Warning: Permanently added '[localhost]:27039' (ECDSA) to the list of known hosts. 2024/10/17 00:15:48 fuzzer started 2024/10/17 00:15:48 dialing manager at localhost:46303 syzkaller login: [ 63.704344] cgroup: Unknown subsys name 'net' [ 63.769960] cgroup: Unknown subsys name 'cpuset' [ 63.785365] cgroup: Unknown subsys name 'rlimit' 2024/10/17 00:16:07 syscalls: 2217 2024/10/17 00:16:07 code coverage: enabled 2024/10/17 00:16:07 comparison tracing: enabled 2024/10/17 00:16:07 extra coverage: enabled 2024/10/17 00:16:07 setuid sandbox: enabled 2024/10/17 00:16:07 namespace sandbox: enabled 2024/10/17 00:16:07 Android sandbox: enabled 2024/10/17 00:16:07 fault injection: enabled 2024/10/17 00:16:07 leak checking: enabled 2024/10/17 00:16:07 net packet injection: enabled 2024/10/17 00:16:07 net device setup: enabled 2024/10/17 00:16:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/10/17 00:16:07 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/10/17 00:16:07 USB emulation: enabled 2024/10/17 00:16:07 hci packet injection: enabled 2024/10/17 00:16:07 wifi device emulation: enabled 2024/10/17 00:16:07 802.15.4 emulation: enabled 2024/10/17 00:16:07 fetching corpus: 0, signal 0/2000 (executing program) 2024/10/17 00:16:08 fetching corpus: 48, signal 18517/22062 (executing program) 2024/10/17 00:16:08 fetching corpus: 98, signal 23308/28445 (executing program) 2024/10/17 00:16:08 fetching corpus: 148, signal 34371/40645 (executing program) 2024/10/17 00:16:08 fetching corpus: 198, signal 44947/52139 (executing program) 2024/10/17 00:16:08 fetching corpus: 248, signal 49503/57833 (executing program) 2024/10/17 00:16:08 fetching corpus: 298, signal 54910/64140 (executing program) 2024/10/17 00:16:08 fetching corpus: 348, signal 58342/68575 (executing program) 2024/10/17 00:16:08 fetching corpus: 398, signal 64451/75243 (executing program) 2024/10/17 00:16:08 fetching corpus: 448, signal 67440/79080 (executing program) 2024/10/17 00:16:08 fetching corpus: 498, signal 70054/82556 (executing program) 2024/10/17 00:16:08 fetching corpus: 548, signal 73387/86536 (executing program) 2024/10/17 00:16:09 fetching corpus: 598, signal 76700/90477 (executing program) 2024/10/17 00:16:09 fetching corpus: 648, signal 78529/93033 (executing program) 2024/10/17 00:16:09 fetching corpus: 698, signal 80573/95692 (executing program) 2024/10/17 00:16:09 fetching corpus: 748, signal 83617/99095 (executing program) 2024/10/17 00:16:09 fetching corpus: 798, signal 86474/102312 (executing program) 2024/10/17 00:16:09 fetching corpus: 848, signal 88685/104923 (executing program) 2024/10/17 00:16:09 fetching corpus: 898, signal 91454/107934 (executing program) 2024/10/17 00:16:09 fetching corpus: 948, signal 93978/110687 (executing program) 2024/10/17 00:16:09 fetching corpus: 998, signal 95866/112944 (executing program) 2024/10/17 00:16:09 fetching corpus: 1048, signal 97739/115069 (executing program) 2024/10/17 00:16:10 fetching corpus: 1098, signal 99099/116836 (executing program) 2024/10/17 00:16:10 fetching corpus: 1148, signal 100627/118719 (executing program) 2024/10/17 00:16:10 fetching corpus: 1197, signal 101814/120261 (executing program) 2024/10/17 00:16:10 fetching corpus: 1247, signal 103047/121800 (executing program) 2024/10/17 00:16:10 fetching corpus: 1297, signal 103730/123000 (executing program) 2024/10/17 00:16:10 fetching corpus: 1347, signal 104588/124262 (executing program) 2024/10/17 00:16:10 fetching corpus: 1396, signal 106176/125976 (executing program) 2024/10/17 00:16:10 fetching corpus: 1446, signal 107320/127398 (executing program) 2024/10/17 00:16:10 fetching corpus: 1496, signal 108277/128675 (executing program) 2024/10/17 00:16:10 fetching corpus: 1546, signal 109184/129918 (executing program) 2024/10/17 00:16:10 fetching corpus: 1596, signal 111032/131664 (executing program) 2024/10/17 00:16:11 fetching corpus: 1646, signal 113753/133836 (executing program) 2024/10/17 00:16:11 fetching corpus: 1696, signal 114938/135086 (executing program) 2024/10/17 00:16:11 fetching corpus: 1746, signal 115810/136153 (executing program) 2024/10/17 00:16:11 fetching corpus: 1796, signal 116820/137294 (executing program) 2024/10/17 00:16:11 fetching corpus: 1846, signal 118774/138866 (executing program) 2024/10/17 00:16:11 fetching corpus: 1896, signal 119803/139910 (executing program) 2024/10/17 00:16:11 fetching corpus: 1946, signal 120466/140747 (executing program) 2024/10/17 00:16:11 fetching corpus: 1996, signal 121400/141812 (executing program) 2024/10/17 00:16:11 fetching corpus: 2046, signal 121848/142522 (executing program) 2024/10/17 00:16:11 fetching corpus: 2096, signal 122755/143410 (executing program) 2024/10/17 00:16:12 fetching corpus: 2146, signal 123974/144457 (executing program) 2024/10/17 00:16:12 fetching corpus: 2196, signal 124819/145309 (executing program) 2024/10/17 00:16:12 fetching corpus: 2246, signal 125515/146056 (executing program) 2024/10/17 00:16:12 fetching corpus: 2296, signal 126402/146879 (executing program) 2024/10/17 00:16:12 fetching corpus: 2345, signal 127502/147719 (executing program) 2024/10/17 00:16:12 fetching corpus: 2395, signal 128059/148342 (executing program) 2024/10/17 00:16:12 fetching corpus: 2445, signal 128705/149012 (executing program) 2024/10/17 00:16:12 fetching corpus: 2495, signal 129438/149655 (executing program) 2024/10/17 