11:58:52 802.15.4 emulation: enabled 2025/08/29 11:58:52 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 11:58:52 fetching corpus: 50, signal 24049/27511 (executing program) 2025/08/29 11:58:52 fetching corpus: 100, signal 32343/37305 (executing program) 2025/08/29 11:58:52 fetching corpus: 150, signal 42425/48613 (executing program) 2025/08/29 11:58:53 fetching corpus: 200, signal 52576/59748 (executing program) 2025/08/29 11:58:53 fetching corpus: 250, signal 57838/66085 (executing program) 2025/08/29 11:58:53 fetching corpus: 300, signal 62713/72018 (executing program) 2025/08/29 11:58:53 fetching corpus: 350, signal 66714/77001 (executing program) 2025/08/29 11:58:53 fetching corpus: 400, signal 69275/80640 (executing program) 2025/08/29 11:58:53 fetching corpus: 450, signal 73143/85431 (executing program) 2025/08/29 11:58:53 fetching corpus: 500, signal 75649/88933 (executing program) 2025/08/29 11:58:53 fetching corpus: 550, signal 77381/91667 (executing program) 2025/08/29 11:58:53 fetching corpus: 600, signal 80488/95513 (executing program) 2025/08/29 11:58:53 fetching corpus: 650, signal 82146/98089 (executing program) 2025/08/29 11:58:53 fetching corpus: 700, signal 84942/101543 (executing program) 2025/08/29 11:58:54 fetching corpus: 750, signal 87098/104445 (executing program) 2025/08/29 11:58:54 fetching corpus: 800, signal 88487/106648 (executing program) 2025/08/29 11:58:54 fetching corpus: 850, signal 90048/109008 (executing program) 2025/08/29 11:58:54 fetching corpus: 900, signal 91878/111539 (executing program) 2025/08/29 11:58:54 fetching corpus: 950, signal 93291/113747 (executing program) 2025/08/29 11:58:54 fetching corpus: 1000, signal 95824/116767 (executing program) 2025/08/29 11:58:54 fetching corpus: 1050, signal 97521/119119 (executing program) 2025/08/29 11:58:54 fetching corpus: 1100, signal 99190/121399 (executing program) 2025/08/29 11:58:54 fetching corpus: 1150, signal 100737/123546 (executing program) 2025/08/29 11:58:55 fetching corpus: 1200, signal 102320/125692 (executing program) 2025/08/29 11:58:55 fetching corpus: 1250, signal 103502/127423 (executing program) 2025/08/29 11:58:55 fetching corpus: 1300, signal 105663/129903 (executing program) 2025/08/29 11:58:55 fetching corpus: 1350, signal 107459/132088 (executing program) 2025/08/29 11:58:55 fetching corpus: 1400, signal 109207/134232 (executing program) 2025/08/29 11:58:55 fetching corpus: 1450, signal 110524/136003 (executing program) 2025/08/29 11:58:55 fetching corpus: 1500, signal 111634/137601 (executing program) 2025/08/29 11:58:55 fetching corpus: 1550, signal 112888/139268 (executing program) 2025/08/29 11:58:55 fetching corpus: 1600, signal 113915/140799 (executing program) 2025/08/29 11:58:55 fetching corpus: 1650, signal 115908/142974 (executing program) 2025/08/29 11:58:55 fetching corpus: 1700, signal 116900/144398 (executing program) 2025/08/29 11:58:56 fetching corpus: 1750, signal 117655/145687 (executing program) 2025/08/29 11:58:56 fetching corpus: 1800, signal 118612/147061 (executing program) 2025/08/29 11:58:56 fetching corpus: 1850, signal 119297/148274 (executing program) 2025/08/29 11:58:56 fetching corpus: 1900, signal 120215/149567 (executing program) 2025/08/29 11:58:56 fetching corpus: 1950, signal 121041/150808 (executing program) 2025/08/29 11:58:56 fetching corpus: 2000, signal 122847/152583 (executing program) 2025/08/29 11:58:56 fetching corpus: 2050, signal 123548/153731 (executing program) 2025/08/29 11:58:56 fetching corpus: 2100, signal 124755/155101 (executing program) 2025/08/29 11:58:56 fetching corpus: 2150, signal 125448/156195 (executing program) 2025/08/29 11:58:56 fetching corpus: 2200, signal 126394/157345 (executing program) 2025/08/29 11:58:56 fetching corpus: 2250, signal 127331/158502 (executing program) 2025/08/29 11:58:56 fetching corpus: 2300, signal 128105/159611 (executing program) 2025/08/29 11:58:57 fetching corpus: 2350, signal 129129/160826 (executing program) 2025/08/29 11:58:57 fetching corpus: 2400, signal 129813/161805 (executing program) 2025/08/29 11:58:57 fetching corpus: 2450, signal 130528/162839 (executing program) 2025/08/29 11:58:57 fetching corpus: 2500, signal 131419/163925 (executing program) 2025/08/29 11:58:57 fetching corpus: 2550, signal 132163/164931 (executing program) 2025/08/29 11:58:57 fetching corpus: 2600, signal 132948/165911 (executing program) 2025/08/29 11:58:57 fetching corpus: 2650, signal 