Warning: Permanently added '[localhost]:23950' (ECDSA) to the list of known hosts.
2025/09/01 10:42:04 fuzzer started
2025/09/01 10:42:04 dialing manager at localhost:35473
syzkaller login: [ 51.271286] cgroup: Unknown subsys name 'net'
[ 51.347216] cgroup: Unknown subsys name 'cpuset'
[ 51.362293] cgroup: Unknown subsys name 'rlimit'
2025/09/01 10:42:15 syscalls: 2214
2025/09/01 10:42:15 code coverage: enabled
2025/09/01 10:42:15 comparison tracing: enabled
2025/09/01 10:42:15 extra coverage: enabled
2025/09/01 10:42:15 setuid sandbox: enabled
2025/09/01 10:42:15 namespace sandbox: enabled
2025/09/01 10:42:15 Android sandbox: enabled
2025/09/01 10:42:15 fault injection: enabled
2025/09/01 10:42:15 leak checking: enabled
2025/09/01 10:42:15 net packet injection: enabled
2025/09/01 10:42:15 net device setup: enabled
2025/09/01 10:42:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 10:42:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 10:42:15 USB emulation: enabled
2025/09/01 10:42:15 hci packet injection: enabled
2025/09/01 10:42:15 wifi device emulation: enabled
2025/09/01 10:42:15 802.15.4 emulation: enabled
2025/09/01 10:42:15 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 10:42:16 fetching corpus: 50, signal 20668/24189 (executing program)
2025/09/01 10:42:16 fetching corpus: 100, signal 31833/36718 (executing program)
2025/09/01 10:42:16 fetching corpus: 150, signal 37535/43808 (executing program)
2025/09/01 10:42:16 fetching corpus: 200, signal 45829/53212 (executing program)
2025/09/01 10:42:16 fetching corpus: 250, signal 51375/59908 (executing program)
2025/09/01 10:42:16 fetching corpus: 300, signal 54952/64633 (executing program)
2025/09/01 10:42:16 fetching corpus: 350, signal 59120/69807 (executing program)
2025/09/01 10:42:16 fetching corpus: 400, signal 63147/74827 (executing program)
2025/09/01 10:42:16 fetching corpus: 450, signal 66838/79423 (executing program)
2025/09/01 10:42:16 fetching corpus: 500, signal 70674/84031 (executing program)
2025/09/01 10:42:16 fetching corpus: 550, signal 73949/88078 (executing program)
2025/09/01 10:42:16 fetching corpus: 600, signal 75952/90989 (executing program)
2025/09/01 10:42:17 fetching corpus: 650, signal 78184/94074 (executing program)
2025/09/01 10:42:17 fetching corpus: 700, signal 80041/96736 (executing program)
2025/09/01 10:42:17 fetching corpus: 750, signal 83168/100470 (executing program)
2025/09/01 10:42:17 fetching corpus: 800, signal 84960/103034 (executing program)
2025/09/01 10:42:17 fetching corpus: 850, signal 86606/105407 (executing program)
2025/09/01 10:42:17 fetching corpus: 900, signal 88439/107967 (executing program)
2025/09/01 10:42:17 fetching corpus: 950, signal 89667/109936 (executing program)
2025/09/01 10:42:17 fetching corpus: 1000, signal 91045/112015 (executing program)
2025/09/01 10:42:17 fetching corpus: 1050, signal 92845/114371 (executing program)
2025/09/01 10:42:17 fetching corpus: 1100, signal 94730/116769 (executing program)
2025/09/01 10:42:17 fetching corpus: 1150, signal 96102/118700 (executing program)
2025/09/01 10:42:17 fetching corpus: 1200, signal 101092/123218 (executing program)
2025/09/01 10:42:18 fetching corpus: 1250, signal 102660/125231 (executing program)
2025/09/01 10:42:18 fetching corpus: 1300, signal 104621/127532 (executing program)
2025/09/01 10:42:18 fetching corpus: 1350, signal 105880/129293 (executing program)
2025/09/01 10:42:18 fetching corpus: 1400, signal 106966/130875 (executing program)
2025/09/01 10:42:18 fetching corpus: 1450, signal 108069/132466 (executing program)
2025/09/01 10:42:18 fetching corpus: 1500, signal 109933/134478 (executing program)
2025/09/01 10:42:18 fetching corpus: 1550, signal 110871/135937 (executing program)
2025/09/01 10:42:18 fetching corpus: 1600, signal 111935/137405 (executing program)
