Warning: Permanently added '[localhost]:22464' (ECDSA) to the list of known hosts.
2025/08/29 12:10:28 fuzzer started
2025/08/29 12:10:28 dialing manager at localhost:43077
syzkaller login: [ 51.826964] cgroup: Unknown subsys name 'net'
[ 51.879348] cgroup: Unknown subsys name 'cpuset'
[ 51.891355] cgroup: Unknown subsys name 'rlimit'
2025/08/29 12:10:39 syscalls: 2214
2025/08/29 12:10:39 code coverage: enabled
2025/08/29 12:10:39 comparison tracing: enabled
2025/08/29 12:10:39 extra coverage: enabled
2025/08/29 12:10:39 setuid sandbox: enabled
2025/08/29 12:10:39 namespace sandbox: enabled
2025/08/29 12:10:39 Android sandbox: enabled
2025/08/29 12:10:39 fault injection: enabled
2025/08/29 12:10:39 leak checking: enabled
2025/08/29 12:10:39 net packet injection: enabled
2025/08/29 12:10:39 net device setup: enabled
2025/08/29 12:10:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 12:10:39 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 12:10:39 USB emulation: enabled
2025/08/29 12:10:39 hci packet injection: enabled
2025/08/29 12:10:39 wifi device emulation: enabled
2025/08/29 12:10:39 802.15.4 emulation: enabled
2025/08/29 12:10:39 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 12:10:39 fetching corpus: 50, signal 17345/20997 (executing program)
2025/08/29 12:10:39 fetching corpus: 100, signal 30266/35308 (executing program)
2025/08/29 12:10:39 fetching corpus: 150, signal 36753/43238 (executing program)
2025/08/29 12:10:39 fetching corpus: 200, signal 42787/50624 (executing program)
2025/08/29 12:10:39 fetching corpus: 250, signal 49433/58440 (executing program)
2025/08/29 12:10:39 fetching corpus: 300, signal 58386/68208 (executing program)
2025/08/29 12:10:39 fetching corpus: 350, signal 62599/73413 (executing program)
2025/08/29 12:10:39 fetching corpus: 400, signal 65199/77110 (executing program)
2025/08/29 12:10:40 fetching corpus: 450, signal 68471/81397 (executing program)
2025/08/29 12:10:40 fetching corpus: 500, signal 71738/85528 (executing program)
2025/08/29 12:10:40 fetching corpus: 550, signal 74093/88874 (executing program)
2025/08/29 12:10:40 fetching corpus: 600, signal 76744/92377 (executing program)
2025/08/29 12:10:40 fetching corpus: 650, signal 78939/95441 (executing program)
2025/08/29 12:10:40 fetching corpus: 700, signal 82320/99529 (executing program)
2025/08/29 12:10:40 fetching corpus: 750, signal 85452/103301 (executing program)
2025/08/29 12:10:40 fetching corpus: 800, signal 87921/106445 (executing program)
2025/08/29 12:10:40 fetching corpus: 850, signal 89394/108709 (executing program)
2025/08/29 12:10:40 fetching corpus: 900, signal 92465/112264 (executing program)
2025/08/29 12:10:41 fetching corpus: 950, signal 94411/114827 (executing program)
2025/08/29 12:10:41 fetching corpus: 1000, signal 95909/117003 (executing program)
2025/08/29 12:10:41 fetching corpus: 1050, signal 97358/119194 (executing program)
2025/08/29 12:10:41 fetching corpus: 1100, signal 99750/122026 (executing program)
2025/08/29 12:10:41 fetching corpus: 1150, signal 102987/125461 (executing program)
2025/08/29 12:10:41 fetching corpus: 1200, signal 104210/127347 (executing program)
2025/08/29 12:10:41 fetching corpus: 1250, signal 105573/129298 (executing program)
2025/08/29 12:10:41 fetching corpus: 1300, signal 106865/131161 (executing program)
2025/08/29 12:10:41 fetching corpus: 1350, signal 107822/132771 (executing program)
2025/08/29 12:10:41 fetching corpus: 1400, signal 108634/134206 (executing program)
2025/08/29 12:10:42 fetching corpus: 1450, signal 109577/135737 (executing program)
2025/08/29 12:10:42 fetching corpus: 1500, signal 111618/138013 (executing program)
2025/08/29 12:10:42 fetching corpus: 1550, signal 112888/139690 (executing program)
2025/08/29 12:10:42 fetching corpus: 1600, signal 114420/141510 (executing program)
2025/08/29 12:10:42 fetching corpus: 1650, signal 115979/143281 (executing program)
2025/08/29 12:10:42 fetching corpus: 1700, signal 116988/144712 (executing program)
2025/08/29 12:10:42 fetching corpus: 1750, signal 118729/146591 (executing program)
2025/08/29 12:10:42 fetching corpus: 1800, signal 119789/148002 (executing program)
2025/08/29 12:10:42 fetching corpus: 1850, signal 120788/149349 (executing program)
2025/08/29 12:10:42 fetching corpus: 1900, signal 121584/150604 (executing program)
2025/08/29 12:10:42 fetching corpus: 1950, signal 122885/152115 (executing program)
2025/08/29 12:10:43 fetching corpus: 2000, signal 124142/153563 (executing program)
2025/08/29 12:10:43 fetching corpus: 2050, signal 125113/154830 (executing program)
2025/08/29 12:10:43 fetching corpus: 2100, signal 126537/156323 (executing program)
2025/08/29 12:10:43 fetching corpus: 2150, signal 127406/157422 (executing program)
2025/08/29 12:10:43 fetching corpus: 2200, signal 128280/158602 (executing program)
2025/08/29 12:10:43 fetching corpus: 2250, signal 128869/159586 (executing program)
2025/08/29 12:10:43 fetching corpus: 2300, signal 129822/160800 (executing program)
2025/08/29 12:10:43 fetching corpus: 2350, signal 130753/161929 (executing program)
2025/08/29 12:10:43 fetching corpus: 2400, signal 131754/163107 (executing program)
2025/08/29 12:10:44 fetching corpus: 2450, signal 133238/164459 (executing program)
2025/08/29 12:10:44 fetching corpus: 2500, signal 133909/165364 (executing program)
2025/08/29 12:10:44 fetching corpus: 2550, signal 134641/166382 (executing program)
2025/08/29 12:10:44 fetching corpus: 2600, signal 135616/167503 (executing program)
2025/08/29 12:10:44 fetching corpus: 2650, signal 136409/168415 (executing program)
2025/08/29 12:10:44 fetching corpus: 2700, signal 137061/169313 (executing program)
2025/08/29 12:10:44 fetching corpus: 2750, signal 137813/170223 (executing program)
2025/08/29 12:10:44 fetching corpus: 2800, signal 138813/171189 (executing program)
2025/08/29 12:10:44 fetching corpus: 2850, signal 139175/171883 (executing program)
2025/08/29 12:10:44 fetching corpus: 2900, signal 140197/172852 (executing program)
2025/08/29 12:10:44 fetching corpus: 2950, signal 140788/173652 (executing program)
2025/08/29 12:10:45 fetching corpus: 3000, signal 141565/174521 (executing program)
2025/08/29 12:10:45 fetching corpus: 3050, signal 142195/175308 (executing program)
2025/08/29 12:10:45 fetching corpus: 3100, signal 143033/176121 (executing program)
2025/08/29 12:10:45 fetching corpus: 3150, signal 143546/176854 (executing program)
2025/08/29 12:10:45 fetching corpus: 3200, signal 144155/177583 (executing program)
2025/08/29 12:10:45 fetching corpus: 3250, signal 144786/178328 (executing program)
2025/08/29 12:10:45 fetching corpus: 3300, signal 145626/179036 (executing program)
2025/08/29 12:10:45 fetching corpus: 3350, signal 146102/179706 (executing program)