133457/166791 (executing program) 2025/08/29 11:58:57 fetching corpus: 2700, signal 133957/167618 (executing program) 2025/08/29 11:58:57 fetching corpus: 2750, signal 135077/168861 (executing program) 2025/08/29 11:58:57 fetching corpus: 2800, signal 135771/169787 (executing program) 2025/08/29 11:58:58 fetching corpus: 2850, signal 136553/170705 (executing program) 2025/08/29 11:58:58 fetching corpus: 2900, signal 137161/171551 (executing program) 2025/08/29 11:58:58 fetching corpus: 2950, signal 137953/172380 (executing program) 2025/08/29 11:58:58 fetching corpus: 3000, signal 138562/173229 (executing program) 2025/08/29 11:58:58 fetching corpus: 3050, signal 139253/174092 (executing program) 2025/08/29 11:58:58 fetching corpus: 3100, signal 139876/174872 (executing program) 2025/08/29 11:58:58 fetching corpus: 3150, signal 140893/175732 (executing program) 2025/08/29 11:58:58 fetching corpus: 3200, signal 143015/176911 (executing program) 2025/08/29 11:58:58 fetching corpus: 3250, signal 143418/177616 (executing program) 2025/08/29 11:58:58 fetching corpus: 3300, signal 144181/178424 (executing program) 2025/08/29 11:58:58 fetching corpus: 3350, signal 144663/179015 (executing program) 2025/08/29 11:58:59 fetching corpus: 3400, signal 145098/179633 (executing program) 2025/08/29 11:58:59 fetching corpus: 3450, signal 145598/180282 (executing program) 2025/08/29 11:58:59 fetching corpus: 3500, signal 146479/180977 (executing program) 2025/08/29 11:58:59 fetching corpus: 3550, signal 147242/181720 (executing program) 2025/08/29 11:58:59 fetching corpus: 3600, signal 147957/182362 (executing program) 2025/08/29 11:58:59 fetching corpus: 3650, signal 148591/183008 (executing program) 2025/08/29 11:58:59 fetching corpus: 3700, signal 148995/183539 (executing program) 2025/08/29 11:58:59 fetching corpus: 3750, signal 149442/184094 (executing program) 2025/08/29 11:58:59 fetching corpus: 3800, signal 150267/184711 (executing program) 2025/08/29 11:58:59 fetching corpus: 3850, signal 150832/185228 (executing program) 2025/08/29 11:59:00 fetching corpus: 3900, signal 151341/185757 (executing program) 2025/08/29 11:59:00 fetching corpus: 3950, signal 151797/186279 (executing program) 2025/08/29 11:59:00 fetching corpus: 4000, signal 152384/186791 (executing program) 2025/08/29 11:59:00 fetching corpus: 4050, signal 153112/187315 (executing program) 2025/08/29 11:59:00 fetching corpus: 4100, signal 154059/187862 (executing program) 2025/08/29 11:59:00 fetching corpus: 4150, signal 154480/188356 (executing program) 2025/08/29 11:59:00 fetching corpus: 4200, signal 155010/188825 (executing program) 2025/08/29 11:59:00 fetching corpus: 4250, signal 155408/189302 (executing program) 2025/08/29 11:59:00 fetching corpus: 4300, signal 155830/189741 (executing program) 2025/08/29 11:59:00 fetching corpus: 4350, signal 156421/190256 (executing program) 2025/08/29 11:59:00 fetching corpus: 4400, signal 156948/190701 (executing program) 2025/08/29 11:59:01 fetching corpus: 4450, signal 157830/191089 (executing program) 2025/08/29 11:59:01 fetching corpus: 4500, signal 158527/191486 (executing program) 2025/08/29 11:59:01 fetching corpus: 4550, signal 158902/191838 (executing program) 2025/08/29 11:59:01 fetching corpus: 4600, signal 159479/192226 (executing program) 2025/08/29 11:59:01 fetching corpus: 4650, signal 160092/192546 (executing program) 2025/08/29 11:59:01 fetching corpus: 4700, signal 160477/192551 (executing program) 2025/08/29 11:59:01 fetching corpus: 4750, signal 160931/192552 (executing program) 2025/08/29 11:59:01 fetching corpus: 4800, signal 161466/192564 (executing program) 2025/08/29 11:59:02 fetching corpus: 4850, signal 161961/192611 (executing program) 2025/08/29 11:59:02 fetching corpus: 4900, signal 162228/192630 (executing program) 2025/08/29 11:59:02 fetching corpus: 4950, signal 162872/192634 (executing program) 2025/08/29 11:59:02 fetching corpus: 5000, signal 163250/192642 (executing program) 2025/08/29 11:59:02 fetching corpus: 5050, signal 163768/192657 (executing program) 2025/08/29 11:59:02 fetching corpus: 5100, signal 164109/192671 (executing program) 2025/08/29 11:59:02 fetching corpus: 5150, signal 164665/192681 (executing program) 2025/08/29 11:59:02 fetching corpus: 5200, signal 165151/192697 (executing program) 2025/08/29 11:59:02 fetching corpus: 5250, signal 165452/192708 (executing program) 2025/08/29 11:59:02 fetching corpus: 5300, signal 165925/192720 (executing program) 2025/08/29 11:59:02 fetching corpus: 5350, signal 166331/192726 (executing program) 2025/08/29 11:59:02 fetching corpus: 5400, signal 166752/192733 (executing program) 2025/08/29 11:59:03 fetching corpus: 5450, signal 167377/192736 (executing program) 2025/08/29 11:59:03 fetching corpus: 5500, signal 168124/192738 (executing program) 2025/08/29 11:59:03 fetching corpus: 5550, signal 169171/192744 (executing program) 2025/08/29 11:59:03 fetching corpus: 5600, signal 169656/192745 (executing program) 2025/08/29 11:59:03 fetching corpus: 5650, signal 170019/192794 (executing program) 2025/08/29 11:59:03 fetching corpus: 5700, signal 170499/192795 (executing program) 2025/08/29 11:59:03 fetching corpus: 5750, signal 171041/192818 (executing program) 2025/08/29 11:59:03 fetching corpus: 5800, signal 171461/192821 (executing program) 2025/08/29 11:59:03 fetching corpus: 5850, signal 171882/192843 (executing program) 2025/08/29 11:59:03 fetching corpus: 5900, signal 172204/192844 (executing program) 2025/08/29 11:59:03 fetching corpus: 5950, signal 172577/192864 (executing program) 2025/08/29 11:59:04 fetching corpus: 6000, signal 172856/192876 (executing program) 2025/08/29 11:59:04 fetching corpus: 6050, signal 173381/192879 (executing program) 2025/08/29 11:59:04 fetching corpus: 6100, signal 173787/192940 (executing program) 2025/08/29 11:59:04 fetching corpus: 6150, signal 174122/192944 (executing program) 2025/08/29 11:59:04 fetching corpus: 6200, signal 174354/192953 (executing program) 2025/08/29 11:59:04 fetching corpus: 6250, signal 174723/193003 (executing program) 2025/08/29 11:59:04 fetching corpus: 6300, signal 175027/193016 (executing program) 2025/08/29 11:59:04 fetching corpus: 6350, signal 175345/193027 (executing program) 2025/08/29 11:59:04 fetching corpus: 6400, signal 175601/193033 (executing program) 2025/08/29 11:59:04 fetching corpus: 6450, signal 175886/193037 (executing program) 2025/08/29 11:59:04 fetching corpus: 6500, signal 176262/193037 (executing program) 2025/08/29 11:59:05 fetching corpus: 6550, signal 176585/193049 (executing program) 2025/08/29 11:59:05 fetching corpus: 6600, signal 176906/193056 (executing program) 2025/08/29 11:59:05 fetching corpus: 6650, signal 177184/193058 (executing program) 2025/08/29 11:59:05 fetching corpus: 6700, signal 177849/193064 (executing program) 2025/08/29 11:59:05 fetching corpus: 6750, signal 178284/193095 (executing program) 2025/08/29 11:59:05 fetching corpus: 6800, signal 178579/193101 (executing program) 2025/08/29 11:59:05 fetching corpus: 6850, signal 178889/193111 (executing program) 2025/08/29 11:59:05 fetching corpus: 6900, signal 179142/193123 (executing program) 2025/08/29 11:59:05 fetching corpus: 6950, signal 179510/193125 (executing program) 2025/08/29 11:59:05 fetching corpus: 7000, signal 179961/193128 (executing program) 2025/08/29 11:59:05 fetching corpus: 7050, signal 180156/193147 (executing program) 2025/08/29 11:59:06 fetching corpus: 7100, signal 180404/193156 (executing program) 2025/08/29 11:59:06 fetching corpus: 7150, signal 180560/193168 (executing program) 2025/08/29 11:59:06 fetching corpus: 7200, signal 180830/193168 (executing program) 2025/08/29 11:59:06 fetching corpus: 7250, signal 181080/193173 (executing program) 2025/08/29 11:59:06 fetching corpus: 7300, signal 181416/193201 (executing program) 2025/08/29 11:59:06 fetching corpus: 7350, signal 181668/193205 (executing program) 2025/08/29 11:59:06 fetching corpus: 7400, signal 181927/193217 (executing program) 2025/08/29 11:59:06 fetching corpus: 7450, signal 182245/193221 (executing program) 2025/08/29 11:59:06 fetching corpus: 7500, signal 182590/193222 (executing program) 2025/08/29 11:59:06 fetching corpus: 7550, signal 182769/193232 (executing program) 2025/08/29 11:59:06 fetching corpus: 7600, signal 183049/193257 (executing program) 2025/08/29 11:59:06 fetching corpus: 7650, signal 183300/193268 (executing program) 2025/08/29 11:59:07 fetching corpus: 7700, signal 183520/193269 (executing program) 2025/08/29 11:59:07 fetching corpus: 7750, signal 183792/193286 (executing program) 2025/08/29 11:59:07 fetching corpus: 7800, signal 184004/193289 (executing program) 2025/08/29 11:59:07 fetching corpus: 7850, signal 184407/193299 (executing program) 2025/08/29 11:59:07 fetching corpus: 7900, signal 184759/193301 (executing program) 2025/08/29 11:59:07 fetching corpus: 7950, signal 185187/193301 (executing program) 