00:16:12 fetching corpus: 2545, signal 130094/150267 (executing program) 2024/10/17 00:16:13 fetching corpus: 2595, signal 130877/150931 (executing program) 2024/10/17 00:16:13 fetching corpus: 2645, signal 131564/151528 (executing program) 2024/10/17 00:16:13 fetching corpus: 2695, signal 132304/152128 (executing program) 2024/10/17 00:16:13 fetching corpus: 2745, signal 132868/152627 (executing program) 2024/10/17 00:16:13 fetching corpus: 2795, signal 133635/153214 (executing program) 2024/10/17 00:16:13 fetching corpus: 2845, signal 134069/153666 (executing program) 2024/10/17 00:16:13 fetching corpus: 2895, signal 134792/154187 (executing program) 2024/10/17 00:16:13 fetching corpus: 2945, signal 135350/154652 (executing program) 2024/10/17 00:16:13 fetching corpus: 2995, signal 135694/155058 (executing program) 2024/10/17 00:16:13 fetching corpus: 3045, signal 136190/155533 (executing program) 2024/10/17 00:16:14 fetching corpus: 3095, signal 136783/155979 (executing program) 2024/10/17 00:16:14 fetching corpus: 3145, signal 137278/156374 (executing program) 2024/10/17 00:16:14 fetching corpus: 3195, signal 137577/156702 (executing program) 2024/10/17 00:16:14 fetching corpus: 3245, signal 137976/157071 (executing program) 2024/10/17 00:16:14 fetching corpus: 3295, signal 138474/157456 (executing program) 2024/10/17 00:16:14 fetching corpus: 3345, signal 139144/157847 (executing program) 2024/10/17 00:16:14 fetching corpus: 3395, signal 139565/158174 (executing program) 2024/10/17 00:16:14 fetching corpus: 3445, signal 139929/158502 (executing program) 2024/10/17 00:16:14 fetching corpus: 3495, signal 140268/158790 (executing program) 2024/10/17 00:16:14 fetching corpus: 3545, signal 140645/159139 (executing program) 2024/10/17 00:16:15 fetching corpus: 3595, signal 141252/159507 (executing program) 2024/10/17 00:16:15 fetching corpus: 3645, signal 141508/159769 (executing program) 2024/10/17 00:16:15 fetching corpus: 3695, signal 142295/160067 (executing program) 2024/10/17 00:16:15 fetching corpus: 3745, signal 142613/160303 (executing program) 2024/10/17 00:16:15 fetching corpus: 3795, signal 143117/160548 (executing program) 2024/10/17 00:16:15 fetching corpus: 3845, signal 143618/160804 (executing program) 2024/10/17 00:16:15 fetching corpus: 3895, signal 144195/161062 (executing program) 2024/10/17 00:16:15 fetching corpus: 3945, signal 144703/161291 (executing program) 2024/10/17 00:16:15 fetching corpus: 3995, signal 145081/161477 (executing program) 2024/10/17 00:16:15 fetching corpus: 4045, signal 145442/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4095, signal 146215/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4145, signal 146792/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4195, signal 147146/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4245, signal 147736/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4295, signal 148133/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4345, signal 148422/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4395, signal 148717/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4445, signal 149487/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4495, signal 149958/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4545, signal 150316/161477 (executing program) 2024/10/17 00:16:16 fetching corpus: 4595, signal 150964/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4645, signal 151509/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4695, signal 151842/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4745, signal 152178/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4795, signal 152515/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4845, signal 152941/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4895, signal 153331/161477 (executing program) 2024/10/17 00:16:17 fetching corpus: 4945, signal 153635/161478 (executing program) 2024/10/17 00:16:17 fetching corpus: 4995, signal 153959/161478 (executing program) 2024/10/17 00:16:17 fetching corpus: 5045, signal 154279/161478 (executing program) 2024/10/17 00:16:17 fetching corpus: 5095, signal 154568/161478 (executing program) 2024/10/17 00:16:18 fetching corpus: 5145, signal 154953/161480 (executing program) 2024/10/17 00:16:18 fetching corpus: 5195, signal 155406/161480 (executing program) 2024/10/17 00:16:18 fetching corpus: 5245, signal 155776/161480 (executing program) 2024/10/17 00:16:18 fetching corpus: 5295, signal 156392/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5345, signal 156825/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5395, signal 157095/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5445, signal 157413/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5495, signal 157781/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5545, signal 158162/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5595, signal 158453/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5645, signal 158835/161481 (executing program) 2024/10/17 00:16:18 fetching corpus: 5695, signal 159280/161481 (executing program) 2024/10/17 00:16:19 fetching corpus: 5745, signal 159673/161481 (executing program) 2024/10/17 00:16:19 fetching corpus: 5795, signal 160020/161481 (executing program) 2024/10/17 00:16:19 fetching corpus: 5845, signal 160394/161481 (executing program) 2024/10/17 