2025/09/01 10:42:18 fetching corpus: 1650, signal 112988/138829 (executing program)
2025/09/01 10:42:18 fetching corpus: 1700, signal 113798/140076 (executing program)
2025/09/01 10:42:19 fetching corpus: 1750, signal 115108/141653 (executing program)
2025/09/01 10:42:19 fetching corpus: 1800, signal 116240/143083 (executing program)
2025/09/01 10:42:19 fetching corpus: 1850, signal 117229/144372 (executing program)
2025/09/01 10:42:19 fetching corpus: 1900, signal 118568/145876 (executing program)
2025/09/01 10:42:19 fetching corpus: 1950, signal 119485/147083 (executing program)
2025/09/01 10:42:19 fetching corpus: 2000, signal 120594/148400 (executing program)
2025/09/01 10:42:19 fetching corpus: 2050, signal 121637/149651 (executing program)
2025/09/01 10:42:19 fetching corpus: 2100, signal 122460/150731 (executing program)
2025/09/01 10:42:19 fetching corpus: 2150, signal 123295/151808 (executing program)
2025/09/01 10:42:19 fetching corpus: 2200, signal 124021/152866 (executing program)
2025/09/01 10:42:19 fetching corpus: 2250, signal 124649/153869 (executing program)
2025/09/01 10:42:19 fetching corpus: 2300, signal 125317/154819 (executing program)
2025/09/01 10:42:20 fetching corpus: 2350, signal 125944/155751 (executing program)
2025/09/01 10:42:20 fetching corpus: 2400, signal 126490/156599 (executing program)
2025/09/01 10:42:20 fetching corpus: 2450, signal 127080/157463 (executing program)
2025/09/01 10:42:20 fetching corpus: 2500, signal 127831/158402 (executing program)
2025/09/01 10:42:20 fetching corpus: 2550, signal 128616/159342 (executing program)
2025/09/01 10:42:20 fetching corpus: 2600, signal 130332/160618 (executing program)
2025/09/01 10:42:20 fetching corpus: 2650, signal 131458/161676 (executing program)
2025/09/01 10:42:20 fetching corpus: 2700, signal 131954/162428 (executing program)
2025/09/01 10:42:20 fetching corpus: 2750, signal 133377/163495 (executing program)
2025/09/01 10:42:20 fetching corpus: 2800, signal 134102/164307 (executing program)
2025/09/01 10:42:21 fetching corpus: 2850, signal 135248/165212 (executing program)
2025/09/01 10:42:21 fetching corpus: 2900, signal 135950/166020 (executing program)
2025/09/01 10:42:21 fetching corpus: 2950, signal 136627/166770 (executing program)
2025/09/01 10:42:21 fetching corpus: 3000, signal 137341/167485 (executing program)
2025/09/01 10:42:21 fetching corpus: 3050, signal 138055/168266 (executing program)
2025/09/01 10:42:21 fetching corpus: 3100, signal 138680/168960 (executing program)
2025/09/01 10:42:21 fetching corpus: 3150, signal 139381/169672 (executing program)
2025/09/01 10:42:21 fetching corpus: 3200, signal 139764/170276 (executing program)
2025/09/01 10:42:21 fetching corpus: 3250, signal 140381/170934 (executing program)
2025/09/01 10:42:22 fetching corpus: 3300, signal 140809/171526 (executing program)
2025/09/01 10:42:22 fetching corpus: 3350, signal 141253/172123 (executing program)
2025/09/01 10:42:22 fetching corpus: 3400, signal 142254/172786 (executing program)
2025/09/01 10:42:22 fetching corpus: 3450, signal 142808/173363 (executing program)
2025/09/01 10:42:22 fetching corpus: 3500, signal 143463/173937 (executing program)
2025/09/01 10:42:22 fetching corpus: 3550, signal 144368/174540 (executing program)
2025/09/01 10:42:22 fetching corpus: 3600, signal 144937/175088 (executing program)
2025/09/01 10:42:22 fetching corpus: 3650, signal 145554/175628 (executing program)
2025/09/01 10:42:22 fetching corpus: 3700, signal 146086/176114 (executing program)
2025/09/01 10:42:22 fetching corpus: 3750, signal 146745/176664 (executing program)
2025/09/01 10:42:22 fetching corpus: 3800, signal 147096/177104 (executing program)
2025/09/01 10:42:23 fetching corpus: 3850, signal 147521/177566 (executing program)
2025/09/01 10:42:23 fetching corpus: 3900, signal 148386/178083 (executing program)