2025/08/29 12:10:45 fetching corpus: 3400, signal 147054/180452 (executing program)
2025/08/29 12:10:45 fetching corpus: 3450, signal 147685/181075 (executing program)
2025/08/29 12:10:45 fetching corpus: 3500, signal 148739/181814 (executing program)
2025/08/29 12:10:46 fetching corpus: 3550, signal 149986/182534 (executing program)
2025/08/29 12:10:46 fetching corpus: 3600, signal 150608/183166 (executing program)
2025/08/29 12:10:46 fetching corpus: 3650, signal 151060/183746 (executing program)
2025/08/29 12:10:46 fetching corpus: 3700, signal 151674/184317 (executing program)
2025/08/29 12:10:46 fetching corpus: 3750, signal 152712/184968 (executing program)
2025/08/29 12:10:46 fetching corpus: 3800, signal 153316/185545 (executing program)
2025/08/29 12:10:46 fetching corpus: 3850, signal 153867/186035 (executing program)
2025/08/29 12:10:46 fetching corpus: 3900, signal 154342/186571 (executing program)
2025/08/29 12:10:46 fetching corpus: 3950, signal 154692/187057 (executing program)
2025/08/29 12:10:46 fetching corpus: 4000, signal 155217/187518 (executing program)
2025/08/29 12:10:46 fetching corpus: 4050, signal 155626/187956 (executing program)
2025/08/29 12:10:47 fetching corpus: 4100, signal 156205/188498 (executing program)
2025/08/29 12:10:47 fetching corpus: 4150, signal 157015/188991 (executing program)
2025/08/29 12:10:47 fetching corpus: 4200, signal 157388/189472 (executing program)
2025/08/29 12:10:47 fetching corpus: 4250, signal 157944/189958 (executing program)
2025/08/29 12:10:47 fetching corpus: 4300, signal 158395/190359 (executing program)
2025/08/29 12:10:47 fetching corpus: 4350, signal 158787/190756 (executing program)
2025/08/29 12:10:47 fetching corpus: 4400, signal 159292/191131 (executing program)
2025/08/29 12:10:47 fetching corpus: 4450, signal 159741/191499 (executing program)
2025/08/29 12:10:47 fetching corpus: 4500, signal 160234/191887 (executing program)
2025/08/29 12:10:47 fetching corpus: 4550, signal 160749/192234 (executing program)
2025/08/29 12:10:48 fetching corpus: 4600, signal 161223/192585 (executing program)
2025/08/29 12:10:48 fetching corpus: 4650, signal 161711/192840 (executing program)
2025/08/29 12:10:48 fetching corpus: 4700, signal 162518/192852 (executing program)
2025/08/29 12:10:48 fetching corpus: 4750, signal 162958/192887 (executing program)
2025/08/29 12:10:48 fetching corpus: 4799, signal 163351/192897 (executing program)
2025/08/29 12:10:48 fetching corpus: 4849, signal 163863/192914 (executing program)
2025/08/29 12:10:48 fetching corpus: 4899, signal 164191/192920 (executing program)
2025/08/29 12:10:48 fetching corpus: 4949, signal 164642/192922 (executing program)
2025/08/29 12:10:48 fetching corpus: 4999, signal 165121/192931 (executing program)
2025/08/29 12:10:48 fetching corpus: 5049, signal 165422/192951 (executing program)
2025/08/29 12:10:48 fetching corpus: 5099, signal 165704/192961 (executing program)
2025/08/29 12:10:49 fetching corpus: 5149, signal 165923/192968 (executing program)
2025/08/29 12:10:49 fetching corpus: 5199, signal 166376/192970 (executing program)
2025/08/29 12:10:49 fetching corpus: 5249, signal 166916/192996 (executing program)
2025/08/29 12:10:49 fetching corpus: 5299, signal 167158/193004 (executing program)
2025/08/29 12:10:49 fetching corpus: 5349, signal 167514/193011 (executing program)
2025/08/29 12:10:49 fetching corpus: 5399, signal 167807/193024 (executing program)
2025/08/29 12:10:49 fetching corpus: 5449, signal 168265/193028 (executing program)
2025/08/29 12:10:49 fetching corpus: 5499, signal 168635/193033 (executing program)
2025/08/29 12:10:49 fetching corpus: 5549, signal 168887/193039 (executing program)
2025/08/29 12:10:49 fetching corpus: 5599, signal 169207/193064 (executing program)
2025/08/29 12:10:49 fetching corpus: 5649, signal 169583/193075 (executing program)
2025/08/29 12:10:50 fetching corpus: 5699, signal 169857/193082 (executing program)
2025/08/29 12:10:50 fetching corpus: 5749, signal 170198/193094 (executing program)
2025/08/29 12:10:50 fetching corpus: 5799, signal 170492/193097 (executing program)
2025/08/29 12:10:50 fetching corpus: 5849, signal 171047/193109 (executing program)
2025/08/29 12:10:50 fetching corpus: 5899, signal 171642/193110 (executing program)
2025/08/29 12:10:50 fetching corpus: 5949, signal 172074/193131 (executing program)
2025/08/29 12:10:50 fetching corpus: 5999, signal 172395/193135 (executing program)
2025/08/29 12:10:50 fetching corpus: 6049, signal 172676/193148 (executing program)
2025/08/29 12:10:50 fetching corpus: 6099, signal 173007/193150 (executing program)
2025/08/29 12:10:50 fetching corpus: 6149, signal 173263/193158 (executing program)
2025/08/29 12:10:50 fetching corpus: 6199, signal 173595/193158 (executing program)
2025/08/29 12:10:50 fetching corpus: 6249, signal 174118/193167 (executing program)
2025/08/29 12:10:50 fetching corpus: 6299, signal 174371/193189 (executing program)
2025/08/29 12:10:51 fetching corpus: 6349, signal 174676/193216 (executing program)
2025/08/29 12:10:51 fetching corpus: 6399, signal 174919/193247 (executing program)
2025/08/29 12:10:51 fetching corpus: 6449, signal 175224/193255 (executing program)
2025/08/29 12:10:51 fetching corpus: 6499, signal 175749/193285 (executing program)
2025/08/29 12:10:51 fetching corpus: 6549, signal 175991/193292 (executing program)
2025/08/29 12:10:51 fetching corpus: 6599, signal 176284/193295 (executing program)
2025/08/29 12:10:51 fetching corpus: 6649, signal 176582/193297 (executing program)
2025/08/29 12:10:51 fetching corpus: 6699, signal 176938/193344 (executing program)
2025/08/29 12:10:51 fetching corpus: 6749, signal 177241/193367 (executing program)
2025/08/29 12:10:51 fetching corpus: 6799, signal 177731/193374 (executing program)
2025/08/29 12:10:51 fetching corpus: 6849, signal 178115/193376 (executing program)
2025/08/29 12:10:52 fetching corpus: 6899, signal 178365/193392 (executing program)
2025/08/29 12:10:52 fetching corpus: 6949, signal 178766/193397 (executing program)
2025/08/29 12:10:52 fetching corpus: 6999, signal 179130/193398 (executing program)
2025/08/29 12:10:52 fetching corpus: 7049, signal 179410/193421 (executing program)
2025/08/29 12:10:52 fetching corpus: 7099, signal 179770/193424 (executing program)
2025/08/29 12:10:52 fetching corpus: 7149, signal 180172/193427 (executing program)
2025/08/29 12:10:52 fetching corpus: 7199, signal 180473/193432 (executing program)
2025/08/29 12:10:52 fetching corpus: 7249, signal 180699/193440 (executing program)
2025/08/29 12:10:52 fetching corpus: 7299, signal 181010/193443 (executing program)
2025/08/29 12:10:52 fetching corpus: 7349, signal 181243/193448 (executing program)
2025/08/29 12:10:52 fetching corpus: 7399, signal 181421/193460 (executing program)
