Warning: Permanently added '[localhost]:36231' (ECDSA) to the list of known hosts.
2025/08/29 12:11:49 fuzzer started
2025/08/29 12:11:49 dialing manager at localhost:43077
syzkaller login: [   50.184212] cgroup: Unknown subsys name 'net'
[   50.252426] cgroup: Unknown subsys name 'cpuset'
[   50.264834] cgroup: Unknown subsys name 'rlimit'
2025/08/29 12:12:00 syscalls: 2214
2025/08/29 12:12:00 code coverage: enabled
2025/08/29 12:12:00 comparison tracing: enabled
2025/08/29 12:12:00 extra coverage: enabled
2025/08/29 12:12:00 setuid sandbox: enabled
2025/08/29 12:12:00 namespace sandbox: enabled
2025/08/29 12:12:00 Android sandbox: enabled
2025/08/29 12:12:00 fault injection: enabled
2025/08/29 12:12:00 leak checking: enabled
2025/08/29 12:12:00 net packet injection: enabled
2025/08/29 12:12:00 net device setup: enabled
2025/08/29 12:12:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 12:12:00 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 12:12:00 USB emulation: enabled
2025/08/29 12:12:00 hci packet injection: enabled
2025/08/29 12:12:00 wifi device emulation: enabled
2025/08/29 12:12:00 802.15.4 emulation: enabled
2025/08/29 12:12:00 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 12:12:00 fetching corpus: 49, signal 21885/25400 (executing program)
2025/08/29 12:12:00 fetching corpus: 99, signal 27532/32664 (executing program)
2025/08/29 12:12:00 fetching corpus: 149, signal 36140/42577 (executing program)
2025/08/29 12:12:00 fetching corpus: 199, signal 49788/57192 (executing program)
2025/08/29 12:12:00 fetching corpus: 249, signal 53699/62339 (executing program)
2025/08/29 12:12:01 fetching corpus: 299, signal 60070/69685 (executing program)
2025/08/29 12:12:01 fetching corpus: 349, signal 65640/76155 (executing program)
2025/08/29 12:12:01 fetching corpus: 399, signal 67725/79384 (executing program)
2025/08/29 12:12:01 fetching corpus: 449, signal 70679/83334 (executing program)
2025/08/29 12:12:01 fetching corpus: 499, signal 73692/87248 (executing program)
2025/08/29 12:12:01 fetching corpus: 549, signal 76989/91358 (executing program)
2025/08/29 12:12:01 fetching corpus: 599, signal 80927/96004 (executing program)
2025/08/29 12:12:01 fetching corpus: 649, signal 84100/99862 (executing program)
2025/08/29 12:12:01 fetching corpus: 699, signal 86427/102972 (executing program)
2025/08/29 12:12:01 fetching corpus: 749, signal 88964/106220 (executing program)
2025/08/29 12:12:01 fetching corpus: 799, signal 90792/108792 (executing program)
2025/08/29 12:12:02 fetching corpus: 849, signal 92564/111233 (executing program)
2025/08/29 12:12:02 fetching corpus: 899, signal 94154/113559 (executing program)
2025/08/29 12:12:02 fetching corpus: 949, signal 95291/115524 (executing program)
2025/08/29 12:12:02 fetching corpus: 999, signal 97825/118528 (executing program)
2025/08/29 12:12:02 fetching corpus: 1049, signal 98755/120243 (executing program)
2025/08/29 12:12:02 fetching corpus: 1099, signal 101022/122925 (executing program)
2025/08/29 12:12:02 fetching corpus: 1149, signal 102612/125136 (executing program)
2025/08/29 12:12:02 fetching corpus: 1199, signal 103672/126852 (executing program)
2025/08/29 12:12:02 fetching corpus: 1249, signal 104581/128447 (executing program)
2025/08/29 12:12:02 fetching corpus: 1299, signal 105912/130344 (executing program)
2025/08/29 12:12:02 fetching corpus: 1349, signal 107060/132120 (executing program)
2025/08/29 12:12:03 fetching corpus: 1399, signal 108537/134027 (executing program)
2025/08/29 12:12:03 fetching corpus: 1449, signal 109813/135798 (executing program)
2025/08/29 12:12:03 fetching corpus: 1499, signal 111316/137637 (executing program)
2025/08/29 12:12:03 fetching corpus: 1549, signal 112477/139264 (executing program)
2025/08/29 12:12:03 fetching corpus: 1599, signal 113722/140928 (executing program)
2025/08/29 12:12:03 fetching corpus: 1649, signal 114546/142287 (executing program)
2025/08/29 12:12:03 fetching corpus: 1699, signal 116020/144027 (executing program)
2025/08/29 12:12:03 fetching corpus: 1749, signal 117385/145670 (executing program)
2025/08/29 12:12:03 fetching corpus: 1799, signal 118904/147379 (executing program)
2025/08/29 12:12:04 fetching corpus: 1849, signal 119867/148697 (executing program)
2025/08/29 12:12:04 fetching corpus: 1899, signal 120763/150026 (executing program)
2025/08/29 12:12:04 fetching corpus: 1949, signal 121614/151264 (executing program)
2025/08/29 12:12:04 fetching corpus: 1999, signal 122471/152474 (executing program)
2025/08/29 12:12:04 fetching corpus: 2049, signal 123674/153960 (executing program)
2025/08/29 12:12:04 fetching corpus: 2099, signal 124563/155151 (executing program)
2025/08/29 12:12:04 fetching corpus: 2149, signal 125292/156254 (executing program)
2025/08/29 12:12:04 fetching corpus: 2199, signal 126075/157397 (executing program)
2025/08/29 12:12:04 fetching corpus: 2249, signal 126700/158365 (executing program)
2025/08/29 12:12:04 fetching corpus: 2299, signal 127489/159440 (executing program)
2025/08/29 12:12:04 fetching corpus: 2349, signal 128224/160508 (executing program)
2025/08/29 12:12:05 fetching corpus: 2399, signal 129897/161965 (executing program)
2025/08/29 12:12:05 fetching corpus: 2449, signal 130427/162881 (executing program)
2025/08/29 12:12:05 fetching corpus: 2499, signal 131481/163996 (executing program)
2025/08/29 12:12:05 fetching corpus: 2549, signal 132078/164883 (executing program)
2025/08/29 12:12:05 fetching corpus: 2599, signal 133026/165899 (executing program)
2025/08/29 12:12:05 fetching corpus: 2649, signal 133762/166857 (executing program)
2025/08/29 12:12:05 fetching corpus: 2699, signal 134453/167759 (executing program)
2025/08/29 12:12:05 fetching corpus: 2749, signal 135349/168748 (executing program)
2025/08/29 12:12:05 fetching corpus: 2799, signal 135876/169549 (executing program)
2025/08/29 12:12:05 fetching corpus: 2849, signal 136607/170400 (executing program)
2025/08/29 12:12:05 fetching corpus: 2899, signal 137359/171280 (executing program)
2025/08/29 12:12:05 fetching corpus: 2949, signal 138026/172130 (executing program)
2025/08/29 12:12:06 fetching corpus: 2999, signal 138798/173019 (executing program)
2025/08/29 12:12:06 fetching corpus: 3049, signal 139309/173781 (executing program)
2025/08/29 12:12:06 fetching corpus: 3099, signal 139786/174507 (executing program)
2025/08/29 12:12:06 fetching corpus: 3149, signal 140722/175413 (executing program)
2025/08/29 12:12:06 fetching corpus: 3199, signal 141324/176172 (executing program)
2025/08/29 12:12:06 fetching corpus: 3249, signal 141981/176927 (executing program)
2025/08/29 12:12:06 fetching corpus: 3299, signal 142491/177640 (executing program)
2025/08/29 12:12:06 fetching corpus: 3349, signal 143256/178464 (executing program)
2025/08/29 12:12:06 fetching corpus: 3399, signal 143778/179136 (executing program)
2025/08/29 12:12:06 fetching corpus: 3449, signal 144414/179843 (executing program)
2025/08/29 12:12:06 fetching corpus: 3499, signal 145024/180604 (executing program)
2025/08/29 12:12:07 fetching corpus: 3549, signal 145874/181318 (executing program)
2025/08/29 12:12:07 fetching corpus: 3599, signal 148031/182288 (executing program)
2025/08/29 12:12:07 fetching corpus: 3649, signal 148436/182837 (executing program)
2025/08/29 12:12:07 fetching corpus: 3699, signal 148950/183512 (executing program)
2025/08/29 12:12:07 fetching corpus: 3749, signal 149560/184089 (executing program)
2025/08/29 12:12:07 fetching corpus: 3799, signal 149959/184621 (executing program)
2025/08/29 12:12:07 fetching corpus: 3849, signal 150471/185205 (executing program)
2025/08/29 12:12:07 fetching corpus: 3899, signal 150942/185744 (executing program)
2025/08/29 12:12:07 fetching corpus: 3949, signal 151851/186387 (executing program)
2025/08/29 12:12:07 fetching corpus: 3999, signal 152502/186940 (executing program)
2025/08/29 12:12:07 fetching corpus: 4049, signal 153189/187545 (executing program)
2025/08/29 12:12:07 fetching corpus: 4099, signal 153500/188007 (executing program)
2025/08/29 12:12:08 fetching corpus: 4149, signal 153899/188460 (executing program)
2025/08/29 12:12:08 fetching corpus: 4199, signal 154694/188945 (executing program)
