program: r0 = perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r1, 0x2000012, 0x0, 0x0, 0x0, 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x50) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x43001000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000b00)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="660a00000000000061114e0000000000850000008c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) r3 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000380), 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000001740)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000000000003000000030000"], 0x0, 0x4d, 0x0, 0x3, 0x10000}, 0x28) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000001380)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYRES64, @ANYRESOCT=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0xb}, 0x0, 0x6d99, 0x0, 0x0, 0x400fffffff, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0xb) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$tipc(r5, &(0x7f0000003a00)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x9}}, 0x10, &(0x7f0000000b40)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001a00), 0x101d0}], 0x4}, 0x0) [ 85.500392][ T5306] Bluetooth: hci0: command tx timeout [ 85.570179][ C0] hrtimer: interrupt took 46953 ns [ 87.586070][ T4672] Bluetooth: hci0: command tx timeout [ 88.659638][ T5329] ------------[ cut here ]------------ [ 88.662150][ T5329] WARNING: CPU: 0 PID: 5329 at kernel/events/core.c:7211 perf_pending_task+0x319/0x400 [ 88.666372][ T5329] Modules linked in: [ 88.668097][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 88.673777][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.678861][ T5329] RIP: 0010:perf_pending_task+0x319/0x400 [ 88.681408][ T5329] Code: 85 8f 00 00 00 41 fe 4d 00 eb 05 e8 21 4f cd ff 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 84 76 09 cc e8 08 4f cd ff 90 <0f> 0b 90 41 80 3c 1c 00 0f 85 02 ff ff ff e9 05 ff ff ff 44 89 e1 [ 88.689768][ T5329] RSP: 0018:ffffc9000d2df9d0 EFLAGS: 00010293 [ 88.692439][ T5329] RAX: ffffffff81f2fe18 RBX: dffffc0000000000 RCX: ffff8880003fc880 [ 88.695934][ T5329] RDX: 0000000000000000 RSI: 0000000074982edc RDI: 0000000000000000 [ 88.699447][ T5329] RBP: 0000000074982edc R08: ffffffff8fa10bf7 R09: 1ffffffff1f4217e [ 88.702881][ T5329] R10: dffffc0000000000 R11: ffffffff81f2fb00 R12: 1ffff110035f9847 [ 88.706293][ T5329] R13: ffff8880003fc880 R14: ffff88801afcc498 R15: ffff88801afcc238 [ 88.709724][ T5329] FS: 0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 88.713557][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.716412][ T5329] CR2: ffffffffd88f0000 CR3: 0000000051439000 CR4: 0000000000352ef0 [ 88.719887][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 88.723336][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 88.726766][ T5329] Call Trace: [ 88.728222][ T5329] [ 88.729608][ T5329] task_work_run+0x1d1/0x260 [ 88.731623][ T5329] ? __pfx_task_work_run+0x10/0x10 [ 88.733856][ T5329] do_exit+0x6b5/0x22e0 [ 88.735697][ T5329] ? __pfx_do_exit+0x10/0x10 [ 88.737696][ T5329] ? irqentry_exit+0x74/0x90 [ 88.739974][ T5329] do_group_exit+0x21c/0x2d0 [ 88.742009][ T5329] get_signal+0x1286/0x1340 [ 88.744034][ T5329] arch_do_signal_or_restart+0x9a/0x750 [ 88.746506][ T5329] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 88.749256][ T5329] ? perf_pending_task+0x2da/0x400 [ 88.751569][ T5329] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 88.754288][ T5329] ? __pfx_task_mm_cid_work+0x10/0x10 [ 88.756626][ T5329] ? exit_to_user_mode_loop+0x40/0x110 [ 88.759092][ T5329] exit_to_user_mode_loop+0x75/0x110 [ 88.761389][ T5329] do_syscall_64+0x2bd/0x3b0 [ 88.763455][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.766155][ T5329] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 88.768912][ T5329] ? clear_bhb_loop+0x60/0xb0 [ 88.771032][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.774021][ T5329] RIP: 0033:0x7fd80778e929 [ 88.775967][ T5329] Code: Unable to access opcode bytes at 0x7fd80778e8ff. [ 88.779344][ T5329] RSP: 002b:00007fd808556038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 