2025/08/29 12:10:53 fetching corpus: 7449, signal 181775/193467 (executing program)
2025/08/29 12:10:53 fetching corpus: 7499, signal 182097/193475 (executing program)
2025/08/29 12:10:53 fetching corpus: 7549, signal 182422/193498 (executing program)
2025/08/29 12:10:53 fetching corpus: 7599, signal 182682/193499 (executing program)
2025/08/29 12:10:53 fetching corpus: 7649, signal 182942/193510 (executing program)
2025/08/29 12:10:53 fetching corpus: 7699, signal 183209/193510 (executing program)
2025/08/29 12:10:53 fetching corpus: 7749, signal 183579/193593 (executing program)
2025/08/29 12:10:53 fetching corpus: 7799, signal 183916/193593 (executing program)
2025/08/29 12:10:53 fetching corpus: 7849, signal 184172/193595 (executing program)
2025/08/29 12:10:53 fetching corpus: 7899, signal 184461/193602 (executing program)
2025/08/29 12:10:53 fetching corpus: 7949, signal 184736/193605 (executing program)
2025/08/29 12:10:53 fetching corpus: 7999, signal 185116/193610 (executing program)
2025/08/29 12:10:54 fetching corpus: 8049, signal 185336/193644 (executing program)
2025/08/29 12:10:54 fetching corpus: 8099, signal 185591/193648 (executing program)
2025/08/29 12:10:54 fetching corpus: 8149, signal 185916/193676 (executing program)
2025/08/29 12:10:54 fetching corpus: 8199, signal 186252/193683 (executing program)
2025/08/29 12:10:54 fetching corpus: 8249, signal 186584/193689 (executing program)
2025/08/29 12:10:54 fetching corpus: 8299, signal 186755/193693 (executing program)
2025/08/29 12:10:54 fetching corpus: 8349, signal 187022/193698 (executing program)
2025/08/29 12:10:54 fetching corpus: 8399, signal 187248/193699 (executing program)
2025/08/29 12:10:54 fetching corpus: 8449, signal 187545/193699 (executing program)
2025/08/29 12:10:54 fetching corpus: 8499, signal 187797/193758 (executing program)
2025/08/29 12:10:54 fetching corpus: 8549, signal 188028/193760 (executing program)
2025/08/29 12:10:55 fetching corpus: 8599, signal 188248/193766 (executing program)
2025/08/29 12:10:55 fetching corpus: 8649, signal 188504/193771 (executing program)
2025/08/29 12:10:55 fetching corpus: 8699, signal 188725/193775 (executing program)
2025/08/29 12:10:55 fetching corpus: 8749, signal 188976/193776 (executing program)
2025/08/29 12:10:55 fetching corpus: 8799, signal 189250/193777 (executing program)
2025/08/29 12:10:55 fetching corpus: 8849, signal 189658/193780 (executing program)
2025/08/29 12:10:55 fetching corpus: 8899, signal 190062/193780 (executing program)
2025/08/29 12:10:55 fetching corpus: 8927, signal 190195/193780 (executing program)
2025/08/29 12:10:55 fetching corpus: 8927, signal 190195/193780 (executing program)
2025/08/29 12:10:58 starting 8 fuzzer processes
12:10:58 executing program 0:
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, 0x0, 0x1)
12:10:58 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, 0x0, 0x6)
12:10:58 executing program 2:
rt_sigaction(0xe, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000380))
12:10:58 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$BLKSECTGET(r1, 0x227f, &(0x7f0000000040))
12:10:58 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00')
fcntl$setlease(r1, 0x400, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
12:10:58 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x14, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}})
[ 80.941602] audit: type=1400 audit(1756469458.258:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:10:58 executing program 5:
execve(0x0, 0x0, 0x0)
12:10:58 executing program 6:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$CDROMREADTOCHDR(r0, 0x5305, &(0x7f0000001900))
[ 82.148390] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.152296] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.154423] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.158681] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 82.163440] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.274526] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 82.276894] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 82.278406] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 82.281565] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 82.284847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 82.342858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 82.348617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 82.349906] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 82.351547] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 82.352765] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 82.354308] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 82.358539] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 82.359524] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 82.359555] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 82.361116] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 82.362736] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 82.363850] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 82.364416] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 82.365360] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 82.367223] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 82.368454] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 82.369199] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 82.370961] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 82.375003] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 82.378485] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 82.380000] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 82.382104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 82.384951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 82.389514] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 82.405350] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 82.405481] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 82.413737] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 82.417519] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 82.427854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 82.428871] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 84.245510] Bluetooth: hci0: command tx timeout
[ 84.308463] Bluetooth: hci1: command tx timeout
[ 84.435705] Bluetooth: hci6: command tx timeout
[ 84.499415] Bluetooth: hci7: command tx timeout
[ 84.500585] Bluetooth: hci5: command tx timeout
[ 84.501551] Bluetooth: hci4: command tx timeout
[ 84.501735] Bluetooth: hci2: command tx timeout
[ 84.502401] Bluetooth: hci3: command tx timeout
[ 86.291515] Bluetooth: hci0: command tx timeout
[ 86.355391] Bluetooth: hci1: command tx timeout
[ 86.483299] Bluetooth: hci6: command tx timeout