2025/08/29 12:12:08 fetching corpus: 4249, signal 155196/189410 (executing program)
2025/08/29 12:12:08 fetching corpus: 4299, signal 155656/189860 (executing program)
2025/08/29 12:12:08 fetching corpus: 4349, signal 156049/190312 (executing program)
2025/08/29 12:12:08 fetching corpus: 4399, signal 156495/190711 (executing program)
2025/08/29 12:12:08 fetching corpus: 4449, signal 157066/191114 (executing program)
2025/08/29 12:12:08 fetching corpus: 4499, signal 157671/191503 (executing program)
2025/08/29 12:12:08 fetching corpus: 4549, signal 158330/191935 (executing program)
2025/08/29 12:12:08 fetching corpus: 4599, signal 158901/192311 (executing program)
2025/08/29 12:12:08 fetching corpus: 4649, signal 159230/192590 (executing program)
2025/08/29 12:12:09 fetching corpus: 4699, signal 159586/192604 (executing program)
2025/08/29 12:12:09 fetching corpus: 4749, signal 160184/192728 (executing program)
2025/08/29 12:12:09 fetching corpus: 4799, signal 160693/192769 (executing program)
2025/08/29 12:12:09 fetching corpus: 4849, signal 161219/192772 (executing program)
2025/08/29 12:12:09 fetching corpus: 4899, signal 162056/192791 (executing program)
2025/08/29 12:12:09 fetching corpus: 4949, signal 162341/192793 (executing program)
2025/08/29 12:12:09 fetching corpus: 4999, signal 162821/192801 (executing program)
2025/08/29 12:12:09 fetching corpus: 5049, signal 163407/192893 (executing program)
2025/08/29 12:12:09 fetching corpus: 5099, signal 163903/192896 (executing program)
2025/08/29 12:12:10 fetching corpus: 5149, signal 164205/192897 (executing program)
2025/08/29 12:12:10 fetching corpus: 5199, signal 164780/192898 (executing program)
2025/08/29 12:12:10 fetching corpus: 5249, signal 165277/192947 (executing program)
2025/08/29 12:12:10 fetching corpus: 5299, signal 165512/192966 (executing program)
2025/08/29 12:12:10 fetching corpus: 5349, signal 166076/192973 (executing program)
2025/08/29 12:12:10 fetching corpus: 5399, signal 166436/192975 (executing program)
2025/08/29 12:12:10 fetching corpus: 5449, signal 166926/192995 (executing program)
2025/08/29 12:12:10 fetching corpus: 5499, signal 167260/193008 (executing program)
2025/08/29 12:12:10 fetching corpus: 5549, signal 167852/193014 (executing program)
2025/08/29 12:12:10 fetching corpus: 5599, signal 168149/193017 (executing program)
2025/08/29 12:12:10 fetching corpus: 5649, signal 168555/193043 (executing program)
2025/08/29 12:12:11 fetching corpus: 5699, signal 168962/193099 (executing program)
2025/08/29 12:12:11 fetching corpus: 5749, signal 169401/193102 (executing program)
2025/08/29 12:12:11 fetching corpus: 5799, signal 169802/193111 (executing program)
2025/08/29 12:12:11 fetching corpus: 5849, signal 170462/193115 (executing program)
2025/08/29 12:12:11 fetching corpus: 5899, signal 170837/193115 (executing program)
2025/08/29 12:12:11 fetching corpus: 5949, signal 171587/193123 (executing program)
2025/08/29 12:12:11 fetching corpus: 5999, signal 172587/193124 (executing program)
2025/08/29 12:12:11 fetching corpus: 6049, signal 172951/193124 (executing program)
2025/08/29 12:12:11 fetching corpus: 6099, signal 173288/193174 (executing program)
2025/08/29 12:12:11 fetching corpus: 6149, signal 173755/193181 (executing program)
2025/08/29 12:12:11 fetching corpus: 6199, signal 174386/193194 (executing program)
2025/08/29 12:12:12 fetching corpus: 6249, signal 174662/193205 (executing program)
2025/08/29 12:12:12 fetching corpus: 6299, signal 175079/193218 (executing program)
2025/08/29 12:12:12 fetching corpus: 6349, signal 175461/193237 (executing program)
2025/08/29 12:12:12 fetching corpus: 6399, signal 175692/193252 (executing program)
2025/08/29 12:12:12 fetching corpus: 6449, signal 176150/193252 (executing program)
2025/08/29 12:12:12 fetching corpus: 6499, signal 176475/193263 (executing program)
2025/08/29 12:12:12 fetching corpus: 6549, signal 176934/193321 (executing program)
2025/08/29 12:12:12 fetching corpus: 6599, signal 177162/193332 (executing program)
2025/08/29 12:12:12 fetching corpus: 6649, signal 177418/193381 (executing program)
2025/08/29 12:12:12 fetching corpus: 6699, signal 177819/193390 (executing program)
2025/08/29 12:12:12 fetching corpus: 6749, signal 178101/193393 (executing program)
2025/08/29 12:12:12 fetching corpus: 6799, signal 178349/193405 (executing program)
2025/08/29 12:12:13 fetching corpus: 6849, signal 178605/193413 (executing program)
2025/08/29 12:12:13 fetching corpus: 6899, signal 178857/193417 (executing program)
2025/08/29 12:12:13 fetching corpus: 6949, signal 179204/193429 (executing program)
2025/08/29 12:12:13 fetching corpus: 6999, signal 179548/193429 (executing program)
2025/08/29 12:12:13 fetching corpus: 7049, signal 179848/193438 (executing program)
2025/08/29 12:12:13 fetching corpus: 7099, signal 180175/193453 (executing program)
2025/08/29 12:12:13 fetching corpus: 7149, signal 180802/193459 (executing program)
2025/08/29 12:12:13 fetching corpus: 7199, signal 181119/193493 (executing program)
2025/08/29 12:12:13 fetching corpus: 7249, signal 181440/193494 (executing program)
2025/08/29 12:12:13 fetching corpus: 7299, signal 181742/193511 (executing program)
2025/08/29 12:12:14 fetching corpus: 7349, signal 181942/193520 (executing program)
2025/08/29 12:12:14 fetching corpus: 7399, signal 182325/193522 (executing program)
2025/08/29 12:12:14 fetching corpus: 7449, signal 182714/193529 (executing program)
2025/08/29 12:12:14 fetching corpus: 7499, signal 182915/193548 (executing program)
2025/08/29 12:12:14 fetching corpus: 7549, signal 183135/193555 (executing program)
2025/08/29 12:12:14 fetching corpus: 7599, signal 183274/193562 (executing program)
2025/08/29 12:12:14 fetching corpus: 7649, signal 183587/193564 (executing program)
2025/08/29 12:12:14 fetching corpus: 7699, signal 183900/193584 (executing program)
2025/08/29 12:12:14 fetching corpus: 7749, signal 184100/193592 (executing program)
2025/08/29 12:12:14 fetching corpus: 7799, signal 184322/193597 (executing program)
2025/08/29 12:12:14 fetching corpus: 7849, signal 184566/193606 (executing program)
2025/08/29 12:12:14 fetching corpus: 7899, signal 184932/193610 (executing program)
2025/08/29 12:12:15 fetching corpus: 7949, signal 185180/193618 (executing program)
2025/08/29 12:12:15 fetching corpus: 7999, signal 185373/193619 (executing program)
2025/08/29 12:12:15 fetching corpus: 8049, signal 185623/193644 (executing program)
2025/08/29 12:12:15 fetching corpus: 8099, signal 185847/193655 (executing program)
2025/08/29 12:12:15 fetching corpus: 8149, signal 186094/193662 (executing program)
2025/08/29 12:12:15 fetching corpus: 8199, signal 186341/193673 (executing program)
2025/08/29 12:12:15 fetching corpus: 8249, signal 186617/193682 (executing program)
2025/08/29 12:12:15 fetching corpus: 8299, signal 186968/193687 (executing program)
2025/08/29 12:12:15 fetching corpus: 8349, signal 187426/193688 (executing program)
2025/08/29 12:12:15 fetching corpus: 8399, signal 187705/193697 (executing program)
2025/08/29 12:12:16 fetching corpus: 8449, signal 187965/193700 (executing program)
2025/08/29 12:12:16 fetching corpus: 8499, signal 188208/193713 (executing program)
2025/08/29 12:12:16 fetching corpus: 8549, signal 188424/193715 (executing program)
2025/08/29 12:12:16 fetching corpus: 8599, signal 188614/193720 (executing program)
2025/08/29 12:12:16 fetching corpus: 8649, signal 188850/193722 (executing program)
2025/08/29 12:12:16 fetching corpus: 8699, signal 189223/193731 (executing program)
2025/08/29 12:12:16 fetching corpus: 8749, signal 189382/193746 (executing program)
2025/08/29 12:12:16 fetching corpus: 8799, signal 189603/193762 (executing program)
2025/08/29 12:12:16 fetching corpus: 8849, signal 189796/193793 (executing program)
2025/08/29 12:12:16 fetching corpus: 8899, signal 189981/193801 (executing program)
2025/08/29 12:12:16 fetching corpus: 8931, signal 190207/193804 (executing program)
2025/08/29 12:12:16 fetching corpus: 8931, signal 190207/193804 (executing program)
2025/08/29 12:12:19 starting 8 fuzzer processes
12:12:19 executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:12:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)={0x0, 0x0, 0xffffffb8})

