Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:29324' (ECDSA) to the list of known hosts. 2025/08/29 12:05:58 fuzzer started 2025/08/29 12:05:59 dialing manager at localhost:43077 syzkaller login: [ 49.324883] cgroup: Unknown subsys name 'net' [ 49.497297] cgroup: Unknown subsys name 'cpuset' [ 49.522467] cgroup: Unknown subsys name 'rlimit' 2025/08/29 12:06:09 syscalls: 2214 2025/08/29 12:06:09 code coverage: enabled 2025/08/29 12:06:09 comparison tracing: enabled 2025/08/29 12:06:09 extra coverage: enabled 2025/08/29 12:06:09 setuid sandbox: enabled 2025/08/29 12:06:09 namespace sandbox: enabled 2025/08/29 12:06:09 Android sandbox: enabled 2025/08/29 12:06:09 fault injection: enabled 2025/08/29 12:06:09 leak checking: enabled 2025/08/29 12:06:09 net packet injection: enabled 2025/08/29 12:06:09 net device setup: enabled 2025/08/29 12:06:09 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 12:06:09 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 12:06:09 USB emulation: enabled 2025/08/29 12:06:09 hci packet injection: enabled 2025/08/29 12:06:09 wifi device emulation: enabled 2025/08/29 12:06:09 802.15.4 emulation: enabled 2025/08/29 12:06:09 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 12:06:09 fetching corpus: 50, signal 26421/29827 (executing program) 2025/08/29 12:06:10 fetching corpus: 100, signal 37828/42622 (executing program) 2025/08/29 12:06:10 fetching corpus: 150, signal 43415/49579 (executing program) 2025/08/29 12:06:10 fetching corpus: 200, signal 48730/56170 (executing program) 2025/08/29 12:06:10 fetching corpus: 250, signal 55378/63823 (executing program) 2025/08/29 12:06:10 fetching corpus: 300, signal 61008/70443 (executing program) 2025/08/29 12:06:10 fetching corpus: 350, signal 65231/75662 (executing program) 2025/08/29 12:06:10 fetching corpus: 400, signal 68584/79986 (executing program) 2025/08/29 12:06:10 fetching corpus: 450, signal 71016/83454 (executing program) 2025/08/29 12:06:10 fetching corpus: 500, signal 73615/86942 (executing program) 2025/08/29 12:06:10 fetching corpus: 550, signal 77310/91363 (executing program) 2025/08/29 12:06:11 fetching corpus: 600, signal 80404/95252 (executing program) 2025/08/29 12:06:11 fetching corpus: 650, signal 82765/98419 (executing program) 2025/08/29 12:06:11 fetching corpus: 700, signal 84996/101405 (executing program) 2025/08/29 12:06:11 fetching corpus: 750, signal 87423/104617 (executing program) 2025/08/29 12:06:11 fetching corpus: 800, signal 90071/107921 (executing program) 2025/08/29 12:06:11 fetching corpus: 850, signal 91760/110391 (executing program) 2025/08/29 12:06:11 fetching corpus: 900, signal 94135/113346 (executing program) 2025/08/29 12:06:11 fetching corpus: 950, signal 95810/115643 (executing program) 2025/08/29 12:06:11 fetching corpus: 1000, signal 96809/117394 (executing program) 2025/08/29 12:06:11 fetching corpus: 1050, signal 98180/119447 (executing program) 2025/08/29 12:06:11 fetching corpus: 1100, signal 99254/121239 (executing program) 2025/08/29 12:06:12 fetching corpus: 1150, signal 100492/123084 (executing program) 2025/08/29 12:06:12 fetching corpus: 1200, signal 102258/125346 (executing program) 2025/08/29 12:06:12 fetching corpus: 1250, signal 104108/127590 (executing program) 2025/08/29 12:06:12 fetching corpus: 1300, signal 105098/129217 (executing program) 2025/08/29 12:06:12 fetching corpus: 1350, signal 107341/131716 (executing program) 2025/08/29 12:06:12 fetching corpus: 1400, signal 108260/133269 (executing program) 2025/08/29 12:06:12 fetching corpus: 1450, signal 109796/135181 (executing program) 2025/08/29 12:06:12 fetching corpus: 1500, signal 110967/136807 (executing program) 2025/08/29 12:06:12 fetching corpus: 1550, signal 112191/138511 (executing program) 2025/08/29 12:06:12 fetching corpus: 1600, signal 113189/140068 (executing program) 2025/08/29 12:06:13 fetching corpus: 1650, signal 114137/141479 (executing program) 2025/08/29 12:06:13 fetching corpus: 1700, signal 115136/142936 (executing program) 2025/08/29 12:06:13 fetching corpus: 1750, signal 116480/144704 (executing program) 2025/08/29 12:06:13 fetching corpus: 1800, signal 117277/146012 (executing program) 2025/08/29 12:06:13 fetching corpus: 1850, signal 118266/147457 (executing program) 2025/08/29 12:06:13 fetching corpus: 1900, signal 118985/148671 (executing program) 2025/08/29 12:06:13 fetching corpus: 1950, signal 120655/150549 (executing program) 2025/08/29 12:06:13 fetching corpus: 2000, signal 121267/151677 (executing program) 2025/08/29 12:06:13 fetching corpus: 2050, signal 122518/153125 (executing program) 2025/08/29 12:06:13 fetching corpus: 2100, signal 123517/154453 (executing program) 2025/08/29 12:06:13 fetching corpus: 2150, signal 124462/155685 (executing program) 2025/08/29 12:06:14 fetching corpus: 2200, signal 125373/156928 (executing program) 2025/08/29 12:06:14 fetching corpus: 2250, signal 126093/158013 (executing program) 2025/08/29 12:06:14 fetching corpus: 2300, signal 127074/159304 (executing program) 2025/08/29 12:06:14 fetching corpus: 2350, signal 127805/160333 (executing program) 2025/08/29 12:06:14 fetching corpus: 2400, signal 129281/161757 (executing program) 2025/08/29 12:06:14 fetching corpus: 2450, signal 131618/163560 (executing program) 2025/08/29 12:06:14 fetching corpus: 2500, signal 132258/164556 (executing program) 2025/08/29 12:06:14 fetching corpus: 2550, signal 133255/165638 (executing program) 2025/08/29 12:06:14 fetching corpus: 2600, signal 133764/166510 (executing program) 2025/08/29 12:06:14 fetching corpus: 2650, signal 134351/167403 (executing program) 2025/08/29 12:06:14 fetching corpus: 2700, signal 134934/168298 (executing program) 2025/08/29 12:06:15 fetching corpus: 2750, signal 136168/169441 (executing program) 2025/08/29 12:06:15 fetching corpus: 2800, signal 137199/170487 (executing program) 2025/08/29 12:06:15 fetching corpus: 2850, signal 137849/171329 (executing program) 2025/08/29 12:06:15 fetching corpus: 2900, signal 138496/172202 (executing program) 2025/08/29 12:06:15 fetching corpus: 2950, signal 139103/172982 (executing program) 2025/08/29 12:06:15 fetching corpus: 3000, signal 140137/173939 (executing program) 2025/08/29 12:06:15 fetching corpus: 3050, signal 140794/174714 (executing program) 2025/08/29 12:06:15 fetching corpus: 3100, signal 141454/175443 (executing program) 2025/08/29 12:06:16 fetching corpus: 3150, signal 142054/176189 (executing program) 2025/08/29 12:06:16 fetching corpus: 3200, signal 142688/176920 (executing program) 2025/08/29 12:06:16 fetching corpus: 3250, signal 143556/177690 (executing program) 2025/08/29 12:06:16 fetching corpus: 3300, signal 144150/178402 (executing program) 2025/08/29 12:06:16 fetching corpus: 3350, signal 145241/179301 (executing program) 2025/08/29 12:06:16 fetching corpus: 3400, signal 145849/179958 (executing program) 2025/08/29 12:06:16 fetching corpus: 3450, signal 146448/180611 (executing program) 2025/08/29 12:06:16 fetching corpus: 3500, signal 146875/181239 (executing program) 2025/08/29 12:06:16 fetching corpus: 3550, signal 147662/182010 (executing program) 2025/08/29 12:06:16 fetching corpus: 3600, signal 148109/182580 (executing program) 2025/08/29 12:06:16 fetching corpus: 3650, signal 148939/183244 (executing program) 2025/08/29 12:06:17 fetching corpus: 3700, signal 149965/183907 (executing program) 2025/08/29 12:06:17 fetching corpus: 3750, signal 150436/184457 (executing program) 2025/08/29 12:06:17 fetching corpus: 3800, signal 150875/184952 (executing program) 2025/08/29 12:06:17 fetching corpus: 3850, signal 151627/185560 (executing program) 2025/08/29 12:06:17 fetching corpus: 3900, signal 152356/186189 (executing program) 2025/08/29 12:06:17 fetching corpus: 3950, signal 152763/186666 (executing program) 2025/08/29 12:06:17 fetching corpus: 4000, signal 153416/187156 (executing program) 2025/08/29 12:06:17 fetching corpus: 4050, signal 153950/187671 (executing program) 2025/08/29 12:06:17 fetching corpus: 4100, signal 154514/188156 (executing program) 2025/08/29 12:06:17 fetching corpus: 4150, signal 155036/188650 (executing program) 2025/08/29 12:06:18 fetching corpus: 4200, signal 155510/189111 (executing program) 2025/08/29 12:06:18 fetching corpus: 4250, signal 156034/189540 (executing program) 2025/08/29 12:06:18 fetching corpus: 4300, signal 156561/189962 (executing program) 2025/08/29 12:06:18 fetching corpus: 4350, signal 157122/190387 (executing program) 2025/08/29 12:06:18 fetching corpus: 4400, signal 157597/190817 (executing program) 2025/08/29 12:06:18 fetching corpus: 4450, signal 158195/191239 (executing program) 2025/08/29 12:06:18 fetching corpus: 4500, signal 158671/191631 (executing program) 2025/08/29 12:06:18 fetching corpus: 4550, signal 159176/192011 (executing program) 2025/08/29 12:06:18 fetching corpus: 4600, signal 159558/192381 (executing program) 2025/08/29 12:06:19 fetching corpus: 4650, signal 160027/192615 (executing program) 2025/08/29 12:06:19 fetching corpus: 4700, signal 160716/192616 (executing program) 2025/08/29 12:06:19 fetching corpus: 4750, signal 161575/192619 (executing program) 2025/08/29 12:06:19 fetching corpus: 4800, signal 162845/192625 (executing program) 2025/08/29 12:06:19 fetching corpus: 4850, signal 163197/192625 (executing program) 2025/08/29 12:06:19 fetching corpus: 4900, signal 163634/192674 (executing program) 2025/08/29 12:06:19 fetching corpus: 4950, signal 164098/192686 (executing program) 2025/08/29 12:06:19 