[ 86.547275] Bluetooth: hci7: command tx timeout
[ 86.547949] Bluetooth: hci2: command tx timeout
[ 86.548670] Bluetooth: hci4: command tx timeout
[ 86.549338] Bluetooth: hci3: command tx timeout
[ 86.550066] Bluetooth: hci5: command tx timeout
[ 88.339256] Bluetooth: hci0: command tx timeout
[ 88.405195] Bluetooth: hci1: command tx timeout
[ 88.531393] Bluetooth: hci6: command tx timeout
[ 88.595334] Bluetooth: hci7: command tx timeout
[ 88.596252] Bluetooth: hci5: command tx timeout
[ 88.597039] Bluetooth: hci2: command tx timeout
[ 88.598118] Bluetooth: hci3: command tx timeout
[ 88.598937] Bluetooth: hci4: command tx timeout
[ 90.387466] Bluetooth: hci0: command tx timeout
[ 90.452184] Bluetooth: hci1: command tx timeout
[ 90.581257] Bluetooth: hci6: command tx timeout
[ 90.643285] Bluetooth: hci4: command tx timeout
[ 90.644020] Bluetooth: hci2: command tx timeout
[ 90.644814] Bluetooth: hci3: command tx timeout
[ 90.645558] Bluetooth: hci7: command tx timeout
[ 90.646297] Bluetooth: hci5: command tx timeout
[ 121.525485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.526194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.658347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.658992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.008731] audit: type=1400 audit(1756469499.325:8): avc: denied { open } for pid=3710 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 122.010552] audit: type=1400 audit(1756469499.326:9): avc: denied { kernel } for pid=3710 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
12:11:39 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00')
fcntl$setlease(r1, 0x400, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
12:11:39 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00')
fcntl$setlease(r1, 0x400, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
12:11:39 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/route\x00')
fcntl$setlease(r1, 0x400, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
12:11:39 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[@ANYBLOB="b40400001100010029bd7000fbdbdf25ff0100000000000000000000000000010a0101"], 0x4b4}}, 0x0)
12:11:40 executing program 3:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180))
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
12:11:40 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
12:11:40 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
symlink(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00')
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=@random={'security.', 'dont_appraise'}, 0x0, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
[ 123.117701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.118434] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:11:40 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/icmp\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})
[ 123.256154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.256785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.542477] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.543112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.704712] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.705368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.847256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.847863] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.883738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.884499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.967416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.967999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.062707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.064116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.146865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.148128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.196682] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.197559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.267862] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.268495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.325231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.327118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.551200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.551790] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.594654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 124.595469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:11:42 executing program 0:
setgroups(0xf8b7, 0x0)
12:11:42 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x4, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0)
12:11:42 executing program 6:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0)
pivot_root(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00')
12:11:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, 0x0, 0x6)
12:11:42 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x40247007, &(0x7f0000000040))
12:11:42 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/icmp\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})
12:11:42 executing program 7:
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
12:11:42 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x1, 0x1, 0x101}, 0x14}}, 0x0)
[ 124.871917] kmemleak: Found object by alias at 0x607f1a62ad7c
[ 124.871939] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 124.871958] Tainted: [W]=WARN
[ 124.871962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 124.871969] Call Trace:
[ 124.871973]
[ 124.871978] dump_stack_lvl+0xca/0x120
[ 124.872009] __lookup_object+0x94/0xb0
[ 124.872027] delete_object_full+0x27/0x70
[ 124.872043] free_percpu+0x30/0x1160
[ 124.872060] ? arch_uprobe_clear_state+0x16/0x140
[ 124.872080] futex_hash_free+0x38/0xc0
[ 124.872094] mmput+0x2d3/0x390
[ 124.872113] do_exit+0x79d/0x2970
[ 124.872136] ? __pfx_do_exit+0x10/0x10
[ 124.872150] ? find_held_lock+0x2b/0x80
[ 124.872168] ? get_signal+0x835/0x2340
[ 124.872188] do_group_exit+0xd3/0x2a0
[ 124.872203] get_signal+0x2315/0x2340
[ 124.872219] ? trace_irq_enable.constprop.0+0xc2/0x100
[ 124.872232] ? __call_rcu_common.constprop.0+0x4c1/0x960
[ 124.872251] ? __pfx_get_signal+0x10/0x10
[ 124.872267] ? __schedule+0xe91/0x3590
[ 124.872287] arch_do_signal_or_restart+0x80/0x790
[ 124.872305] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 124.872321] ? __x64_sys_futex+0x1c9/0x4d0
[ 124.872333] ? __x64_sys_futex+0x1d2/0x4d0
[ 124.872347] ? __x64_sys_openat+0x142/0x200
[ 124.872363] ? __pfx___x64_sys_futex+0x10/0x10
[ 124.872382] exit_to_user_mode_loop+0x8b/0x110
[ 124.872395] do_syscall_64+0x2f7/0x360
[ 124.872407] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 124.872420] RIP: 0033:0x7f83096a5b19
[ 124.872428] Code: Unable to access opcode bytes at 0x7f83096a5aef.