12:12:19 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='(n\x00'}, @typed={0xd, 0x0, 0x0, 0x0, @str=',\'.),[)/\x00'}]}, 0x28}], 0x1}, 0x0)

12:12:19 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_linger(r0, 0x1, 0x28, 0x0, &(0x7f0000000140))

12:12:19 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)

12:12:19 executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
io_setup(0x400, &(0x7f0000000000)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
signalfd(r0, &(0x7f0000000140), 0x8)

[   79.826588] audit: type=1400 audit(1756469539.320:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:12:19 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
write$binfmt_elf64(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "e890e83563e5aebcc0ff19a58038addba76405fbce3da351a8caad3d796e3d2cc922a88d2aeef3da795d47334aba45633283c1f335896e8523b9718dd50c6673800b925fb6aa6977d487af2a89f5027a7caf481653332918d1e95f51695cb6165b61a6f705e694c912908e77c19ce6e94d5681afe68c6af2b8370b0e7519c68f2d4694d8d731e2160f8e2acf137a61bcc48073815fb997e1411d308abc0d0ea6a14c6196e8295fc820941961f818605891886651780db37b172cebdc0537190ba76f8f0927dbb654c60786f14cab39b57936fe78975914fd46f714cfea1a790d7b8afc411a498b795f3a9d8fca836d7d30935317590b9fad32233ee6881b687320dd9e04acb14817b2905589ac73c4c43e5fe99dbc1eea9ffef9d2c261c3080cc28e7f663a7d5a92e33bb96b3ecd81e2bf61b8a6a0dd92ac41456e67ced4c12a14e038f9b61f06a61a7b0dfe34053747c36c88e1b2005664719647ebce5e9767546ff28868e974f7ea317d3dc7c1295f46557717eccac31d1510076513621578a9c014048ceb176e1ddc76d6d6c070523974a76c559ebe95e1a8bbeb5e921b789e1a54d9a1bf501de52551c63095afe25346d10908ccb12ae02185ed67bda31f9acbd050320c50e7ee832bc99786da6aa38f90d68f2d558adb59f5d75419f7f8aec178b4a253a31bb6fe0a19aecb043332487e4c16d09d8f53b05a205ae34489b0716e155e39808604aeb95cbc8e88a7523575d184e0dbfe0d0c5dd03102c88e9599ef21b18033bed86e422297b4b66eb9f918727e04e1338c1b271d5f9e8153a44053a42f9c8b623c1e8b5773b0819aade72d7552bdf9d459334cd4d63e7e1fd7aba1ebc760bd16648a3bc7237c393ecc596bc0c50c3b1dc2986ff6ab05edf381efe3a106e0a53d7a5c43512058c647fc6ab3498efb703b288f6a4ce33c33f05ecbd45e16be15931d90d345e0610d9827e631a70ccad721074577bb23e6ac0b44f93ed7ef9c96c4bb6f99478a4ea6f0751b7bb6dd9dfe081ff992a1e35d1507b1376768077144651906290852b5d5bb782243d76d3934e538e788c626bc72a67f93df67767599bd246c115238bb3bd61217c3e62311b497b2f08abe93d69a2f17e23e9cac3b34a10594fea97b6ab742c59411867ac67d79b5ed3e2c3d10c231f8b53a32bb097e406d29abf2a0cd1bb2e7f858acb0cf49be867b041373db24a1784bebda269ad4ac65aebcf8489a03bd7ec1495e09b100bb0f364d9c8b2b88fbcd4bc0a63d209f1f597b03aec42ce7ad553a96837e988ce782e8c41225e283db283464696995a18bb6358d9e511a83f75de7ad865f6c23872a647ca2a377c86108196e9a9180c1c25384823f7d4d45f360bb112aa2b3b9abd4c3d5aca9a0c74fb08a2008a1f50c1ce595cf686154b04f7c58a3bd06c607250dd5f1889b6d2d73d6cdfbe497be571a0a8aadb85cd69fc5ec519de73328a079dfa95a790fdcdad6a2e268f6f273f9a21bdeb921456e403dbfa8b9cdca01c510fbfa6b52c2736366033d48b3da1ee23478c007ecf84244f47a770251035899d1f1c74a06d5e457cc23550eb6e530554d6c3fd7c1a2fb8377d7ed1d70ba0199e2b9c27fedfa102999566de2fbde3d70d92a5159e450429a41f5e5bd3faa1f532b3a8098634c46808ceea8dfc51f0afbc9050e4037c3a77c30c256a9b6276269fbbe020a64dcd0395ba3ffd274e71c838711652c9f1eddb594bb73da33a6cc9e845ac37a2e446a40c7e2445d170b47f034081814f50570e8c3ba64d3ae03123034ab4fe2b3a595450f1b50b7ba7c1b5a25", ['\x00', '\x00']}, 0x780)

12:12:19 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = getpgrp(0x0)
rt_tgsigqueueinfo(r1, r0, 0x12, &(0x7f0000000100))

[   80.998140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.000767] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.005952] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.012853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.017959] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.123863] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   81.128307] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   81.129935] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   81.146355] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   81.149818] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   81.201680] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   81.204483] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   81.206321] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   81.212309] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   81.217916] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   81.222584] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   81.224537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   81.227387] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   81.244583] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   81.248478] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   81.265286] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   81.282775] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   81.286640] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   81.288618] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   81.292483] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   81.305750] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   81.318606] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   81.319903] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   81.321017] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   81.324309] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   81.328444] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   81.336573] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   81.336614] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   81.341776] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   81.343635] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   81.350458] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   81.357521] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   81.358744] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   81.361979] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   81.367310] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   83.092693] Bluetooth: hci0: command tx timeout
[   83.219796] Bluetooth: hci1: command tx timeout
[   83.283095] Bluetooth: hci2: command tx timeout
[   83.349167] Bluetooth: hci3: command tx timeout
[   83.411246] Bluetooth: hci5: command tx timeout
[   83.475289] Bluetooth: hci4: command tx timeout
[   83.475920] Bluetooth: hci7: command tx timeout
[   83.476790] Bluetooth: hci6: command tx timeout
[   85.139187] Bluetooth: hci0: command tx timeout
[   85.267104] Bluetooth: hci1: command tx timeout
[   85.332065] Bluetooth: hci2: command tx timeout
[   85.395343] Bluetooth: hci3: command tx timeout
[   85.459199] Bluetooth: hci5: command tx timeout
[   85.523256] Bluetooth: hci6: command tx timeout
[   85.523701] Bluetooth: hci7: command tx timeout
[   85.523748] Bluetooth: hci4: command tx timeout
[   87.187308] Bluetooth: hci0: command tx timeout
[   87.315128] Bluetooth: hci1: command tx timeout
[   87.380112] Bluetooth: hci2: command tx timeout
[   87.443412] Bluetooth: hci3: command tx timeout
[   87.507447] Bluetooth: hci5: command tx timeout
[   87.571182] Bluetooth: hci6: command tx timeout
[   87.571299] Bluetooth: hci7: command tx timeout
[   87.571974] Bluetooth: hci4: command tx timeout
[   89.235137] Bluetooth: hci0: command tx timeout
[   89.363219] Bluetooth: hci1: command tx timeout
[   89.427151] Bluetooth: hci2: command tx timeout
[   89.494062] Bluetooth: hci3: command tx timeout
[   89.556186] Bluetooth: hci5: command tx timeout
[   89.619124] Bluetooth: hci7: command tx timeout
[   89.619380] Bluetooth: hci6: command tx timeout
[   89.619639] Bluetooth: hci4: command tx timeout
[  117.489214] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.489898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.697242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.697862] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:12:57 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='(n\x00'}, @typed={0xd, 0x0, 0x0, 0x0, @str=',\'.),[)/\x00'}]}, 0x28}], 0x1}, 0x0)

12:12:57 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='(n\x00'}, @typed={0xd, 0x0, 0x0, 0x0, @str=',\'.),[)/\x00'}]}, 0x28}], 0x1}, 0x0)

12:12:57 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)={0x28, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='(n\x00'}, @typed={0xd, 0x0, 0x0, 0x0, @str=',\'.),[)/\x00'}]}, 0x28}], 0x1}, 0x0)

12:12:58 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
signalfd4(r0, &(0x7f0000000040), 0x8, 0x0)

12:12:58 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
signalfd4(r0, &(0x7f0000000040), 0x8, 0x0)

12:12:58 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
signalfd4(r0, &(0x7f0000000040), 0x8, 0x0)

12:12:58 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
signalfd4(r0, &(0x7f0000000040), 0x8, 0x0)

12:12:58 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0)

[  119.242370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.243355] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.373955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.375117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.600564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.602019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.742132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.743277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.842820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.843503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.906474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.907266] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.977386] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.977982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.067721] audit: type=1400 audit(1756469579.561:8): avc:  denied  { open } for  pid=3879 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  120.072539] audit: type=1400 audit(1756469579.561:9): avc:  denied  { kernel } for  pid=3879 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  120.174849] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.175938] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.178532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.179176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.236899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.237661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.432704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.434823] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.511119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.511752] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.750192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.750811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.776640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.777509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.865658] program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO
12:13:00 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
geteuid()

