Warning: Permanently added '[localhost]:55014' (ECDSA) to the list of known hosts.
2025/09/01 08:46:02 fuzzer started
2025/09/01 08:46:03 dialing manager at localhost:35473
syzkaller login: [   56.862505] cgroup: Unknown subsys name 'net'
[   56.954220] cgroup: Unknown subsys name 'cpuset'
[   56.981515] cgroup: Unknown subsys name 'rlimit'
2025/09/01 08:46:15 syscalls: 2214
2025/09/01 08:46:15 code coverage: enabled
2025/09/01 08:46:15 comparison tracing: enabled
2025/09/01 08:46:15 extra coverage: enabled
2025/09/01 08:46:15 setuid sandbox: enabled
2025/09/01 08:46:15 namespace sandbox: enabled
2025/09/01 08:46:15 Android sandbox: enabled
2025/09/01 08:46:15 fault injection: enabled
2025/09/01 08:46:15 leak checking: enabled
2025/09/01 08:46:15 net packet injection: enabled
2025/09/01 08:46:15 net device setup: enabled
2025/09/01 08:46:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 08:46:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 08:46:15 USB emulation: enabled
2025/09/01 08:46:15 hci packet injection: enabled
2025/09/01 08:46:15 wifi device emulation: enabled
2025/09/01 08:46:15 802.15.4 emulation: enabled
2025/09/01 08:46:15 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 08:46:15 fetching corpus: 50, signal 24966/28218 (executing program)
2025/09/01 08:46:15 fetching corpus: 100, signal 33944/38422 (executing program)
2025/09/01 08:46:15 fetching corpus: 150, signal 42078/47561 (executing program)
2025/09/01 08:46:15 fetching corpus: 200, signal 48245/54666 (executing program)
2025/09/01 08:46:15 fetching corpus: 250, signal 52481/59821 (executing program)
2025/09/01 08:46:16 fetching corpus: 300, signal 59424/67286 (executing program)
2025/09/01 08:46:16 fetching corpus: 350, signal 62847/71339 (executing program)
2025/09/01 08:46:16 fetching corpus: 400, signal 64854/74185 (executing program)
2025/09/01 08:46:16 fetching corpus: 450, signal 73484/82578 (executing program)
2025/09/01 08:46:16 fetching corpus: 500, signal 77241/86645 (executing program)
2025/09/01 08:46:16 fetching corpus: 550, signal 80295/89986 (executing program)
2025/09/01 08:46:16 fetching corpus: 600, signal 82362/92505 (executing program)
2025/09/01 08:46:16 fetching corpus: 650, signal 84181/94714 (executing program)
2025/09/01 08:46:17 fetching corpus: 700, signal 85640/96589 (executing program)
2025/09/01 08:46:17 fetching corpus: 750, signal 87601/98870 (executing program)
2025/09/01 08:46:17 fetching corpus: 800, signal 90233/101645 (executing program)
2025/09/01 08:46:17 fetching corpus: 850, signal 93221/104485 (executing program)
2025/09/01 08:46:17 fetching corpus: 900, signal 95327/106635 (executing program)
2025/09/01 08:46:17 fetching corpus: 950, signal 96613/108142 (executing program)
2025/09/01 08:46:17 fetching corpus: 1000, signal 98325/109904 (executing program)
2025/09/01 08:46:17 fetching corpus: 1050, signal 100003/111567 (executing program)
2025/09/01 08:46:17 fetching corpus: 1100, signal 103581/114404 (executing program)
2025/09/01 08:46:18 fetching corpus: 1150, signal 105452/116111 (executing program)
2025/09/01 08:46:18 fetching corpus: 1200, signal 107602/117876 (executing program)
2025/09/01 08:46:18 fetching corpus: 1250, signal 109395/119357 (executing program)