00:16:19 fetching corpus: 5888, signal 160592/161482 (executing program) 2024/10/17 00:16:19 fetching corpus: 5888, signal 160592/161482 (executing program) 2024/10/17 00:16:21 starting 8 fuzzer processes 00:16:21 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:16:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0xa, &(0x7f0000000000), 0x4) 00:16:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89fc, &(0x7f0000000040)={'lo\x00'}) [ 95.058475] audit: type=1400 audit(1729124181.707:7): avc: denied { execmem } for pid=270 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 00:16:21 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0) pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) 00:16:21 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x2) 00:16:21 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x0, 0x0) openat(r0, &(0x7f0000000440)='./file1\x00', 0x0, 0x0) setsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0), 0x4) openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x1, &(0x7f00000002c0)) perf_event_open(0x0, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, 0x0, 0x503002, 0x110) mknod$loop(&(0x7f00000001c0)='./file1\x00', 0x1, 0x0) getpid() ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x40086602, &(0x7f0000001500)) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r1, &(0x7f0000000080)="01", 0x292e9) 00:16:21 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:16:21 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000140), 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2) [ 96.419973] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.423744] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.424710] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.427845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.431513] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 96.434903] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.492160] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.495254] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.497769] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.498924] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.500687] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.502169] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.511796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.513709] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.515922] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 96.518987] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 96.519764] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.521145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.554046] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 96.557904] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 96.566734] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 96.567748] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 96.569850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 96.571158] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 96.572631] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.578419] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 96.582666] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 96.588038] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 96.589189] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 96.589866] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.594667] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 96.599019] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 96.601089] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 96.603004] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 96.628112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.632237] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 96.642332] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.646720] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.648991] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 96.654432] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 96.656079] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 96.658016] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 96.659827] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 96.666229] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 96.668482] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 96.670994] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.678219] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 96.679412] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 98.524746] Bluetooth: hci0: command tx timeout [ 98.579636] Bluetooth: hci2: command tx timeout [ 98.580140] Bluetooth: hci1: command tx timeout [ 98.643828] Bluetooth: hci4: command tx timeout [ 98.644292] Bluetooth: hci7: command tx timeout [ 98.707595] Bluetooth: hci6: command tx timeout [ 98.771600] Bluetooth: hci3: command tx timeout [ 98.772070] Bluetooth: hci5: command tx timeout [ 100.563628] Bluetooth: hci0: command tx timeout [ 100.627685] Bluetooth: hci1: command tx timeout [ 100.627995] Bluetooth: hci2: command tx timeout [ 100.691604] Bluetooth: hci7: command tx timeout [ 100.691904] Bluetooth: hci4: command tx timeout [ 100.755646] Bluetooth: hci6: command tx timeout [ 100.819975] Bluetooth: hci5: command tx timeout [ 100.820311] Bluetooth: hci3: command tx timeout [ 102.612189] Bluetooth: hci0: command tx timeout [ 102.675710] Bluetooth: hci1: command tx timeout [ 102.676062] Bluetooth: hci2: command tx timeout [ 102.739706] Bluetooth: hci7: command tx timeout [ 102.740060] Bluetooth: hci4: command tx timeout [ 102.804592] Bluetooth: hci6: command tx timeout [ 102.867721] Bluetooth: hci5: command tx timeout [ 102.868071] Bluetooth: hci3: command tx timeout [ 104.659803] Bluetooth: hci0: command tx timeout [ 104.723621] Bluetooth: hci2: command tx timeout [ 104.723961] Bluetooth: hci1: command tx timeout [ 104.787641] Bluetooth: hci4: command tx timeout [ 104.787986] Bluetooth: hci7: command tx timeout [ 104.851720] Bluetooth: hci6: command tx timeout [ 104.915847] Bluetooth: hci3: command tx timeout [ 104.916203] Bluetooth: hci5: command tx timeout [ 153.350177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.350794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.567449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.568342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.856607] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.857097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.102016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.102544] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.387564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.388060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.514478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.515072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.729589] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.730075] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.827991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.828465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.952785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.953301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 00:17:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0xa, &(0x7f0000000000), 0x4) 00:17:21 executing program 5: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$security_selinux(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000040)='system_u:object_r:nvram_device_t:s0\x00', 0x21, 0x0) [ 155.188357] SELinux: Context system_u:object_r:nvram_device_t: is not valid (left unmapped). 00:17:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0xa, &(0x7f0000000000), 0x4) 00:17:21 executing program 5: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$security_selinux(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000040)='system_u:object_r:nvram_device_t:s0\x00', 0x21, 0x0) [ 155.319424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.319925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 00:17:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0xa, &(0x7f0000000000), 0x4) 00:17:22 executing program 5: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$security_selinux(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000040)='system_u:object_r:nvram_device_t:s0\x00', 0x21, 0x0) 00:17:22 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) sendto(r0, &(0x7f00000000c0)="1ddcf3cf408fd5390800000088a83755bb2c", 0x12, 0x0, &(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x3}, 0x80) 00:17:22 executing program 5: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$security_selinux(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000040)='system_u:object_r:nvram_device_t:s0\x00', 0x21, 0x0) [ 155.925600] syz-executor.6 (285) used greatest stack depth: 23504 bytes left [ 158.565100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 158.569961] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 158.573314] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 158.577974] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 158.582615] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 158.584179] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 158.640133] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 158.644030] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 158.654131] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 158.659194] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 158.680864] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 158.689180] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 158.709887] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 158.730971] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 158.732764] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 158.750112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 158.755640] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 158.758135] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 158.774258] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 158.785460] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 158.797914] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 158.835949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 158.840065] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 158.852984] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 158.862716] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 158.871049] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 158.874387] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 158.891234] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 158.915701] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 