Warning: Permanently added '[localhost]:40614' (ECDSA) to the list of known hosts.
2025/09/01 10:52:29 fuzzer started
2025/09/01 10:52:29 dialing manager at localhost:35473
syzkaller login: [   59.366645] cgroup: Unknown subsys name 'net'
[   59.561364] cgroup: Unknown subsys name 'cpuset'
[   59.584425] cgroup: Unknown subsys name 'rlimit'
2025/09/01 10:52:39 syscalls: 2214
2025/09/01 10:52:39 code coverage: enabled
2025/09/01 10:52:39 comparison tracing: enabled
2025/09/01 10:52:39 extra coverage: enabled
2025/09/01 10:52:39 setuid sandbox: enabled
2025/09/01 10:52:39 namespace sandbox: enabled
2025/09/01 10:52:39 Android sandbox: enabled
2025/09/01 10:52:39 fault injection: enabled
2025/09/01 10:52:39 leak checking: enabled
2025/09/01 10:52:39 net packet injection: enabled
2025/09/01 10:52:39 net device setup: enabled
2025/09/01 10:52:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 10:52:39 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 10:52:39 USB emulation: enabled
2025/09/01 10:52:39 hci packet injection: enabled
2025/09/01 10:52:39 wifi device emulation: enabled
2025/09/01 10:52:39 802.15.4 emulation: enabled
2025/09/01 10:52:39 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 10:52:39 fetching corpus: 45, signal 17618/21229 (executing program)
2025/09/01 10:52:39 fetching corpus: 95, signal 29968/34999 (executing program)
2025/09/01 10:52:39 fetching corpus: 145, signal 39643/45945 (executing program)
2025/09/01 10:52:39 fetching corpus: 195, signal 43833/51493 (executing program)
2025/09/01 10:52:39 fetching corpus: 245, signal 53932/62457 (executing program)
2025/09/01 10:52:40 fetching corpus: 295, signal 57966/67566 (executing program)
2025/09/01 10:52:40 fetching corpus: 345, signal 62495/73122 (executing program)
2025/09/01 10:52:40 fetching corpus: 395, signal 64807/76539 (executing program)
2025/09/01 10:52:40 fetching corpus: 445, signal 68128/80829 (executing program)
2025/09/01 10:52:40 fetching corpus: 494, signal 70918/84528 (executing program)
2025/09/01 10:52:40 fetching corpus: 544, signal 73877/88305 (executing program)
2025/09/01 10:52:40 fetching corpus: 594, signal 76720/91960 (executing program)
2025/09/01 10:52:40 fetching corpus: 644, signal 78934/95031 (executing program)
2025/09/01 10:52:40 fetching corpus: 694, signal 82574/99198 (executing program)
2025/09/01 10:52:40 fetching corpus: 744, signal 84727/102069 (executing program)
2025/09/01 10:52:40 fetching corpus: 794, signal 86648/104718 (executing program)
2025/09/01 10:52:41 fetching corpus: 844, signal 88429/107152 (executing program)
2025/09/01 10:52:41 fetching corpus: 894, signal 90617/109954 (executing program)
2025/09/01 10:52:41 fetching corpus: 944, signal 91663/111799 (executing program)
2025/09/01 10:52:41 fetching corpus: 994, signal 94120/114692 (executing program)
2025/09/01 10:52:41 fetching corpus: 1044, signal 95332/116594 (executing program)
2025/09/01 10:52:41 fetching corpus: 1094, signal 97070/118865 (executing program)
2025/09/01 10:52:41 fetching corpus: 1144, signal 98272/120704 (executing program)
2025/09/01 10:52:41 fetching corpus: 1194, signal 99775/122759 (executing program)
2025/09/01 10:52:41 fetching corpus: 1244, signal 101190/124763 (executing program)
2025/09/01 10:52:41 fetching corpus: 1294, signal 103294/127162 (executing program)
2025/09/01 10:52:42 fetching corpus: 1344, signal 104650/129026 (executing program)
2025/09/01 10:52:42 fetching corpus: 1393, signal 106820/131379 (executing program)
2025/09/01 10:52:42 fetching corpus: 1442, signal 107746/132916 (executing program)
2025/09/01 10:52:42 fetching corpus: 1491, signal 109242/134715 (executing program)