12:13:00 executing program 6:
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x127800, 0x19, &(0x7f0000000200)=[{&(0x7f0000010000)="00000000000000000000000000000000000000000000000000000000000000ffffff00ffffff000000000000000000ffffff00ffffff000000000000000000ffffff00ffffff000000000000000000ffffff00ffffff000000000000000055aa", 0x60, 0x1a0}, {&(0x7f0000010100)="4244db8cf0c2db8cf0c2818000060003003501b800000800000020000004000000180000054344524f4d000000000000000000000000000000000000000000000000000000000000006b000060000000c00000010000000700000001000000000000000000000000000000000000000000000000000000000000000000000000000000006000018f000c00000000000000000000c000019b0018000000000000", 0xa0, 0x400}, {&(0x7f0000010200)="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x200, 0x600}, {&(0x7f0000010400)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d20202020202020202020202020202020202020202020202020202000000000000000004f0200000000024f00000000000000000000000000000000000000000000000000000000000000000100000101000001000808001800000000000018130000000000000000000015000000002200170000000000001700080000000008007809140b2a3a08020000010000010100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202073797a6b616c6c65722020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202047454e49534f494d4147452049534f20393636302f4846532046494c4553595354454d2043524541544f5220284329203139393320452e594f554e4744414c452028432920313939372d32303036204a2e50454152534f4e2f4a2e534348494c4c494e472028432920323030362d32303037204344524b4954205445414d202066696c6533202020202020202020202020202020202020202020202020202020202020202066696c6531202020202020202020202020202020202020202020202020202020202020202066696c6532202020202020202020202020202020202020202020202020202020202020202032303230303932303131343235383030083230323030393230313134323538303008303030303030303030303030303030300032303230303932303131343235383030080100202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000"/1408, 0x580, 0x8000}, {&(0x7f0000010a00)="ff43443030310100"/32, 0x20, 0x8800}, {&(0x7f0000010b00)="01001700000001000000050018000000010046494c4530000000000000000000", 0x20, 0x9800}, {&(0x7f0000010c00)="01000000001700010000050000000018000146494c4530000000000000000000", 0x20, 0xa800}, {&(0x7f0000010d00)="2200170000000000001700080000000008007809140b2a3a080200000100000101002200170000000000001700080000000008007809140b2a3a080200000100000101012c00190000000000001964000000000000647809140b2a3a08000000010000010a46494c452e434f4c3b31002600180000000000001800080000000008007809140b2a3a08020000010000010546494c45302a001a0000000000001a0a0000000000000a7809140b2a3a08000000010000010846494c45312e3b31002a001b0000000000001b28230000000023287809140b2a3a08000000010000010846494c45322e3b31002a00200000000000002028230000000023287809140b2a3a08000000010000010846494c45332e3b3100"/288, 0x120, 0xb800}, {&(0x7f0000010f00)="2200180000000000001800080000000008007809140b2a3a080200000100000101002200170000000000001700080000000008007809140b2a3a080200000100000101012a0025000000000000251a0400000000041a7809140b2a3a08000000010000010846494c45302e3b3100"/128, 0x80, 0xc000}, {&(0x7f0000011000)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0xc800}, {&(0x7f0000011100)='syzkallers\x00'/32, 0x20, 0xd000}, {&(0x7f0000011200)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x12800}, {&(0x7f0000011700)="000000000000000001000003000000000000000000000000000000000000000002000007000000300000002f00"/64, 0x40, 0xc8000}, {&(0x7f0000011800)="0000000000000000000000000000000000000000000000008000000000000000", 0x20, 0xc80e0}, {&(0x7f0000011900)="00000000000000000000000000000000000000000000000001f800f80078000e", 0x20, 0xc81e0}, {&(0x7f0000011a00)="00000000000000000100000300000002000000030000000b000000010000000402000025000000600000005b00"/64, 0x40, 0xce000}, {&(0x7f0000011b00)="000000000000000000000000000000000000000000000000f800000000000000", 0x20, 0xce0e0}, {&(0x7f0000011c00)="00000000000000000000000000000000000000000000000001f800f80078000e0000000200000000ff01000400000b0000000001054344524f4d01000000000700000002db8cf0c2db8cf0c20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000200000300000000000000000000000001054344524f4d00000000000000000000000000000000000000000000000000001100000000020a4465736b746f7020444200020000004254464c444d475240000000000000000000001601b3000020000000200000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000001b300040000000000000000000000000000000000000000000000001100000000020a4465736b746f7020444600020000004454464c444d47524000000000000000000000170000000000000000000000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000696c65320200000054455854756e6978000000000000000000000012001a000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001a00050000000000000000000000000000000000000000000000000000000001f00186010e00960060000e0000000400000001ff01000300000f00000000020966696c652e636f6c640200000054455854756e69780000000000000000000000100018000000640000080000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001800010000000000000000000000000000000000000000000000000b00000000020566696c653001000000000100000014db8cf0c2db8cf0c27c25cca00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b00000000020566696c65310200000054455854756e697800000000000000000000001100190000000a0000080000000000000000000000db8cf0c2db8cf0c27c25cca00000000000000000000000000000000000000019000100000000000000000000000000000000000000000000000000000000001a00050000000000000000000000000000000000000000000000000000000000020566696c65330200000054455854756e6978000000000000000000000013001f000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001f0005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f001da014800d60084000e0000000000000000000200030000250000000001054344524f4d0000000000000000000000000000000000000000000000000000000000012500000000020966696c652e636f6c6400000000000000000000000000000000000000000000000000022500000000020566696c653200000000000000000000000000000000000000000000000000000000000400"/1216, 0x4c0, 0xce1e0}, {&(0x7f0000012100)="000000000000000000000000000000000000000000000000008c00620038000e0000000000000002ff01000400000b00000000020566696c65320200000054455854756e6978000000000000000000000012001a000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001a00050000000000000000000000000000000000000000000000000b00000000020566696c65330200000054455854756e6978000000000000000000000013001f000023280000280000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001f0005000000000000000000000000000000000000000000000000070000000014000003000000000000000000000000020566696c653000000000000000000000000000000000000000000000000000000b00000000140566696c65300200000054455854756e697800000000000000000000001500240000041a0000080000000000000000000000db8cf0c2db8cf0c27c25cca000000000000000000000000000000000000000240001000000000000000000000000000000000000000000000000000000000000db8cf0c2db8cf0c27c25cca0000000000000000000000000000000000000001f0005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f0019a012800f20080000e", 0x220, 0xce7e0}, {&(0x7f0000012400)="00000000000000000000000000000000000000000000000041e1000000000000", 0x20, 0xcfbc0}, {&(0x7f0000012500)="000000000000000001000003000000000000000000000000000000000000000002000025000000100000000f00000000200000ff00"/64, 0x40, 0xda000}, {&(0x7f0000012600)="000000000000000000000000000000000000000000000000020a010000000000", 0x20, 0xda060}, {&(0x7f0000012700)="0000000000000000000000000000000000000000000000008000000000000000", 0x20, 0xda0e0}, {&(0x7f0000012800)="00000000000000000000000000000000000000000000000001f800f80078000e", 0x20, 0xda1e0}, {&(0x7f0000012900)="4244db8cf0c2db8cf0c2010000000003002401b800000800000020000004000000100194054344524f4d0000000000000000000000000000000000000000000000000000000000000005000060000000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000c00000000000000000000c000000c0018000000000000", 0xa0, 0xdc000}], 0x0, &(0x7f0000012a00))

12:13:00 executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_linger(r0, 0x1, 0x28, 0x0, &(0x7f0000000140))

12:13:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)

12:13:00 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBLED(r0, 0x4b64, &(0x7f00000000c0))

12:13:00 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0)

12:13:00 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

[  120.933438] loop6: detected capacity change from 0 to 3520
12:13:00 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_linger(r0, 0x1, 0x28, 0x0, &(0x7f0000000140))

12:13:00 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
geteuid()

12:13:00 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

12:13:00 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0)

12:13:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)

12:13:00 executing program 6:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_linger(r0, 0x1, 0x28, 0x0, &(0x7f0000000140))

12:13:00 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

12:13:00 executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0)

12:13:00 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
geteuid()

12:13:00 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

[  121.218713] kmemleak: Found object by alias at 0x607f1a63920c
[  121.218739] CPU: 1 UID: 0 PID: 3946 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  121.218757] Tainted: [W]=WARN
[  121.218761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.218768] Call Trace:
[  121.218772]  <TASK>
[  121.218777]  dump_stack_lvl+0xca/0x120
[  121.218803]  __lookup_object+0x94/0xb0
[  121.218820]  delete_object_full+0x27/0x70
[  121.218836]  free_percpu+0x30/0x1160
[  121.218852]  ? arch_uprobe_clear_state+0x16/0x140
[  121.218872]  futex_hash_free+0x38/0xc0
[  121.218886]  mmput+0x2d3/0x390
[  121.218905]  do_exit+0x79d/0x2970
[  121.218919]  ? signal_wake_up_state+0x85/0x120
[  121.218935]  ? zap_other_threads+0x2b9/0x3a0
[  121.218950]  ? __pfx_do_exit+0x10/0x10
[  121.218962]  ? do_group_exit+0x1c3/0x2a0
[  121.218975]  ? lock_release+0xc8/0x290
[  121.218992]  do_group_exit+0xd3/0x2a0
[  121.219006]  __x64_sys_exit_group+0x3e/0x50
[  121.219020]  x64_sys_call+0x18c5/0x18d0
[  121.219035]  do_syscall_64+0xbf/0x360
[  121.219047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.219058] RIP: 0033:0x7f4bcbd03b19
[  121.219066] Code: Unable to access opcode bytes at 0x7f4bcbd03aef.
[  121.219071] RSP: 002b:00007fff48c5d0b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  121.219083] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f4bcbd03b19
[  121.219090] RDX: 00007f4bcbcb672b RSI: ffffffffffffffbc RDI: 0000000000000000
[  121.219097] RBP: 0000000000000000 R08: 0000001b2d624cfc R09: 0000000000000000
[  121.219104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.219110] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff48c5d1a0
[  121.219125]  </TASK>
[  121.219129] kmemleak: Object (percpu) 0x607f1a639208 (size 8):
[  121.219136] kmemleak:   comm "syz-executor.6", pid 3942, jiffies 4294788006
[  121.219143] kmemleak:   min_count = 1
[  121.219146] kmemleak:   count = 0
[  121.219150] kmemleak:   flags = 0x21
[  121.219154] kmemleak:   checksum = 0
[  121.219157] kmemleak:   backtrace:
[  121.219161]  pcpu_alloc_noprof+0x87a/0x1170
[  121.219176]  percpu_ref_init+0x37/0x400
[  121.219193]  cgroup_mkdir+0x28a/0x1110
[  121.219206]  kernfs_iop_mkdir+0x111/0x190
[  121.219222]  vfs_mkdir+0x59a/0x8d0
[  121.219237]  do_mkdirat+0x19f/0x3d0
[  121.219247]  __x64_sys_mkdirat+0x84/0xb0
[  121.219257]  do_syscall_64+0xbf/0x360
[  121.219266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:13:00 executing program 7:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x300489830ddf23be, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000)