2025/09/01 08:46:18 fetching corpus: 1300, signal 110517/120427 (executing program)
2025/09/01 08:46:18 fetching corpus: 1350, signal 111596/121403 (executing program)
2025/09/01 08:46:18 fetching corpus: 1400, signal 113007/122565 (executing program)
2025/09/01 08:46:18 fetching corpus: 1450, signal 114899/123900 (executing program)
2025/09/01 08:46:18 fetching corpus: 1500, signal 115641/124623 (executing program)
2025/09/01 08:46:19 fetching corpus: 1550, signal 116901/125565 (executing program)
2025/09/01 08:46:19 fetching corpus: 1600, signal 118198/126493 (executing program)
2025/09/01 08:46:19 fetching corpus: 1650, signal 119414/127329 (executing program)
2025/09/01 08:46:19 fetching corpus: 1700, signal 120150/127907 (executing program)
2025/09/01 08:46:19 fetching corpus: 1750, signal 121283/128654 (executing program)
2025/09/01 08:46:19 fetching corpus: 1800, signal 122264/129287 (executing program)
2025/09/01 08:46:19 fetching corpus: 1850, signal 123094/129851 (executing program)
2025/09/01 08:46:19 fetching corpus: 1900, signal 123898/130441 (executing program)
2025/09/01 08:46:19 fetching corpus: 1950, signal 125088/131123 (executing program)
2025/09/01 08:46:19 fetching corpus: 2000, signal 126142/131689 (executing program)
2025/09/01 08:46:20 fetching corpus: 2050, signal 127442/132351 (executing program)
2025/09/01 08:46:20 fetching corpus: 2100, signal 127937/132667 (executing program)
2025/09/01 08:46:20 fetching corpus: 2150, signal 128765/133075 (executing program)
2025/09/01 08:46:20 fetching corpus: 2200, signal 129574/133442 (executing program)
2025/09/01 08:46:20 fetching corpus: 2250, signal 130587/133834 (executing program)
2025/09/01 08:46:20 fetching corpus: 2300, signal 131788/134252 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134653 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134698 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134725 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134750 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134782 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134822 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134856 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134898 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134931 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/134963 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135006 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135040 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135076 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135116 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135157 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135202 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135237 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135267 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135307 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135342 (executing program)
2025/09/01 08:46:20 fetching corpus: 2331, signal 132904/135342 (executing program)
2025/09/01 08:46:22 starting 8 fuzzer processes
08:46:22 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x24, 0x1, 0x4, 0x3, 0x0, 0x0, {}, [@NFULA_CFG_NLBUFSIZ={0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}}, 0x0)