[ 124.872434] RSP: 002b:00007f8306c1b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 124.872445] RAX: 0000000000000001 RBX: 00007f83097b8f68 RCX: 00007f83096a5b19
[ 124.872453] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f83097b8f6c
[ 124.872460] RBP: 00007f83097b8f60 R08: 0000000000000000 R09: 0000000000000000
[ 124.872467] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f83097b8f6c
[ 124.872474] R13: 00007ffcfd00b27f R14: 00007f8306c1b300 R15: 0000000000022000
[ 124.872490]
[ 124.872494] kmemleak: Object (percpu) 0x607f1a62ad78 (size 8):
[ 124.872500] kmemleak: comm "syz-executor.5", pid 3937, jiffies 4294791794
[ 124.872507] kmemleak: min_count = 1
[ 124.872511] kmemleak: count = 0
[ 124.872515] kmemleak: flags = 0x21
[ 124.872519] kmemleak: checksum = 0
[ 124.872522] kmemleak: backtrace:
[ 124.872526] pcpu_alloc_noprof+0x87a/0x1170
[ 124.872551] perf_trace_event_init+0x366/0xa10
[ 124.872565] perf_trace_init+0x1a4/0x2f0
[ 124.872576] perf_tp_event_init+0xa6/0x120
[ 124.872592] perf_try_init_event+0x140/0x9f0
[ 124.872605] perf_event_alloc.part.0+0x118e/0x45f0
[ 124.872621] __do_sys_perf_event_open+0x719/0x2c20
[ 124.872634] do_syscall_64+0xbf/0x360
[ 124.872642] entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:11:42 executing program 0:
setgroups(0xf8b7, 0x0)
12:11:42 executing program 7:
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
12:11:42 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x4, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0)
12:11:42 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x1, 0x1, 0x101}, 0x14}}, 0x0)
12:11:42 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/icmp\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})
12:11:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, 0x0, 0x6)
12:11:42 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$BLKSECTGET(r1, 0x2201, &(0x7f0000000040))
12:11:42 executing program 6:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
12:11:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, 0x0, 0x6)
12:11:42 executing program 7:
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
12:11:42 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x4, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0)
[ 125.047187] kmemleak: Found object by alias at 0x607f1a62ad7c
[ 125.047207] CPU: 1 UID: 0 PID: 3950 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 125.047225] Tainted: [W]=WARN
[ 125.047229] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 125.047236] Call Trace:
[ 125.047240]
[ 125.047245] dump_stack_lvl+0xca/0x120
[ 125.047270] __lookup_object+0x94/0xb0
[ 125.047286] delete_object_full+0x27/0x70
[ 125.047301] free_percpu+0x30/0x1160
[ 125.047317] ? arch_uprobe_clear_state+0x16/0x140
[ 125.047337] futex_hash_free+0x38/0xc0
[ 125.047351] mmput+0x2d3/0x390
[ 125.047369] do_exit+0x79d/0x2970
[ 125.047382] ? signal_wake_up_state+0x85/0x120
[ 125.047398] ? zap_other_threads+0x2b9/0x3a0
[ 125.047413] ? __pfx_do_exit+0x10/0x10
[ 125.047426] ? do_group_exit+0x1c3/0x2a0
[ 125.047439] ? lock_release+0xc8/0x290
[ 125.047456] do_group_exit+0xd3/0x2a0
[ 125.047470] __x64_sys_exit_group+0x3e/0x50
[ 125.047483] x64_sys_call+0x18c5/0x18d0
[ 125.047499] do_syscall_64+0xbf/0x360
[ 125.047510] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.047521] RIP: 0033:0x7f83096a5b19
[ 125.047530] Code: Unable to access opcode bytes at 0x7f83096a5aef.
[ 125.047535] RSP: 002b:00007ffcfd00b4a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 125.047546] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f83096a5b19
[ 125.047553] RDX: 00007f830965872b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 125.047560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 125.047567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 125.047573] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffcfd00b590
[ 125.047588]
[ 125.047592] kmemleak: Object (percpu) 0x607f1a62ad78 (size 8):
[ 125.047598] kmemleak: comm "syz-executor.5", pid 3959, jiffies 4294791965
[ 125.047605] kmemleak: min_count = 1
[ 125.047609] kmemleak: count = 0
[ 125.047612] kmemleak: flags = 0x21
[ 125.047616] kmemleak: checksum = 0
[ 125.047619] kmemleak: backtrace:
[ 125.047623] pcpu_alloc_noprof+0x87a/0x1170
[ 125.047638] perf_trace_event_init+0x366/0xa10
[ 125.047651] perf_trace_init+0x1a4/0x2f0
[ 125.047662] perf_tp_event_init+0xa6/0x120
[ 125.047677] perf_try_init_event+0x140/0x9f0
[ 125.047690] perf_event_alloc.part.0+0x118e/0x45f0
[ 125.047706] __do_sys_perf_event_open+0x719/0x2c20
[ 125.047718] do_syscall_64+0xbf/0x360
[ 125.047727] entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:11:42 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/icmp\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$lock(r0, 0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})
12:11:42 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4a, &(0x7f0000000300)=0xffffffff, 0x31)
12:11:42 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @remote, @val={@void}, {@ipv4={0x800, @tipc={{0x4, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @dev}, @payload_conn={{{0x18, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}, 0x0)
12:11:42 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$BLKSECTGET(r1, 0x2201, &(0x7f0000000040))
12:11:42 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x1, 0x1, 0x101}, 0x14}}, 0x0)
12:11:42 executing program 7:
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)
[ 125.160826] kmemleak: Found object by alias at 0x607f1a62ad7c
[ 125.160849] CPU: 0 UID: 0 PID: 3969 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 125.160867] Tainted: [W]=WARN
[ 125.160871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 125.160879] Call Trace:
[ 125.160883]
[ 125.160889] dump_stack_lvl+0xca/0x120
[ 125.160917] __lookup_object+0x94/0xb0
[ 125.160935] delete_object_full+0x27/0x70
[ 125.160952] free_percpu+0x30/0x1160
[ 125.160969] ? arch_uprobe_clear_state+0x16/0x140
[ 125.160989] futex_hash_free+0x38/0xc0
[ 125.161003] mmput+0x2d3/0x390
[ 125.161022] do_exit+0x79d/0x2970
[ 125.161036] ? lock_release+0xc8/0x290
[ 125.161054] ? __pfx_do_exit+0x10/0x10
[ 125.161067] ? find_held_lock+0x2b/0x80
[ 125.161085] ? get_signal+0x835/0x2340
[ 125.161105] do_group_exit+0xd3/0x2a0
[ 125.161120] get_signal+0x2315/0x2340
[ 125.161142] ? __pfx_get_signal+0x10/0x10
[ 125.161158] ? do_futex+0x135/0x370
[ 125.161172] ? __pfx_do_futex+0x10/0x10
[ 125.161187] arch_do_signal_or_restart+0x80/0x790
[ 125.161205] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 125.161221] ? __x64_sys_futex+0x1c9/0x4d0
[ 125.161233] ? __x64_sys_futex+0x1d2/0x4d0
[ 125.161246] ? __sys_socket+0x9f/0x260
[ 125.161261] ? __pfx___x64_sys_futex+0x10/0x10
[ 125.161275] ? xfd_validate_state+0x55/0x180
[ 125.161291] ? __sys_setsockopt+0x13f/0x1a0
[ 125.161310] exit_to_user_mode_loop+0x8b/0x110
[ 125.161324] do_syscall_64+0x2f7/0x360
[ 125.161336] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.161348] RIP: 0033:0x7f83096a5b19
[ 125.161357] Code: Unable to access opcode bytes at 0x7f83096a5aef.