2025/09/01 10:52:42 fetching corpus: 1540, signal 110953/136627 (executing program)
2025/09/01 10:52:42 fetching corpus: 1590, signal 112771/138599 (executing program)
2025/09/01 10:52:42 fetching corpus: 1639, signal 114036/140150 (executing program)
2025/09/01 10:52:42 fetching corpus: 1688, signal 115032/141508 (executing program)
2025/09/01 10:52:42 fetching corpus: 1738, signal 116249/142999 (executing program)
2025/09/01 10:52:42 fetching corpus: 1788, signal 117552/144530 (executing program)
2025/09/01 10:52:43 fetching corpus: 1838, signal 118322/145721 (executing program)
2025/09/01 10:52:43 fetching corpus: 1888, signal 119144/146884 (executing program)
2025/09/01 10:52:43 fetching corpus: 1938, signal 119936/148006 (executing program)
2025/09/01 10:52:43 fetching corpus: 1988, signal 121161/149441 (executing program)
2025/09/01 10:52:43 fetching corpus: 2038, signal 121935/150525 (executing program)
2025/09/01 10:52:43 fetching corpus: 2087, signal 124199/152466 (executing program)
2025/09/01 10:52:43 fetching corpus: 2137, signal 125254/153659 (executing program)
2025/09/01 10:52:43 fetching corpus: 2187, signal 125930/154694 (executing program)
2025/09/01 10:52:43 fetching corpus: 2235, signal 126764/155710 (executing program)
2025/09/01 10:52:43 fetching corpus: 2285, signal 127722/156831 (executing program)
2025/09/01 10:52:43 fetching corpus: 2335, signal 128619/157854 (executing program)
2025/09/01 10:52:44 fetching corpus: 2385, signal 129594/158928 (executing program)
2025/09/01 10:52:44 fetching corpus: 2433, signal 130227/159841 (executing program)
2025/09/01 10:52:44 fetching corpus: 2482, signal 131423/160966 (executing program)
2025/09/01 10:52:44 fetching corpus: 2532, signal 133031/162293 (executing program)
2025/09/01 10:52:44 fetching corpus: 2582, signal 133737/163188 (executing program)
2025/09/01 10:52:44 fetching corpus: 2632, signal 134728/164138 (executing program)
2025/09/01 10:52:44 fetching corpus: 2682, signal 135506/165046 (executing program)
2025/09/01 10:52:44 fetching corpus: 2731, signal 136477/165994 (executing program)
2025/09/01 10:52:44 fetching corpus: 2780, signal 136868/166689 (executing program)
2025/09/01 10:52:44 fetching corpus: 2830, signal 137243/167366 (executing program)
2025/09/01 10:52:44 fetching corpus: 2880, signal 137868/168113 (executing program)
2025/09/01 10:52:44 fetching corpus: 2930, signal 138518/168880 (executing program)
2025/09/01 10:52:45 fetching corpus: 2980, signal 139276/169677 (executing program)
2025/09/01 10:52:45 fetching corpus: 3030, signal 140193/170518 (executing program)
2025/09/01 10:52:45 fetching corpus: 3080, signal 140813/171224 (executing program)
2025/09/01 10:52:45 fetching corpus: 3130, signal 141659/172026 (executing program)
2025/09/01 10:52:45 fetching corpus: 3180, signal 142142/172626 (executing program)
2025/09/01 10:52:45 fetching corpus: 3230, signal 142819/173230 (executing program)
2025/09/01 10:52:45 fetching corpus: 3280, signal 143389/173876 (executing program)
2025/09/01 10:52:45 fetching corpus: 3330, signal 143875/174460 (executing program)
2025/09/01 10:52:45 fetching corpus: 3380, signal 144369/175056 (executing program)
2025/09/01 10:52:45 fetching corpus: 3430, signal 144909/175625 (executing program)
2025/09/01 10:52:45 fetching corpus: 3480, signal 145542/176170 (executing program)
2025/09/01 10:52:46 fetching corpus: 3530, signal 145974/176698 (executing program)
2025/09/01 10:52:46 fetching corpus: 3580, signal 146600/177258 (executing program)
2025/09/01 10:52:46 fetching corpus: 3630, signal 147216/177845 (executing program)
2025/09/01 10:52:46 fetching corpus: 3680, signal 147712/178341 (executing program)
2025/09/01 10:52:46 fetching corpus: 3730, signal 148396/178887 (executing program)