2025/08/29 11:59:07 fetching corpus: 8000, signal 185501/193323 (executing program) 2025/08/29 11:59:07 fetching corpus: 8050, signal 185719/193329 (executing program) 2025/08/29 11:59:07 fetching corpus: 8100, signal 185933/193337 (executing program) 2025/08/29 11:59:07 fetching corpus: 8150, signal 186160/193343 (executing program) 2025/08/29 11:59:07 fetching corpus: 8200, signal 186374/193345 (executing program) 2025/08/29 11:59:08 fetching corpus: 8250, signal 186751/193347 (executing program) 2025/08/29 11:59:08 fetching corpus: 8300, signal 186985/193357 (executing program) 2025/08/29 11:59:08 fetching corpus: 8350, signal 187231/193379 (executing program) 2025/08/29 11:59:08 fetching corpus: 8400, signal 187416/193414 (executing program) 2025/08/29 11:59:08 fetching corpus: 8450, signal 187659/193422 (executing program) 2025/08/29 11:59:08 fetching corpus: 8500, signal 187928/193425 (executing program) 2025/08/29 11:59:08 fetching corpus: 8550, signal 188127/193447 (executing program) 2025/08/29 11:59:08 fetching corpus: 8600, signal 188340/193450 (executing program) 2025/08/29 11:59:08 fetching corpus: 8650, signal 188617/193452 (executing program) 2025/08/29 11:59:08 fetching corpus: 8700, signal 188892/193472 (executing program) 2025/08/29 11:59:08 fetching corpus: 8750, signal 189124/193495 (executing program) 2025/08/29 11:59:09 fetching corpus: 8800, signal 189575/193501 (executing program) 2025/08/29 11:59:09 fetching corpus: 8850, signal 189869/193502 (executing program) 2025/08/29 11:59:09 fetching corpus: 8878, signal 190012/193509 (executing program) 2025/08/29 11:59:09 fetching corpus: 8878, signal 190012/193509 (executing program) 2025/08/29 11:59:11 starting 8 fuzzer processes 11:59:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x24}}, 0x0) 11:59:11 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) 11:59:11 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x65021, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x1}]) 11:59:11 executing program 3: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) 11:59:11 executing program 6: r0 = eventfd2(0x0, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="fc6542c2fb6467cf", 0x8}, {&(0x7f0000000040)="ca", 0x1}], 0x2) 11:59:11 executing program 4: r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000000c0)={0xffffffff, 0x0, &(0x7f0000000000)=[0xffffffffffffffff]}, 0x1) 11:59:11 executing program 7: rt_sigaction(0x1e, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000180)) 11:59:11 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fremovexattr(0xffffffffffffffff, 0x0) [ 82.012977] audit: type=1400 audit(1756468751.541:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 83.163931] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.168093] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.170505] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.175706] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.178017] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.301501] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.305213] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.312926] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.318506] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.326345] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.362899] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.386152] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 83.390403] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.392469] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.394462] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 83.395731] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.397269] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 83.398994] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.400902] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.405031] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.412434] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 83.416071] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 83.417486] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 83.419094] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 83.422122] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 83.428274] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 83.431477] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.433651] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.436217] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 