[ 125.161362] RSP: 002b:00007f8306c1b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 125.161373] RAX: 0000000000000000 RBX: 00007f83097b8f68 RCX: 00007f83096a5b19
[ 125.161381] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f83097b8f68
[ 125.161388] RBP: 00007f83097b8f60 R08: 0000000000000000 R09: 0000000000000000
[ 125.161395] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83097b8f6c
[ 125.161402] R13: 00007ffcfd00b27f R14: 00007f8306c1b300 R15: 0000000000022000
[ 125.161418]
[ 125.161423] kmemleak: Object (percpu) 0x607f1a62ad78 (size 8):
[ 125.161429] kmemleak: comm "syz-executor.3", pid 3970, jiffies 4294792079
[ 125.161436] kmemleak: min_count = 1
[ 125.161440] kmemleak: count = 0
[ 125.161444] kmemleak: flags = 0x21
[ 125.161447] kmemleak: checksum = 0
[ 125.161451] kmemleak: backtrace:
[ 125.161455] pcpu_alloc_noprof+0x87a/0x1170
[ 125.161469] perf_trace_event_init+0x366/0xa10
[ 125.161483] perf_trace_init+0x1a4/0x2f0
[ 125.161494] perf_tp_event_init+0xa6/0x120
[ 125.161510] perf_try_init_event+0x140/0x9f0
[ 125.161523] perf_event_alloc.part.0+0x118e/0x45f0
[ 125.161539] __do_sys_perf_event_open+0x719/0x2c20
[ 125.161551] do_syscall_64+0xbf/0x360
[ 125.161560] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.185313] kmemleak: Cannot insert 0x607f1a62ad7c into the object search tree (overlaps existing)
[ 125.185331] CPU: 1 UID: 0 PID: 3978 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 125.185349] Tainted: [W]=WARN
[ 125.185353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 125.185361] Call Trace:
[ 125.185365]
[ 125.185370] dump_stack_lvl+0xca/0x120
[ 125.185395] __link_object+0x190/0x210
[ 125.185414] __create_object+0x48/0x80
[ 125.185431] pcpu_alloc_noprof+0x87a/0x1170
[ 125.185456] packet_create+0x1f1/0x8d0
[ 125.185477] __sock_create+0x369/0x810
[ 125.185495] __sys_socket+0x145/0x260
[ 125.185509] ? __pfx___sys_socket+0x10/0x10
[ 125.185527] __x64_sys_socket+0x73/0xb0
[ 125.185541] do_syscall_64+0xbf/0x360
[ 125.185554] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.185567] RIP: 0033:0x7fe51f0f1b19
[ 125.185576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 125.185587] RSP: 002b:00007fe51c667188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 125.185598] RAX: ffffffffffffffda RBX: 00007fe51f204f60 RCX: 00007fe51f0f1b19
[ 125.185606] RDX: 0000000000000300 RSI: 0000000000000003 RDI: 0000000000000011
[ 125.185613] RBP: 00007fe51f14bf6d R08: 0000000000000000 R09: 0000000000000000
[ 125.185620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 125.185627] R13: 00007ffdf106e1bf R14: 00007fe51c667300 R15: 0000000000022000
[ 125.185643]
[ 125.186313] kmemleak: Kernel memory leak detector disabled
[ 125.186317] kmemleak: Object (percpu) 0x607f1a62ad78 (size 8):
[ 125.186324] kmemleak: comm "syz-executor.3", pid 3970, jiffies 4294792079
[ 125.186332] kmemleak: min_count = 1
[ 125.186335] kmemleak: count = 0
[ 125.186339] kmemleak: flags = 0x21
[ 125.186343] kmemleak: checksum = 0
[ 125.186347] kmemleak: backtrace:
[ 125.186350] pcpu_alloc_noprof+0x87a/0x1170
[ 125.186365] perf_trace_event_init+0x366/0xa10
[ 125.186380] perf_trace_init+0x1a4/0x2f0
[ 125.186392] perf_tp_event_init+0xa6/0x120
[ 125.186408] perf_try_init_event+0x140/0x9f0
[ 125.186421] perf_event_alloc.part.0+0x118e/0x45f0
[ 125.186438] __do_sys_perf_event_open+0x719/0x2c20
[ 125.186451] do_syscall_64+0xbf/0x360
[ 125.186459] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.218077] Oops: general protection fault, probably for non-canonical address 0xe6fffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 125.219000] KASAN: maybe wild-memory-access in range [0x3800000000000190-0x3800000000000197]
[ 125.219675] CPU: 0 UID: 0 PID: 3975 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 125.220633] Tainted: [W]=WARN
[ 125.220886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 125.225822] RIP: 0010:perf_tp_event+0x175/0xe70
[ 125.227013] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 125.228454] RSP: 0018:ffff8880450df7c0 EFLAGS: 00010212
[ 125.228887] RAX: 0700000000000032 RBX: 37ffffffffffffa0 RCX: ffffc900064bc000
[ 125.229454] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 3800000000000190
[ 125.230022] RBP: ffff8880450dfa30 R08: ffff88806ce31340 R09: ffffe8ffffc16738
[ 125.230591] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000
[ 125.231158] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 125.231734] FS: 00007f3476d0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 125.232371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 125.232840] CR2: 00007f8c737ea070 CR3: 000000000e2be000 CR4: 0000000000350ef0
[ 125.233402] Call Trace:
[ 125.233613]
[ 125.233797] ? merge_sched_in+0xcb/0x1810
[ 125.234136] ? __pfx_perf_tp_event+0x10/0x10
[ 125.234500] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 125.234903] ? perf_tp_event+0x807/0xe70
[ 125.235236] ? lock_is_held_type+0x9e/0x120
[ 125.235593] ? __pfx_perf_tp_event+0x10/0x10
[ 125.235954] ? kasan_addr_to_slab+0x70/0xa0
[ 125.236311] ? __pfx_ctx_sched_in+0x10/0x10
[ 125.236668] ? init_file+0x95/0x4c0
[ 125.236971] ? find_held_lock+0x2b/0x80
[ 125.237311] ? perf_trace_run_bpf_submit+0xef/0x180
[ 125.237715] perf_trace_run_bpf_submit+0xef/0x180
[ 125.238109] perf_trace_lock_acquire+0x3c2/0x700