158.945063] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 158.972244] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 158.980092] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 158.984024] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 158.997695] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 158.998996] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 159.003061] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 160.660824] Bluetooth: hci0: command tx timeout [ 160.724799] Bluetooth: hci2: command tx timeout [ 160.851607] Bluetooth: hci3: command tx timeout [ 161.044618] Bluetooth: hci4: command tx timeout [ 161.108025] Bluetooth: hci5: command tx timeout [ 161.108889] Bluetooth: hci7: command tx timeout [ 162.708596] Bluetooth: hci0: command tx timeout [ 162.772724] Bluetooth: hci2: command tx timeout [ 162.900721] Bluetooth: hci3: command tx timeout [ 163.092679] Bluetooth: hci4: command tx timeout [ 163.158392] Bluetooth: hci5: command tx timeout [ 163.158827] Bluetooth: hci7: command tx timeout [ 164.756787] Bluetooth: hci0: command tx timeout [ 164.819785] Bluetooth: hci2: command tx timeout [ 164.947604] Bluetooth: hci3: command tx timeout [ 165.140669] Bluetooth: hci4: command tx timeout [ 165.205557] Bluetooth: hci7: command tx timeout [ 165.205954] Bluetooth: hci5: command tx timeout [ 166.804669] Bluetooth: hci0: command tx timeout [ 166.868664] Bluetooth: hci2: command tx timeout [ 166.997236] Bluetooth: hci3: command tx timeout [ 167.189381] Bluetooth: hci4: command tx timeout [ 167.254362] Bluetooth: hci5: command tx timeout [ 167.254739] Bluetooth: hci7: command tx timeout [ 199.910536] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.911394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.243679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.244685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.806349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.807238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.888553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.889040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.947439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.947912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.995226] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.995725] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.052464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.053044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.106464] audit: type=1400 audit(1729124287.753:8): avc: denied { open } for pid=6599 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 201.110759] audit: type=1400 audit(1729124287.754:9): avc: denied { kernel } for pid=6599 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 201.180794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.181711] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.198245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.198774] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.386667] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.387142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.450667] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.451114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.614066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.614868] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.136463] hrtimer: interrupt took 38562 ns 00:18:09 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:18:09 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000140), 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2) 00:18:09 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) sendto(r0, &(0x7f00000000c0)="1ddcf3cf408fd5390800000088a83755bb2c", 0x12, 0x0, &(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x3}, 0x80) 00:18:09 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) ioctl$sock_bt_hci(r1, 0x800448d4, &(0x7f0000000000)) 00:18:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0) pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) 00:18:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89fc, &(0x7f0000000040)={'lo\x00'}) 00:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:18:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:18:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89fc, &(0x7f0000000040)={'lo\x00'}) 00:18:09 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000140), 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2) 00:18:09 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) sendto(r0, &(0x7f00000000c0)="1ddcf3cf408fd5390800000088a83755bb2c", 0x12, 0x0, &(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x3}, 0x80) 00:18:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0) pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) 00:18:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:18:09 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:18:09 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) ioctl$sock_bt_hci(r1, 0x800448d4, &(0x7f0000000000)) 00:18:09 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_mempolicy(&(0x7f0000000140), 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2) 00:18:09 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:18:09 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) sendto(r0, &(0x7f00000000c0)="1ddcf3cf408fd5390800000088a83755bb2c", 