83.438466] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.439929] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.443559] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.445574] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.446953] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 83.451531] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 83.457037] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 83.467209] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.474058] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 83.475508] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 83.477643] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 85.256076] Bluetooth: hci0: command tx timeout [ 85.383737] Bluetooth: hci1: command tx timeout [ 85.511864] Bluetooth: hci7: command tx timeout [ 85.512559] Bluetooth: hci2: command tx timeout [ 85.513186] Bluetooth: hci6: command tx timeout [ 85.513451] Bluetooth: hci3: command tx timeout [ 85.575791] Bluetooth: hci4: command tx timeout [ 85.576223] Bluetooth: hci5: command tx timeout [ 87.305704] Bluetooth: hci0: command tx timeout [ 87.432736] Bluetooth: hci1: command tx timeout [ 87.559754] Bluetooth: hci3: command tx timeout [ 87.561668] Bluetooth: hci2: command tx timeout [ 87.562150] Bluetooth: hci6: command tx timeout [ 87.562617] Bluetooth: hci7: command tx timeout [ 87.623749] Bluetooth: hci4: command tx timeout [ 87.624253] Bluetooth: hci5: command tx timeout [ 89.353712] Bluetooth: hci0: command tx timeout [ 89.479647] Bluetooth: hci1: command tx timeout [ 89.607724] Bluetooth: hci7: command tx timeout [ 89.607830] Bluetooth: hci6: command tx timeout [ 89.608678] Bluetooth: hci2: command tx timeout [ 89.608710] Bluetooth: hci3: command tx timeout [ 89.671649] Bluetooth: hci4: command tx timeout [ 89.672079] Bluetooth: hci5: command tx timeout [ 91.399715] Bluetooth: hci0: command tx timeout [ 91.529616] Bluetooth: hci1: command tx timeout [ 91.655795] Bluetooth: hci3: command tx timeout [ 91.656336] Bluetooth: hci2: command tx timeout [ 91.657029] Bluetooth: hci7: command tx timeout [ 91.657406] Bluetooth: hci6: command tx timeout [ 91.720773] Bluetooth: hci4: command tx timeout [ 91.721202] Bluetooth: hci5: command tx timeout [ 121.511425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.512096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.857776] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.859847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.178578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.180273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.395905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.396525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:52 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0xb, 0x0, 0x0) [ 122.600189] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 11:59:52 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0xb, 0x0, 0x0) 11:59:52 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0xb, 0x0, 0x0) 11:59:52 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r0, 0x29, 0xb, 0x0, 0x0) 11:59:52 executing program 3: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) 11:59:52 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) [ 122.953218] audit: type=1400 audit(1756468792.478:8): avc: denied { open } for pid=3788 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.959758] audit: type=1400 audit(1756468792.479:9): avc: denied { kernel } for pid=3788 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:59:52 executing program 3: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) [ 123.011431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.012529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:52 executing program 3: setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={0x0, {{0x2, 0x0, @dev}}}, 0x108) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80104592, &(0x7f0000000000)=[0x0, 0x80000]) [ 