08:46:22 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xf0}}, 0x14}}, 0x0)

08:46:22 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x10, 0x0, &(0x7f0000000040))

08:46:22 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGPTPEER(r0, 0x401c5820, 0x0)

08:46:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

[   75.441238] audit: type=1400 audit(1756716382.744:7): avc:  denied  { execmem } for  pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:46:22 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
close_range(r0, r1, 0x0)

08:46:22 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmctl$IPC_RMID(0x0, 0x0)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmat(r1, &(0x7f0000ffc000/0x4000)=nil, 0x0)
r2 = shmget$private(0x0, 0xc00000, 0x0, &(0x7f0000400000/0xc00000)=nil)
r3 = shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x6000)
shmdt(r3)

08:46:22 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
getdents(r0, &(0x7f0000000000)=""/249, 0x18)
getdents(r0, &(0x7f00000001c0)=""/24, 0x18)

[   76.570596] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   76.572953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.578187] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   76.580102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.581686] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   76.584060] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.589649] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.589671] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   76.593220] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.596210] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   76.696854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   76.701118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   76.702591] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   76.705411] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   76.707530] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   76.764345] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   76.766524] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   76.770129] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   76.801233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   76.815287] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   76.817349] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   76.824210] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   76.825678] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   76.827681] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   76.834054] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   76.837473] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   76.842519] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   76.849390] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   76.854477] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   76.857190] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   76.874253] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   76.879195] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   76.880574] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   76.883223] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   76.887860] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   76.894979] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   76.899094] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   76.902354] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   76.906110] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   76.929054] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   78.661263] Bluetooth: hci1: command tx timeout
[   78.661305] Bluetooth: hci0: command tx timeout
[   78.788882] Bluetooth: hci2: command tx timeout
[   78.916922] Bluetooth: hci3: command tx timeout
[   78.980918] Bluetooth: hci5: command tx timeout
[   78.981047] Bluetooth: hci6: command tx timeout
[   78.982126] Bluetooth: hci7: command tx timeout
[   79.045142] Bluetooth: hci4: command tx timeout
[   80.710772] Bluetooth: hci0: command tx timeout
[   80.711235] Bluetooth: hci1: command tx timeout
[   80.836970] Bluetooth: hci2: command tx timeout
[   80.964757] Bluetooth: hci3: command tx timeout
[   81.029122] Bluetooth: hci7: command tx timeout
[   81.029309] Bluetooth: hci5: command tx timeout
[   81.030637] Bluetooth: hci6: command tx timeout
[   81.093990] Bluetooth: hci4: command tx timeout
[   82.757043] Bluetooth: hci1: command tx timeout
[   82.757155] Bluetooth: hci0: command tx timeout
[   82.884762] Bluetooth: hci2: command tx timeout
[   83.012803] Bluetooth: hci3: command tx timeout
[   83.076938] Bluetooth: hci6: command tx timeout
[   83.076974] Bluetooth: hci5: command tx timeout
[   83.078100] Bluetooth: hci7: command tx timeout
[   83.140830] Bluetooth: hci4: command tx timeout
[   84.804925] Bluetooth: hci0: command tx timeout
[   84.805862] Bluetooth: hci1: command tx timeout
[   84.932800] Bluetooth: hci2: command tx timeout
[   85.060835] Bluetooth: hci3: command tx timeout
[   85.124966] Bluetooth: hci7: command tx timeout
[   85.125809] Bluetooth: hci6: command tx timeout
[   85.126501] Bluetooth: hci5: command tx timeout
[   85.189958] Bluetooth: hci4: command tx timeout
[  115.743837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.744516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.007919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.008527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:47:03 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xf0}}, 0x14}}, 0x0)

08:47:03 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xf0}}, 0x14}}, 0x0)

08:47:04 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x10, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xf0}}, 0x14}}, 0x0)

08:47:04 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xff}}], 0x18}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

[  117.285056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.286142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:47:04 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xff}}], 0x18}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

[  117.403277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.403895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:47:04 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xff}}], 0x18}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

08:47:04 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xff}}], 0x18}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

[  117.640420] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.641037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.738443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.739564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:47:05 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000440)=""/185, 0xb9, 0x2)

[  117.888684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.889303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.923889] audit: type=1400 audit(1756716425.222:8): avc:  denied  { open } for  pid=3868 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  117.929741] audit: type=1400 audit(1756716425.222:9): avc:  denied  { kernel } for  pid=3868 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.056998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.057596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.239691] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.240941] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.253376] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.254317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.291579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.292212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.426510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.427398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.503878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.504682] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.566435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.567336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.618354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.619111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.715453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.716178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.738975] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  118.748217] syz-executor.2 (3904) used greatest stack depth: 23360 bytes left
08:47:06 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x24, 0x1, 0x4, 0x3, 0x0, 0x0, {}, [@NFULA_CFG_NLBUFSIZ={0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}}, 0x0)

08:47:06 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGPTPEER(r0, 0x401c5820, 0x0)

08:47:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

08:47:06 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
close_range(r0, r1, 0x0)

08:47:06 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
getdents(r0, &(0x7f0000000000)=""/249, 0x18)
getdents(r0, &(0x7f00000001c0)=""/24, 0x18)

08:47:06 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000440)=""/185, 0xb9, 0x2)

08:47:06 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmctl$IPC_RMID(0x0, 0x0)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmat(r1, &(0x7f0000ffc000/0x4000)=nil, 0x0)
r2 = shmget$private(0x0, 0xc00000, 0x0, &(0x7f0000400000/0xc00000)=nil)
r3 = shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x6000)
shmdt(r3)

08:47:06 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x10, 0x0, &(0x7f0000000040))

08:47:06 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGPTPEER(r0, 0x401c5820, 0x0)

[  119.025233] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
08:47:06 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
close_range(r0, r1, 0x0)

08:47:06 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x10, 0x0, &(0x7f0000000040))

08:47:06 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
getdents(r0, &(0x7f0000000000)=""/249, 0x18)
getdents(r0, &(0x7f00000001c0)=""/24, 0x18)

08:47:06 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000440)=""/185, 0xb9, 0x2)

