Warning: Permanently added '[localhost]:54821' (ECDSA) to the list of known hosts. 2025/09/01 10:37:38 fuzzer started 2025/09/01 10:37:38 dialing manager at localhost:35473 syzkaller login: [ 59.988993] cgroup: Unknown subsys name 'net' [ 60.054170] cgroup: Unknown subsys name 'cpuset' [ 60.078880] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:37:49 syscalls: 2214 2025/09/01 10:37:49 code coverage: enabled 2025/09/01 10:37:49 comparison tracing: enabled 2025/09/01 10:37:49 extra coverage: enabled 2025/09/01 10:37:49 setuid sandbox: enabled 2025/09/01 10:37:49 namespace sandbox: enabled 2025/09/01 10:37:49 Android sandbox: enabled 2025/09/01 10:37:49 fault injection: enabled 2025/09/01 10:37:49 leak checking: enabled 2025/09/01 10:37:49 net packet injection: enabled 2025/09/01 10:37:49 net device setup: enabled 2025/09/01 10:37:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:37:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:37:49 USB emulation: enabled 2025/09/01 10:37:49 hci packet injection: enabled 2025/09/01 10:37:49 wifi device emulation: enabled 2025/09/01 10:37:49 802.15.4 emulation: enabled 2025/09/01 10:37:49 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:37:49 fetching corpus: 50, signal 21024/24533 (executing program) 2025/09/01 10:37:49 fetching corpus: 100, signal 31140/36066 (executing program) 2025/09/01 10:37:49 fetching corpus: 150, signal 40788/46942 (executing program) 2025/09/01 10:37:49 fetching corpus: 200, signal 44576/52096 (executing program) 2025/09/01 10:37:49 fetching corpus: 250, signal 47043/55867 (executing program) 2025/09/01 10:37:50 fetching corpus: 300, signal 52228/62113 (executing program) 2025/09/01 10:37:50 fetching corpus: 350, signal 55882/66889 (executing program) 2025/09/01 10:37:50 fetching corpus: 400, signal 62000/73764 (executing program) 2025/09/01 10:37:50 fetching corpus: 450, signal 64803/77574 (executing program) 2025/09/01 10:37:50 fetching corpus: 500, signal 68682/82247 (executing program) 2025/09/01 10:37:50 fetching corpus: 550, signal 71924/86274 (executing program) 2025/09/01 10:37:50 fetching corpus: 600, signal 75016/90134 (executing program) 2025/09/01 10:37:50 fetching corpus: 650, signal 78050/93898 (executing program) 2025/09/01 10:37:50 fetching corpus: 700, signal 81032/97493 (executing program) 2025/09/01 10:37:51 fetching corpus: 750, signal 86590/103201 (executing program) 2025/09/01 10:37:51 fetching corpus: 800, signal 89403/106503 (executing program) 2025/09/01 10:37:51 fetching corpus: 850, signal 91621/109301 (executing program) 2025/09/01 10:37:51 fetching corpus: 900, signal 94046/112201 (executing program) 2025/09/01 10:37:51 fetching corpus: 950, signal 96023/114747 (executing program) 2025/09/01 10:37:51 fetching corpus: 1000, signal 98183/117369 (executing program) 2025/09/01 10:37:51 fetching corpus: 1050, signal 99525/119318 (executing program) 2025/09/01 10:37:51 fetching corpus: 1100, signal 101726/121916 (executing program) 2025/09/01 10:37:51 fetching corpus: 1150, signal 103040/123759 (executing program) 2025/09/01 10:37:52 fetching corpus: 1200, signal 105963/126706 (executing program) 2025/09/01 10:37:52 fetching corpus: 1250, signal 108708/129520 (executing program) 2025/09/01 10:37:52 fetching corpus: 1300, signal 109675/131009 (executing program) 2025/09/01 10:37:52 fetching corpus: 1350, signal 110973/132712 (executing program) 2025/09/01 10:37:52 fetching corpus: 1400, signal 112315/134382 (executing program) 2025/09/01 10:37:52 fetching corpus: 1450, signal 113604/136037 (executing program) 2025/09/01 10:37:52 fetching corpus: 1500, signal 114464/137401 (executing program) 2025/09/01 10:37:52 fetching corpus: 1550, signal 115541/138862 (executing program) 2025/09/01 10:37:52 fetching corpus: 1600, signal 116396/140101 (executing program) 2025/09/01 10:37:52 fetching corpus: 1650, signal 117303/141361 (executing program) 2025/09/01 10:37:53 fetching corpus: 1700, signal 118407/142817 (executing program) 2025/09/01 10:37:53 fetching corpus: 1750, signal 119632/144265 (executing program) 2025/09/01 10:37:53 fetching corpus: 1800, signal 120913/145754 (executing program) 2025/09/01 10:37:53 fetching corpus: 1850, signal 122156/147178 (executing program) 2025/09/01 10:37:53 fetching corpus: 1900, signal 123327/148472 (executing program) 2025/09/01 10:37:53 fetching corpus: 1950, signal 124282/149641 (executing program) 2025/09/01 10:37:53 fetching corpus: 2000, signal 125062/150688 (executing program) 2025/09/01 10:37:53 fetching corpus: 2050, signal 125973/151798 (executing program) 2025/09/01 10:37:53 fetching corpus: 2100, signal 126834/152901 (executing program) 2025/09/01 10:37:53 fetching corpus: 2150, signal 127650/153933 (executing program) 2025/09/01 10:37:54 fetching corpus: 2200, signal 128499/154926 (executing program) 2025/09/01 10:37:54 fetching corpus: 2250, signal 129228/155923 (executing program) 2025/09/01 10:37:54 fetching corpus: 2300, signal 130014/156907 (executing program) 2025/09/01 10:37:54 fetching corpus: 2350, signal 130661/157813 (executing program) 2025/09/01 10:37:54 fetching corpus: 2400, signal 131510/158741 (executing program) 2025/09/01 10:37:54 fetching corpus: 2450, signal 132460/159773 (executing program) 2025/09/01 10:37:54 fetching corpus: 2500, signal 132921/160542 (executing program) 2025/09/01 10:37:54 fetching corpus: 2550, signal 133549/161368 (executing program) 2025/09/01 10:37:54 fetching corpus: 2600, signal 134285/162199 (executing program) 2025/09/01 10:37:54 fetching corpus: 2650, signal 135147/163071 (executing program) 2025/09/01 10:37:54 fetching corpus: 2700, signal 135858/163861 (executing program) 2025/09/01 10:37:54 fetching corpus: 2750, signal 136558/164656 (executing program) 2025/09/01 10:37:55 fetching corpus: 2800, signal 137452/165513 (executing program) 2025/09/01 10:37:55 fetching corpus: 2850, signal 137965/166170 (executing program) 2025/09/01 10:37:55 fetching corpus: 2900, signal 138558/166872 (executing program) 2025/09/01 10:37:55 fetching corpus: 2950, signal 139087/167510 (executing program) 2025/09/01 10:37:55 fetching corpus: 3000, signal 139621/168152 (executing program) 2025/09/01 10:37:55 fetching corpus: 3050, signal 140275/168857 (executing program) 2025/09/01 10:37:55 fetching corpus: 3100, signal 140953/169531 (executing program) 2025/09/01 10:37:55 fetching corpus: 3150, signal 141424/170203 (executing program) 2025/09/01 10:37:55 fetching corpus: 3200, signal 141846/170748 (executing program) 2025/09/01 10:37:55 fetching corpus: 3250, signal 142331/171342 (executing program) 2025/09/01 10:37:56 fetching corpus: 3300, signal 143002/171964 (executing program) 2025/09/01 10:37:56 fetching corpus: 3350, signal 143800/172631 (executing program) 2025/09/01 10:37:56 fetching corpus: 3400, signal 144806/173250 (executing program) 2025/09/01 10:37:56 fetching corpus: 3450, signal 145592/173839 (executing program) 2025/09/01 10:37:56 fetching corpus: 3500, signal 146541/174477 (executing program) 2025/09/01 10:37:56 fetching corpus: 3550, signal 147106/174980 (executing program) 2025/09/01 10:37:56 fetching corpus: 3600, signal 147522/175467 (executing program) 2025/09/01 10:37:56 fetching corpus: 3650, signal 147973/175942 (executing program) 2025/09/01 10:37:56 fetching corpus: 3700, signal 148622/176430 (executing program) 2025/09/01 10:37:56 fetching corpus: 3750, signal 149463/176886 (executing program) 2025/09/01 10:37:56 fetching corpus: 3800, signal 149938/177405 (executing program) 2025/09/01 10:37:57 fetching corpus: 3850, signal 150354/177806 (executing program) 2025/09/01 10:37:57 fetching corpus: 3900, signal 150838/178183 (executing program) 2025/09/01 10:37:57 fetching corpus: 3950, signal 151441/178584 (executing program) 2025/09/01 10:37:57 fetching corpus: 4000, signal 152078/179101 (executing program) 2025/09/01 10:37:57 fetching corpus: 4050, signal 152837/179489 (executing program) 2025/09/01 10:37:57 fetching corpus: 4100, signal 153350/179876 (executing program) 2025/09/01 10:37:57 fetching corpus: 4150, signal 154062/180221 (executing program) 2025/09/01 10:37:57 fetching corpus: 4200, signal 154613/180607 (executing program) 2025/09/01 10:37:57 fetching corpus: 4250, signal 155247/180957 (executing program) 2025/09/01 10:37:57 fetching corpus: 4300, signal 155732/181262 (executing program) 2025/09/01 10:37:57 fetching corpus: 4350, signal 156284/181601 (executing program) 2025/09/01 10:37:57 fetching corpus: 4400, signal 156695/181891 (executing program) 2025/09/01 10:37:57 fetching corpus: 4450, signal 157020/182070 (executing program) 2025/09/01 10:37:57 fetching corpus: 4500, signal 157374/182076 (executing program) 2025/09/01 10:37:58 fetching corpus: 4550, signal 157769/182084 (executing program) 2025/09/01 10:37:58 fetching corpus: 4600, signal 158048/182095 (executing program) 2025/09/01 10:37:58 fetching corpus: 4650, signal 158437/182095 (executing program) 2025/09/01 10:37:58 fetching corpus: 4700, signal 158709/182098 (executing program) 2025/09/01 10:37:58 fetching corpus: 4750, signal 159144/182108 (executing program) 2025/09/01 10:37:58 fetching corpus: 4800, signal 159706/182112 (executing program) 2025/09/01 10:37:58 fetching corpus: 4850, signal 160850/182124 (executing program) 2025/09/01 10:37:58 fetching corpus: 4900, signal 161282/182124 (executing program) 2025/09/01 10:37:58 fetching corpus: 4950, signal 161702/182141 (executing program) 2025/09/01 10:37:58 fetching corpus: 5000, signal 162381/182144 (executing program) 2025/09/01 10:37:58 fetching corpus: 5050, signal 162799/182146 (executing program) 2025/09/01 10:37:59 fetching corpus: 5100, signal 163221/182155 (executing program) 2025/09/01 10:37:59 fetching corpus: 5150, signal 163645/182174 (executing program) 2025/09/01 10:37:59 fetching corpus: 5200, signal 163929/182178 (executing program) 2025/09/01 10:37:59 fetching corpus: 5250, signal 164351/182202 (executing program) 2025/09/01 10:37:59 fetching corpus: 5300, signal 164739/182206 (executing program) 2025/09/01 10:37:59 fetching corpus: 5350, signal 165109/182213 (executing program) 2025/09/01 10:37:59 fetching corpus: 5400, signal 165569/182220 (executing program) 2025/09/01 10:37:59 fetching corpus: 5450, signal 165960/182233 (executing program) 2025/09/01 10:37:59 fetching corpus: 5500, signal 166211/182245 (executing program) 2025/09/01 10:37:59 fetching corpus: 5550, signal 166556/182253 (executing program) 2025/09/01 10:37:59 fetching corpus: 5600, signal 166934/182257 (executing program) 2025/09/01 10:38:00 fetching corpus: 5650, signal 167257/182262 (executing program) 2025/09/01 10:38:00 fetching corpus: 5700, signal 167571/182273 (executing program) 2025/09/01 10:38:00 fetching corpus: 5750, signal 167935/182276 (executing program) 2025/09/01 10:38:00 fetching corpus: 5800, signal 168589/182280 (executing program) 2025/09/01 10:38:00 fetching corpus: 5850, signal 169041/182291 (executing program) 2025/09/01 10:38:00 fetching corpus: 5900, signal 169402/182292 (executing program) 2025/09/01 10:38:00 fetching corpus: 5950, signal 169806/182332 (executing program) 2025/09/01 10:38:00 fetching corpus: 6000, signal 170063/182347 (executing program) 2025/09/01 10:38:00 fetching corpus: 6050, signal 170330/182347 (executing program) 2025/09/01 10:38:00 fetching corpus: 6100, signal 170843/182353 (executing program) 2025/09/01 10:38:00 fetching corpus: 6150, signal 171073/182357 (executing program) 2025/09/01 10:38:01 fetching corpus: 6200, signal 171433/182365 (executing program) 2025/09/01 10:38:01 fetching corpus: 6250, signal 171642/182379 (executing program) 2025/09/01 10:38:01 fetching corpus: 6300, signal 171923/182383 (executing program) 2025/09/01 10:38:01 fetching corpus: 6350, signal 172310/182399 (executing program) 2025/09/01 10:38:01 fetching corpus: 6400, signal 172722/182416 (executing program) 2025/09/01 10:38:01 fetching corpus: 6450, signal 172984/182423 (executing program) 2025/09/01 