123.177935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.178572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.376332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.377482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.491279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.492717] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.710253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.710919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.830199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.830944] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.176438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.177940] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.267074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.268145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.322531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.323385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.365828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.366441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.002660] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.003281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.019297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.019883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:59:55 executing program 4: r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000000c0)={0xffffffff, 0x0, &(0x7f0000000000)=[0xffffffffffffffff]}, 0x1) 11:59:55 executing program 6: r0 = eventfd2(0x0, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="fc6542c2fb6467cf", 0x8}, {&(0x7f0000000040)="ca", 0x1}], 0x2) 11:59:55 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) 11:59:55 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getuid() 11:59:55 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) 11:59:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x24}}, 0x0) 11:59:55 executing program 7: rt_sigaction(0x1e, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000180)) 11:59:55 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x65021, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x1}]) 11:59:55 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getuid() 11:59:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x24}}, 0x0) 11:59:55 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) 11:59:55 executing program 7: rt_sigaction(0x1e, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000180)) 11:59:56 executing program 4: r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000000c0)={0xffffffff, 0x0, &(0x7f0000000000)=[0xffffffffffffffff]}, 0x1) 11:59:56 executing program 3: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) getuid() 11:59:56 executing program 6: r0 = eventfd2(0x0, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="fc6542c2fb6467cf", 0x8}, {&(0x7f0000000040)="ca", 0x1}], 0x2) 11:59:56 executing program 5: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x20, 0x11, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) 11:59:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x24}}, 0x0) 11:59:56 executing program 7: rt_sigaction(0x1e, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000180)) 11:59:56 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x65021, &(0x7f0000000180)=[{&(0x7f0000000080)="82", 0x1}]) 11:59:56 executing program 1: mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) 11:59:56 executing program 6: r0 = eventfd2(0x0, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="fc6542c2fb6467cf", 0x8}, {&(0x7f0000000040)="ca", 0x1}], 0x2) [ 127.017982] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI 11:59:56 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r0, 0x80045440, &(0x7f0000000000)) [ 127.020179] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.027523] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.029578] Tainted: [W]=WARN [ 127.030112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.031517] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.032339] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.035351] RSP: 0018:ffff88804837f780 EFLAGS: 00010012 [ 127.036284] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90006232000 [ 127.037478] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.038644] RBP: ffff88804837f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168b0 [ 127.039773] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.040792] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.041816] FS: 00007f96dfb88700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.042955] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.043793] CR2: 00007f96e2726018 CR3: 000000003a54b000 CR4: 0000000000350ef0 [ 127.044817] Call Trace: [ 127.045195] [ 127.045537] ? __pfx_perf_tp_event+0x10/0x10 [ 127.046195] ? trace_mm_page_alloc+0xfc/0x150 [ 127.046855] ? __alloc_frozen_pages_noprof+0x296/0x1f20 [ 127.047635] ? __lock_acquire+0x694/0x1b70 [ 127.048256] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.048993] perf_trace_run_bpf_submit+0xef/0x180 [ 127.049710] perf_trace_preemptirq_template+0x259/0x430 [ 127.050497] ? __pick_eevdf+0x326/0x570 [ 127.051080] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.051940] ? update_curr+0x39e/0x500 [ 127.052516] ? find_held_lock+0x2b/0x80 [ 127.053114] ? try_to_wake_up+0x8ae/0x11d0 [ 127.053751] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 127.054489] trace_irq_enable.constprop.0+0xa6/0x100 [ 127.055223] trace_hardirqs_on+0x26/0x40 [ 127.055807] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 127.056546] try_to_wake_up+0x8ae/0x11d0 [ 127.057145] ? __pfx_try_to_wake_up+0x10/0x10 [ 127.057809] ? plist_del+0x122/0x270 [ 127.058358] ? find_held_lock+0x2b/0x80 [ 127.058944] ? futex_wake+0x474/0x540 [ 127.059509] wake_up_q+0xa1/0x130 [ 127.060037] futex_wake+0x47e/0x540 [ 127.060579] ? __pfx_futex_wake+0x10/0x10 [ 127.061187] ? __handle_mm_fault+0x753/0x3260 [ 127.061864] ? __lock_acquire+0x694/0x1b70 [ 127.062485] do_futex+0x26d/0x370 [ 127.063001] ? __pfx_do_futex+0x10/0x10 [ 127.063585] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 127.064338] ? cap_task_prctl+0x2d6/0xab0 [ 127.064949] __x64_sys_futex+0x1c9/0x4d0 [ 127.065550] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.066419] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.067094] ? syscall_user_dispatch+0x78/0x140 [ 127.067793] do_syscall_64+0xbf/0x360 [ 127.068358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.069100] RIP: 0033:0x7f96e2612b19 [ 127.069648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.072234] RSP: 002b:00007f96dfb88218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.073327] RAX: ffffffffffffffda RBX: 00007f96e2725f68 RCX: 00007f96e2612b19 [ 127.074359] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f96e2725f6c [ 127.075391] RBP: 00007f96e2725f60 R08: 0000000000000016 R09: 0000000000000000 [ 127.076418] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f96e2725f6c [ 127.077443] R13: 00007ffdf9a1cd3f R14: 00007f96dfb88300 R15: 0000000000022000 [ 127.078470] [ 127.078835] Modules linked in: [ 127.079309] ---[ end trace 0000000000000000 ]--- [ 127.079982] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.080663] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.083267] RSP: 0018:ffff88804837f780 EFLAGS: 00010012 [ 127.084054] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90006232000 [ 127.085085] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.086125] RBP: ffff88804837f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168b0 [ 127.087142] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.088153] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.089172] FS: 00007f96dfb88700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.090340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.091190] CR2: 00007f96e2726018 CR3: 000000003a54b000 CR4: 0000000000350ef0 [ 127.092220] note: syz-executor.3[3952] exited with irqs disabled [ 127.093200] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 127.094822] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.096059] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 127.097806] Tainted: [D]=DIE, [W]=WARN [ 127.098368] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.099549] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.100258] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.102874] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 127.103646] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.104672] RDX: ffff888016c78000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.105717] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd168b0 [ 127.106741] R10: 0000000000000000 R11: ffff888021882098 R12: dffffc0000000000 [ 127.107781] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 127.108803] FS: 00007f96dfb88700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.109960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.110803] CR2: 00007f96e2726018 CR3: 000000003a54b000 CR4: 0000000000350ef0 [ 127.111831] Call Trace: [ 127.112208] [ 127.112535] ? __pfx_perf_tp_event+0x10/0x10 [ 127.113189] ? enqueue_task_fair+0xded/0x1e00 [ 127.113856] ? do_raw_spin_lock+0x123/0x260 [ 127.114494] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 127.115178] ? lock_acquire+0x18c/0x2f0 [ 127.115760] ? lock_release+0x1c7/0x290 [ 127.116356] ? do_raw_spin_unlock+0x53/0x220 [ 127.117015] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 127.117770] ? try_to_wake_up+0x128/0x11d0 [ 127.118393] ? do_raw_spin_lock+0x123/0x260 [ 127.119029] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 127.119714] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.120446] perf_trace_run_bpf_submit+0xef/0x180 [ 127.121156] perf_trace_preemptirq_template+0x259/0x430 [ 127.121950] ? read_tsc+0x9/0x20 [ 127.122462] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 127.123322] ? clockevents_program_event+0x135/0x360 [ 127.124067] ? tick_program_event+0xac/0x140 [ 127.124711] ? handle_softirqs+0x16e/0x770 [ 127.125344] trace_irq_enable.constprop.0+0xa6/0x100 [ 127.126099] trace_hardirqs_on+0x26/0x40 [ 127.126689] handle_softirqs+0x16e/0x770 [ 127.127298] __irq_exit_rcu+0xc4/0x100 [ 127.127882] irq_exit_rcu+0x9/0x20 [ 127.128404] sysvec_apic_timer_interrupt+0x70/0x80 [ 127.129128] [ 127.129471] [ 127.129806] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 127.130565] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 127.131248] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 127.133830] RSP: 0018:ffff88804837ff28 EFLAGS: 00000246 [ 127.134598] RAX: 0000000000000001 RBX: ffff888016c78000 RCX: ffffffff817c2b86 [ 127.135613] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 127.136637] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 127.137671] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016c78000 [ 127.138688] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 127.139708] ? trace_irq_enable.constprop.0+0x26/0x100 [ 127.140462] ? make_task_dead+0x214/0x3b0 [ 127.141069] ? make_task_dead+0x214/0x3b0 [ 127.141705] ? do_syscall_64+0xbf/0x360 [ 127.142288] rewind_stack_and_make_dead+0x16/0x20 [ 127.143000] RIP: 0033:0x7f96e2612b19 [ 127.143537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.146169] RSP: 002b:00007f96dfb88218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.147261] RAX: ffffffffffffffda RBX: 00007f96e2725f68 RCX: 00007f96e2612b19 [ 127.148285] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f96e2725f6c [ 127.149299] RBP: 00007f96e2725f60 R08: 0000000000000016 R09: 0000000000000000 [ 127.150326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f96e2725f6c [ 127.151360] R13: 00007ffdf9a1cd3f R14: 00007f96dfb88300 R15: 0000000000022000 [ 127.152385] [ 127.152730] Modules linked in: [ 127.153202] ---[ end trace 0000000000000000 ]--- [ 127.153880] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.154559] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.157132] RSP: 0018:ffff88804837f780 EFLAGS: 00010012 [ 127.157908] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90006232000 [ 127.158925] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 127.159964] RBP: ffff88804837f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd168b0 [ 127.160980] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.162025] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.163068] FS: 00007f96dfb88700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 127.164215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.165053] CR2: 00007f96e2726018 CR3: 000000003a54b000 CR4: 0000000000350ef0 [ 127.166078] Kernel panic - not syncing: Fatal exception in interrupt [ 127.167218] Kernel Offset: disabled [ 127.167747] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:59:56 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888016688000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888048347988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555c7e0400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d324000 CR3=000000000e15f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff000000000000000000000000000000 XMM01=010000000000000000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007fe59d7be7c800007fe59d7be7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88804837f170 R8 =0000000000000000 R9 =ffffed10016d4046 R10=0000000000000030 R11=70203a4e4153414b R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f96dfb88700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe0b00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f96e2726018 CR3=000000003a54b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f96e26f97c000007f96e26f97c8 XMM02=00007f96e26f97e000007f96e26f97c0 XMM03=00007f96e26f97c800007f96e26f97c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000