2025/09/01 10:52:46 fetching corpus: 3780, signal 149504/179530 (executing program)
2025/09/01 10:52:46 fetching corpus: 3830, signal 149958/180016 (executing program)
2025/09/01 10:52:46 fetching corpus: 3880, signal 150281/180456 (executing program)
2025/09/01 10:52:46 fetching corpus: 3930, signal 151001/181049 (executing program)
2025/09/01 10:52:46 fetching corpus: 3980, signal 151588/181498 (executing program)
2025/09/01 10:52:46 fetching corpus: 4030, signal 152249/181970 (executing program)
2025/09/01 10:52:47 fetching corpus: 4080, signal 152658/182364 (executing program)
2025/09/01 10:52:47 fetching corpus: 4129, signal 153099/182788 (executing program)
2025/09/01 10:52:47 fetching corpus: 4179, signal 153902/183219 (executing program)
2025/09/01 10:52:47 fetching corpus: 4229, signal 155891/183698 (executing program)
2025/09/01 10:52:47 fetching corpus: 4278, signal 156297/184020 (executing program)
2025/09/01 10:52:47 fetching corpus: 4327, signal 156900/184352 (executing program)
2025/09/01 10:52:47 fetching corpus: 4377, signal 157311/184686 (executing program)
2025/09/01 10:52:47 fetching corpus: 4427, signal 157689/184994 (executing program)
2025/09/01 10:52:47 fetching corpus: 4477, signal 158307/185305 (executing program)
2025/09/01 10:52:47 fetching corpus: 4527, signal 158620/185436 (executing program)
2025/09/01 10:52:47 fetching corpus: 4577, signal 159023/185468 (executing program)
2025/09/01 10:52:47 fetching corpus: 4627, signal 159599/185472 (executing program)
2025/09/01 10:52:48 fetching corpus: 4677, signal 160060/185482 (executing program)
2025/09/01 10:52:48 fetching corpus: 4727, signal 160571/185502 (executing program)
2025/09/01 10:52:48 fetching corpus: 4777, signal 160974/185542 (executing program)
2025/09/01 10:52:48 fetching corpus: 4827, signal 161453/185546 (executing program)
2025/09/01 10:52:48 fetching corpus: 4877, signal 161845/185567 (executing program)
2025/09/01 10:52:48 fetching corpus: 4927, signal 162170/185571 (executing program)
2025/09/01 10:52:48 fetching corpus: 4977, signal 162512/185589 (executing program)
2025/09/01 10:52:48 fetching corpus: 5027, signal 163195/185614 (executing program)
2025/09/01 10:52:48 fetching corpus: 5077, signal 163618/185736 (executing program)
2025/09/01 10:52:48 fetching corpus: 5127, signal 164025/185736 (executing program)
2025/09/01 10:52:48 fetching corpus: 5177, signal 164545/185768 (executing program)
2025/09/01 10:52:49 fetching corpus: 5227, signal 165066/185771 (executing program)
2025/09/01 10:52:49 fetching corpus: 5277, signal 165742/185795 (executing program)
2025/09/01 10:52:49 fetching corpus: 5327, signal 166131/185835 (executing program)
2025/09/01 10:52:49 fetching corpus: 5377, signal 166749/185845 (executing program)
2025/09/01 10:52:49 fetching corpus: 5427, signal 167094/185869 (executing program)
2025/09/01 10:52:49 fetching corpus: 5477, signal 167398/185874 (executing program)
2025/09/01 10:52:49 fetching corpus: 5527, signal 167955/185874 (executing program)
2025/09/01 10:52:49 fetching corpus: 5576, signal 168396/185932 (executing program)
2025/09/01 10:52:49 fetching corpus: 5626, signal 168644/185942 (executing program)
2025/09/01 10:52:49 fetching corpus: 5675, signal 168899/185948 (executing program)
2025/09/01 10:52:49 fetching corpus: 5725, signal 169386/185955 (executing program)
2025/09/01 10:52:49 fetching corpus: 5775, signal 169830/185968 (executing program)
2025/09/01 10:52:50 fetching corpus: 5825, signal 170184/185971 (executing program)
2025/09/01 10:52:50 fetching corpus: 5875, signal 170526/185975 (executing program)
2025/09/01 10:52:50 fetching corpus: 5925, signal 170785/185998 (executing program)