0x12, 0x0, &(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x3}, 0x80) 00:18:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89fc, &(0x7f0000000040)={'lo\x00'}) 00:18:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:18:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000002, 0x401a012, r1, 0x0) pkey_mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) 00:18:10 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) ioctl$sock_bt_hci(r1, 0x800448d4, &(0x7f0000000000)) 00:18:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:18:10 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = mq_open(&(0x7f00000056c0)='syz1\x00', 0x0, 0x0, 0x0) mq_notify(r0, &(0x7f0000000180)={0x0, 0x0, 0x1}) 00:18:10 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:18:10 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000580)={0x0, 0x0, 0x2, 0x18, 0x136, &(0x7f0000000180)="9c89192f8bade559f608246b1d2d1765d46d33bfdd40b95265264859266165d05b426bd7b27eedbbfb0b5a2f1406206b078fd3065dbbe171131a7eecf8a9c267bd437a3510af1fc952af103a0eac24d17f1a04041fbd9571d06f98727857222a0010b47e51e8c301ebbcb19dffe2fe42bfd904be9669f7c718992fc134aef4bc2a62a46c2d9e17e11030aa5cdcaeafeefb7d211149634f3b7d728f3fd41b9fa3c3dc36adeeb962bb1d7026fbcf80c0e56d6306c963704358462fe3aa55dc82a49300be2ff2933159a3dd12ac79f8f77229d3ac47bba2aaa461696640f3713e82bac6100c4de9c7d9ddb7e48a1410bf3610221f25d2c4b8d26f74e0cf649d8b5fe7e73892386710b8861eabc5ef23dacf6c7f793edab7f0b3fd5649190717d753e91729312d3d89ff49e37f1eac724615c23e1ae948d16c2b64ef211f2896d6f4e78c7b9732a0f5b3338c47ba5708ee2d701c634d73c7850890dc95ecc396949430a449a6693e4a49089a3f6b1f434b7afd0aaf876de810d7b0a1e702b8e1bf00a060c6611505dc989f2e364f0d34e64bfcf91a937d8a8eb714997d0d0a4e72559acc1053c914cc82c61c049449ce1422549d0e0e2bb3e3b19dc39e967dbd2364a436d866722f3db653e010a5b55e92b8132d868d21601cb0cb31cd56a53ab456e91c9458144837f2abf3f907fe1806855a2acb3c692e3f738c514982b1e99238c23f851e6c5f443f81da2e216783dc0b0f0e3c680187682b0213876106c95cbfed2e4fdeb61c9d5fea285124705040d113aefbbcc98de40b608ab1d24a2d571b6e5f635110f0a1adccb7617aaeec7efc29868fb92df9551a7dac1e02fe60c38bb7894ceefb58217c11b547b31adafb6802646326e62390b07050f366cd8514a7bd68e262055ba30be20ad0fc09d94cc6907466231df676f0b31d1a2ef8d09ca38f762e2a429d53e06624d48bb92e20f16f9ed02f115e859cf25f8f7deb6bf91433091b5ff6eeb5cf6d4f619d797c00e33ea9f46fcf6af7565083a24553aa1abd1bb899b32c39412de1758da9055429afd30b2eddbb6383b5643b32cd239ebbc96191d7b9f5cbea5de4b24d190272ce009bc908e98eafb88b6f658583fde928700ccd3e2efc32e10c0814c00059fe3b859399750b8061c0fec850684495afd2fa9724ba48a69066c1c24414c5e20963673e8d853516c9c31021ac87c518394c66e36218c8203eb1dc3828710d26d82f2f0a30c826a6eb0c1ed25ace4fcbf22de4802b9591646f22d994ef6ea0d8149ad7e5d8522b33718607fb0429f992e0ce34530b0c98c413aaa97dfad87237e7fd0cbff3c3a2f2c8a5e4bcfc1197214ec25196b845396d5ca88e3632caafc136e6f61fe390894707c5657055521a7f387ca143040a0a74ac02968486d2b07a3af616b7354b173dbaf055c75e8297f877aac3"}) 00:18:10 executing program 2: prctl$PR_GET_THP_DISABLE(0x2a) 00:18:10 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x2, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) 00:18:10 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) readv(r0, &(0x7f00000014c0)=[{&(0x7f0000000100)=""/168, 0xa8}], 0x1) 00:18:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:18:10 executing program 2: prctl$PR_GET_THP_DISABLE(0x2a) 00:18:10 executing program 1: add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 00:18:10 executing program 7: msgctl$IPC_RMID(0xffffffffffffffff, 0x0) r0 = msgget(0x3, 0x303) msgrcv(r0, &(0x7f0000000000)={0x0, ""/222}, 0xe6, 0x2, 0x1000) r1 = msgget(0x0, 0x1) msgctl$IPC_STAT(r1, 0x2, &(0x7f0000000100)=""/222) 00:18:10 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = dup(r0) ioctl$sock_bt_hci(r1, 0x800448d4, &(0x7f0000000000)) 00:18:10 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cc, 0x0) 00:18:10 executing program 2: prctl$PR_GET_THP_DISABLE(0x2a) 00:18:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8943, &(0x7f0000000080)={'syz_tun\x00', 0x0}) 00:18:10 executing program 5: ioperm(0x0, 0x2, 0x4000000008) process_mrelease(0xffffffffffffffff, 0x0) 00:18:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x88802) write(r0, &(0x7f0000000000)="d4ad35fdb3f14e519b81fd3aaca3ef820df21295e879b45d27de85e1e51b4c4c89fa74672e0eaef7b15d", 0x2a) 00:18:10 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_linger(r0, 0x1, 0x25, &(0x7f0000000040), 0x8) 00:18:10 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f00000001c0)) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000180)={r1, 0x1, 0x6, @broadcast}, 0x10) lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x4, 0x4}, 0x4) setresuid(0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) 00:18:10 executing program 5: ioperm(0x0, 0x2, 0x4000000008) process_mrelease(0xffffffffffffffff, 0x0) 00:18:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8943, &(0x7f0000000080)={'syz_tun\x00', 0x0}) 00:18:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8943, &(0x7f0000000080)={'syz_tun\x00', 0x0}) 00:18:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000010c0)={0x2c, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0xc, 0x3, 0x0, 0x1, [@typed={0x2f, 0x0, 0x0, 0x0, @pid}]}]}, 0x2c}], 0x1}, 0x0) 00:18:11 executing program 5: ioperm(0x0, 0x2, 