88.782928][ T5329] RAX: 0000000000000004 RBX: 00007fd8079b5fa0 RCX: 00007fd80778e929 [ 88.786087][ T5329] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000000 [ 88.789218][ T5329] RBP: 00007fd807810b39 R08: 0000000000000000 R09: 0000000000000000 [ 88.792300][ T5329] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 88.795358][ T5329] R13: 0000000000000000 R14: 00007fd8079b5fa0 R15: 00007ffe34ac6818 [ 88.798525][ T5329] [ 88.799865][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 88.803032][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 88.808021][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 88.812652][ T5329] Call Trace: [ 88.814136][ T5329] [ 88.815465][ T5329] dump_stack_lvl+0x99/0x250 [ 88.817483][ T5329] ? __asan_memcpy+0x40/0x70 [ 88.819548][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.821749][ T5329] ? __pfx__printk+0x10/0x10 [ 88.823834][ T5329] panic+0x2db/0x790 [ 88.825608][ T5329] ? __pfx_panic+0x10/0x10 [ 88.827575][ T5329] __warn+0x31b/0x4b0 [ 88.829338][ T5329] ? perf_pending_task+0x319/0x400 [ 88.831552][ T5329] ? perf_pending_task+0x319/0x400 [ 88.833848][ T5329] report_bug+0x2be/0x4f0 [ 88.835751][ T5329] ? perf_pending_task+0x319/0x400 [ 88.837958][ T5329] ? perf_pending_task+0x319/0x400 [ 88.840181][ T5329] ? perf_pending_task+0x31b/0x400 [ 88.842462][ T5329] handle_bug+0x84/0x160 [ 88.844365][ T5329] exc_invalid_op+0x1a/0x50 [ 88.846376][ T5329] asm_exc_invalid_op+0x1a/0x20 [ 88.848426][ T5329] RIP: 0010:perf_pending_task+0x319/0x400 [ 88.850894][ T5329] Code: 85 8f 00 00 00 41 fe 4d 00 eb 05 e8 21 4f cd ff 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 84 76 09 cc e8 08 4f cd ff 90 <0f> 0b 90 41 80 3c 1c 00 0f 85 02 ff ff ff e9 05 ff ff ff 44 89 e1 [ 88.859150][ T5329] RSP: 0018:ffffc9000d2df9d0 EFLAGS: 00010293 [ 88.861776][ T5329] RAX: ffffffff81f2fe18 RBX: dffffc0000000000 RCX: ffff8880003fc880 [ 88.865222][ T5329] RDX: 0000000000000000 RSI: 0000000074982edc RDI: 0000000000000000 [ 88.868810][ T5329] RBP: 0000000074982edc R08: ffffffff8fa10bf7 R09: 1ffffffff1f4217e [ 88.872627][ T5329] R10: dffffc0000000000 R11: ffffffff81f2fb00 R12: 1ffff110035f9847 [ 88.876091][ T5329] R13: ffff8880003fc880 R14: ffff88801afcc498 R15: ffff88801afcc238 [ 88.879496][ T5329] ? __pfx_perf_pending_task+0x10/0x10 [ 88.881848][ T5329] ? perf_pending_task+0x318/0x400 [ 88.884173][ T5329] task_work_run+0x1d1/0x260 [ 88.886217][ T5329] ? __pfx_task_work_run+0x10/0x10 [ 88.888377][ T5329] do_exit+0x6b5/0x22e0 [ 88.890227][ T5329] ? __pfx_do_exit+0x10/0x10 [ 88.892261][ T5329] ? irqentry_exit+0x74/0x90 [ 88.894316][ T5329] do_group_exit+0x21c/0x2d0 [ 88.896338][ T5329] get_signal+0x1286/0x1340 [ 88.898396][ T5329] arch_do_signal_or_restart+0x9a/0x750 [ 88.900779][ T5329] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 88.903471][ T5329] ? perf_pending_task+0x2da/0x400 [ 88.905705][ T5329] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 88.908407][ T5329] ? __pfx_task_mm_cid_work+0x10/0x10 [ 88.910730][ T5329] ? exit_to_user_mode_loop+0x40/0x110 [ 88.913110][ T5329] exit_to_user_mode_loop+0x75/0x110 [ 88.915416][ T5329] do_syscall_64+0x2bd/0x3b0 [ 88.917453][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.920047][ T5329] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 88.922726][ T5329] ? clear_bhb_loop+0x60/0xb0 [ 88.924822][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.927421][ T5329] RIP: 0033:0x7fd80778e929 [ 88.929377][ T5329] Code: Unable to access opcode bytes at 0x7fd80778e8ff. [ 88.932398][ T5329] RSP: 002b:00007fd808556038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 88.936087][ T5329] RAX: 0000000000000004 RBX: 00007fd8079b5fa0 RCX: 00007fd80778e929 [ 88.939460][ T5329] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000000 [ 88.942844][ T5329] RBP: 00007fd807810b39 R08: 0000000000000000 R09: 0000000000000000 [ 88.946256][ T5329] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 88.949673][ T5329] R13: 0000000000000000 R14: 00007fd8079b5fa0 R15: 00007ffe34ac6818 [ 88.953110][ T5329] [ 88.954791][ T5329] Kernel Offset: disabled [ 88.956708][ T5329] Rebooting in 86400 seconds..