08:47:06 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x24, 0x1, 0x4, 0x3, 0x0, 0x0, {}, [@NFULA_CFG_NLBUFSIZ={0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}}, 0x0)

08:47:06 executing program 4:
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmctl$IPC_RMID(0x0, 0x0)
shmat(r0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x5000, 0x1800, &(0x7f0000ffb000/0x5000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmat(r1, &(0x7f0000ffc000/0x4000)=nil, 0x0)
r2 = shmget$private(0x0, 0xc00000, 0x0, &(0x7f0000400000/0xc00000)=nil)
r3 = shmat(r2, &(0x7f0000ffa000/0x4000)=nil, 0x6000)
shmdt(r3)

08:47:06 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

08:47:06 executing program 7:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGPTPEER(r0, 0x401c5820, 0x0)

08:47:06 executing program 6:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x10, 0x0, &(0x7f0000000040))

08:47:06 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000019640)='/proc/sysvipc/shm\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000440)=""/185, 0xb9, 0x2)

08:47:06 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})
close_range(r0, r1, 0x0)

08:47:06 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
getdents(r0, &(0x7f0000000000)=""/249, 0x18)
getdents(r0, &(0x7f00000001c0)=""/24, 0x18)

[  119.209652] BUG: unable to handle page fault for address: ffffed10212c980e
[  119.210245] #PF: supervisor read access in kernel mode
[  119.210661] #PF: error_code(0x0000) - not-present page
[  119.211063] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 
[  119.211503] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[  119.212496] CPU: 0 UID: 0 PID: 3952 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  119.215024] Tainted: [W]=WARN
[  119.215680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  119.217729] RIP: 0010:perf_tp_event+0x175/0xe70
[  119.218669] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  119.220856] RSP: 0018:ffff8880459cf780 EFLAGS: 00010012
[  119.221269] RAX: 1ffff110212c980e RBX: ffff88810964be80 RCX: ffffc9000bc5b000
[  119.221823] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964c070
[  119.222377] RBP: ffff8880459cf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15dd8
[  119.222938] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  119.223491] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  119.224059] FS:  00007f9f52d87700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  119.224682] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.225144] CR2: ffffed10212c980e CR3: 000000001d9d9000 CR4: 0000000000350ef0
[  119.225701] Call Trace:
[  119.225906]  <TASK>
[  119.226097]  ? __pfx_perf_tp_event+0x10/0x10
[  119.226450]  ? __asan_memcpy+0x3d/0x60
[  119.226763]  ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[  119.227247]  ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[  119.227749]  ? lock_is_held_type+0x9e/0x120
[  119.228116]  ? ctx_sched_in+0x134/0x9b0
[  119.228432]  ? css_rstat_updated+0x1b8/0x4d0
[  119.228793]  ? __pfx_css_rstat_updated+0x10/0x10
[  119.229170]  ? lock_is_held_type+0x9e/0x120
[  119.229519]  ? trace_pelt_se_tp+0xdf/0x130
[  119.229857]  ? perf_trace_run_bpf_submit+0xef/0x180
[  119.230257]  ? lock_is_held_type+0x9e/0x120
[  119.230606]  perf_trace_run_bpf_submit+0xef/0x180
[  119.231000]  perf_trace_preemptirq_template+0x259/0x430
[  119.231423]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  119.231895]  ? check_preempt_wakeup_fair+0x406/0x950
[  119.232296]  ? find_held_lock+0x2b/0x80
[  119.232622]  ? try_to_wake_up+0x8ae/0x11d0
[  119.232963]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  119.233368]  trace_irq_enable.constprop.0+0xa6/0x100
[  119.233772]  trace_hardirqs_on+0x26/0x40
[  119.234095]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  119.234484]  try_to_wake_up+0x8ae/0x11d0
[  119.234815]  ? __pfx_try_to_wake_up+0x10/0x10
[  119.235174]  ? plist_del+0x122/0x270
[  119.235473]  ? find_held_lock+0x2b/0x80
[  119.235791]  ? futex_wake+0x474/0x540
[  119.236112]  wake_up_q+0xa1/0x130
[  119.236397]  futex_wake+0x47e/0x540
[  119.236691]  ? __pfx_futex_wake+0x10/0x10
[  119.237026]  ? __do_sys_perf_event_open+0x44d/0x2c20