0x4000000008) process_mrelease(0xffffffffffffffff, 0x0) 00:18:11 executing program 2: prctl$PR_GET_THP_DISABLE(0x2a) 00:18:11 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8943, &(0x7f0000000080)={'syz_tun\x00', 0x0}) [ 220.436373] Bluetooth: hci1: command 0x0406 tx timeout [ 220.563660] Bluetooth: hci6: command 0x0406 tx timeout [ 236.706673] watchdog: BUG: soft lockup - CPU#0 stuck for 24s! [syz-executor.4:6742] [ 236.707237] Modules linked in: [ 236.707452] irq event stamp: 5018271 [ 236.707688] hardirqs last enabled at (5018270): [] irqentry_exit+0x3b/0x90 [ 236.708250] hardirqs last disabled at (5018271): [] sysvec_apic_timer_interrupt+0xf/0x80 [ 236.710977] softirqs last enabled at (4948596): [] handle_softirqs+0x50c/0x770 [ 236.712921] softirqs last disabled at (4948599): [] irq_exit_rcu+0x94/0xc0 [ 236.713440] CPU: 0 UID: 0 PID: 6742 Comm: syz-executor.4 Not tainted 6.12.0-rc3-next-20241016 #1 [ 236.713974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 236.714449] RIP: 0010:unwind_next_frame+0x219/0x2490 [ 236.714797] Code: 10 44 8b 1c 95 ec e7 c1 86 8d 56 01 48 b8 00 00 00 00 00 fc ff df 48 8d 3c 95 ec e7 c1 86 49 89 f8 49 c1 e8 03 45 0f b6 04 00 <48> 89 f8 83 e0 07 83 c0 03 44 38 c0 7c 3c 45 84 c0 74 37 48 89 54 [ 236.715820] RSP: 0018:ffff88806ce09758 EFLAGS: 00000216 [ 236.716158] RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff818e5e5c [ 236.716588] RDX: 0000000000008e5f RSI: 0000000000008e5e RDI: ffffffff86c42168 [ 236.717014] RBP: ffff88806ce09820 R08: 0000000000000000 R09: ffff88806ce09808 [ 236.717440] R10: 000000000003c001 R11: 0000000000024b4f R12: ffff88806ce09828 [ 236.717871] R13: ffff88806ce09810 R14: ffff88806ce09809 R15: ffff88806ce097c8 [ 236.718298] FS: 00007fad54ef6700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 236.718795] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 236.719154] CR2: 0000000020000040 CR3: 000000003c084000 CR4: 0000000000350ef0 [ 236.719579] Call Trace: [ 236.719751] [ 236.719905] ? watchdog_timer_fn+0x3ee/0x510 [ 236.720209] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 236.720539] ? __hrtimer_run_queues+0x57c/0xa70 [ 236.720871] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 236.721201] ? ktime_get_update_offsets_now+0x260/0x3c0 [ 236.721585] ? hrtimer_interrupt+0x2f2/0x750 [ 236.721910] ? __sysvec_apic_timer_interrupt+0xc2/0x390 [ 236.722259] ? sysvec_apic_timer_interrupt+0x34/0x80 [ 236.722621] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 236.723003] ? __create_object+0x1c/0x80 [ 236.723283] ? unwind_next_frame+0x219/0x2490 [ 236.723593] ? unwind_next_frame+0xc6a/0x2490 [ 236.723895] ? __create_object+0x1d/0x80 [ 236.724172] ? __create_object+0x1d/0x80 [ 236.724445] ? srso_return_thunk+0x5/0x5f [ 236.724752] ? kernel_text_address+0x11/0xc0 [ 236.725055] ? stack_trace_save+0x8f/0xc0 [ 236.725355] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 236.725732] arch_stack_walk+0x87/0xf0 [ 236.726035] ? __create_object+0x1d/0x80 [ 236.726319] stack_trace_save+0x8f/0xc0 [ 236.726620] ? __pfx_stack_trace_save+0x10/0x10 [ 236.726951] ? kmem_cache_alloc_noprof+0x13d/0x3d0 [ 236.727287] ? security_inode_alloc+0x3e/0x130 [ 236.727611] ? inode_init_always_gfp+0xc27/0xf60 [ 236.727930] ? alloc_inode+0x89/0x240 [ 236.728207] ? sock_alloc+0x40/0x270 [ 236.728475] ? __sock_create+0xc1/0x840 [ 236.728766] ? srso_return_thunk+0x5/0x5f [ 236.729073] ? kasan_save_track+0x14/0x30 [ 236.729382] set_track_prepare+0x36/0x70 [ 236.729682] ? srso_return_thunk+0x5/0x5f [ 236.729986] ? trace_kmem_cache_alloc+0x24/0xb0 [ 236.730294] ? srso_return_thunk+0x5/0x5f [ 236.730609] ? read_word_at_a_time+0xe/0x20 [ 236.730907] ? srso_return_thunk+0x5/0x5f [ 236.731215] ? sized_strscpy+0xa6/0x2b0 [ 236.731498] ? srso_return_thunk+0x5/0x5f [ 236.731809] __alloc_object+0xf4/0x270 [ 236.732074] ? srso_return_thunk+0x5/0x5f [ 236.732380] __create_object+0x1d/0x80 [ 236.732656] kmem_cache_alloc_node_noprof+0x311/0x3e0 [ 236.733010] ? __alloc_skb+0x2ad/0x370 [ 236.733290] __alloc_skb+0x2ad/0x370 [ 236.733551] ? __pfx___alloc_skb+0x10/0x10 [ 236.733840] ? srso_return_thunk+0x5/0x5f [ 236.734166] skb_copy+0x1d5/0x3b0 [ 236.734412] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 236.734782] mac80211_hwsim_tx_frame_no_nl.isra.0+0xafb/0x1320 [ 236.735182] ? __pfx_lock_release+0x10/0x10 [ 236.735495] ? srso_return_thunk+0x5/0x5f [ 236.735804] ? __pfx_mac80211_hwsim_tx_frame_no_nl.isra.0+0x10/0x10 [ 236.736207] ? srso_return_thunk+0x5/0x5f [ 236.736514] ? __x86_indirect_jump_thunk_r12+0x20/0x20 [ 236.736891] ? srso_return_thunk+0x5/0x5f [ 236.737193] ? srso_return_thunk+0x5/0x5f [ 236.737498] ? srso_return_thunk+0x5/0x5f [ 236.737804] ? mac80211_hwsim_monitor_rx+0x1be/0x820 [ 236.738174] mac80211_hwsim_tx_frame+0x1ee/0x2a0 [ 236.738502] mac80211_hwsim_beacon_tx+0x546/0x950 [ 236.738835] ? srso_return_thunk+0x5/0x5f [ 236.739140] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 236.739487] ? srso_return_thunk+0x5/0x5f [ 236.739790] ? srso_return_thunk+0x5/0x5f [ 236.740103] __iterate_interfaces+0x2cb/0x5d0 [ 236.740416] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 236.740775] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 236.741122] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 236.741536] mac80211_hwsim_beacon+0x105/0x200 [ 236.741859] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 