2025/09/01 10:52:50 fetching corpus: 5975, signal 171368/186023 (executing program)
2025/09/01 10:52:50 fetching corpus: 6025, signal 171812/186029 (executing program)
2025/09/01 10:52:50 fetching corpus: 6075, signal 172095/186031 (executing program)
2025/09/01 10:52:50 fetching corpus: 6125, signal 172493/186045 (executing program)
2025/09/01 10:52:50 fetching corpus: 6175, signal 172940/186095 (executing program)
2025/09/01 10:52:50 fetching corpus: 6225, signal 173308/186100 (executing program)
2025/09/01 10:52:50 fetching corpus: 6275, signal 173546/186110 (executing program)
2025/09/01 10:52:50 fetching corpus: 6325, signal 173990/186154 (executing program)
2025/09/01 10:52:50 fetching corpus: 6375, signal 174333/186162 (executing program)
2025/09/01 10:52:51 fetching corpus: 6425, signal 174684/186169 (executing program)
2025/09/01 10:52:51 fetching corpus: 6475, signal 175280/186171 (executing program)
2025/09/01 10:52:51 fetching corpus: 6525, signal 175575/186184 (executing program)
2025/09/01 10:52:51 fetching corpus: 6575, signal 175891/186188 (executing program)
2025/09/01 10:52:51 fetching corpus: 6625, signal 176213/186196 (executing program)
2025/09/01 10:52:51 fetching corpus: 6675, signal 176451/186221 (executing program)
2025/09/01 10:52:51 fetching corpus: 6725, signal 176732/186227 (executing program)
2025/09/01 10:52:51 fetching corpus: 6775, signal 176973/186227 (executing program)
2025/09/01 10:52:51 fetching corpus: 6825, signal 177291/186231 (executing program)
2025/09/01 10:52:51 fetching corpus: 6875, signal 177530/186247 (executing program)
2025/09/01 10:52:51 fetching corpus: 6925, signal 177710/186282 (executing program)
2025/09/01 10:52:51 fetching corpus: 6975, signal 178039/186287 (executing program)
2025/09/01 10:52:52 fetching corpus: 7025, signal 178357/186293 (executing program)
2025/09/01 10:52:52 fetching corpus: 7075, signal 178691/186326 (executing program)
2025/09/01 10:52:52 fetching corpus: 7125, signal 178958/186328 (executing program)
2025/09/01 10:52:52 fetching corpus: 7175, signal 179323/186328 (executing program)
2025/09/01 10:52:52 fetching corpus: 7224, signal 179555/186332 (executing program)
2025/09/01 10:52:52 fetching corpus: 7274, signal 179855/186339 (executing program)
2025/09/01 10:52:52 fetching corpus: 7324, signal 180228/186346 (executing program)
2025/09/01 10:52:52 fetching corpus: 7374, signal 180479/186368 (executing program)
2025/09/01 10:52:52 fetching corpus: 7424, signal 180831/186371 (executing program)
2025/09/01 10:52:52 fetching corpus: 7474, signal 181141/186372 (executing program)
2025/09/01 10:52:52 fetching corpus: 7524, signal 181334/186372 (executing program)
2025/09/01 10:52:52 fetching corpus: 7574, signal 181585/186372 (executing program)
2025/09/01 10:52:53 fetching corpus: 7624, signal 181891/186406 (executing program)
2025/09/01 10:52:53 fetching corpus: 7674, signal 182149/186409 (executing program)
2025/09/01 10:52:53 fetching corpus: 7724, signal 182508/186417 (executing program)
2025/09/01 10:52:53 fetching corpus: 7774, signal 182811/186423 (executing program)
2025/09/01 10:52:53 fetching corpus: 7824, signal 183041/186426 (executing program)
2025/09/01 10:52:53 fetching corpus: 7874, signal 183403/186434 (executing program)
2025/09/01 10:52:53 fetching corpus: 7912, signal 183625/186449 (executing program)
2025/09/01 10:52:53 fetching corpus: 7912, signal 183625/186449 (executing program)
2025/09/01 10:52:55 starting 8 fuzzer processes
10:52:55 executing program 0:
io_setup(0xfff, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x140241, 0x0)
io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)='r', 0x5}])