fetching corpus: 5000, signal 164800/192721 (executing program) 2025/08/29 12:06:19 fetching corpus: 5050, signal 165285/192810 (executing program) 2025/08/29 12:06:19 fetching corpus: 5100, signal 165750/192832 (executing program) 2025/08/29 12:06:20 fetching corpus: 5150, signal 166103/192835 (executing program) 2025/08/29 12:06:20 fetching corpus: 5200, signal 166504/192853 (executing program) 2025/08/29 12:06:20 fetching corpus: 5250, signal 166874/192868 (executing program) 2025/08/29 12:06:20 fetching corpus: 5300, signal 167347/192873 (executing program) 2025/08/29 12:06:20 fetching corpus: 5350, signal 167782/192933 (executing program) 2025/08/29 12:06:20 fetching corpus: 5400, signal 168223/192943 (executing program) 2025/08/29 12:06:20 fetching corpus: 5450, signal 168505/192946 (executing program) 2025/08/29 12:06:20 fetching corpus: 5500, signal 168919/193000 (executing program) 2025/08/29 12:06:20 fetching corpus: 5550, signal 169323/193023 (executing program) 2025/08/29 12:06:20 fetching corpus: 5600, signal 169657/193034 (executing program) 2025/08/29 12:06:20 fetching corpus: 5650, signal 170028/193040 (executing program) 2025/08/29 12:06:21 fetching corpus: 5700, signal 170369/193049 (executing program) 2025/08/29 12:06:21 fetching corpus: 5750, signal 170825/193057 (executing program) 2025/08/29 12:06:21 fetching corpus: 5800, signal 171136/193061 (executing program) 2025/08/29 12:06:21 fetching corpus: 5850, signal 171507/193068 (executing program) 2025/08/29 12:06:21 fetching corpus: 5900, signal 171822/193082 (executing program) 2025/08/29 12:06:21 fetching corpus: 5950, signal 172552/193088 (executing program) 2025/08/29 12:06:21 fetching corpus: 6000, signal 172982/193120 (executing program) 2025/08/29 12:06:21 fetching corpus: 6050, signal 173315/193125 (executing program) 2025/08/29 12:06:21 fetching corpus: 6100, signal 173681/193135 (executing program) 2025/08/29 12:06:21 fetching corpus: 6150, signal 174010/193147 (executing program) 2025/08/29 12:06:21 fetching corpus: 6200, signal 174389/193150 (executing program) 2025/08/29 12:06:21 fetching corpus: 6250, signal 174853/193152 (executing program) 2025/08/29 12:06:22 fetching corpus: 6300, signal 175087/193171 (executing program) 2025/08/29 12:06:22 fetching corpus: 6350, signal 175361/193187 (executing program) 2025/08/29 12:06:22 fetching corpus: 6400, signal 175541/193192 (executing program) 2025/08/29 12:06:22 fetching corpus: 6450, signal 175887/193192 (executing program) 2025/08/29 12:06:22 fetching corpus: 6500, signal 176194/193197 (executing program) 2025/08/29 12:06:22 fetching corpus: 6550, signal 176591/193225 (executing program) 2025/08/29 12:06:22 fetching corpus: 6600, signal 176861/193229 (executing program) 2025/08/29 12:06:22 fetching corpus: 6650, signal 177184/193242 (executing program) 2025/08/29 12:06:22 fetching corpus: 6700, signal 177538/193246 (executing program) 2025/08/29 12:06:22 fetching corpus: 6750, signal 177913/193247 (executing program) 2025/08/29 12:06:22 fetching corpus: 6800, signal 178096/193257 (executing program) 2025/08/29 12:06:22 fetching corpus: 6850, signal 178384/193282 (executing program) 2025/08/29 12:06:23 fetching corpus: 6900, signal 178653/193293 (executing program) 2025/08/29 12:06:23 fetching corpus: 6950, signal 178911/193294 (executing program) 2025/08/29 12:06:23 fetching corpus: 7000, signal 179244/193307 (executing program) 2025/08/29 12:06:23 fetching corpus: 7050, signal 179471/193314 (executing program) 2025/08/29 12:06:23 fetching corpus: 7100, signal 179872/193325 (executing program) 2025/08/29 12:06:23 fetching corpus: 7150, signal 180290/193327 (executing program) 2025/08/29 12:06:23 fetching corpus: 7200, signal 180792/193327 (executing program) 2025/08/29 12:06:23 fetching corpus: 7250, signal 181085/193349 (executing program) 2025/08/29 12:06:23 fetching corpus: 7300, signal 181357/193355 (executing program) 2025/08/29 12:06:23 fetching corpus: 7350, signal 181609/193363 (executing program) 2025/08/29 12:06:23 fetching corpus: 7400, signal 181847/193368 (executing program) 2025/08/29 12:06:23 fetching corpus: 7450, signal 182063/193371 (executing program) 2025/08/29 12:06:24 fetching corpus: 7500, signal 182456/193373 (executing program) 2025/08/29 12:06:24 fetching corpus: 7550, signal 182774/193383 (executing program) 2025/08/29 12:06:24 fetching corpus: 7600, signal 183024/193405 (executing program) 2025/08/29 12:06:24 fetching corpus: 7650, signal 183216/193435 (executing program) 2025/08/29 12:06:24 fetching corpus: 7700, signal 183489/193450 (executing program) 2025/08/29 12:06:24 fetching corpus: 7750, signal 183763/193453 (executing program) 2025/08/29 12:06:24 fetching corpus: 7800, signal 183985/193474 (executing