[  119.237427]  ? lock_release+0xc8/0x290
[  119.237741]  do_futex+0x26d/0x370
[  119.238024]  ? __pfx_do_futex+0x10/0x10
[  119.238345]  __x64_sys_futex+0x1c9/0x4d0
[  119.238667]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  119.239130]  ? __pfx___x64_sys_futex+0x10/0x10
[  119.239498]  ? xfd_validate_state+0x55/0x180
[  119.239866]  ? __local_bh_enable+0x7b/0x90
[  119.240209]  do_syscall_64+0xbf/0x360
[  119.240514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.240918] RIP: 0033:0x7f9f55811b19
[  119.241211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  119.242611] RSP: 002b:00007f9f52d87218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  119.243205] RAX: ffffffffffffffda RBX: 00007f9f55924f68 RCX: 00007f9f55811b19
[  119.243758] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9f55924f6c
[  119.244333] RBP: 00007f9f55924f60 R08: 000000000000000e R09: 0000000000000000
[  119.244889] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f9f55924f6c
[  119.245440] R13: 00007fff658a140f R14: 00007f9f52d87300 R15: 0000000000022000
[  119.245999]  </TASK>
[  119.246186] Modules linked in:
[  119.246441] CR2: ffffed10212c980e
[  119.246713] ---[ end trace 0000000000000000 ]---
[  119.247076] RIP: 0010:perf_tp_event+0x175/0xe70
[  119.247449] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  119.248876] RSP: 0018:ffff8880459cf780 EFLAGS: 00010012
[  119.249292] RAX: 1ffff110212c980e RBX: ffff88810964be80 RCX: ffffc9000bc5b000
[  119.249843] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964c070
[  119.250397] RBP: ffff8880459cf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15dd8
[  119.250950] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  119.251503] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  119.252064] FS:  00007f9f52d87700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  119.252685] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.253141] CR2: ffffed10212c980e CR3: 000000001d9d9000 CR4: 0000000000350ef0
[  119.253701] note: syz-executor.4[3952] exited with irqs disabled
[  119.254242] BUG: unable to handle page fault for address: ffffed10212c980e
[  119.254785] #PF: supervisor read access in kernel mode
[  119.255194] #PF: error_code(0x0000) - not-present page
[  119.255598] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 
[  119.256054] Oops: Oops: 0000 [#2] SMP KASAN NOPTI
[  119.256435] CPU: 0 UID: 0 PID: 3952 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  119.257359] Tainted: [D]=DIE, [W]=WARN
[  119.257658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  119.258296] RIP: 0010:perf_tp_event+0x175/0xe70
[  119.258672] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  119.260076] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  119.260494] RAX: 1ffff110212c980e RBX: ffff88810964be80 RCX: 0000000000000002
[  119.261043] RDX: ffff88800f793700 RSI: ffffffff8189a4e7 RDI: ffff88810964c070
[  119.261595] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15dd8
[  119.262146] R10: 0000000000000000 R11: ffff88801c7ccc98 R12: dffffc0000000000
[  119.262697] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  119.263249] FS:  00007f9f52d87700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  119.263881] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.264336] CR2: ffffed10212c980e CR3: 000000001d9d9000 CR4: 0000000000350ef0
[  119.264889] Call Trace:
[  119.265095]  <IRQ>
[  119.265271]  ? __pfx_perf_tp_event+0x10/0x10
[  119.265627]  ? enqueue_task_fair+0xded/0x1e00
[  119.265985]  ? check_preempt_wakeup_fair+0x6e/0x950
[  119.266379]  ? wakeup_preempt+0x140/0x2a0
[  119.266704]  ? lock_release+0x1c7/0x290
[  119.267023]  ? lock_release+0x1c7/0x290
[  119.267341]  ? do_raw_spin_unlock+0x53/0x220
[  119.267695]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  119.268101]  ? try_to_wake_up+0x8ae/0x11d0
[  119.268440]  ? do_raw_spin_lock+0x123/0x260
[  119.268786]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  119.269162]  ? perf_trace_run_bpf_submit+0xef/0x180
[  119.269556]  perf_trace_run_bpf_submit+0xef/0x180
[  119.269948]  perf_trace_preemptirq_template+0x259/0x430
[  119.270362]  ? read_tsc+0x9/0x20