10:52:55 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

10:52:55 executing program 7:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "2a7fe5e59ef5f56348f256dcc3e8c571df578b052aa1da2402b2ffc5ed09d5d459aab4a10a05678542c2b7dc0bac3e5fbdb85c49291d30f19445cae1b1e48228"}, 0x48, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r0)

10:52:56 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fallocate(r0, 0x8, 0x0, 0x9)

10:52:56 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {0x0, 0x0, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
open$dir(0x0, 0x0, 0x0)

[   85.432113] audit: type=1400 audit(1756723976.091:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:52:56 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x2, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}})

10:52:56 executing program 5:
syz_mount_image$nfs4(&(0x7f0000001940), &(0x7f0000001980)='./file0\x00', 0x0, 0x0, &(0x7f0000001a80), 0x0, &(0x7f0000001ac0))

10:52:56 executing program 6:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x89e1, &(0x7f0000000bc0)={'wlan1\x00'})

[   86.716456] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.719765] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.721989] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.724146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.730364] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.732109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.735377] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.737327] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.740108] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.741947] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.742525] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.750560] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.755323] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.758555] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.762149] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.766359] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.770589] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.772638] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.778218] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.792617] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.932495] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.939616] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.970775] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   86.971350] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.985311] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   86.985817] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.988215] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   86.990491] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   86.990620] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   86.995619] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   86.999356] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   87.002594] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   87.013586] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   87.018143] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   87.025753] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   87.052197] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   87.068215] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   87.069641] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   87.072372] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   87.095338] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   88.810117] Bluetooth: hci1: command tx timeout
[   88.811278] Bluetooth: hci2: command tx timeout
[   88.812228] Bluetooth: hci0: command tx timeout
[   88.872963] Bluetooth: hci3: command tx timeout
[   89.065928] Bluetooth: hci6: command tx timeout
[   89.067029] Bluetooth: hci4: command tx timeout
[   89.130287] Bluetooth: hci5: command tx timeout
[   89.193029] Bluetooth: hci7: command tx timeout
[   90.857075] Bluetooth: hci1: command tx timeout
[   90.857628] Bluetooth: hci2: command tx timeout
[   90.857664] Bluetooth: hci0: command tx timeout
[   90.921821] Bluetooth: hci3: command tx timeout
[   91.113920] Bluetooth: hci6: command tx timeout
[   91.114038] Bluetooth: hci4: command tx timeout
[   91.178882] Bluetooth: hci5: command tx timeout
[   91.241077] Bluetooth: hci7: command tx timeout
[   92.905013] Bluetooth: hci0: command tx timeout
[   92.905068] Bluetooth: hci1: command tx timeout
[   92.906116] Bluetooth: hci2: command tx timeout
[   92.969367] Bluetooth: hci3: command tx timeout
[   93.161223] Bluetooth: hci6: command tx timeout
[   93.162450] Bluetooth: hci4: command tx timeout
[   93.224989] Bluetooth: hci5: command tx timeout
[   93.288957] Bluetooth: hci7: command tx timeout
[   94.953922] Bluetooth: hci1: command tx timeout
[   94.954435] Bluetooth: hci0: command tx timeout
[   94.954914] Bluetooth: hci2: command tx timeout
[   95.017879] Bluetooth: hci3: command tx timeout
[   95.210065] Bluetooth: hci6: command tx timeout
[   95.210505] Bluetooth: hci4: command tx timeout
[   95.273927] Bluetooth: hci5: command tx timeout
[   95.338005] Bluetooth: hci7: command tx timeout
[  128.765410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.766097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.942565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.943439] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:53:40 executing program 4:
fspick(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
syz_mount_image$iso9660(&(0x7f0000004f80), &(0x7f0000004fc0)='./file0\x00', 0x0, 0x1, &(0x7f0000005080)=[{&(0x7f0000005000)=',', 0x1, 0x100000001}], 0x808000, &(0x7f00000050c0)={[{}]})

[  129.520289] loop4: detected capacity change from 0 to 264192
[  129.581904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.582539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:53:40 executing program 4:
fspick(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
syz_mount_image$iso9660(&(0x7f0000004f80), &(0x7f0000004fc0)='./file0\x00', 0x0, 0x1, &(0x7f0000005080)=[{&(0x7f0000005000)=',', 0x1, 0x100000001}], 0x808000, &(0x7f00000050c0)={[{}]})

[  129.718902] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.719523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.760387] loop4: detected capacity change from 0 to 264192
10:53:40 executing program 4:
fspick(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
syz_mount_image$iso9660(&(0x7f0000004f80), &(0x7f0000004fc0)='./file0\x00', 0x0, 0x1, &(0x7f0000005080)=[{&(0x7f0000005000)=',', 0x1, 0x100000001}], 0x808000, &(0x7f00000050c0)={[{}]})

[  130.051053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.051704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:53:40 executing program 4:
fspick(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
syz_mount_image$iso9660(&(0x7f0000004f80), &(0x7f0000004fc0)='./file0\x00', 0x0, 0x1, &(0x7f0000005080)=[{&(0x7f0000005000)=',', 0x1, 0x100000001}], 0x808000, &(0x7f00000050c0)={[{}]})

10:53:40 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x28, r1, 0x201, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}}, 0x28}}, 0x0)

[  130.351303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.351973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:53:41 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x25, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x25, &(0x7f0000000000)=0x9, 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup3(r1, r2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x25, &(0x7f0000000000), 0x4)

[  130.489913] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.490565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:53:41 executing program 5:
listen(0xffffffffffffffff, 0x0)

10:53:41 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000001c0)={{}, 'port0\x00'})

[  130.628301] audit: type=1400 audit(1756724021.285:8): avc:  denied  { open } for  pid=3829 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  130.635969] audit: type=1400 audit(1756724021.285:9): avc:  denied  { kernel } for  pid=3829 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  130.661314] loop3: detected capacity change from 0 to 6
[  130.675527] FAT-fs (loop3): Directory bread(block 6) failed
[  130.679029] FAT-fs (loop3): Directory bread(block 7) failed
[  130.679795] FAT-fs (loop3): Directory bread(block 8) failed
[  130.682925] FAT-fs (loop3): Directory bread(block 9) failed
[  130.698716] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.699803] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.077703] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.078475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.204719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.205813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.287131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.287749] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.364523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.365688] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.661307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.662122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.726119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.727421] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.395610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.396563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.420740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.421573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:53:43 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {0x0, 0x0, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
open$dir(0x0, 0x0, 0x0)

10:53:43 executing program 5:
listen(0xffffffffffffffff, 0x0)

10:53:43 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000001c0)={{}, 'port0\x00'})

10:53:43 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fallocate(r0, 0x8, 0x0, 0x9)

10:53:43 executing program 6:
syz_mount_image$msdos(&(0x7f0000001400), &(0x7f0000001440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)={[{@fat=@uid}]})