12:13:00 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

12:13:00 executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
geteuid()

12:13:00 executing program 3:
open(&(0x7f0000001c40)='./file0\x00', 0x68240, 0x0)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='iso9660\x00', 0x0, 0x0)

12:13:00 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

12:13:00 executing program 6:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 7:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:00 executing program 4:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x10})

[  121.460121] EXT4-fs warning (device sda): verify_group_input:161: Bad blocks count 0
[  121.469911] kmemleak: Found object by alias at 0x607f1a63920c
[  121.469927] CPU: 1 UID: 0 PID: 3972 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  121.469945] Tainted: [W]=WARN
[  121.469949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.469956] Call Trace:
[  121.469960]  <TASK>
[  121.469965]  dump_stack_lvl+0xca/0x120
[  121.469993]  __lookup_object+0x94/0xb0
[  121.470011]  delete_object_full+0x27/0x70
[  121.470032]  free_percpu+0x30/0x1160
[  121.470049]  ? arch_uprobe_clear_state+0x16/0x140
[  121.470069]  futex_hash_free+0x38/0xc0
[  121.470084]  mmput+0x2d3/0x390
[  121.470102]  do_exit+0x79d/0x2970
[  121.470116]  ? lock_release+0xc8/0x290
[  121.470133]  ? __pfx_do_exit+0x10/0x10
[  121.470147]  ? find_held_lock+0x2b/0x80
[  121.470164]  ? get_signal+0x835/0x2340
[  121.470184]  do_group_exit+0xd3/0x2a0
[  121.470198]  get_signal+0x2315/0x2340
[  121.470215]  ? ldsem_up_read+0x44/0x80
[  121.470232]  ? __pfx_get_signal+0x10/0x10
[  121.470248]  ? do_futex+0x135/0x370
[  121.470262]  ? __pfx_do_futex+0x10/0x10
[  121.470273]  ? trace_contention_begin+0x32/0x140
[  121.470292]  arch_do_signal_or_restart+0x80/0x790
[  121.470309]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  121.470325]  ? __x64_sys_futex+0x1c9/0x4d0
[  121.470337]  ? __x64_sys_futex+0x1d2/0x4d0
[  121.470352]  ? __pfx___x64_sys_futex+0x10/0x10
[  121.470364]  ? selinux_file_ioctl+0xb9/0x280
[  121.470385]  exit_to_user_mode_loop+0x8b/0x110
[  121.470398]  do_syscall_64+0x2f7/0x360
[  121.470410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.470423] RIP: 0033:0x7f4bcbd03b19
[  121.470432] Code: Unable to access opcode bytes at 0x7f4bcbd03aef.
[  121.470437] RSP: 002b:00007f4bc9279218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  121.470448] RAX: fffffffffffffe00 RBX: 00007f4bcbe16f68 RCX: 00007f4bcbd03b19
[  121.470456] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4bcbe16f68
[  121.470463] RBP: 00007f4bcbe16f60 R08: 0000000000000000 R09: 0000000000000000
[  121.470470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4bcbe16f6c
[  121.470477] R13: 00007fff48c5ce8f R14: 00007f4bc9279300 R15: 0000000000022000
[  121.470492]  </TASK>
[  121.470496] kmemleak: Object (percpu) 0x607f1a639208 (size 8):
[  121.470503] kmemleak:   comm "syz-executor.6", pid 3970, jiffies 4294788312
[  121.470510] kmemleak:   min_count = 1
[  121.470514] kmemleak:   count = 0
[  121.470518] kmemleak:   flags = 0x21
[  121.470522] kmemleak:   checksum = 0
[  121.470525] kmemleak:   backtrace:
[  121.470529]  pcpu_alloc_noprof+0x87a/0x1170
[  121.470543]  percpu_ref_init+0x37/0x400
[  121.470561]  io_uring_setup+0x44c/0x2000
[  121.470573]  __x64_sys_io_uring_setup+0xc8/0x170
[  121.470584]  do_syscall_64+0xbf/0x360
[  121.470592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:13:00 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x17)

12:13:01 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000003800), 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)

12:13:01 executing program 6:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

12:13:01 executing program 4:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:01 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000003800), 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)

12:13:01 executing program 3:
open(&(0x7f0000001c40)='./file0\x00', 0x68240, 0x0)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='iso9660\x00', 0x0, 0x0)

12:13:01 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7c4666d7035828c4690bca329e3b"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})

12:13:01 executing program 4:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:01 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000003800), 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)

12:13:01 executing program 0:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:01 executing program 5:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:01 executing program 7:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x1ff)
r0 = io_uring_setup(0x5053, &(0x7f0000000080)={0x0, 0x0, 0x4, 0xffeffffe})
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r1 = syz_io_uring_setup(0x7eba, &(0x7f00000001c0)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f0000003ac0))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x12, 0x0, 0x0)
syz_io_uring_setup(0x74fc, &(0x7f00000004c0)={0x0, 0x31d0, 0x10, 0x0, 0x2000125, 0x0, r1}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000300), &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_FILES(r0, 0x19, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x9)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x10101, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000002c0)={0x6, 0x0, &(0x7f0000000200)=[r0, r2]}, 0x2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0)

[  121.749959] /dev/sr0: Can't open blockdev
[  121.802101] kmemleak: Found object by alias at 0x607f1a63920c
[  121.802122] CPU: 0 UID: 0 PID: 4010 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  121.802143] Tainted: [W]=WARN
[  121.802147] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.802154] Call Trace:
[  121.802158]  <TASK>
[  121.802163]  dump_stack_lvl+0xca/0x120
[  121.802188]  __lookup_object+0x94/0xb0
[  121.802205]  delete_object_full+0x27/0x70
[  121.802221]  free_percpu+0x30/0x1160
[  121.802237]  ? arch_uprobe_clear_state+0x16/0x140
[  121.802257]  futex_hash_free+0x38/0xc0
[  121.802271]  mmput+0x2d3/0x390
[  121.802291]  do_exit+0x79d/0x2970
[  121.802304]  ? lock_release+0xc8/0x290
[  121.802321]  ? __pfx_do_exit+0x10/0x10
[  121.802335]  ? find_held_lock+0x2b/0x80
[  121.802352]  ? get_signal+0x835/0x2340
[  121.802372]  do_group_exit+0xd3/0x2a0
[  121.802387]  get_signal+0x2315/0x2340
[  121.802409]  ? __pfx_get_signal+0x10/0x10
[  121.802424]  ? do_futex+0x135/0x370
[  121.802438]  ? __pfx_do_futex+0x10/0x10
[  121.802452]  arch_do_signal_or_restart+0x80/0x790
[  121.802471]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  121.802486]  ? __x64_sys_futex+0x1c9/0x4d0
[  121.802498]  ? __x64_sys_futex+0x1d2/0x4d0
[  121.802511]  ? __do_sys_add_key+0x2ad/0x440
[  121.802529]  ? __pfx___x64_sys_futex+0x10/0x10
[  121.802541]  ? key_put+0x59/0x2c0
[  121.802553]  ? xfd_validate_state+0x55/0x180
[  121.802574]  exit_to_user_mode_loop+0x8b/0x110
[  121.802587]  do_syscall_64+0x2f7/0x360
[  121.802598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.802610] RIP: 0033:0x7f4bcbd03b19
[  121.802619] Code: Unable to access opcode bytes at 0x7f4bcbd03aef.
[  121.802624] RSP: 002b:00007f4bc9279218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  121.802635] RAX: fffffffffffffe00 RBX: 00007f4bcbe16f68 RCX: 00007f4bcbd03b19
[  121.802643] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4bcbe16f68
[  121.802650] RBP: 00007f4bcbe16f60 R08: 0000000000000000 R09: 0000000000000000
[  121.802657] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4bcbe16f6c
[  121.802664] R13: 00007fff48c5ce8f R14: 00007f4bc9279300 R15: 0000000000022000
[  121.802679]  </TASK>
[  121.802683] kmemleak: Object (percpu) 0x607f1a639208 (size 8):
[  121.802690] kmemleak:   comm "syz-executor.7", pid 4012, jiffies 4294788655
[  121.802696] kmemleak:   min_count = 1
[  121.802700] kmemleak:   count = 0
[  121.802704] kmemleak:   flags = 0x21
[  121.802707] kmemleak:   checksum = 0
[  121.802711] kmemleak:   backtrace:
[  121.802714]  pcpu_alloc_noprof+0x87a/0x1170
[  121.802729]  percpu_ref_init+0x37/0x400
[  121.802746]  io_uring_setup+0x44c/0x2000
[  121.802758]  __x64_sys_io_uring_setup+0xc8/0x170
[  121.802768]  do_syscall_64+0xbf/0x360
[  121.802777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.915203] unregister_netdevice: waiting for vcan0 to become free. Usage count = -1
12:13:13 executing program 4:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:13 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000003800), 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)

12:13:13 executing program 0:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:13 executing program 3:
open(&(0x7f0000001c40)='./file0\x00', 0x68240, 0x0)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='iso9660\x00', 0x0, 0x0)

12:13:13 executing program 5:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:13 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
r2 = dup2(r0, r1)
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$TCSBRKP(r2, 0x5437, 0x0)

12:13:13 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7c4666d7035828c4690bca329e3b"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})

12:13:13 executing program 6:
r0 = epoll_create1(0x0)
epoll_pwait2(r0, &(0x7f0000000400)=[{}], 0x1, &(0x7f0000000480), &(0x7f00000004c0)={[0x6]}, 0x8)

[  134.402320] /dev/sr0: Can't open blockdev
12:13:13 executing program 4:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:13 executing program 0:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:13 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