2025/09/01 10:42:23 fetching corpus: 3950, signal 148807/178489 (executing program)
2025/09/01 10:42:23 fetching corpus: 4000, signal 149263/178902 (executing program)
2025/09/01 10:42:23 fetching corpus: 4050, signal 149711/179339 (executing program)
2025/09/01 10:42:23 fetching corpus: 4100, signal 150190/179744 (executing program)
2025/09/01 10:42:23 fetching corpus: 4150, signal 151007/180182 (executing program)
2025/09/01 10:42:23 fetching corpus: 4200, signal 151526/180549 (executing program)
2025/09/01 10:42:23 fetching corpus: 4250, signal 152096/180907 (executing program)
2025/09/01 10:42:23 fetching corpus: 4300, signal 152536/181287 (executing program)
2025/09/01 10:42:23 fetching corpus: 4350, signal 153065/181652 (executing program)
2025/09/01 10:42:24 fetching corpus: 4400, signal 153388/181995 (executing program)
2025/09/01 10:42:24 fetching corpus: 4450, signal 154101/182273 (executing program)
2025/09/01 10:42:24 fetching corpus: 4500, signal 154659/182276 (executing program)
2025/09/01 10:42:24 fetching corpus: 4550, signal 155183/182282 (executing program)
2025/09/01 10:42:24 fetching corpus: 4600, signal 155572/182297 (executing program)
2025/09/01 10:42:24 fetching corpus: 4650, signal 155935/182301 (executing program)
2025/09/01 10:42:24 fetching corpus: 4700, signal 156312/182359 (executing program)
2025/09/01 10:42:24 fetching corpus: 4750, signal 156856/182378 (executing program)
2025/09/01 10:42:24 fetching corpus: 4800, signal 157432/182382 (executing program)
2025/09/01 10:42:24 fetching corpus: 4850, signal 157906/182447 (executing program)
2025/09/01 10:42:24 fetching corpus: 4900, signal 158548/182495 (executing program)
2025/09/01 10:42:24 fetching corpus: 4950, signal 159340/182499 (executing program)
2025/09/01 10:42:25 fetching corpus: 5000, signal 159755/182516 (executing program)
2025/09/01 10:42:25 fetching corpus: 5050, signal 160113/182521 (executing program)
2025/09/01 10:42:25 fetching corpus: 5100, signal 160523/182530 (executing program)
2025/09/01 10:42:25 fetching corpus: 5150, signal 160870/182537 (executing program)
2025/09/01 10:42:25 fetching corpus: 5200, signal 161303/182564 (executing program)
2025/09/01 10:42:25 fetching corpus: 5250, signal 161866/182690 (executing program)
2025/09/01 10:42:25 fetching corpus: 5300, signal 162275/182707 (executing program)
2025/09/01 10:42:25 fetching corpus: 5350, signal 162613/182708 (executing program)
2025/09/01 10:42:25 fetching corpus: 5400, signal 163130/182739 (executing program)
2025/09/01 10:42:25 fetching corpus: 5450, signal 163561/182750 (executing program)
2025/09/01 10:42:25 fetching corpus: 5500, signal 163960/182759 (executing program)
2025/09/01 10:42:26 fetching corpus: 5550, signal 164281/182765 (executing program)
2025/09/01 10:42:26 fetching corpus: 5600, signal 164623/182768 (executing program)
2025/09/01 10:42:26 fetching corpus: 5650, signal 165211/182799 (executing program)
2025/09/01 10:42:26 fetching corpus: 5700, signal 165492/182812 (executing program)
2025/09/01 10:42:26 fetching corpus: 5750, signal 165884/182819 (executing program)
2025/09/01 10:42:26 fetching corpus: 5800, signal 166207/182822 (executing program)
2025/09/01 10:42:26 fetching corpus: 5850, signal 166478/182823 (executing program)
2025/09/01 10:42:26 fetching corpus: 5900, signal 166862/182826 (executing program)
2025/09/01 10:42:26 fetching corpus: 5950, signal 167442/182839 (executing program)
2025/09/01 10:42:26 fetching corpus: 6000, signal 167875/182874 (executing program)
2025/09/01 10:42:27 fetching corpus: 6050, signal 169588/182918 (executing program)
2025/09/01 10:42:27 fetching corpus: 6100, signal 170136/182919 (executing program)
2025/09/01 10:42:27 fetching corpus: 6150, signal 170539/182981 (executing program)
2025/09/01 10:42:27 fetching corpus: 6200, signal 170884/183001 (executing program)