10:38:01 fetching corpus: 6500, signal 173356/182424 (executing program) 2025/09/01 10:38:01 fetching corpus: 6550, signal 173584/182430 (executing program) 2025/09/01 10:38:01 fetching corpus: 6600, signal 173849/182433 (executing program) 2025/09/01 10:38:01 fetching corpus: 6650, signal 174313/182461 (executing program) 2025/09/01 10:38:01 fetching corpus: 6700, signal 174764/182464 (executing program) 2025/09/01 10:38:01 fetching corpus: 6750, signal 175109/182468 (executing program) 2025/09/01 10:38:01 fetching corpus: 6800, signal 175356/182472 (executing program) 2025/09/01 10:38:02 fetching corpus: 6850, signal 175615/182475 (executing program) 2025/09/01 10:38:02 fetching corpus: 6900, signal 175902/182530 (executing program) 2025/09/01 10:38:02 fetching corpus: 6950, signal 176311/182549 (executing program) 2025/09/01 10:38:02 fetching corpus: 7000, signal 176646/182553 (executing program) 2025/09/01 10:38:02 fetching corpus: 7050, signal 176981/182561 (executing program) 2025/09/01 10:38:02 fetching corpus: 7100, signal 177429/182585 (executing program) 2025/09/01 10:38:02 fetching corpus: 7150, signal 177791/182585 (executing program) 2025/09/01 10:38:02 fetching corpus: 7200, signal 178075/182600 (executing program) 2025/09/01 10:38:02 fetching corpus: 7250, signal 178316/182603 (executing program) 2025/09/01 10:38:02 fetching corpus: 7300, signal 178629/182614 (executing program) 2025/09/01 10:38:02 fetching corpus: 7350, signal 178913/182619 (executing program) 2025/09/01 10:38:02 fetching corpus: 7400, signal 179308/182646 (executing program) 2025/09/01 10:38:03 fetching corpus: 7450, signal 179721/182772 (executing program) 2025/09/01 10:38:03 fetching corpus: 7495, signal 180037/182773 (executing program) 2025/09/01 10:38:03 fetching corpus: 7495, signal 180037/182773 (executing program) 2025/09/01 10:38:05 starting 8 fuzzer processes 10:38:05 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {0xb}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) 10:38:05 executing program 2: r0 = socket$inet(0x2, 0x80003, 0xff) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000080)=0x3, 0x4) sendto$inet(r0, &(0x7f00000000c0)="f9ef228853802bdb858bff046848ec6b1fd74b8ca5173303669c19f29e0c1c37a1ecb808", 0x24, 0x0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) 10:38:05 executing program 1: syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT, 0x2) 10:38:05 executing program 5: setfsgid(0x0) 10:38:05 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140)="ee8d1584aff220e1b70587361d3dd224db4fc7ae4025ff82e8225391f3e84476be154b01214c7423842ef53a7e6d9c020865de5e3791c0d76b9ddb95000000000000000000009fe45caa70ee6dd44b5b8b3ddf57723d2ac7f37fcfe047d1f65c03eb3d6f466ab1df5a0fc0e2384470ed6e0c0eaef7695305315b28d97c0eddc2c16ebf4191b290aa095f24beec760b778b8d7374e3a493ffa7868438c417b213109e3f58ad7e1c17c8da317b6034eb5c7a4b8f134aed94894ed296687cf5b520321a2f92f011e00250d7995fe652792c8add45e7fa256c06e0c47d9e2f459432e9498c8dcfb6245b11ecd66ba922cf43240c701bac3e7c") 10:38:05 executing program 7: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001c00), 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) llistxattr(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) 10:38:05 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) 10:38:05 executing program 6: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 87.179652] audit: type=1400 audit(1756723085.862:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 88.456420] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.458416] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.459186] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.461570] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.462901] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.483791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.486522] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.487298] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.488769] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.489821] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.530582] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.532829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.540199] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.541601] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.543054] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.544928] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.546203] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.549578] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.557046] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.559510] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.560965] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.563162] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.564334] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.568881] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.570976] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.581317] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.587244] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.588180] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.594650] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.598823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.599931] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.605419] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.628576] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.631089] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.644916] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.646982] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.650133] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 88.662124] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.662826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.669571] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.496861] Bluetooth: hci0: command tx timeout [ 90.560509] Bluetooth: hci1: command tx timeout [ 90.624583] Bluetooth: hci6: command tx timeout [ 90.625063] Bluetooth: hci4: command tx timeout [ 90.626345] Bluetooth: hci2: command tx timeout [ 90.688482] Bluetooth: hci5: command tx timeout [ 90.818405] Bluetooth: hci3: command tx timeout [ 90.819020] Bluetooth: hci7: command tx timeout [ 92.546452] Bluetooth: hci0: command tx timeout [ 92.608463] Bluetooth: hci1: command tx timeout [ 92.672422] Bluetooth: hci2: command tx timeout [ 92.672866] Bluetooth: hci4: command tx timeout [ 92.673246] Bluetooth: hci6: command tx timeout [ 92.737181] Bluetooth: hci5: command tx timeout [ 92.864440] Bluetooth: hci3: command tx timeout [ 92.864892] Bluetooth: hci7: command tx timeout [ 94.592443] Bluetooth: hci0: command tx timeout [ 94.657774] Bluetooth: hci1: command tx timeout [ 94.720424] Bluetooth: hci2: command tx timeout [ 94.720823] Bluetooth: hci6: command tx timeout [ 94.721204] Bluetooth: hci4: command tx timeout [ 94.784544] Bluetooth: hci5: command tx timeout [ 94.912527] Bluetooth: hci3: command tx timeout [ 94.912938] Bluetooth: hci7: command tx timeout [ 96.641066] Bluetooth: hci0: command tx timeout [ 96.704553] Bluetooth: hci1: command tx timeout [ 96.768472] Bluetooth: hci4: command tx timeout [ 96.768888] Bluetooth: hci6: command tx timeout [ 96.769262] Bluetooth: hci2: command tx timeout [ 96.832414] Bluetooth: hci5: command tx timeout [ 96.961508] Bluetooth: hci7: command tx timeout [ 96.961931] Bluetooth: hci3: command tx timeout [ 125.764525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.765196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.911250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.911906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.081397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.082024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.321562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.322188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:38:45 executing program 7: ioprio_set$pid(0x2, 0x0, 0x2004) ioprio_get$pid(0x2, 0x0) 10:38:45 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) [ 126.502970] audit: type=1400 audit(1756723125.185:8): avc: denied { open } for pid=3736 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.507582] audit: type=1400 audit(1756723125.185:9): avc: denied { kernel } for pid=3736 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.543527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.544125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:38:45 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) [ 126.687416] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.688056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:38:45 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) 10:38:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) [ 126.781740] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.782751] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:38:45 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) 10:38:45 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) [ 126.958608] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.959246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:38:45 executing program 7: syz_emit_ethernet(0x136, &(0x7f00000001c0)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x100, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0x1d, "2a94000004ffbdaabb8cd5309bf220d0a49af1af9a2608a5f54f1971cf3d3ba94abd965ad3c687deca3eba10b52318114216a0dad2e5a23b2dd4153b6e8e60cf660a0201d21fa36a6aff628305dcc7bf2218c99d8813dd069b6bd7b1bbeaf381c6965646e78418be54db5eedf4c7e781ba79b112c040913a2088aff1c33cc139fc8708c9b09949c719e69fe6ad9f6c8faadf1048875ebcfca8cb62aa9bd062e32e551a70bd9176b560d98ea580a6ea18892dc6b50d5a20fc413ea5948a909387f73e28288cd1e4e12cdc744b48d1e2cdab6c6974408e73e66a0f446cd1a093d67fb1dd35f4f27a010b1c"}, {0x0, 0x0, "eb50"}]}}}}}}, 0x0) [ 127.829339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.829997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.958553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.959194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.404414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.405081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.484667] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.485287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.512814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.513440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.576584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.577217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.808149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.808841] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.835908] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.836537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:38:47 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x3c}, 0x2, @in=@empty, 0x0, 0x4}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 10:38:47 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) 10:38:47 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ipv6_route\x00') lseek(r0, 0x4, 0x4) 10:38:47 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) 10:38:47 executing program 7: syz_emit_ethernet(0x136, &(0x7f00000001c0)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x100, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0x1d, "2a94000004ffbdaabb8cd5309bf220d0a49af1af9a2608a5f54f1971cf3d3ba94abd965ad3c687deca3eba10b52318114216a0dad2e5a23b2dd4153b6e8e60cf660a0201d21fa36a6aff628305dcc7bf2218c99d8813dd069b6bd7b1bbeaf381c6965646e78418be54db5eedf4c7e781ba79b112c040913a2088aff1c33cc139fc8708c9b09949c719e69fe6ad9f6c8faadf1048875ebcfca8cb62aa9bd062e32e551a70bd9176b560d98ea580a6ea18892dc6b50d5a20fc413ea5948a909387f73e28288cd1e4e12cdc744b48d1e2cdab6c6974408e73e66a0f446cd1a093d67fb1dd35f4f27a010b1c"}, {0x0, 0x0, "eb50"}]}}}}}}, 0x0) 10:38:47 