12:13:13 executing program 5:
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='$', 0x1, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffc, r1, 0x0)

12:13:13 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

12:13:14 executing program 3:
open(&(0x7f0000001c40)='./file0\x00', 0x68240, 0x0)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='iso9660\x00', 0x0, 0x0)

12:13:14 executing program 7:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x0, 0x40040009})

[  134.688395] EXT4-fs warning (device sda): verify_group_input:166: Cannot read last block (1074528264)
[  134.812300] /dev/sr0: Can't open blockdev
12:13:14 executing program 7:
perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20901, 0x0)
pwritev2(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000040)="c4", 0xa00}], 0x2e, 0x0, 0x0, 0x0)

12:13:14 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

12:13:14 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

12:13:14 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r0)
r1 = getpid()
r2 = pidfd_open(r1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

12:13:14 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

12:13:14 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

12:13:14 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7c4666d7035828c4690bca329e3b"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})

12:13:14 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

12:13:14 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

[  135.033302] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  135.034388] I/O error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 5 prio class 2
12:13:14 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

[  135.035926] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  135.037404] Buffer I/O error on dev sr0, logical block 1, lost async page write
[  135.039056] Buffer I/O error on dev sr0, logical block 2, lost async page write
[  135.040226] Buffer I/O error on dev sr0, logical block 3, lost async page write
[  135.041397] Buffer I/O error on dev sr0, logical block 4, lost async page write
12:13:14 executing program 3:
r0 = msgget$private(0x0, 0x102)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r2=>0x0}, &(0x7f0000008600)=0xc)
syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@gid={'gid', 0x3d, r2}}]})
syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c00)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @void}}}, {@gid}]})
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0xee01, 0xffffffffffffffff, 0x124, 0x100}, 0x0, 0x0, 0x9, 0x8, 0x3, 0x7ff, 0x8, 0x2, 0xa8e6, 0x5, 0x0, 0xffffffffffffffff})
sync()

[  135.078252] BUG: Bad rss-counter state mm:00000000ea1a2e93 type:MM_FILEPAGES val:21 Comm:syz-executor.4 Pid:4064
[  135.079906] BUG: Bad rss-counter state mm:00000000ea1a2e93 type:MM_ANONPAGES val:1 Comm:syz-executor.4 Pid:4064
[  135.081540] BUG: Bad rss-counter state mm:00000000ea1a2e93 type:MM_SWAPENTS val:1 Comm:syz-executor.4 Pid:4064
[  135.083101] BUG: Bad rss-counter state mm:00000000ea1a2e93 type:MM_SHMEMPAGES val:1 Comm:syz-executor.4 Pid:4064
12:13:14 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

12:13:14 executing program 1:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff964b113cf65f0be4ab146aa7a9636645f0ae3094e59e50bfee32de576970308a41f1fd6c2cf47288f8895dca6e8681f1f7c4666d7035828c4690bca329e3b"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})

[  135.178840] kmemleak: Found object by alias at 0x607f1a638bbc
[  135.178869] CPU: 0 UID: 0 PID: 4059 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  135.178902] Tainted: [W]=WARN
[  135.178909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  135.178920] Call Trace:
[  135.178927]  <TASK>
[  135.178935]  dump_stack_lvl+0xca/0x120
[  135.178984]  __lookup_object+0x94/0xb0
[  135.179012]  delete_object_full+0x27/0x70
[  135.179041]  free_percpu+0x30/0x1160
[  135.179069]  ? arch_uprobe_clear_state+0x16/0x140
[  135.179103]  futex_hash_free+0x38/0xc0
[  135.179128]  mmput+0x2d3/0x390
[  135.179161]  do_exit+0x79d/0x2970
[  135.179189]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  135.179227]  ? __pfx_do_exit+0x10/0x10
[  135.179256]  ? find_held_lock+0x2b/0x80
[  135.179287]  ? get_signal+0x835/0x2340
[  135.179322]  do_group_exit+0xd3/0x2a0
[  135.179349]  get_signal+0x2315/0x2340
[  135.179380]  ? fd_install+0x1d8/0x660
[  135.179398]  ? putname.part.0+0x11b/0x160
[  135.179432]  ? __pfx_get_signal+0x10/0x10
[  135.179463]  ? putname+0x3c/0x50
[  135.179487]  ? do_sys_openat2+0x141/0x1b0
[  135.179521]  arch_do_signal_or_restart+0x80/0x790
[  135.179552]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  135.179582]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  135.179618]  ? __x64_sys_openat+0x142/0x200
[  135.179647]  ? __pfx___x64_sys_openat+0x10/0x10
[  135.179686]  exit_to_user_mode_loop+0x8b/0x110
[  135.179709]  do_syscall_64+0x2f7/0x360
[  135.179730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.179751] RIP: 0033:0x7fdbdb97bb19
[  135.179766] Code: Unable to access opcode bytes at 0x7fdbdb97baef.
[  135.179776] RSP: 002b:00007fdbd8ef1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  135.179808] RAX: 0000000000000004 RBX: 00007fdbdba8ef60 RCX: 00007fdbdb97bb19
[  135.179821] RDX: 0000000000020901 RSI: 0000000020000000 RDI: ffffffffffffff9c
[  135.179834] RBP: 00007fdbdb9d5f6d R08: 0000000000000000 R09: 0000000000000000
[  135.179846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  135.179858] R13: 00007ffeafd6bfdf R14: 00007fdbd8ef1300 R15: 0000000000022000
[  135.179887]  </TASK>
[  135.179894] kmemleak: Object (percpu) 0x607f1a638bb8 (size 8):
[  135.179906] kmemleak:   comm "syz-executor.7", pid 4059, jiffies 4294801885
[  135.179918] kmemleak:   min_count = 1
[  135.179925] kmemleak:   count = 0
[  135.179931] kmemleak:   flags = 0x21
[  135.179938] kmemleak:   checksum = 0
[  135.179945] kmemleak:   backtrace:
[  135.179950]  pcpu_alloc_noprof+0x87a/0x1170
[  135.179977]  percpu_ref_init+0x37/0x400
[  135.180008]  wb_get_create+0x25b/0x1120
[  135.180026]  balance_dirty_pages_ratelimited_flags+0x539/0x1190
[  135.180050]  iomap_file_buffered_write+0x350/0xa50
[  135.180081]  blkdev_write_iter+0x7a0/0xd00
[  135.180102]  do_iter_readv_writev+0x5af/0x910
[  135.180132]  vfs_writev+0x2d4/0xcd0
[  135.180148]  do_pwritev+0x1ab/0x280
[  135.180163]  __x64_sys_pwritev2+0xef/0x160
[  135.180184]  do_syscall_64+0xbf/0x360
[  135.180200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:13:14 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

[  135.245025] tmpfs: Invalid gid '0x00000000ffffffff'
[  135.261564] kmemleak: Cannot insert 0x607f1a638bbc into the object search tree (overlaps existing)
[  135.261598] CPU: 0 UID: 0 PID: 4074 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  135.261636] Tainted: [W]=WARN
[  135.261643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  135.261655] Call Trace:
[  135.261662]  <TASK>
[  135.261670]  dump_stack_lvl+0xca/0x120
[  135.261709]  __link_object+0x190/0x210
[  135.261741]  __create_object+0x48/0x80
[  135.261773]  pcpu_alloc_noprof+0x87a/0x1170
[  135.261817]  __percpu_init_rwsem+0x2d/0x160
[  135.261847]  ? security_sb_alloc+0x75/0x140
[  135.261876]  alloc_super+0x29e/0xb80
[  135.261904]  sget_fc+0xfe/0xb80
[  135.261924]  ? __pfx_set_anon_super_fc+0x10/0x10
[  135.261960]  ? __pfx_shmem_fill_super+0x10/0x10
[  135.261989]  get_tree_nodev+0x28/0x190
[  135.262012]  vfs_get_tree+0x93/0x340
[  135.262052]  path_mount+0x132d/0x1dd0
[  135.262078]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  135.262103]  ? __pfx_path_mount+0x10/0x10
[  135.262127]  ? kmem_cache_free+0x2a1/0x540
[  135.262147]  ? putname.part.0+0x11b/0x160
[  135.262177]  ? getname_flags.part.0+0x1c6/0x540
[  135.262210]  ? putname.part.0+0x11b/0x160
[  135.262243]  __x64_sys_mount+0x27b/0x300
[  135.262268]  ? __pfx___x64_sys_mount+0x10/0x10
[  135.262302]  do_syscall_64+0xbf/0x360
[  135.262323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.262345] RIP: 0033:0x7f946cbfc04a
[  135.262362] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  135.262382] RSP: 002b:00007f946a16ffa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  135.262403] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f946cbfc04a
[  135.262417] RDX: 00000000200005c0 RSI: 0000000020000600 RDI: 0000000000000000
[  135.262430] RBP: 00007f946a170040 R08: 00007f946a170040 R09: 00000000200005c0
[  135.262444] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200005c0
[  135.262457] R13: 0000000020000600 R14: 00007f946a170000 R15: 0000000020003c00
[  135.262486]  </TASK>
[  135.263287] kmemleak: Kernel memory leak detector disabled
[  135.263294] kmemleak: Object (percpu) 0x607f1a638bb8 (size 8):
[  135.263306] kmemleak:   comm "syz-executor.7", pid 4059, jiffies 4294801885
[  135.263320] kmemleak:   min_count = 1
[  135.263327] kmemleak:   count = 0
[  135.263334] kmemleak:   flags = 0x21
[  135.263341] kmemleak:   checksum = 0
[  135.263348] kmemleak:   backtrace:
[  135.263353]  pcpu_alloc_noprof+0x87a/0x1170
[  135.263382]  percpu_ref_init+0x37/0x400
[  135.263414]  wb_get_create+0x25b/0x1120
[  135.263433]  balance_dirty_pages_ratelimited_flags+0x539/0x1190
[  135.263457]  iomap_file_buffered_write+0x350/0xa50
[  135.263490]  blkdev_write_iter+0x7a0/0xd00
[  135.263513]  do_iter_readv_writev+0x5af/0x910
[  135.263544]  vfs_writev+0x2d4/0xcd0
[  135.263561]  do_pwritev+0x1ab/0x280
[  135.263578]  __x64_sys_pwritev2+0xef/0x160
[  135.263600]  do_syscall_64+0xbf/0x360
[  135.263616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.307183] kmemleak: Automatic memory scanning thread ended
[  135.395372] BUG: Bad rss-counter state mm:00000000726974f6 type:MM_FILEPAGES val:-10552139011 Comm:syz-executor.4 Pid:4075
[  135.397268] BUG: Bad rss-counter state mm:00000000726974f6 type:MM_ANONPAGES val:58 Comm:syz-executor.4 Pid:4075
[  135.398970] BUG: Bad rss-counter state mm:00000000726974f6 type:MM_SWAPENTS val:-2 Comm:syz-executor.4 Pid:4075
[  135.400609] BUG: Bad rss-counter state mm:00000000726974f6 type:MM_SHMEMPAGES val:1 Comm:syz-executor.4 Pid:4075
[  135.515658] tmpfs: Invalid gid '0x00000000ffffffff'
12:13:15 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
pread64(r0, &(0x7f00000000c0)=""/102, 0x66, 0x0)