10:53:43 executing program 7:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "2a7fe5e59ef5f56348f256dcc3e8c571df578b052aa1da2402b2ffc5ed09d5d459aab4a10a05678542c2b7dc0bac3e5fbdb85c49291d30f19445cae1b1e48228"}, 0x48, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r0)

10:53:43 executing program 0:
io_setup(0xfff, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x140241, 0x0)
io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)='r', 0x5}])

10:53:43 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

[  132.629406] No source specified
[  132.645011] No source specified
[  132.668736] loop3: detected capacity change from 0 to 6
10:53:43 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000001c0)={{}, 'port0\x00'})

10:53:43 executing program 0:
io_setup(0xfff, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x140241, 0x0)
io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)='r', 0x5}])

10:53:43 executing program 5:
listen(0xffffffffffffffff, 0x0)

[  132.691127] FAT-fs (loop3): Directory bread(block 6) failed
[  132.691709] FAT-fs (loop3): Directory bread(block 7) failed
[  132.694138] FAT-fs (loop3): Directory bread(block 8) failed
[  132.704882] FAT-fs (loop3): Directory bread(block 9) failed
10:53:43 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fallocate(r0, 0x8, 0x0, 0x9)

10:53:43 executing program 7:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "2a7fe5e59ef5f56348f256dcc3e8c571df578b052aa1da2402b2ffc5ed09d5d459aab4a10a05678542c2b7dc0bac3e5fbdb85c49291d30f19445cae1b1e48228"}, 0x48, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r0)

10:53:43 executing program 5:
listen(0xffffffffffffffff, 0x0)

10:53:43 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {0x0, 0x0, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
open$dir(0x0, 0x0, 0x0)

10:53:43 executing program 6:
syz_mount_image$msdos(&(0x7f0000001400), &(0x7f0000001440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)={[{@fat=@uid}]})

10:53:43 executing program 0:
io_setup(0xfff, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x140241, 0x0)
io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)='r', 0x5}])

10:53:43 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3)

10:53:43 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000001c0)={{}, 'port0\x00'})

10:53:43 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_GET_PACK_ID(r1, 0x5386, &(0x7f0000000000))

10:53:43 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fallocate(r0, 0x8, 0x0, 0x9)

10:53:43 executing program 7:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "2a7fe5e59ef5f56348f256dcc3e8c571df578b052aa1da2402b2ffc5ed09d5d459aab4a10a05678542c2b7dc0bac3e5fbdb85c49291d30f19445cae1b1e48228"}, 0x48, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, r0)