2025/09/01 10:42:27 fetching corpus: 6250, signal 171190/183022 (executing program)
2025/09/01 10:42:27 fetching corpus: 6300, signal 171506/183027 (executing program)
2025/09/01 10:42:27 fetching corpus: 6350, signal 171814/183062 (executing program)
2025/09/01 10:42:27 fetching corpus: 6400, signal 172315/183080 (executing program)
2025/09/01 10:42:27 fetching corpus: 6450, signal 172592/183080 (executing program)
2025/09/01 10:42:27 fetching corpus: 6500, signal 173278/183082 (executing program)
2025/09/01 10:42:27 fetching corpus: 6550, signal 174206/183097 (executing program)
2025/09/01 10:42:27 fetching corpus: 6600, signal 174553/183099 (executing program)
2025/09/01 10:42:28 fetching corpus: 6650, signal 175024/183115 (executing program)
2025/09/01 10:42:28 fetching corpus: 6700, signal 175383/183115 (executing program)
2025/09/01 10:42:28 fetching corpus: 6750, signal 175670/183115 (executing program)
2025/09/01 10:42:28 fetching corpus: 6800, signal 175897/183118 (executing program)
2025/09/01 10:42:28 fetching corpus: 6850, signal 176208/183138 (executing program)
2025/09/01 10:42:28 fetching corpus: 6900, signal 176482/183144 (executing program)
2025/09/01 10:42:28 fetching corpus: 6950, signal 176854/183158 (executing program)
2025/09/01 10:42:28 fetching corpus: 7000, signal 177196/183237 (executing program)
2025/09/01 10:42:28 fetching corpus: 7050, signal 177497/183247 (executing program)
2025/09/01 10:42:28 fetching corpus: 7100, signal 177899/183311 (executing program)
2025/09/01 10:42:29 fetching corpus: 7150, signal 178155/183319 (executing program)
2025/09/01 10:42:29 fetching corpus: 7200, signal 178502/183319 (executing program)
2025/09/01 10:42:29 fetching corpus: 7250, signal 178883/183319 (executing program)
2025/09/01 10:42:29 fetching corpus: 7300, signal 179037/183326 (executing program)
2025/09/01 10:42:29 fetching corpus: 7350, signal 179355/183335 (executing program)
2025/09/01 10:42:29 fetching corpus: 7400, signal 179583/183343 (executing program)
2025/09/01 10:42:29 fetching corpus: 7450, signal 179988/183348 (executing program)
2025/09/01 10:42:29 fetching corpus: 7500, signal 180293/183351 (executing program)
2025/09/01 10:42:29 fetching corpus: 7540, signal 180483/183351 (executing program)
2025/09/01 10:42:29 fetching corpus: 7540, signal 180483/183351 (executing program)
2025/09/01 10:42:31 starting 8 fuzzer processes
10:42:31 executing program 0:
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0xffffffffffffff9a}, 0x0, 0x3, 0xffffffffffffffff, 0xa)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xd}, @hci_ev_le_ltk_req={{}, {0xc9, 0x81, 0x4}}}}, 0x10)
accept$unix(0xffffffffffffffff, 0x0, 0x0)
10:42:31 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
10:42:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000009680)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000011c0)='\n', 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000500)="abc82f4b0c65dc65ce5133c7e476076068a83ee92be8e4d3a009928f93cd3bfb040f90f5d1628f91b12b79bb8ba0fd1eb46b1878be284bc3a100eca58bf28ea03d48a1e437744869ff4575ea3868d19605e3457f16e88f76a89efed42659840579a8dfbf55a3d195e32fb6cbbc283b5f15e65d161df3e2612790202e24b9eeac934ab17ed3fcc33835e4b163edc71c58dc1c7fc28a491b4ad14412f6a0419e516588a318", 0xa4}, {&(0x7f00000005c0)="d32b15b258661773fe4339143c26158cbad0c1d15e72bfda8567bae248f941061de2c4aad8fff993890955a4512fbb14fdb5e5d9e02068e1d3ff76dd7b455f3b680c544b6a368b02635b5998982844cd3c9bb255ceeb12489f70ab2f80b05fae6945e9a3c97dc791e0743c13015cb9c41eba959c4a64c7cd6a858fb3fb2b94ce87af21dcf4e580ede5d22335c4c00080f47093a6a4c5fe9669834daaccc7df87abdc5ff6ab79fa4ec7be34abdbb920fd11ecb9f62d8f80a3955ec77c6539849733bdc115cd705cb7424ce488f5cd91859ab9e22395619a614ef5dbb9e2f82d0980e818ab8e5c90a6a64b4434256b6e27af68b34c", 