program) 2025/08/29 12:06:24 fetching corpus: 7850, signal 184175/193478 (executing program) 2025/08/29 12:06:24 fetching corpus: 7900, signal 184497/193480 (executing program) 2025/08/29 12:06:24 fetching corpus: 7950, signal 184783/193500 (executing program) 2025/08/29 12:06:24 fetching corpus: 8000, signal 185032/193523 (executing program) 2025/08/29 12:06:25 fetching corpus: 8050, signal 185520/193529 (executing program) 2025/08/29 12:06:25 fetching corpus: 8100, signal 185835/193530 (executing program) 2025/08/29 12:06:25 fetching corpus: 8150, signal 186094/193545 (executing program) 2025/08/29 12:06:25 fetching corpus: 8200, signal 186352/193548 (executing program) 2025/08/29 12:06:25 fetching corpus: 8250, signal 186735/193549 (executing program) 2025/08/29 12:06:25 fetching corpus: 8300, signal 187031/193565 (executing program) 2025/08/29 12:06:25 fetching corpus: 8350, signal 187222/193570 (executing program) 2025/08/29 12:06:25 fetching corpus: 8400, signal 187619/193573 (executing program) 2025/08/29 12:06:25 fetching corpus: 8450, signal 187872/193577 (executing program) 2025/08/29 12:06:25 fetching corpus: 8500, signal 188083/193586 (executing program) 2025/08/29 12:06:25 fetching corpus: 8550, signal 188308/193589 (executing program) 2025/08/29 12:06:25 fetching corpus: 8600, signal 188544/193594 (executing program) 2025/08/29 12:06:26 fetching corpus: 8650, signal 188744/193598 (executing program) 2025/08/29 12:06:26 fetching corpus: 8700, signal 189034/193612 (executing program) 2025/08/29 12:06:26 fetching corpus: 8750, signal 189322/193614 (executing program) 2025/08/29 12:06:26 fetching corpus: 8800, signal 189588/193630 (executing program) 2025/08/29 12:06:26 fetching corpus: 8850, signal 189847/193631 (executing program) 2025/08/29 12:06:26 fetching corpus: 8900, signal 190036/193642 (executing program) 2025/08/29 12:06:26 fetching corpus: 8909, signal 190107/193642 (executing program) 2025/08/29 12:06:26 fetching corpus: 8909, signal 190107/193642 (executing program) 2025/08/29 12:06:28 starting 8 fuzzer processes 12:06:28 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$unix(r1, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12:06:28 executing program 3: ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x0, 0x21, 0x4, 0x0, 0x3a, 0x8}, 0x0) 12:06:28 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x20, r1, 0x1, 0x0, 0x0, {0x10}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}}, 0x0) 12:06:28 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000000)={0x0, 0x20}) 12:06:28 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000002bc0)={0x3, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 12:06:28 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x600, 0x0}, &(0x7f00000000c0)="1510de80e75b", 0x0, 0x0, 0x0, 0x0, 0x0}) 12:06:28 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x6a841, 0x0) write$binfmt_script(r0, 0x0, 0x84) 12:06:28 executing program 6: syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x6}, @hci_evt_le_ext_adv_set_term}}, 0x9) [ 78.025960] audit: type=1400 audit(1756469188.415:7): avc: denied { execmem } for pid=274 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 79.245121] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.248268] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.249606] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.252066] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.252915] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.255246] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.259211] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.260846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.263084] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.264882] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.267756] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.270190] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.274004] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.294412] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.304375] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.306046] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.308734] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.310207] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.312209] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.316252] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.320460] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.323695] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 79.325152] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.327180] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.332008] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 