[  119.270641]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  119.271101]  ? clockevents_program_event+0x135/0x360
[  119.271507]  ? tick_program_event+0xac/0x140
[  119.271864]  ? handle_softirqs+0x16e/0x770
[  119.272203]  trace_irq_enable.constprop.0+0xa6/0x100
[  119.272601]  trace_hardirqs_on+0x26/0x40
[  119.272919]  handle_softirqs+0x16e/0x770
[  119.273248]  __irq_exit_rcu+0xc4/0x100
[  119.273562]  irq_exit_rcu+0x9/0x20
[  119.273846]  sysvec_apic_timer_interrupt+0x70/0x80
[  119.274237]  </IRQ>
[  119.274422]  <TASK>
[  119.274602]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  119.275018] RIP: 0010:make_task_dead+0xa2/0x3b0
[  119.275387] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 <e8> e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[  119.276791] RSP: 0018:ffff8880459cff28 EFLAGS: 00000246
[  119.277202] RAX: 0000000000000001 RBX: ffff88800f793700 RCX: ffffffff817c3ab6
[  119.277755] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  119.278320] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  119.278871] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88800f793700
[  119.279416] R13: 0000000000000009 R14: ffff8880459cf760 R15: 0000000000000000
[  119.279976]  ? trace_irq_enable.constprop.0+0x26/0x100
[  119.280387]  ? make_task_dead+0x214/0x3b0
[  119.280715]  ? make_task_dead+0x214/0x3b0
[  119.281043]  ? do_syscall_64+0xbf/0x360
[  119.281357]  rewind_stack_and_make_dead+0x16/0x20
[  119.281744] RIP: 0033:0x7f9f55811b19
[  119.282035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  119.283427] RSP: 002b:00007f9f52d87218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  119.284018] RAX: ffffffffffffffda RBX: 00007f9f55924f68 RCX: 00007f9f55811b19
[  119.284568] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9f55924f6c
[  119.285123] RBP: 00007f9f55924f60 R08: 000000000000000e R09: 0000000000000000
[  119.285671] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f9f55924f6c
[  119.286221] R13: 00007fff658a140f R14: 00007f9f52d87300 R15: 0000000000022000
[  119.286775]  </TASK>
[  119.286962] Modules linked in:
[  119.287217] CR2: ffffed10212c980e
[  119.287487] ---[ end trace 0000000000000000 ]---
[  119.287859] RIP: 0010:perf_tp_event+0x175/0xe70
[  119.288239] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  119.289645] RSP: 0018:ffff8880459cf780 EFLAGS: 00010012
[  119.290057] RAX: 1ffff110212c980e RBX: ffff88810964be80 RCX: ffffc9000bc5b000
[  119.290608] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff88810964c070
[  119.291160] RBP: ffff8880459cf9f0 R08: ffff88806ce31340 R09: ffffe8ffffc15dd8
[  119.291710] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  119.292268] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  119.292822] FS:  00007f9f52d87700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  119.293445] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.293898] CR2: ffffed10212c980e CR3: 000000001d9d9000 CR4: 0000000000350ef0
[  119.294459] Kernel panic - not syncing: Fatal exception in interrupt
[  119.295136] Kernel Offset: disabled
[  119.295420] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
08:47:06  Registers:
info registers vcpu 0
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880459cefc8
R8 =0000000000000000 R9 =ffffed10016d7046 R10=0000000000000036 R11=6572617764726148
R12=0000000000000036 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f9f52d87700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe0600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed10212c980e CR3=000000001d9d9000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f9f558f87c000007f9f558f87c8
XMM02=00007f9f558f87e000007f9f558f87c0 XMM03=00007f9f558f87c800007f9f558f87c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000002 RBX=ffff88806ce3de20 RCX=ffffffff816880fc RDX=ffff8880439e9b80
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880459ef5a0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff8173f6b8 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f6ae5155700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe6000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb6d4b34108 CR3=0000000042ede000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000