[ 125.238500] ? __pfx_perf_trace_lock_acquire+0x10/0x10
[ 125.238929] ? lock_acquire+0x15e/0x2f0
[ 125.239256] lock_acquire+0xc5/0x2f0
[ 125.239565] ? futex_private_hash_put+0x4c/0x2d0
[ 125.239948] ? futex_hash+0x2d8/0x390
[ 125.240258] ? lock_release+0xc8/0x290
[ 125.240588] futex_private_hash_put+0x5d/0x2d0
[ 125.240959] ? futex_private_hash_put+0x4c/0x2d0
[ 125.241348] futex_hash_put+0x3f/0x50
[ 125.241738] futex_wake+0x1bb/0x540
[ 125.242049] ? __pfx_futex_wake+0x10/0x10
[ 125.242448] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 125.242858] ? lock_release+0xc8/0x290
[ 125.243182] do_futex+0x26d/0x370
[ 125.243466] ? __pfx_do_futex+0x10/0x10
[ 125.243787] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 125.244216] ? find_held_lock+0x2b/0x80
[ 125.244554] __x64_sys_futex+0x1c9/0x4d0
[ 125.244890] ? __pfx___x64_sys_futex+0x10/0x10
[ 125.245264] ? xfd_validate_state+0x55/0x180
[ 125.245635] do_syscall_64+0xbf/0x360
[ 125.245945] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.246357] RIP: 0033:0x7f3479799b19
[ 125.246657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 125.248092] RSP: 002b:00007f3476d0f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 125.248703] RAX: ffffffffffffffda RBX: 00007f34798acf68 RCX: 00007f3479799b19
[ 125.249277] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f34798acf6c
[ 125.249849] RBP: 00007f34798acf60 R08: 000000000000000e R09: 0000000000000000
[ 125.250417] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f34798acf6c
[ 125.250983] R13: 00007ffe33737f4f R14: 00007f3476d0f300 R15: 0000000000022000
[ 125.251560]
[ 125.251751] Modules linked in:
[ 125.252032] Oops: general protection fault, probably for non-canonical address 0xe6fffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 125.252918] KASAN: maybe wild-memory-access in range [0x3800000000000190-0x3800000000000197]
[ 125.253574] CPU: 0 UID: 0 PID: 3975 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 125.254498] Tainted: [D]=DIE, [W]=WARN
[ 125.254798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 125.255433] RIP: 0010:perf_tp_event+0x175/0xe70
[ 125.255804] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 125.257217] RSP: 0018:ffff88806ce08a40 EFLAGS: 00010012
[ 125.257631] RAX: 0700000000000032 RBX: 37ffffffffffffa0 RCX: ffffffff81898973
[ 125.258187] RDX: ffff888045291b80 RSI: ffffffff818995b7 RDI: 3800000000000190
[ 125.258737] RBP: ffff88806ce08cb0 R08: ffff88806ce31490 R09: ffffe8ffffc16738
[ 125.259289] R10: 0000000000000000 R11: 0000000000000024 R12: dffffc0000000000
[ 125.259841] R13: 0000000000000000 R14: ffff88806ce31490 R15: dffffc0000000000
[ 125.260396] FS: 00007f3476d0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 125.261024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 125.261475] CR2: 00007f8c737ea070 CR3: 000000000e2be000 CR4: 0000000000350ef0
[ 125.262028] Call Trace:
[ 125.262236]
[ 125.262416] ? __pfx_perf_tp_event+0x10/0x10
[ 125.262774] ? lock_is_held_type+0x9e/0x120
[ 125.263120] ? lock_is_held_type+0x9e/0x120
[ 125.263466] ? lock_is_held_type+0x9e/0x120
[ 125.263811] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 125.264246] ? __resched_curr+0x2a2/0x330
[ 125.264585] ? __pfx___resched_curr+0x10/0x10
[ 125.264949] ? perf_trace_run_bpf_submit+0xef/0x180
[ 125.265343] perf_trace_run_bpf_submit+0xef/0x180
[ 125.265731] perf_trace_lock_acquire+0x3c2/0x700
[ 125.266109] ? __pfx_perf_trace_lock_acquire+0x10/0x10
[ 125.266523] ? __resched_curr+0x2a2/0x330
[ 125.266860] lock_acquire+0xc5/0x2f0
[ 125.267156] ? sched_ttwu_pending+0xa1/0x4a0
[ 125.267509] ? sched_ttwu_pending+0x2e0/0x4a0
[ 125.267868] ? lock_release+0xc8/0x290
[ 125.268178] _raw_spin_lock_nested+0x29/0x40
[ 125.268530] ? sched_ttwu_pending+0xa1/0x4a0
[ 125.268895] sched_ttwu_pending+0xa1/0x4a0
[ 125.269236] ? __pfx_sched_ttwu_pending+0x10/0x10
[ 125.269621] ? hrtimer_interrupt+0x652/0x830
[ 125.269974] __flush_smp_call_function_queue+0x434/0x740
[ 125.270407] __sysvec_call_function_single+0x6d/0x370
[ 125.270817] sysvec_call_function_single+0xa1/0xc0
[ 125.271208]
[ 125.271390]
[ 125.271573] asm_sysvec_call_function_single+0x1a/0x20
[ 125.271985] RIP: 0010:oops_exit+0x0/0x50
[ 125.272311] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[ 125.273718] RSP: 0018:ffff8880450df650 EFLAGS: 00000202
[ 125.274133] RAX: 000000000002b0c6 RBX: 0000000000000216 RCX: ffffc900064bc000
[ 125.274685] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[ 125.275240] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[ 125.275791] R10: 0000000000000000 R11: 000000000000002c R12: ffff8880450df718
[ 125.276345] R13: 0000000000000000 R14: e6fffc0000000032 R15: 0000000000000000
[ 125.276910] ? oops_end+0x4a/0xe0
[ 125.277201] oops_end+0x65/0xe0
[ 125.277476] exc_general_protection+0x1a2/0x330
[ 125.277851] asm_exc_general_protection+0x26/0x30
[ 125.278232] RIP: 0010:perf_tp_event+0x175/0xe70
[ 125.278602] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 125.280008] RSP: 0018:ffff8880450df7c0 EFLAGS: 00010212
[ 125.280424] RAX: 0700000000000032 RBX: 37ffffffffffffa0 RCX: ffffc900064bc000
[ 125.280985] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 3800000000000190
[ 125.281537] RBP: ffff8880450dfa30 R08: ffff88806ce31340 R09: ffffe8ffffc16738
[ 125.282087] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000