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140)="ee8d1584aff220e1b70587361d3dd224db4fc7ae4025ff82e8225391f3e84476be154b01214c7423842ef53a7e6d9c020865de5e3791c0d76b9ddb95000000000000000000009fe45caa70ee6dd44b5b8b3ddf57723d2ac7f37fcfe047d1f65c03eb3d6f466ab1df5a0fc0e2384470ed6e0c0eaef7695305315b28d97c0eddc2c16ebf4191b290aa095f24beec760b778b8d7374e3a493ffa7868438c417b213109e3f58ad7e1c17c8da317b6034eb5c7a4b8f134aed94894ed296687cf5b520321a2f92f011e00250d7995fe652792c8add45e7fa256c06e0c47d9e2f459432e9498c8dcfb6245b11ecd66ba922cf43240c701bac3e7c") 10:38:47 executing program 2: r0 = socket$inet(0x2, 0x80003, 0xff) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000080)=0x3, 0x4) sendto$inet(r0, &(0x7f00000000c0)="f9ef228853802bdb858bff046848ec6b1fd74b8ca5173303669c19f29e0c1c37a1ecb808", 0x24, 0x0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) 10:38:47 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {0xb}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) 10:38:47 executing program 2: r0 = socket$inet(0x2, 0x80003, 0xff) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000080)=0x3, 0x4) sendto$inet(r0, &(0x7f00000000c0)="f9ef228853802bdb858bff046848ec6b1fd74b8ca5173303669c19f29e0c1c37a1ecb808", 0x24, 0x0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) 10:38:47 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) 10:38:47 executing program 7: syz_emit_ethernet(0x136, &(0x7f00000001c0)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x100, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0x1d, "2a94000004ffbdaabb8cd5309bf220d0a49af1af9a2608a5f54f1971cf3d3ba94abd965ad3c687deca3eba10b52318114216a0dad2e5a23b2dd4153b6e8e60cf660a0201d21fa36a6aff628305dcc7bf2218c99d8813dd069b6bd7b1bbeaf381c6965646e78418be54db5eedf4c7e781ba79b112c040913a2088aff1c33cc139fc8708c9b09949c719e69fe6ad9f6c8faadf1048875ebcfca8cb62aa9bd062e32e551a70bd9176b560d98ea580a6ea18892dc6b50d5a20fc413ea5948a909387f73e28288cd1e4e12cdc744b48d1e2cdab6c6974408e73e66a0f446cd1a093d67fb1dd35f4f27a010b1c"}, {0x0, 0x0, "eb50"}]}}}}}}, 0x0) 10:38:47 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140)="ee8d1584aff220e1b70587361d3dd224db4fc7ae4025ff82e8225391f3e84476be154b01214c7423842ef53a7e6d9c020865de5e3791c0d76b9ddb95000000000000000000009fe45caa70ee6dd44b5b8b3ddf57723d2ac7f37fcfe047d1f65c03eb3d6f466ab1df5a0fc0e2384470ed6e0c0eaef7695305315b28d97c0eddc2c16ebf4191b290aa095f24beec760b778b8d7374e3a493ffa7868438c417b213109e3f58ad7e1c17c8da317b6034eb5c7a4b8f134aed94894ed296687cf5b520321a2f92f011e00250d7995fe652792c8add45e7fa256c06e0c47d9e2f459432e9498c8dcfb6245b11ecd66ba922cf43240c701bac3e7c") 10:38:47 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {0xb}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) 10:38:47 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) 10:38:47 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {0xb}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) 10:38:47 executing program 2: r0 = socket$inet(0x2, 0x80003, 0xff) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000080)=0x3, 0x4) sendto$inet(r0, &(0x7f00000000c0)="f9ef228853802bdb858bff046848ec6b1fd74b8ca5173303669c19f29e0c1c37a1ecb808", 0x24, 0x0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) [ 129.200434] kmemleak: Found object by alias at 0x607f1a63e6ac [ 129.200458] CPU: 0 UID: 0 PID: 3936 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.200477] Tainted: [W]=WARN [ 129.200481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.200488] Call Trace: [ 129.200492] [ 129.200497] dump_stack_lvl+0xca/0x120 [ 129.200529] __lookup_object+0x94/0xb0 [ 129.200547] delete_object_full+0x27/0x70 [ 129.200564] free_percpu+0x30/0x1160 [ 129.200582] ? arch_uprobe_clear_state+0x16/0x140 [ 129.200603] futex_hash_free+0x38/0xc0 [ 129.200618] mmput+0x2d3/0x390 [ 129.200637] do_exit+0x79d/0x2970 [ 129.200651] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.200666] ? zap_other_threads+0x2b9/0x3a0 [ 129.200683] ? __pfx_do_exit+0x10/0x10 [ 129.200697] ? do_group_exit+0x1c3/0x2a0 [ 129.200712] ? _raw_spin_unlock_irq+0x23/0x40 [ 129.200731] do_group_exit+0xd3/0x2a0 [ 129.200747] __x64_sys_exit_group+0x3e/0x50 [ 129.200761] x64_sys_call+0x18c5/0x18d0 [ 129.200777] do_syscall_64+0xbf/0x360 [ 129.200791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.200803] RIP: 0033:0x7febcd6e1b19 [ 129.200812] Code: Unable to access opcode bytes at 0x7febcd6e1aef. [ 129.200817] RSP: 002b:00007ffe3b4a3938 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 129.200830] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007febcd6e1b19 [ 129.200838] RDX: 00007febcd69472b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 129.200846] RBP: 0000000000000000 R08: 0000001b2cf24c68 R09: 0000000000000000 [ 129.200853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.200860] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe3b4a3a20 [ 129.200876] [ 129.200879] kmemleak: Object (percpu) 0x607f1a63e6a0 (size 16): [ 129.200886] kmemleak: comm "syz-executor.6", pid 287, jiffies 4294796055 [ 129.200894] kmemleak: min_count = 1 [ 129.200898] kmemleak: count = 0 [ 129.200902] kmemleak: flags = 0x21 [ 129.200906] kmemleak: checksum = 0 [ 129.200909] kmemleak: backtrace: [ 129.200913] pcpu_alloc_noprof+0x87a/0x1170 [ 129.200929] mm_init+0x99b/0x1170 [ 129.200937] copy_process+0x3ab7/0x73c0 [ 129.200948] kernel_clone+0xea/0x7f0 [ 129.200958] __do_sys_clone+0xce/0x120 [ 129.200968] do_syscall_64+0xbf/0x360 [ 129.200978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.294482] ------------[ cut here ]------------ [ 129.295073] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.6/287 [ 129.295971] Modules linked in: [ 129.296274] CPU: 1 UID: 0 PID: 287 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.298845] Tainted: [W]=WARN [ 129.299574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.301789] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 129.302906] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 129.305264] RSP: 0018:ffff888016c97c00 