0xf4}, {&(0x7f0000000780)="1bde42f26b32e1ef07c37d01cc092b7572f703299aece9def598b359f731c09eac5eca072b22b23564ad3d92d330567b843c5ff74c061bf31d1e40ca5c5a0e78049218c02781b954a375e6b1ad394b5fc0242c5cbe1e0696cb11948b0d14230a4db98f98fc0c7364c8b99ba93fd4b5f492e5918fde8f8339663949c29a1772bf4aa32c7d73a7c020603b3c5e0234d37c31959e", 0x93}, {&(0x7f0000000840)="7dfb88723da3512e425bed8e80162d0be98da9e941e352729f69dfbe9f1c70ea8a0b1ba55fbf3b6d22089ff98fee7fb7409685cc631f80dba397e00c3e9db0a74d1d58383d5051a99bac57bc51ddda59575c2237c5339eae355eb916b90d53780a43f0aa81d5be3780ea30e3efed286c9ab4d827f4de9d8526d72a21c28872821a7166af627cd6f362af7aeca0e3e8ef8fbb73d8c86924b45afcfdc144281d491594978b3d5dc0f7e94428178611751f03df2b5302f12e49212bd0e1ae9782b2cad49e75b9f8a84d7be9b126adcf74ad39fa69f72646e4742b960890f2a3d52322001e997b6d08b29490", 0xea}, {&(0x7f0000000940)="cea262d51d1621163e229cb550310c7b643b5ab86494c7880d87ba45be49e718af554fb6c9449c96b13d85e8084f6ace9d21493875618e0389b834b3e91436a3efdc7104b44061006ae5a27001669bf298dc3c1ca4075a19443629899129e087a29b5ad75093cb6bd763acccc73c6463da1b5891efcd0a77813831ceb1ef189ac8e28c97c5c4e0eb0b2d06c96d89e83eedab06b2a524707749464f1af2c7d129d8b58015562dbbebff854fbc4af29dfe0a16761f1580a4e9eb1c8790eb735cbb36e18e2a8f94064faf34dd3d0913d31ac9", 0xd1}, {&(0x7f0000003840)="981c778502d4c3eee1b55047bb5e8c2f931d501e78a412d7", 0x18}], 0x6}}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000d80)="e3", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000fc0)='s', 0x1}], 0x1}}], 0x3, 0x44009)
10:42:31 executing program 7:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmmsg(r0, &(0x7f0000002d00)=[{{&(0x7f0000000080)=@l2tp={0x2, 0x0, @multicast1}, 0x80, 0x0}}, {{&(0x7f0000001740)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f0000002800)=[{&(0x7f00000017c0)="499e57dd7572b34de9f1f0493ac6910d0fe148c2241005350510976c655320202b69f107cec847717682154ce9f894dd1e544998faca42f96b18d4d74dd15ff19d24e0da09c7a06d4eef3e74923d38a9d579b3e1c42e213f15a9a31f557df5519317777f70d5db224181d95818e89cec874b91a9dc2ca04da4e4aea17a25d7a6", 0x80}], 0x1}}], 0x2, 0x0)
10:42:31 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040), 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000140)=0x4, 0x4)
10:42:31 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0xc46f, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
10:42:31 executing program 6:
socket$inet6_icmp(0xa, 0x2, 0x11)
10:42:31 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8923, &(0x7f00000002c0)={'sit0\x00', 0x0})
syz_open_procfs(0x0, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000014)
[ 77.623258] audit: type=1400 audit(1756723351.239:7): avc: denied { execmem } for pid=272 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 78.877577] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 78.879166] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 78.881698] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 78.883031] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 78.884864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 78.886606] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 78.891429] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 78.895188] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 78.897136] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 78.899135] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 78.918594] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 78.920834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 78.926609] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 78.930539] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 78.932203] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 78.933912] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 78.936459] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 78.937979] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 78.939206] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 