12:13:15 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

12:13:15 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0xc02c5341, &(0x7f0000000000))

12:13:15 executing program 0:
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001800), 0x1, 0x0)
pwritev2(r0, &(0x7f0000001b00)=[{&(0x7f0000001840)=')', 0x1}, {0x0, 0x4a}], 0x2, 0x6, 0x0, 0x0)

12:13:15 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x47cc, &(0x7f0000000180), &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001480)=""/180, 0xb4}], 0x1)

12:13:15 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
lseek(r0, 0x7, 0x0)
getdents(r0, &(0x7f00000001c0)=""/179, 0xb3)

12:13:15 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r0)
r1 = getpid()
r2 = pidfd_open(r1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

12:13:15 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00')
perf_event_open(0x0, 0x0, 0xf, 0xffffffffffffffff, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

[  135.920918] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  135.922552] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  135.923782] CPU: 0 UID: 0 PID: 4105 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  135.925452] Tainted: [W]=WARN
[  135.925893] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  135.927039] RIP: 0010:perf_tp_event+0x175/0xe70
[  135.927722] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  135.930272] RSP: 0018:ffff88801631f780 EFLAGS: 00010012
[  135.931021] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900094d4000
[  135.932025] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  135.933015] RBP: ffff88801631f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16208
[  135.934009] R10: 0000000000000000 R11: ffff8880135e3098 R12: dffffc0000000000
[  135.934994] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  135.935997] FS:  00007f4bc9279700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  135.937118] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.937936] CR2: 00007f4bcbe17018 CR3: 000000001353b000 CR4: 0000000000350ef0
[  135.938925] Call Trace:
[  135.939290]  <TASK>
[  135.939620]  ? __pfx_perf_tp_event+0x10/0x10
[  135.940290]  ? lock_acquire+0x15e/0x2f0
[  135.940860]  ? __is_insn_slot_addr+0x2e/0x290
[  135.941504]  ? find_held_lock+0x2b/0x80
[  135.942078]  ? __is_insn_slot_addr+0x136/0x290
[  135.942731]  ? lock_release+0xc8/0x290
[  135.943286]  ? __is_insn_slot_addr+0x140/0x290
[  135.943961]  ? kernel_text_address+0x5b/0xc0
[  135.944594]  ? __kernel_text_address+0xd/0x40
[  135.945230]  ? unwind_get_return_address+0x59/0xa0
[  135.945936]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  135.946700]  ? arch_stack_walk+0x9c/0xf0
[  135.947270]  ? perf_trace_run_bpf_submit+0xef/0x180
[  135.947979]  perf_trace_run_bpf_submit+0xef/0x180
[  135.948659]  perf_trace_preemptirq_template+0x259/0x430
[  135.949412]  ? trace_sched_set_need_resched_tp+0xd4/0x110
[  135.950197]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  135.951037]  ? __pfx___resched_curr+0x10/0x10
[  135.951676]  ? find_held_lock+0x2b/0x80
[  135.952251]  ? try_to_wake_up+0x8ae/0x11d0
[  135.952850]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  135.953562]  trace_irq_enable.constprop.0+0xa6/0x100
[  135.954270]  trace_hardirqs_on+0x26/0x40
[  135.954837]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  135.955527]  try_to_wake_up+0x8ae/0x11d0
[  135.956120]  ? __pfx_try_to_wake_up+0x10/0x10
[  135.956760]  ? plist_del+0x122/0x270
[  135.957288]  ? find_held_lock+0x2b/0x80
[  135.957861]  ? futex_wake+0x474/0x540
[  135.958407]  wake_up_q+0xa1/0x130
[  135.958910]  futex_wake+0x47e/0x540
[  135.959433]  ? __pfx_futex_wake+0x10/0x10
[  135.960029]  ? kmem_cache_free+0x2a1/0x540
[  135.960614]  ? fd_install+0x1d8/0x660
[  135.961145]  ? putname.part.0+0x11b/0x160
[  135.961733]  do_futex+0x26d/0x370
[  135.962230]  ? __pfx_do_futex+0x10/0x10
[  135.962798]  __x64_sys_futex+0x1c9/0x4d0
[  135.963371]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  135.964202]  ? __x64_sys_openat+0x142/0x200
[  135.964818]  ? __pfx___x64_sys_futex+0x10/0x10
[  135.965463]  ? xfd_validate_state+0x55/0x180
[  135.966099]  do_syscall_64+0xbf/0x360
[  135.966634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.967348] RIP: 0033:0x7f4bcbd03b19
[  135.967874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  135.970340] RSP: 002b:00007f4bc9279218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  135.971378] RAX: ffffffffffffffda RBX: 00007f4bcbe16f68 RCX: 00007f4bcbd03b19
[  135.972370] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4bcbe16f6c
[  135.973349] RBP: 00007f4bcbe16f60 R08: 000000000000000e R09: 0000000000000000
[  135.974320] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4bcbe16f6c
[  135.975292] R13: 00007fff48c5ce8f R14: 00007f4bc9279300 R15: 0000000000022000
[  135.976283]  </TASK>
[  135.976612] Modules linked in:
[  135.977063] ---[ end trace 0000000000000000 ]---
[  135.977068] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#2] SMP KASAN NOPTI
[  135.977703] RIP: 0010:perf_tp_event+0x175/0xe70
[  135.979442] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587]
[  135.980075] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  135.981366] CPU: 1 UID: 0 PID: 4104 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  135.983805] RSP: 0018:ffff88801631f780 EFLAGS: 00010012
[  135.985622] Tainted: [D]=DIE, [W]=WARN
[  135.986338] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900094d4000
[  135.986926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  135.987891] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  135.989135] RIP: 0010:perf_tp_event+0x26b/0xe70
[  135.990089] RBP: ffff88801631f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16208
[  135.990790] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[  135.991742] R10: 0000000000000000 R11: ffff8880135e3098 R12: dffffc0000000000
[  135.994518] RSP: 0018:ffff8880494a7780 EFLAGS: 00010012
[  135.995488] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  135.995508] FS:  00007f4bc9279700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  135.996312] RAX: 00200000000000b0 RBX: ffff88801e81ea41 RCX: ffffc90007ec9000
[  135.997274] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.998492] RDX: 0000000000040000 RSI: ffffffff818996ad RDI: 0100000000000580
[  135.999440] CR2: 00007f4bcbe17018 CR3: 000000001353b000 CR4: 0000000000350ef0
[  136.000332] RBP: ffff8880494a79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16208
[  136.001284] note: syz-executor.5[4105] exited with irqs disabled
[  136.002368] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  136.005351] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000
[  136.006447] FS:  00007fdd7c49d700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  136.007671] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.008571] CR2: 00007fdd7f03b018 CR3: 000000001692c000 CR4: 0000000000350ef0
[  136.009673] Call Trace:
[  136.010077]  <TASK>
[  136.010447]  ? __pfx_perf_tp_event+0x10/0x10
[  136.011146]  ? __asan_memcpy+0x3d/0x60
[  136.011763]  ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[  136.012735]  ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[  136.013727]  ? kvm_sched_clock_read+0x16/0x30
[  136.014447]  ? local_clock_noinstr+0xf/0xc0
[  136.015134]  ? ctx_sched_in+0x134/0x9b0
[  136.015752]  ? tracing_gen_ctx_irq_test+0x167/0x1f0
[  136.016554]  ? perf_swevent_event+0x63/0x3f0
[  136.017267]  ? perf_tp_event+0x807/0xe70
[  136.017909]  ? __anon_inode_getfile+0xe1/0x280
[  136.018639]  ? __do_sys_perf_event_open+0x18cb/0x2c20
[  136.019447]  ? perf_trace_run_bpf_submit+0xef/0x180
[  136.020258]  ? perf_trace_run_bpf_submit+0xef/0x180
[  136.021048]  perf_trace_run_bpf_submit+0xef/0x180
[  136.021807]  perf_trace_preemptirq_template+0x259/0x430
[  136.022656]  ? trace_sched_set_need_resched_tp+0xd4/0x110
[  136.023526]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  136.024460]  ? __pfx___resched_curr+0x10/0x10
[  136.025182]  ? check_preempt_wakeup_fair+0x406/0x950
[  136.025984]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  136.026791]  trace_irq_enable.constprop.0+0xa6/0x100
[  136.027572]  trace_hardirqs_on+0x26/0x40
[  136.028222]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  136.029009]  try_to_wake_up+0x8ae/0x11d0
[  136.029667]  ? __pfx_try_to_wake_up+0x10/0x10
[  136.030389]  ? plist_del+0x122/0x270
[  136.030985]  ? __futex_unqueue+0xda/0x1c0
[  136.031650]  wake_up_q+0xa1/0x130
[  136.032232]  futex_wake+0x47e/0x540
[  136.032829]  ? __pfx_futex_wake+0x10/0x10
[  136.033496]  ? lock_release+0x1c7/0x290
[  136.034133]  ? lock_release+0x1c7/0x290
[  136.034767]  ? fd_install+0x1f0/0x660
[  136.035379]  do_futex+0x26d/0x370
[  136.035942]  ? __pfx_do_futex+0x10/0x10
[  136.036583]  __x64_sys_futex+0x1c9/0x4d0
[  136.037238]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  136.038180]  ? __pfx___x64_sys_futex+0x10/0x10
[  136.038925]  do_syscall_64+0xbf/0x360
[  136.039542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.040377] RIP: 0033:0x7fdd7ef27b19