EFLAGS: 00010293 [ 129.305716] RAX: 0000000000000000 RBX: 1ffff11002d92f85 RCX: ffffffff81bfaf93 [ 129.306286] RDX: ffff888016165280 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 129.306871] RBP: ffff88801ebc16c0 R08: 0000000000000001 R09: 0000000000000000 [ 129.307456] R10: 00000000ffffffff R11: 0000000000000001 R12: ffff888016c97c68 [ 129.308007] R13: 00000000ffffffff R14: dead000000000100 R15: ffff88801ebc16c0 [ 129.308554] FS: 00005555645fb400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 129.309151] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.309608] CR2: 00007fbf4f8d33a4 CR3: 0000000044bdc000 CR4: 0000000000350ef0 [ 129.310139] Call Trace: [ 129.310336] [ 129.310530] ? __pfx_autoremove_wake_function+0x10/0x10 [ 129.310938] ? __pfx_mntput_no_expire+0x10/0x10 [ 129.311297] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 129.311670] ? shrink_dentry_list+0x1a/0x650 [ 129.312019] ? up_write+0x195/0x520 [ 129.312305] namespace_unlock+0x7f1/0x810 [ 129.312647] ? __pfx_namespace_unlock+0x10/0x10 [ 129.313007] ? find_held_lock+0x2b/0x80 [ 129.313317] ? lock_release+0xc8/0x290 [ 129.313637] path_umount+0x6a4/0x1100 [ 129.313927] ? kmem_cache_free+0x2a1/0x540 [ 129.314248] ? __pfx_path_umount+0x10/0x10 [ 129.314586] ? putname.part.0+0x11b/0x160 [ 129.314908] __x64_sys_umount+0x15c/0x190 [ 129.315221] ? __pfx___x64_sys_umount+0x10/0x10 [ 129.315598] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 129.316001] do_syscall_64+0xbf/0x360 [ 129.316293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.316699] RIP: 0033:0x7fd1444d0f87 [ 129.316982] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.318331] RSP: 002b:00007ffc23847e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 129.318911] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007fd1444d0f87 [ 129.319453] RDX: 00007ffc23847ee9 RSI: 000000000000000a RDI: 00007ffc23847ee0 [ 129.319986] RBP: 00007ffc23847ee0 R08: 00000000ffffffff R09: 00007ffc23847cb0 [ 129.320532] R10: 00005555645fcc7b R11: 0000000000000246 R12: 00007fd144529105 [ 129.321060] R13: 00007ffc23848fa0 R14: 00005555645fcc20 R15: 00007ffc23848fe0 [ 129.321612] [ 129.321793] irq event stamp: 150565 [ 129.322061] hardirqs last enabled at (150573): [] __up_console_sem+0x78/0x80 [ 129.322721] hardirqs last disabled at (150582): [] __up_console_sem+0x5d/0x80 [ 129.323379] softirqs last enabled at (150202): [] handle_softirqs+0x50c/0x770 [ 129.324036] softirqs last disabled at (150179): [] __irq_exit_rcu+0xc4/0x100 [ 129.324692] ---[ end trace 0000000000000000 ]--- 10:38:47 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {0xb}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) 10:38:48 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x2c, r1, 0x1, 0x0, 0x0, {0xb}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}}, 0x0) 10:38:48 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000140)="ee8d1584aff220e1b70587361d3dd224db4fc7ae4025ff82e8225391f3e84476be154b01214c7423842ef53a7e6d9c020865de5e3791c0d76b9ddb95000000000000000000009fe45caa70ee6dd44b5b8b3ddf57723d2ac7f37fcfe047d1f65c03eb3d6f466ab1df5a0fc0e2384470ed6e0c0eaef7695305315b28d97c0eddc2c16ebf4191b290aa095f24beec760b778b8d7374e3a493ffa7868438c417b213109e3f58ad7e1c17c8da317b6034eb5c7a4b8f134aed94894ed296687cf5b520321a2f92f011e00250d7995fe652792c8add45e7fa256c06e0c47d9e2f459432e9498c8dcfb6245b11ecd66ba922cf43240c701bac3e7c") 10:38:48 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) 10:38:48 executing program 1: r0 = io_uring_setup(0x3e96, &(0x7f0000000140)) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10:38:48 executing program 7: syz_emit_ethernet(0x136, &(0x7f00000001c0)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x100, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0x1d, "2a94000004ffbdaabb8cd5309bf220d0a49af1af9a2608a5f54f1971cf3d3ba94abd965ad3c687deca3eba10b52318114216a0dad2e5a23b2dd4153b6e8e60cf660a0201d21fa36a6aff628305dcc7bf2218c99d8813dd069b6bd7b1bbeaf381c6965646e78418be54db5eedf4c7e781ba79b112c040913a2088aff1c33cc139fc8708c9b09949c719e69fe6ad9f6c8faadf1048875ebcfca8cb62aa9bd062e32e551a70bd9176b560d98ea580a6ea18892dc6b50d5a20fc413ea5948a909387f73e28288cd1e4e12cdc744b48d1e2cdab6c6974408e73e66a0f446cd1a093d67fb1dd35f4f27a010b1c"}, {0x0, 0x0, "eb50"}]}}}}}}, 0x0) 10:38:48 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2) [ 129.350092] ------------[ cut here ]------------ [ 129.350612] WARNING: fs/namespace.c:1434 at mntput_no_expire+0x78e/0xbe0, CPU#1: syz-executor.6/287 [ 129.351347] Modules linked in: [ 129.351642] CPU: 1 UID: 0 PID: 287 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.352612] Tainted: [W]=WARN [ 129.352869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.353558] RIP: 0010:mntput_no_expire+0x78e/0xbe0 [ 129.353971] Code: 05 d6 30 81 04 01 e8 71 df 91 ff e9 41 fc ff ff e8 27 47 b4 ff 31 ff 44 89 ee e8 4d 42 b4 ff 45 85 ed 79 09 e8 13 47 b4 ff 90 <0f> 0b 90 e8 0a 47 b4 ff e8 b5 2d fc 02 31 ff 89 c5 89 c6 e8 2a 42 [ 129.355433] RSP: 0018:ffff888016c97ce0 EFLAGS: 00010293 [ 129.355871] RAX: 0000000000000000 RBX: 1ffff11002d92fa1 RCX: ffffffff81bfaf93 [ 129.356467] RDX: ffff888016165280 RSI: ffffffff81bfaf9d RDI: 0000000000000005 [ 129.357037] RBP: ffff88801ebc16c0 R08: 0000000000000001 R09: 0000000000000000 [ 129.357621] R10: 00000000fffffffe R11: 0000000000000001 R12: ffff888016c97d48 [ 129.358186] R13: 00000000fffffffe R14: ffff88801ebc16c0 R15: ffff88801ebc17a8 [ 129.358772] FS: 00005555645fb400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 129.359430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.359911] CR2: 00007fc7f8a45750 CR3: 0000000044bdc000 CR4: 0000000000350ef0 [ 129.360502] Call Trace: [ 129.360717] [ 129.360908] ? __pfx_mntput_no_expire+0x10/0x10 [ 129.361290] ? dput.part.0+0xce/0x930 [ 129.361648] ? lock_release+0xc8/0x290 [ 129.361979] path_umount+0x6e0/0x1100 [ 129.362292] ? kmem_cache_free+0x2a1/0x540 [ 129.362658] ? __pfx_path_umount+0x10/0x10 [ 129.363004] ? putname.part.0+0x11b/0x160 [ 129.363346] __x64_sys_umount+0x15c/0x190 [ 129.363706] ? __pfx___x64_sys_umount+0x10/0x10 [ 129.364091] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 129.364537] do_syscall_64+0xbf/0x360 [ 129.364852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.365267] RIP: 0033:0x7fd1444d0f87 [ 129.365589] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.367059] RSP: 002b:00007ffc23847e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 129.367693] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007fd1444d0f87 [ 129.368278] RDX: 00007ffc23847ee9 RSI: 000000000000000a RDI: 00007ffc23847ee0 [ 129.368870] RBP: 00007ffc23847ee0 R08: 00000000ffffffff R09: 00007ffc23847cb0 [ 129.369471] R10: 00005555645fcc7b R11: 0000000000000246 R12: 00007fd144529105 [ 129.370057] R13: 00007ffc23848fa0 R14: 00005555645fcc20 R15: 00007ffc23848fe0 [ 129.370666] [ 129.370864] irq event stamp: 151085 [ 129.371157] hardirqs last enabled at (151093): [] __up_console_sem+0x78/0x80 [ 129.371910] hardirqs last disabled at (151102): [] __up_console_sem+0x5d/0x80 [ 129.372631] softirqs last enabled at (151074): [] handle_softirqs+0x50c/0x770 [ 129.373343] softirqs last disabled at (151061): [] __irq_exit_rcu+0xc4/0x100 [ 129.374056] ---[ end trace 0000000000000000 ]--- 10:38:48 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x40082406, 0x0) [ 129.405199] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 129.407034] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 129.408210] CPU: 0 UID: 0 PID: 3962 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.410161] Tainted: [W]=WARN [ 129.410618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.411812] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.412576] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.415368] RSP: 0018:ffff888046967780 EFLAGS: 00010012 [ 129.416361] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000764c000 [ 129.417482] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.418641] RBP: ffff8880469679f0 R08: ffff88806ce31340 R09: ffffe8ffffc166a0 [ 129.419789] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.420842] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 129.422113] FS: 00007eff45a95700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.423275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.424323] CR2: 00007eff48633018 CR3: 000000001dac3000 CR4: 0000000000350ef0 [ 129.425423] Call Trace: [ 129.425820] [ 129.426198] ? __pfx_perf_tp_event+0x10/0x10 [ 129.427035] ? __pfx_ipv6_rcv+0x10/0x10 [ 129.427692] ? __netif_receive_skb_one_core+0x135/0x1e0 [ 129.428492] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 129.429458] ? lock_acquire+0x15e/0x2f0 [ 129.430179] ? find_held_lock+0x2b/0x80 [ 129.430772] ? netif_receive_skb+0x150/0x720 [ 129.431546] ? lock_release+0xc8/0x290 [ 129.432238] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.433085] ? netif_receive_skb+0x1ae/0x720 [ 129.433852] ? __pfx_netif_receive_skb+0x10/0x10 [ 129.434695] ? tun_rx_batched.isra.0+0x468/0x710 [ 129.435398] ? __local_bh_enable_ip+0xa1/0x110 [ 129.436210] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.437057] perf_trace_run_bpf_submit+0xef/0x180 [ 129.437892] perf_trace_preemptirq_template+0x259/0x430 [ 129.438772] ? trace_sched_set_need_resched_tp+0xd4/0x110 [ 129.439579] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.440434] ? __pfx___resched_curr+0x10/0x10 [ 129.441107] ? find_held_lock+0x2b/0x80 [ 129.441708] ? try_to_wake_up+0x8ae/0x11d0 [ 129.442341] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 129.443080] trace_irq_enable.constprop.0+0xa6/0x100 [ 129.443911] trace_hardirqs_on+0x26/0x40 [ 129.444644] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 129.445377] try_to_wake_up+0x8ae/0x11d0 [ 129.446110] ? __pfx_try_to_wake_up+0x10/0x10 [ 129.446890] ? plist_del+0x122/0x270 [ 129.447456] ? find_held_lock+0x2b/0x80 [ 129.448143] ? futex_wake+0x474/0x540 [ 129.448858] wake_up_q+0xa1/0x130 [ 129.449401] futex_wake+0x47e/0x540 [ 129.449949] ? __pfx_futex_wake+0x10/0x10 [ 129.450562] ? vfs_write+0x169/0x1150 [ 129.451264] do_futex+0x26d/0x370 [ 129.451818] ? __pfx_do_futex+0x10/0x10 [ 129.452409] __x64_sys_futex+0x1c9/0x4d0 [ 129.453008] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.453856] ? fput+0x6a/0x100 [ 129.454334] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.454994] ? ksys_write+0x1a3/0x240 [ 129.455555] ? __pfx_ksys_write+0x10/0x10 [ 129.456163] do_syscall_64+0xbf/0x360 [ 129.456722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.457458] RIP: 0033:0x7eff4851fb19 [ 129.457999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.460573] RSP: 002b:00007eff45a95218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.461649] RAX: ffffffffffffffda RBX: 00007eff48632f68 RCX: 00007eff4851fb19 [ 129.462661] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007eff48632f6c [ 129.463682] RBP: 00007eff48632f60 R08: 000000000000000e R09: 0000000000000000 [ 129.464734] R10: 0000000000000136 R11: 0000000000000246 R12: 00007eff48632f6c [ 129.465750] R13: 00007ffedca4d78f R14: 00007eff45a95300 R15: 0000000000022000 [ 129.466778] [ 129.467119] Modules linked in: [ 129.467590] ---[ end trace 0000000000000000 ]--- [ 129.468274] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.468953] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.471547] RSP: 0018:ffff888046967780 EFLAGS: 00010012 [ 129.472302] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000764c000 [ 129.473277] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.474255] RBP: ffff8880469679f0 R08: ffff88806ce31340 R09: ffffe8ffffc166a0 [ 129.475233] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.476228] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 129.477237] FS: 00007eff45a95700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.478339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.479157] CR2: 00007eff48633018 CR3: 000000001dac3000 CR4: 0000000000350ef0 [ 129.480179] note: syz-executor.7[3962] exited with irqs disabled [ 129.481121] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 129.482670] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 129.483718] CPU: 0 UID: 0 PID: 3962 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 129.485382] Tainted: [D]=DIE, [W]=WARN [ 129.485919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 129.487053] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.487717] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.490212] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 129.490949] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 129.491948] RDX: ffff888045619b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.492932] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc166a0 [ 129.493908] R10: 0000000000000000 R11: ffff88800b4a8098 R12: dffffc0000000000 [ 129.494906] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 129.495909] FS: 00007eff45a95700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.497016] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.497825] CR2: 00007eff48633018 CR3: 000000001dac3000 CR4: 0000000000350ef0 [ 129.498811] Call Trace: [ 129.499176] [ 129.499492] ? __pfx_perf_tp_event+0x10/0x10 [ 129.500132] ? enqueue_task_fair+0xded/0x1e00 [ 129.500774] ? do_raw_spin_lock+0x123/0x260 [ 129.501385] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.502054] ? lock_acquire+0x18c/0x2f0 [ 129.502619] ? lock_release+0x1c7/0x290 [ 129.503183] ? do_raw_spin_unlock+0x53/0x220 [ 129.503821] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 129.504545] ? try_to_wake_up+0x128/0x11d0 [ 129.505153] ? do_raw_spin_lock+0x123/0x260 [ 129.505765] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 129.506431] ? perf_trace_run_bpf_submit+0xef/0x180 [ 129.507137] perf_trace_run_bpf_submit+0xef/0x180 [ 129.507836] perf_trace_preemptirq_template+0x259/0x430 [ 129.508582] ? read_tsc+0x9/0x20 [ 129.509072] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 129.509886] ? clockevents_program_event+0x135/0x360 [ 129.510597] ? tick_program_event+0xac/0x140 [ 129.511212] ? handle_softirqs+0x16e/0x770 [ 129.511831] trace_irq_enable.constprop.0+0xa6/0x100 [ 129.512543] trace_hardirqs_on+0x26/0x40 [ 129.513116] handle_softirqs+0x16e/0x770 [ 129.513707] __irq_exit_rcu+0xc4/0x100 [ 129.514263] irq_exit_rcu+0x9/0x20 [ 129.514766] sysvec_apic_timer_interrupt+0x70/0x80 [ 129.515468] [ 129.515797] [ 129.516117] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 129.516851] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 129.517506] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 129.519984] RSP: 0018:ffff888046967f28 EFLAGS: 00000246 [ 129.520723] RAX: 0000000000000001 RBX: ffff888045619b80 RCX: ffffffff817c3ab6 [ 129.521691] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 129.522677] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 129.523669] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888045619b80 [ 129.524654] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 129.525637] ? trace_irq_enable.constprop.0+0x26/0x100 [ 129.526378] ? make_task_dead+0x214/0x3b0 [ 129.526966] ? make_task_dead+0x214/0x3b0 [ 129.527561] ? do_syscall_64+0xbf/0x360 [ 129.528125] rewind_stack_and_make_dead+0x16/0x20 [ 129.528803] RIP: 0033:0x7eff4851fb19 [ 129.529323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.531804] RSP: 002b:00007eff45a95218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.532850] RAX: ffffffffffffffda RBX: 00007eff48632f68 RCX: 00007eff4851fb19 [ 129.533838] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007eff48632f6c [ 129.534812] RBP: 00007eff48632f60 R08: 000000000000000e R09: 0000000000000000 [ 129.535815] R10: 0000000000000136 R11: 0000000000000246 R12: 00007eff48632f6c [ 129.536790] R13: 00007ffedca4d78f R14: 00007eff45a95300 R15: 0000000000022000 [ 129.537774] [ 129.538110] Modules linked in: [ 129.538561] ---[ end trace 0000000000000000 ]--- [ 129.539211] RIP: 0010:perf_tp_event+0x175/0xe70 [ 129.539888] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 129.542433] RSP: 0018:ffff888046967780 EFLAGS: 00010012 [ 129.543190] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000764c000 [ 129.544196] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 129.545190] RBP: ffff8880469679f0 R08: ffff88806ce31340 R09: ffffe8ffffc166a0 [ 129.546181] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 129.547180] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 129.548178] FS: 00007eff45a95700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 129.549308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.550120] CR2: 00007eff48633018 CR3: 000000001dac3000 CR4: 0000000000350ef0 [ 129.551113] Kernel panic - not syncing: Fatal exception in interrupt [ 129.552238] Kernel Offset: disabled [ 129.552753] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:38:48 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000100 RCX=ffffffff81b98698 RDX=ffff888017915280 RSI=ffffffff81b98663 RDI=0000000000000001 RBP=ffff888016e37a98 RSP=ffff888016e37a08 R8 =0000000000000001 R9 =ffffffff81b97d93 R10=0000000000000001 R11=0000000000000001 R12=ffff888016e37c74 R13=0000000000000793 R14=ffff888016e37c38 R15=0000000000000001 RIP=ffffffff81b98665 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb84b6888c0 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c00065f000 CR3=000000000e24e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00000000000000006c6175747269762f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000561c1dc440900000561c1dc6d6d0 XMM06=0000561c1dc0e2600000000000000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016c974d0 R8 =0000000000000000 R9 =ffffed10014e5046 R10=0000000000000064 R11=0000000000000001 R12=0000000000000064 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555645fb400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbf4f8d33a4 CR3=0000000044bdc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000