78.941340] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 78.943737] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 78.945871] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 78.946459] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 78.947696] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 78.956839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 78.958881] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 78.960082] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 78.963854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 78.965650] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 78.967818] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 78.970819] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 78.972220] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 78.979460] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 78.980814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 78.982091] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 78.984872] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 78.986984] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 78.989029] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 78.992064] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 79.008799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 80.966905] Bluetooth: hci2: command tx timeout
[ 80.966921] Bluetooth: hci0: command tx timeout
[ 81.029614] Bluetooth: hci6: command tx timeout
[ 81.030121] Bluetooth: hci7: command tx timeout
[ 81.030638] Bluetooth: hci4: command tx timeout
[ 81.030888] Bluetooth: hci5: command tx timeout
[ 81.093488] Bluetooth: hci3: command tx timeout
[ 81.094207] Bluetooth: hci1: command tx timeout
[ 83.014391] Bluetooth: hci0: command tx timeout
[ 83.014867] Bluetooth: hci2: command tx timeout
[ 83.077743] Bluetooth: hci4: command tx timeout
[ 83.078187] Bluetooth: hci5: command tx timeout
[ 83.078730] Bluetooth: hci7: command tx timeout
[ 83.079123] Bluetooth: hci6: command tx timeout
[ 83.143321] Bluetooth: hci1: command tx timeout
[ 83.143757] Bluetooth: hci3: command tx timeout
[ 85.062395] Bluetooth: hci2: command tx timeout
[ 85.062863] Bluetooth: hci0: command tx timeout
[ 85.127329] Bluetooth: hci7: command tx timeout
[ 85.127796] Bluetooth: hci5: command tx timeout
[ 85.128182] Bluetooth: hci6: command tx timeout
[ 85.128611] Bluetooth: hci4: command tx timeout
[ 85.189359] Bluetooth: hci1: command tx timeout
[ 85.189831] Bluetooth: hci3: command tx timeout
[ 85.781753] ------------[ cut here ]------------
[ 85.782269] percpu ref (css_release) <= 0 (-7) after switching to atomic
[ 85.782673] WARNING: lib/percpu-refcount.c:197 at percpu_ref_switch_to_atomic_rcu+0x3cc/0x480, CPU#0: modprobe/906
[ 85.784081] Modules linked in:
[ 85.784397] CPU: 0 UID: 0 PID: 906 Comm: modprobe Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 85.786536] Tainted: [W]=WARN
[ 85.787172] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 85.788816] RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x3cc/0x480
[ 85.790427] Code: 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 9e 00 00 00 49 8b 75 e8 48 c7 c7 c0 99 e2 84 e8 25 ac e9 fe 90 <0f> 0b 90 90 e9 2b ff ff ff e8 56 de 5f ff e9 9e fe ff ff e8 dc de
[ 85.793707] RSP: 0018:ffff88806ce08e20 EFLAGS: 00010286
[ 85.794145] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8139de70
[ 85.794772] RDX: ffff88801652b700 RSI: ffffffff8139de7e RDI: 0000000000000001
[ 85.795371] RBP: 7ffffffffffffff8 R08: 0000000000000001 R09: ffffed100d9c117f
[ 85.795954] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888009ddf180
[ 85.796563] R13: ffff888009ddf1a0 R14: 0000000000000002 R15: 0000000000000003
[ 85.797154] FS: 00007f70575da540(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 85.797825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.798326] CR2: 00007f70576774a0 CR3: 000000000cc84000 CR4: 0000000000350ef0