[  136.040971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  136.043779] RSP: 002b:00007fdd7c49d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  136.044962] RAX: ffffffffffffffda RBX: 00007fdd7f03af68 RCX: 00007fdd7ef27b19
[  136.046053] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdd7f03af6c
[  136.047141] RBP: 00007fdd7f03af60 R08: 000000000000000e R09: 0000000000000000
[  136.048250] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fdd7f03af6c
[  136.049340] R13: 00007ffcd8d4874f R14: 00007fdd7c49d300 R15: 0000000000022000
[  136.050444]  </TASK>
[  136.050810] Modules linked in:
[  136.051317] ---[ end trace 0000000000000000 ]---
[  136.051321] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[  136.052049] RIP: 0010:perf_tp_event+0x175/0xe70
[  136.053509] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  136.054215] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  136.055345] CPU: 0 UID: 0 PID: 4105 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  136.057917] RSP: 0018:ffff88801631f780 EFLAGS: 00010012
[  136.059460] Tainted: [D]=DIE, [W]=WARN
[  136.060167] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900094d4000
[  136.060670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  136.061609] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  136.062669] RIP: 0010:perf_tp_event+0x175/0xe70
[  136.063607] RBP: ffff88801631f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16208
[  136.064222] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  136.065166] R10: 0000000000000000 R11: ffff8880135e3098 R12: dffffc0000000000
[  136.067511] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  136.068465] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  136.069162] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  136.070104] FS:  00007fdd7c49d700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  136.071022] RDX: ffff888047fdb700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  136.072092] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.073016] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16208
[  136.073785] CR2: 00007fdd7f03b018 CR3: 000000001692c000 CR4: 0000000000350ef0
[  136.074697] R10: 0000000000000000 R11: ffff8880135e3098 R12: dffffc0000000000
[  136.075640] note: syz-executor.4[4104] exited with irqs disabled
[  136.076563] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  136.078285] FS:  00007f4bc9279700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  136.079334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.080103] CR2: 00007f4bcbe17018 CR3: 000000001353b000 CR4: 0000000000350ef0
[  136.081036] Call Trace:
[  136.081383]  <IRQ>
[  136.081678]  ? __pfx_perf_tp_event+0x10/0x10
[  136.082275]  ? enqueue_task_fair+0xded/0x1e00
[  136.082881]  ? do_raw_spin_lock+0x123/0x260
[  136.083455]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  136.084089]  ? lock_acquire+0x18c/0x2f0
[  136.084618]  ? lock_release+0x1c7/0x290
[  136.085168]  ? do_raw_spin_unlock+0x53/0x220
[  136.085757]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  136.086438]  ? try_to_wake_up+0x128/0x11d0
[  136.087014]  ? do_raw_spin_lock+0x123/0x260
[  136.087592]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  136.088238]  ? perf_trace_run_bpf_submit+0xef/0x180
[  136.088916]  perf_trace_run_bpf_submit+0xef/0x180
[  136.089570]  perf_trace_preemptirq_template+0x259/0x430
[  136.090284]  ? read_tsc+0x9/0x20
[  136.090743]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  136.091523]  ? clockevents_program_event+0x135/0x360
[  136.092214]  ? tick_program_event+0xac/0x140
[  136.092797]  ? handle_softirqs+0x16e/0x770
[  136.093361]  trace_irq_enable.constprop.0+0xa6/0x100
[  136.094031]  trace_hardirqs_on+0x26/0x40
[  136.094563]  handle_softirqs+0x16e/0x770
[  136.095120]  __irq_exit_rcu+0xc4/0x100
[  136.095652]  irq_exit_rcu+0x9/0x20
[  136.096133]  sysvec_apic_timer_interrupt+0x70/0x80
[  136.096791]  </IRQ>
[  136.097092]  <TASK>
[  136.097397]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  136.098086] RIP: 0010:make_task_dead+0xa2/0x3b0
[  136.098707] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 <e8> b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[  136.101064] RSP: 0018:ffff88801631ff28 EFLAGS: 00000246
[  136.101761] RAX: 0000000000000001 RBX: ffff888047fdb700 RCX: ffffffff817c2b86
[  136.102682] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  136.103601] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  136.104529] R10: ffffffff8643ac57 R11: 3838666666662052 R12: ffff888047fdb700
[  136.105445] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  136.106364]  ? trace_irq_enable.constprop.0+0x26/0x100
[  136.107053]  ? make_task_dead+0x214/0x3b0
[  136.107600]  ? make_task_dead+0x214/0x3b0
[  136.108153]  ? do_syscall_64+0xbf/0x360
[  136.108675]  rewind_stack_and_make_dead+0x16/0x20
[  136.109314] RIP: 0033:0x7f4bcbd03b19
[  136.109800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  136.112132] RSP: 002b:00007f4bc9279218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  136.113107] RAX: ffffffffffffffda RBX: 00007f4bcbe16f68 RCX: 00007f4bcbd03b19
[  136.114026] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4bcbe16f6c
[  136.114941] RBP: 00007f4bcbe16f60 R08: 000000000000000e R09: 0000000000000000
[  136.115862] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4bcbe16f6c
[  136.116772] R13: 00007fff48c5ce8f R14: 00007f4bc9279300 R15: 0000000000022000
[  136.117694]  </TASK>
[  136.118002] Modules linked in:
[  136.118429] ---[ end trace 0000000000000000 ]---
[  136.118431] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#4] SMP KASAN NOPTI
[  136.119036] RIP: 0010:perf_tp_event+0x175/0xe70
[  136.120498] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587]
[  136.121082] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  136.122196] CPU: 1 UID: 0 PID: 4104 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  136.124488] RSP: 0018:ffff88801631f780 EFLAGS: 00010012
[  136.126059] Tainted: [D]=DIE, [W]=WARN
[  136.126725] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900094d4000
[  136.127240] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  136.128141] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  136.129226] RIP: 0010:perf_tp_event+0x26b/0xe70
[  136.130117] RBP: ffff88801631f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16208
[  136.130731] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[  136.131625] R10: 0000000000000000 R11: ffff8880135e3098 R12: dffffc0000000000
[  136.134010] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  136.134907] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  136.134925] FS:  00007f4bc9279700(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  136.135616] RAX: 00200000000000b0 RBX: ffff88801e81ea41 RCX: ffffffff8189962c
[  136.136525] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.137627] RDX: ffff88801ac7b700 RSI: ffffffff818996ad RDI: 0100000000000580
[  136.138524] CR2: 00007f4bcbe17018 CR3: 000000001353b000 CR4: 0000000000350ef0
[  136.139336] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16208
[  136.140241] Kernel panic - not syncing: Fatal exception in interrupt
[  137.203991] Shutting down cpus with NMI
[  137.205661] Kernel Offset: disabled
[  137.205958] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
12:13:11  Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffff8880e55dd000 RCX=0000000000000001 RDX=ffff888016d70001
RSI=ffff888016d6fa00 RDI=ffff88806ce31850 RBP=ffff888016d68000 RSP=ffff888016d6f618
R8 =0000000000000001 R9 =ffff888016d6f6d8 R10=000000000003be53 R11=0000000000024af5
R12=ffff888016d6f601 R13=ffff888016d6f6e0 R14=ffff888016d6fa00 R15=ffff888016d6f698
RIP=ffffffff815af2a5 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f75179c4700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe5800000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005565bf108618 CR3=000000000e974000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000100000000000000000
XMM04=00007f75179c310000007f75179c3140 XMM05=000000000000000013b8e6fd4bb26c00
XMM06=00007f75179c31400000000000000000 XMM07=00000000000000000000000000000000
XMM08=2e726f7475636578652d7a7973223d6d XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000050 RBX=ffff88800b698000 RCX=ffffffff82549146 RDX=00000000000101f7
RSI=ffffffff82549154 RDI=0000000000000007 RBP=00000000000003e7 RSP=ffff88801ad877a8
R8 =0000000000000001 R9 =0000000000006d2c R10=00000000000101f7 R11=0000000000000001
R12=00000000000101f7 R13=ffffed10016d3001 R14=ffffffff860d0540 R15=dffffc0000000000
RIP=ffffffff82549158 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe7400000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005565bf108618 CR3=000000000cf75000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ff000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffbd4ebe4c2ff636000000000016b0c0 XMM05=d3fdd5f48436fbd700000000000aead0
XMM06=5a0b0d4a2acad1fd00000000000ae988 XMM07=a1fcdcf819d7e1e500000000000ae728
XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000
XMM10=00000000000000000020200020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000