79.337742] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 79.339035] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 79.343110] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 79.344955] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 79.354897] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 79.357140] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.359327] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.360818] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 79.364563] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 79.369761] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 79.375443] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.375557] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 79.379426] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 79.388797] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 79.400783] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.330988] Bluetooth: hci0: command tx timeout [ 81.330996] Bluetooth: hci2: command tx timeout [ 81.395407] Bluetooth: hci4: command tx timeout [ 81.395628] Bluetooth: hci3: command tx timeout [ 81.396148] Bluetooth: hci1: command tx timeout [ 81.458698] Bluetooth: hci7: command tx timeout [ 81.458756] Bluetooth: hci6: command tx timeout [ 81.460293] Bluetooth: hci5: command tx timeout [ 83.379029] Bluetooth: hci0: command tx timeout [ 83.379831] Bluetooth: hci2: command tx timeout [ 83.442704] Bluetooth: hci4: command tx timeout [ 83.443467] Bluetooth: hci3: command tx timeout [ 83.444551] Bluetooth: hci1: command tx timeout [ 83.506753] Bluetooth: hci6: command tx timeout [ 83.507677] Bluetooth: hci5: command tx timeout [ 83.507727] Bluetooth: hci7: command tx timeout [ 85.426857] Bluetooth: hci0: command tx timeout [ 85.428538] Bluetooth: hci2: command tx timeout [ 85.490593] Bluetooth: hci4: command tx timeout [ 85.490633] Bluetooth: hci1: command tx timeout [ 85.491132] Bluetooth: hci3: command tx timeout [ 85.554686] Bluetooth: hci7: command tx timeout [ 85.555182] Bluetooth: hci6: command tx timeout [ 85.556386] Bluetooth: hci5: command tx timeout [ 87.475765] Bluetooth: hci0: command tx timeout [ 87.477323] Bluetooth: hci2: command tx timeout [ 87.539204] Bluetooth: hci3: command tx timeout [ 87.540036] Bluetooth: hci1: command tx timeout [ 87.540070] Bluetooth: hci4: command tx timeout [ 87.603197] Bluetooth: hci5: command tx timeout [ 87.603334] Bluetooth: hci7: command tx timeout [ 87.603661] Bluetooth: hci6: command tx timeout [ 118.180327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.180980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.382334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.384010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.805886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.806452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:07:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) [ 118.909985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.910607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.943645] audit: type=1400 audit(1756469229.332:8): avc: denied { open } for pid=3792 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 118.948584] audit: type=1400 audit(1756469229.332:9): avc: denied { kernel } for pid=3792 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.028538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.029103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.151541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.152140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:07:09 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) [ 119.431803] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.432450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:07:10 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) [ 119.662157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.663358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:07:10 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f00000001c0)={0x0, 0x0, 0x41, 0x8, 0x0, r0, 0x0}]) [ 119.889569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.890146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.993896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.994440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.036049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.036609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.061097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.061655] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.314897] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.316058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.350541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.351164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.439557] random: crng reseeded on system resumption [ 120.443813] random: crng reseeded on system resumption [ 120.477740] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.478394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.505068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.505915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 12:07:11 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001880), 0x80802) write$sndseq(r0, &(0x7f00000018c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c) 12:07:11 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) 12:07:11 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect(r0, &(0x7f00000001c0)=@in={0x2, 0x0, @remote}, 0x80) syz_emit_ethernet(0x3e, &(0x7f0000000240)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @parameter_prob={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}}}, 0x0) 12:07:11 executing program 6: syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x6}, @hci_evt_le_ext_adv_set_term}}, 0x9) 12:07:11 executing program 5: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000014c0)='ns/pid_for_children\x00') fsetxattr(r0, &(0x7f0000001500)=@known='trusted.overlay.upper\x00', &(0x7f0000001540)='.\x00', 0x2, 0x0) 12:07:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) msync(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4) 12:07:11 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x6a841, 0x0) write$binfmt_script(r0, 0x0, 0x84) 12:07:11 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$unix(r1, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 120.646718] random: crng reseeded on system resumption 12:07:11 executing program 6: syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x6}, @hci_evt_le_ext_adv_set_term}}, 0x9) 12:07:11 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x6a841, 0x0) write$binfmt_script(r0, 0x0, 0x84) [ 120.748015] random: crng reseeded on system resumption 12:07:11 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 12:07:11 executing program 2: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/schedstat\x00', 0x0, 0x0) ioctl(r0, 0x1, &(0x7f00000001c0)="5830f2c8") 12:07:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$unix(r1, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12:07:11 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) getpgrp(0xffffffffffffffff) sendmmsg$unix(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000003640)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 12:07:11 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$unix(r1, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12:07:11 executing program 6: syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x6}, @hci_evt_le_ext_adv_set_term}}, 0x9) 12:07:11 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x6a841, 0x0) write$binfmt_script(r0, 0x0, 0x84) [ 120.838935] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 120.839850] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 120.840444] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.841378] Tainted: [W]=WARN [ 120.841945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.843650] random: crng reseeded on system resumption [ 120.843800] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.845546] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.849921] RSP: 0018:ffff888048127780 EFLAGS: 00010012 [ 120.850344] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 120.850903] RDX: ffff88801c89b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.851454] RBP: ffff8880481279f0 R08: ffff88806cf31340 R09: ffffe8ffffd168f0 [ 120.852019] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.852573] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.853129] FS: 000055556f7cf400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.853755] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.854209] CR2: 00007f02806b1000 CR3: 0000000046458000 CR4: 0000000000350ef0 [ 120.854766] Call Trace: [ 120.854973] [ 120.855159] ? __pfx_perf_tp_event+0x10/0x10 [ 120.855517] ? arch_scale_cpu_capacity+0x17/0xa0 [ 120.855904] ? cpu_util.constprop.0+0x17d/0x340 [ 120.856276] ? __asan_memset+0x24/0x50 [ 120.856586] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 120.857008] ? lock_release+0xc8/0x290 [ 120.857319] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 120.857761] ? __lock_acquire+0x694/0x1b70 [ 120.858095] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.858493] perf_trace_run_bpf_submit+0xef/0x180 [ 120.858880] perf_trace_preemptirq_template+0x259/0x430 [ 120.859306] ? __pick_eevdf+0x326/0x570 [ 120.859626] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.860089] ? update_curr+0x39e/0x500 [ 120.860397] ? find_held_lock+0x2b/0x80 [ 120.860714] ? try_to_wake_up+0x8ae/0x11d0 [ 120.861051] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 120.861453] trace_irq_enable.constprop.0+0xa6/0x100 [ 120.861849] trace_hardirqs_on+0x26/0x40 [ 120.862170] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 120.862560] try_to_wake_up+0x8ae/0x11d0 [ 120.862883] ? __pfx_try_to_wake_up+0x10/0x10 [ 120.863243] ? plist_del+0x122/0x270 [ 120.863540] ? find_held_lock+0x2b/0x80 [ 120.863868] ? futex_wake+0x474/0x540 [ 120.864174] wake_up_q+0xa1/0x130 [ 120.864456] futex_wake+0x47e/0x540 [ 120.864749] ? __pfx_futex_wake+0x10/0x10 [ 120.865078] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 120.865485] ? finish_task_switch.isra.0+0x206/0x840 [ 120.865890] do_futex+0x26d/0x370 [ 120.866171] ? __pfx_do_futex+0x10/0x10 [ 120.866488] ? __pfx___schedule+0x10/0x10 [ 120.866825] __x64_sys_futex+0x1c9/0x4d0 [ 120.867147] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.867617] ? __pfx___x64_sys_futex+0x10/0x10 [ 120.867978] ? xfd_validate_state+0x55/0x180 [ 120.868333] do_syscall_64+0xbf/0x360 [ 120.868635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.869038] RIP: 0033:0x7f2e823f2b19 [ 120.869333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.870742] RSP: 002b:00007ffcb07ce3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.871331] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2e823f2b19 [ 120.871889] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2e82505f68 [ 120.872440] RBP: 00007f2e82505f60 R08: 00007f2e7f968700 R09: 0000000000000000 [ 120.872992] R10: 00007f2e7f968700 R11: 0000000000000246 R12: 00007f2e8250aa68 [ 120.873543] R13: 00007ffcb07ce4f0 R14: 00007f2e82505f60 R15: 000000000001d784 [ 120.874099] [ 120.874285] Modules linked in: [ 120.874547] ---[ end trace 0000000000000000 ]--- [ 120.874916] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.875288] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.876707] RSP: 0018:ffff888048127780 EFLAGS: 00010012 [ 120.877124] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 120.877678] RDX: ffff88801c89b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.878235] RBP: ffff8880481279f0 R08: ffff88806cf31340 R09: ffffe8ffffd168f0 [ 120.878795] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.879348] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.879912] FS: 000055556f7cf400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.880536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.880990] CR2: 00007f02806b1000 CR3: 0000000046458000 CR4: 0000000000350ef0 [ 120.881546] note: syz-executor.5[3939] exited with irqs disabled [ 120.882120] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 120.882990] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 120.883589] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.884520] Tainted: [D]=DIE, [W]=WARN [ 120.884823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.885463] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.885837] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.887249] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 120.887673] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 120.888230] RDX: ffff88801c89b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.888787] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd168f0 [ 120.889343] R10: 0000000000000000 R11: ffff888013e89898 R12: dffffc0000000000 [ 120.889898] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 120.890457] FS: 000055556f7cf400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.891080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.891534] CR2: 00007f02806b1000 CR3: 0000000046458000 CR4: 0000000000350ef0 [ 120.892093] Call Trace: [ 120.892297] [ 120.892473] ? __pfx_perf_tp_event+0x10/0x10 [ 120.892826] ? enqueue_task_fair+0xded/0x1e00 [ 120.893188] ? check_preempt_wakeup_fair+0x6e/0x950 [ 120.893586] ? wakeup_preempt+0x140/0x2a0 [ 120.893919] ? lock_release+0x1c7/0x290 [ 120.894241] ? lock_release+0x1c7/0x290 [ 120.894560] ? do_raw_spin_unlock+0x53/0x220 [ 120.894915] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 120.895315] ? try_to_wake_up+0x8ae/0x11d0 [ 120.895661] ? do_raw_spin_lock+0x123/0x260 [ 120.896008] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 120.896380] ? perf_trace_run_bpf_submit+0xef/0x180 [ 120.896778] perf_trace_run_bpf_submit+0xef/0x180 [ 120.897162] perf_trace_preemptirq_template+0x259/0x430 [ 120.897595] ? read_tsc+0x9/0x20 [ 120.897876] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 120.898348] ? clockevents_program_event+0x135/0x360 [ 120.898755] ? tick_program_event+0xac/0x140 [ 120.899107] ? handle_softirqs+0x16e/0x770 [ 120.899446] trace_irq_enable.constprop.0+0xa6/0x100 [ 