[  132.960432] No source specified
[  132.969158] BUG: unable to handle page fault for address: ffffed10212c9106
[  132.970199] #PF: supervisor read access in kernel mode
[  132.970994] #PF: error_code(0x0000) - not-present page
[  132.972103] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 
[  132.978282] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[  132.979007] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  132.980732] Tainted: [W]=WARN
[  132.981212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  132.982402] RIP: 0010:perf_tp_event+0x175/0xe70
[  132.983110] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  132.985746] RSP: 0018:ffff8880476ff780 EFLAGS: 00010016
[  132.986521] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: ffffc900090d2000
[  132.987563] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff888109648830
[  132.988610] RBP: ffff8880476ff9f0 R08: ffff88806ce31340 R09: ffffe8ffffc164a8
[  132.989674] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000
[  132.990709] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  132.991751] FS:  00007f85c0454700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  132.992940] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  132.993792] CR2: ffffed10212c9106 CR3: 000000001845c000 CR4: 0000000000350ef0
[  132.994824] Call Trace:
[  132.995213]  <TASK>
[  132.995562]  ? __pfx_perf_tp_event+0x10/0x10
[  132.996236]  ? __asan_memcpy+0x3d/0x60
[  132.996825]  ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[  132.997746]  ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[  132.998691]  ? lock_is_held_type+0x9e/0x120
[  132.999341]  ? ctx_sched_in+0x134/0x9b0
[  132.999936]  ? kvm_sched_clock_read+0x16/0x30
[  133.000610]  ? sched_clock+0x37/0x60
[  133.001187]  ? sched_clock_cpu+0x6c/0x4e0
[  133.001815]  ? lock_is_held_type+0x9e/0x120
[  133.002461]  ? perf_trace_run_bpf_submit+0xef/0x180
[  133.003221]  ? lock_is_held_type+0x9e/0x120
[  133.003870]  perf_trace_run_bpf_submit+0xef/0x180
[  133.004594]  perf_trace_preemptirq_template+0x259/0x430
[  133.005405]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  133.006267]  ? check_preempt_wakeup_fair+0x406/0x950
[  133.007014]  ? find_held_lock+0x2b/0x80
[  133.007623]  ? try_to_wake_up+0x8ae/0x11d0
[  133.008257]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  133.009046]  trace_irq_enable.constprop.0+0xa6/0x100
[  133.009792]  trace_hardirqs_on+0x26/0x40
[  133.010393]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  133.011128]  try_to_wake_up+0x8ae/0x11d0
[  133.011753]  ? __pfx_try_to_wake_up+0x10/0x10
[  133.012426]  ? plist_del+0x122/0x270
[  133.013009]  ? find_held_lock+0x2b/0x80
[  133.013612]  ? futex_wake+0x474/0x540
[  133.014192]  wake_up_q+0xa1/0x130
[  133.014726]  futex_wake+0x47e/0x540
[  133.015282]  ? __pfx_futex_wake+0x10/0x10
[  133.015914]  ? __do_sys_perf_event_open+0x44d/0x2c20
[  133.016669]  ? lock_release+0xc8/0x290
[  133.017270]  do_futex+0x26d/0x370
[  133.017796]  ? __pfx_do_futex+0x10/0x10
[  133.018392]  __x64_sys_futex+0x1c9/0x4d0
[  133.018997]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  133.019840]  ? __pfx___x64_sys_futex+0x10/0x10
[  133.020521]  ? xfd_validate_state+0x55/0x180
[  133.021200]  do_syscall_64+0xbf/0x360
[  133.021774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.022531] RIP: 0033:0x7f85c2edeb19
[  133.023087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.025698] RSP: 002b:00007f85c0454218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.026805] RAX: ffffffffffffffda RBX: 00007f85c2ff1f68 RCX: 00007f85c2edeb19
[  133.027839] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f85c2ff1f6c
[  133.028882] RBP: 00007f85c2ff1f60 R08: 000000000000000e R09: 0000000000000000
[  133.029943] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f85c2ff1f6c
[  133.031020] R13: 00007ffe9954c8ef R14: 00007f85c0454300 R15: 0000000000022000
[  133.032105]  </TASK>
[  133.032473] Modules linked in:
[  133.032992] CR2: ffffed10212c9106
[  133.033521] ---[ end trace 0000000000000000 ]---
[  133.034228] RIP: 0010:perf_tp_event+0x175/0xe70
[  133.034959] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  133.037693] RSP: 0018:ffff8880476ff780 EFLAGS: 00010016
[  133.038501] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: ffffc900090d2000
[  133.039577] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff888109648830
[  133.040645] RBP: ffff8880476ff9f0 R08: ffff88806ce31340 R09: ffffe8ffffc164a8
[  133.041723] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000
[  133.042802] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  133.043878] FS:  00007f85c0454700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  133.045105] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.045996] CR2: ffffed10212c9106 CR3: 000000001845c000 CR4: 0000000000350ef0
[  133.047081] note: syz-executor.3[3959] exited with irqs disabled
[  133.048116] BUG: unable to handle page fault for address: ffffed10212c9106
[  133.049173] #PF: supervisor read access in kernel mode
[  133.049963] #PF: error_code(0x0000) - not-present page
[  133.050748] PGD 7ffd4067 P4D 7ffd4067 PUD 7ffd3067 PMD 0 
[  133.051602] Oops: Oops: 0000 [#2] SMP KASAN NOPTI
[  133.052347] CPU: 0 UID: 0 PID: 3959 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  133.054153] Tainted: [D]=DIE, [W]=WARN
[  133.054738] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  133.055976] RIP: 0010:perf_tp_event+0x175/0xe70
[  133.056703] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  133.059439] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010016
[  133.060278] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: 0000000000000002
[  133.061418] RDX: ffff8880458c5280 RSI: ffffffff8189a4e7 RDI: ffff888109648830
[  133.062532] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc164a8