236.742216] __hrtimer_run_queues+0x1ab/0xa70 [ 236.742547] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 236.742879] ? ktime_get_update_offsets_now+0x260/0x3c0 [ 236.743267] hrtimer_run_softirq+0x14c/0x310 [ 236.743576] handle_softirqs+0x1b1/0x770 [ 236.743865] irq_exit_rcu+0x94/0xc0 [ 236.744117] sysvec_apic_timer_interrupt+0x70/0x80 [ 236.744458] [ 236.744617] [ 236.744777] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 236.745135] RIP: 0010:stack_trace_consume_entry+0xe/0x170 [ 236.745511] Code: 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df <55> 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 [ 236.746539] RSP: 0018:ffff88803950f730 EFLAGS: 00000282 [ 236.746882] RAX: dffffc0000000000 RBX: ffffffff813e8f70 RCX: ffff88803950f7d8 [ 236.747304] RDX: 1ffff110072a1ef2 RSI: ffffffff813e921f RDI: ffff88803950f800 [ 236.747734] RBP: ffff88803950f7d0 R08: 0000000000000001 R09: ffff88803950f778 [ 236.748160] R10: 000000000003c001 R11: 0000000000003f0d R12: ffff88803950f800 [ 236.748585] R13: 0000000000000000 R14: ffff88803cb48000 R15: ffff88800bfe7100 [ 236.749018] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 236.749395] ? stack_trace_save+0x8f/0xc0 [ 236.749705] arch_stack_walk+0x77/0xf0 [ 236.750011] ? stack_trace_save+0x8f/0xc0 [ 236.750320] stack_trace_save+0x8f/0xc0 [ 236.750620] ? __pfx_stack_trace_save+0x10/0x10 [ 236.750948] ? srso_return_thunk+0x5/0x5f [ 236.751264] kasan_save_stack+0x24/0x50 [ 236.751564] ? hlock_class+0x4e/0x130 [ 236.751838] ? __lock_acquire+0x176a/0x4360 [ 236.752152] ? __pfx___lock_acquire+0x10/0x10 [ 236.752494] ? srso_return_thunk+0x5/0x5f [ 236.752799] ? find_held_lock+0x2c/0x110 [ 236.753086] ? __virt_addr_valid+0x2e8/0x5d0 [ 236.753385] ? srso_return_thunk+0x5/0x5f [ 236.753690] ? lock_release+0x20f/0x6f0 [ 236.753989] ? __pfx_lock_release+0x10/0x10 [ 236.754298] ? trace_lock_acquire+0x137/0x1b0 [ 236.754624] ? srso_return_thunk+0x5/0x5f [ 236.754925] ? lock_acquire+0x32/0xc0 [ 236.755209] ? __virt_addr_valid+0x1c6/0x5d0 [ 236.755516] ? srso_return_thunk+0x5/0x5f [ 236.755821] ? __virt_addr_valid+0x100/0x5d0 [ 236.756124] ? __pfx_free_object_rcu+0x10/0x10 [ 236.756452] ? srso_return_thunk+0x5/0x5f [ 236.756761] __kasan_record_aux_stack+0x8c/0xa0 [ 236.757079] ? __pfx_free_object_rcu+0x10/0x10 [ 236.757407] __call_rcu_common.constprop.0+0x6a/0xaa0 [ 236.757767] ? srso_return_thunk+0x5/0x5f [ 236.758068] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 236.758438] kfree+0x28e/0x480 [ 236.758691] ? __free_slab+0x100/0x120 [ 236.758973] __free_slab+0x100/0x120 [ 236.759242] qlist_free_all+0x50/0x160 [ 236.759537] kasan_quarantine_reduce+0x19c/0x230 [ 236.759879] __kasan_slab_alloc+0x49/0x70 [ 236.760162] kmem_cache_alloc_noprof+0x13d/0x3d0 [ 236.760482] ? lock_release+0x20f/0x6f0 [ 236.760789] __alloc_object+0x2f/0x270 [ 236.761056] __create_object+0x1d/0x80 [ 236.761329] kmem_cache_alloc_noprof+0x300/0x3d0 [ 236.761660] ? srso_return_thunk+0x5/0x5f [ 236.761974] security_inode_alloc+0x3e/0x130 [ 236.762299] inode_init_always_gfp+0xc27/0xf60 [ 236.762627] ? __init_waitqueue_head+0x4/0x150 [ 236.762962] alloc_inode+0x89/0x240 [ 236.763236] sock_alloc+0x40/0x270 [ 236.763499] __sock_create+0xc1/0x840 [ 236.763794] __sys_socket+0x147/0x260 [ 236.764080] ? __pfx___sys_socket+0x10/0x10 [ 236.764394] ? srso_return_thunk+0x5/0x5f [ 236.764700] ? trace_x86_fpu_regs_activated+0x135/0x190 [ 236.765077] __x64_sys_socket+0x73/0xb0 [ 236.765373] do_syscall_64+0xbf/0x1d0 [ 236.765642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.765991] RIP: 0033:0x7fad57980b19 [ 236.766236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 236.767259] RSP: 002b:00007fad54ef6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 236.767723] RAX: ffffffffffffffda RBX: 00007fad57a93f60 RCX: 00007fad57980b19 [ 236.768150] RDX: 0000000000000300 RSI: 0000000000000003 RDI: 0000000000000011 [ 236.768575] RBP: 00007fad579daf6d R08: 0000000000000000 R09: 0000000000000000 [ 236.769003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 236.769429] R13: 00007fff66ec060f R14: 00007fad54ef6300 R15: 0000000000022000 [ 236.769886] [ 236.770048] Sending NMI from CPU 0 to CPUs 1: [ 236.770352] NMI backtrace for cpu 1 skipped: idling at default_idle+0x1e/0x30 VM DIAGNOSIS: 00:18:43 Registers: info registers vcpu 0 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8262d465 RDI=ffffffff886610c0 RBP=ffffffff88661080 RSP=ffff88806ce08fa0 R8 =0000000000000000 R9 =ffffed1001d40046 R10=0000000000000065 R11=7371726964726168 R12=0000000000000065 R13=ffffffff88661080 R14=0000000000000010 R15=ffffffff8262d450 RIP=ffffffff8262d4bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fad54ef6700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000040 CR3=000000003c084000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=00000000000cba25 RBX=0000000000000001 RCX=ffffffff848238d7 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff812ad1ed RBP=dffffc0000000000 RSP=ffff8880096c7e68 R8 =0000000000000001 R9 =ffffed100d9e6c70 R10=ffff88806cf36383 R11=0000000000000000 R12=ffffffff863f2748 R13=1ffff110012d8fd2 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8482487e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005627be162118 CR3=0000000016606000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041751ead80000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000