120.899855] trace_hardirqs_on+0x26/0x40 [ 120.900175] handle_softirqs+0x16e/0x770 [ 120.900507] __irq_exit_rcu+0xc4/0x100 [ 120.900823] irq_exit_rcu+0x9/0x20 [ 120.901108] sysvec_apic_timer_interrupt+0x70/0x80 [ 120.901499] [ 120.901679] [ 120.901862] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 120.902284] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 120.902662] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 120.904079] RSP: 0018:ffff888048127f28 EFLAGS: 00000246 [ 120.904498] RAX: 0000000000000001 RBX: ffff88801c89b700 RCX: ffffffff817c2b86 [ 120.905054] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 120.905616] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 120.906172] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88801c89b700 [ 120.906731] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 120.907287] ? trace_irq_enable.constprop.0+0x26/0x100 [ 120.907705] ? make_task_dead+0x214/0x3b0 [ 120.908038] ? make_task_dead+0x214/0x3b0 [ 120.908366] ? do_syscall_64+0xbf/0x360 [ 120.908685] rewind_stack_and_make_dead+0x16/0x20 [ 120.909076] RIP: 0033:0x7f2e823f2b19 [ 120.909375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.910784] RSP: 002b:00007ffcb07ce3e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.911375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2e823f2b19 [ 120.911940] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2e82505f68 [ 120.912498] RBP: 00007f2e82505f60 R08: 00007f2e7f968700 R09: 0000000000000000 [ 120.913051] R10: 00007f2e7f968700 R11: 0000000000000246 R12: 00007f2e8250aa68 [ 120.913609] R13: 00007ffcb07ce4f0 R14: 00007f2e82505f60 R15: 000000000001d784 [ 120.914173] [ 120.914365] Modules linked in: [ 120.914622] ---[ end trace 0000000000000000 ]--- [ 120.914626] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 120.914991] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.915843] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 120.916205] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.916842] CPU: 0 UID: 0 PID: 3953 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 120.918243] RSP: 0018:ffff888048127780 EFLAGS: 00010012 [ 120.919111] Tainted: [D]=DIE, [W]=WARN [ 120.919520] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 120.919812] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.920365] RDX: ffff88801c89b700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 120.920975] RIP: 0010:perf_tp_event+0x175/0xe70 [ 120.921527] RBP: ffff8880481279f0 R08: ffff88806cf31340 R09: ffffe8ffffd168f0 [ 120.921873] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 120.922418] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 120.923748] RSP: 0018:ffff88804823f780 EFLAGS: 00010012 [ 120.924306] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 120.924308] [ 120.924705] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000b041000 [ 120.925257] FS: 000055556f7cf400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 120.925385] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 120.925938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.926526] RBP: ffff88804823f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc168f0 [ 120.927083] CR2: 00007f02806b1000 CR3: 0000000046458000 CR4: 0000000000350ef0 [ 120.927509] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 120.928076] Kernel panic - not syncing: Fatal exception in interrupt [ 120.929902] Kernel Offset: disabled [ 120.930190] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 12:07:11 Registers: info registers vcpu 0 RAX=ffffffff85849250 RBX=000000000000786a RCX=ffffffff819cd6f7 RDX=ffff88800e55d280 RSI=ffffffff819cd705 RDI=0000000000000006 RBP=1ffff11009025efd RSP=ffff88804812f7e8 R8 =0000000000000000 R9 =fffff9400021500e R10=000000000000786a R11=ffff88806ce3c540 R12=0000000000042a02 R13=ffff88801f3bf500 R14=00007f34b9d4c000 R15=000000000007ffdf RIP=ffffffff819cd70c RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbd04253546 CR3=0000000005a88000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f34bbf307c000007f34bbf307c8 XMM02=00007f34bbf307e000007f34bbf307c0 XMM03=00007f34bbf307c800007f34bbf307c0 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888048126fd8 R8 =0000000000000000 R9 =ffffed100153e046 R10=00000000000fe503 R11=0000000065646f43 R12=0000000000000823 R13=0000000000000060 R14=fffffbfff10e4882 R15=dffffc0000000000 RIP=ffffffff828e3285 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556f7cf400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f02806b1000 CR3=0000000046458000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f2e824d97c000007f2e824d97c8 XMM02=00007f2e824d97e000007f2e824d97c0 XMM03=00007f2e824d97c800007f2e824d97c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000