[ 125.282641] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 125.283203] ? perf_tp_event+0x167/0xe70
[ 125.283530] ? merge_sched_in+0xcb/0x1810
[ 125.283861] ? __pfx_perf_tp_event+0x10/0x10
[ 125.284213] ? tracing_gen_ctx_irq_test+0x167/0x1f0
[ 125.284620] ? perf_tp_event+0x807/0xe70
[ 125.284943] ? lock_is_held_type+0x9e/0x120
[ 125.285293] ? __pfx_perf_tp_event+0x10/0x10
[ 125.285645] ? kasan_addr_to_slab+0x70/0xa0
[ 125.285990] ? __pfx_ctx_sched_in+0x10/0x10
[ 125.286329] ? init_file+0x95/0x4c0
[ 125.286623] ? find_held_lock+0x2b/0x80
[ 125.286947] ? perf_trace_run_bpf_submit+0xef/0x180
[ 125.287345] perf_trace_run_bpf_submit+0xef/0x180
[ 125.287733] perf_trace_lock_acquire+0x3c2/0x700
[ 125.288113] ? __pfx_perf_trace_lock_acquire+0x10/0x10
[ 125.288530] ? lock_acquire+0x15e/0x2f0
[ 125.288861] lock_acquire+0xc5/0x2f0
[ 125.289159] ? futex_private_hash_put+0x4c/0x2d0
[ 125.289533] ? futex_hash+0x2d8/0x390
[ 125.289836] ? lock_release+0xc8/0x290
[ 125.290146] futex_private_hash_put+0x5d/0x2d0
[ 125.290505] ? futex_private_hash_put+0x4c/0x2d0
[ 125.290878] futex_hash_put+0x3f/0x50
[ 125.291179] futex_wake+0x1bb/0x540
[ 125.291476] ? __pfx_futex_wake+0x10/0x10
[ 125.291810] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 125.292210] ? lock_release+0xc8/0x290
[ 125.292522] do_futex+0x26d/0x370
[ 125.292810] ? __pfx_do_futex+0x10/0x10
[ 125.293128] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 125.293545] ? find_held_lock+0x2b/0x80
[ 125.293867] __x64_sys_futex+0x1c9/0x4d0
[ 125.294202] ? __pfx___x64_sys_futex+0x10/0x10
[ 125.294564] ? xfd_validate_state+0x55/0x180
[ 125.294922] do_syscall_64+0xbf/0x360
[ 125.295223] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 125.295626] RIP: 0033:0x7f3479799b19
[ 125.295916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 125.297324] RSP: 002b:00007f3476d0f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 125.297915] RAX: ffffffffffffffda RBX: 00007f34798acf68 RCX: 00007f3479799b19
[ 125.298466] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f34798acf6c
[ 125.299015] RBP: 00007f34798acf60 R08: 000000000000000e R09: 0000000000000000
[ 125.299569] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f34798acf6c
[ 125.300120] R13: 00007ffe33737f4f R14: 00007f3476d0f300 R15: 0000000000022000
[ 125.300691]
[ 125.300879] Modules linked in:
[ 125.301139] ---[ end trace 0000000000000000 ]---
[ 125.301144] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[ 125.301507] RIP: 0010:perf_tp_event+0x175/0xe70
[ 125.302420] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 125.302778] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 125.303443] CPU: 1 UID: 0 PID: 3977 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 125.304842] RSP: 0018:ffff8880450df7c0 EFLAGS: 00010212
[ 125.305748] Tainted: [D]=DIE, [W]=WARN
[ 125.306156] RAX: 0700000000000032 RBX: 37ffffffffffffa0 RCX: ffffc900064bc000
[ 125.306454] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 125.306997] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 3800000000000190
[ 125.307627] RIP: 0010:perf_tp_event+0x175/0xe70
[ 125.308176] RBP: ffff8880450dfa30 R08: ffff88806ce31340 R09: ffffe8ffffc16738
[ 125.308536] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 125.309089] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000
[ 125.310486] RSP: 0018:ffff888015e377c0 EFLAGS: 00010212
[ 125.311035] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000
[ 125.311037]
[ 125.311447] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 125.311995] FS: 00007f3476d0f700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[ 125.312131] RDX: ffff888019715280 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 125.312693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 125.313310] RBP: ffff888015e37a30 R08: ffff88806cf31340 R09: ffffe8ffffd16738
[ 125.313863] CR2: 00007f8c737ea070 CR3: 000000000e2be000 CR4: 0000000000350ef0
[ 125.314309] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000
[ 125.314857] Kernel panic - not syncing: Fatal exception in interrupt
[ 125.316751] Kernel Offset: disabled
[ 125.317044] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
12:11:42 Registers:
info registers vcpu 0
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880450df158
R8 =0000000000000000 R9 =ffffed10013e6046 R10=0000000000000036 R11=000000000000002c
R12=0000000000000036 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f3476d0f700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8c737ea070 CR3=000000000e2be000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f34798807c000007f34798807c8
XMM02=00007f34798807e000007f34798807c0 XMM03=00007f34798807c800007f34798807c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=dffffc0000000000 RCX=ffffffff81aa3a4a RDX=ffff888016bd8000
RSI=ffffffff81aa3a5d RDI=0000000000000004 RBP=ffffea0000faa100 RSP=ffff888047c17348
R8 =0000000000000000 R9 =fffff940001f5420 R10=000000000000018f R11=1ffff1100d9e6f7b
R12=000000000000018f R13=000000000000001b R14=000000000000001a R15=00000000000001fd
RIP=ffffffff8173e788 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe2f00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000000c00069e000 CR3=00000000441b1000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000