[  133.063660] R10: 0000000000000000 R11: 0000000000024ba9 R12: dffffc0000000000
[  133.064779] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  133.065915] FS:  00007f85c0454700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  133.067181] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.068108] CR2: ffffed10212c9106 CR3: 000000001845c000 CR4: 0000000000350ef0
[  133.069241] Call Trace:
[  133.069660]  <IRQ>
[  133.070015]  ? css_rstat_updated+0x1b8/0x4d0
[  133.070734]  ? __pfx_perf_tp_event+0x10/0x10
[  133.071448]  ? trace_pelt_se_tp+0xdf/0x130
[  133.072130]  ? __cgroup_account_cputime+0x31/0xc0
[  133.072923]  ? do_raw_spin_lock+0x123/0x260
[  133.073614]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  133.074353]  ? lock_acquire+0x18c/0x2f0
[  133.074991]  ? update_cfs_group+0x11d/0x260
[  133.075686]  ? lock_release+0x1c7/0x290
[  133.076327]  ? do_raw_spin_unlock+0x53/0x220
[  133.077053]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  133.077868]  ? try_to_wake_up+0x128/0x11d0
[  133.078556]  ? do_raw_spin_lock+0x123/0x260
[  133.079262]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  133.080005]  ? perf_trace_run_bpf_submit+0xef/0x180
[  133.080813]  perf_trace_run_bpf_submit+0xef/0x180
[  133.081598]  perf_trace_preemptirq_template+0x259/0x430
[  133.082449]  ? read_tsc+0x9/0x20
[  133.083005]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  133.083940]  ? clockevents_program_event+0x135/0x360
[  133.084769]  ? tick_program_event+0xac/0x140
[  133.085487]  ? handle_softirqs+0x16e/0x770
[  133.086183]  trace_irq_enable.constprop.0+0xa6/0x100
[  133.086990]  trace_hardirqs_on+0x26/0x40
[  133.087632]  handle_softirqs+0x16e/0x770
[  133.088292]  __irq_exit_rcu+0xc4/0x100
[  133.088942]  irq_exit_rcu+0x9/0x20
[  133.089516]  sysvec_apic_timer_interrupt+0x70/0x80
[  133.090309]  </IRQ>
[  133.090679]  <TASK>
[  133.091045]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  133.091887] RIP: 0010:make_task_dead+0xa2/0x3b0
[  133.092637] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 <e8> e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[  133.095465] RSP: 0018:ffff8880476fff28 EFLAGS: 00000246
[  133.096303] RAX: 0000000000000001 RBX: ffff8880458c5280 RCX: ffffffff817c3ab6
[  133.097434] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  133.098543] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  133.099645] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff8880458c5280
[  133.100752] R13: 0000000000000009 R14: ffff8880476ff760 R15: 0000000000000000
[  133.101885]  ? trace_irq_enable.constprop.0+0x26/0x100
[  133.102730]  ? make_task_dead+0x214/0x3b0
[  133.103404]  ? make_task_dead+0x214/0x3b0
[  133.104071]  ? do_syscall_64+0xbf/0x360
[  133.104713]  rewind_stack_and_make_dead+0x16/0x20
[  133.105502] RIP: 0033:0x7f85c2edeb19
[  133.106101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.108955] RSP: 002b:00007f85c0454218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.110158] RAX: ffffffffffffffda RBX: 00007f85c2ff1f68 RCX: 00007f85c2edeb19
[  133.111278] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f85c2ff1f6c
[  133.112402] RBP: 00007f85c2ff1f60 R08: 000000000000000e R09: 0000000000000000
[  133.113540] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f85c2ff1f6c
[  133.114668] R13: 00007ffe9954c8ef R14: 00007f85c0454300 R15: 0000000000022000
[  133.115796]  </TASK>
[  133.116186] Modules linked in:
[  133.116697] CR2: ffffed10212c9106
[  133.117260] ---[ end trace 0000000000000000 ]---
[  133.118009] RIP: 0010:perf_tp_event+0x175/0xe70
[  133.118769] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  133.121633] RSP: 0018:ffff8880476ff780 EFLAGS: 00010016
[  133.122475] RAX: 1ffff110212c9106 RBX: ffff888109648640 RCX: ffffc900090d2000
[  133.123600] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: ffff888109648830
[  133.124741] RBP: ffff8880476ff9f0 R08: ffff88806ce31340 R09: ffffe8ffffc164a8
[  133.125885] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000
[  133.127010] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  133.128130] FS:  00007f85c0454700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  133.129786] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.130712] CR2: ffffed10212c9106 CR3: 000000001845c000 CR4: 0000000000350ef0
[  133.131857] Kernel panic - not syncing: Fatal exception in interrupt
[  133.133106] Kernel Offset: disabled
[  133.133689] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
10:53:43  Registers:
info registers vcpu 0
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880476fef98
R8 =0000000000000000 R9 =ffffed10013e4046 R10=0000000000000031 R11=6466663720444750
R12=0000000000000031 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f85c0454700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=ffffed10212c9106 CR3=000000001845c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f85c2fc57c000007f85c2fc57c8
XMM02=00007f85c2fc57e000007f85c2fc57c0 XMM03=00007f85c2fc57c800007f85c2fc57c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffffffff8183c930 RBX=ffff8880185f6800 RCX=ffffffff8175485d RDX=ffff8880161c0000
RSI=ffffc900006c7048 RDI=ffff888016bcfe20 RBP=000000007fff0000 RSP=ffff888016bcfdd0
R8 =0000000000000000 R9 =ffffed10030beb06 R10=000000007fff0000 R11=0000000000000000
R12=000000007fff0000 R13=dffffc0000000000 R14=000000007fff0000 R15=ffffc900006c7000
RIP=ffffffff8183c934 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f93bbeea8c0 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fcafe797018 CR3=000000000d55c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffff00000000000000000000
XMM02=000000000000307570632f302f716d2f XMM03=7269762f736563697665642f7379732f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000562a5a93cdd00000562a5a92c110
XMM06=0000562a5a93cd900000000000000000 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000