[ 85.798912] Call Trace:
[ 85.799127]
[ 85.799340] ? rcu_core+0x7c3/0x1800
[ 85.799659] rcu_core+0x7c8/0x1800
[ 85.799965] ? __pfx_rcu_core+0x10/0x10
[ 85.800319] ? lock_release+0xc8/0x290
[ 85.800658] handle_softirqs+0x1b1/0x770
[ 85.801004] __irq_exit_rcu+0xc4/0x100
[ 85.801350] irq_exit_rcu+0x9/0x20
[ 85.801647] sysvec_apic_timer_interrupt+0x70/0x80
[ 85.802065]
[ 85.802256]
[ 85.802480] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 85.802917] RIP: 0010:__x64_sys_fcntl+0xd2/0x1f0
[ 85.803338] Code: 00 00 00 00 fc ff df 48 83 e5 fc 48 8d 7d 40 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e f5 00 00 00 44 8b 65 40 <31> ff 41 81 e4 00 40 00 00 44 89 e6 e8 6d 20 b9 ff 45 85 e4 0f 85
[ 85.804836] RSP: 0018:ffff888044b2fef8 EFLAGS: 00000246
[ 85.805272] RAX: 0000000000000000 RBX: ffff888017401340 RCX: ffffffff81bad124
[ 85.805865] RDX: 1ffff11002e80270 RSI: ffffffff81bad132 RDI: ffff888017401380
[ 85.806463] RBP: ffff888017401340 R08: 0000000000000000 R09: ffffed1002ec1f80
[ 85.807048] R10: ffff888017401340 R11: 0000000000000000 R12: 000000000c4a801d
[ 85.807653] R13: 0000000000000003 R14: 00005651597ce402 R15: 0000000000000000
[ 85.808243] ? __x64_sys_fcntl+0x94/0x1f0
[ 85.808614] ? __x64_sys_fcntl+0xa2/0x1f0
[ 85.808961] ? __x64_sys_fcntl+0xa2/0x1f0
[ 85.809325] do_syscall_64+0xbf/0x360
[ 85.809655] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.810084] RIP: 0033:0x7f70576f6e70
[ 85.810419] Code: 01 00 0f 1f 84 00 00 00 00 00 48 83 ec 18 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 83 fe 09 74 27 b8 48 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 40 48 8b 4c 24 08 64 48 2b 0c 25 28 00 00 00
[ 85.811908] RSP: 002b:00007ffdc2c7f1c0 EFLAGS: 00000297 ORIG_RAX: 0000000000000048
[ 85.812552] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f70576f6e70
[ 85.813137] RDX: 00005651597ce402 RSI: 0000000000000003 RDI: 0000000000000000
[ 85.813738] RBP: 0000000000000000 R08: 00000000ffffffff R09: 00007ffdc2c7f110
[ 85.814358] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008
[ 85.814945] R13: 0000000000000000 R14: 00007ffdc2c7f320 R15: 000056519119e560
[ 85.815552]
[ 85.815746] irq event stamp: 5200
[ 85.816021] hardirqs last enabled at (5208): [] __up_console_sem+0x78/0x80
[ 85.816715] hardirqs last disabled at (5217): [] __up_console_sem+0x5d/0x80
[ 85.817408] softirqs last enabled at (3832): [] handle_softirqs+0x50c/0x770
[ 85.818084] softirqs last disabled at (4335): [] __irq_exit_rcu+0xc4/0x100
[ 85.818778] ---[ end trace 0000000000000000 ]---
[ 85.819153] percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff888009ddf180 pointer offset 0 size 64
[ 87.110417] Bluetooth: hci0: command tx timeout
[ 87.110874] Bluetooth: hci2: command tx timeout
[ 87.174630] Bluetooth: hci4: command tx timeout
[ 87.175054] Bluetooth: hci6: command tx timeout
[ 87.175469] Bluetooth: hci5: command tx timeout
[ 87.175846] Bluetooth: hci7: command tx timeout
[ 87.239333] Bluetooth: hci3: command tx timeout
[ 87.239745] Bluetooth: hci1: command tx timeout
VM DIAGNOSIS:
10:42:39 Registers:
info registers vcpu 0
RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88806ce08758
R8 =0000000000000000 R9 =ffffed100134a046 R10=000000000000003a R11=0000000000000001
R12=000000000000003a R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f70575da540 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe6a00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f70576774a0 CR3=000000000cc84000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=25252525252525252525252525252525 XMM01=00000000000000000000ffffffffffff
XMM02=00000000000000000000ffffffffffff XMM03=00000000000000000000ff00000000ff
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff867e3960 RDX=1ffff11001e92f0c
RSI=0000000000000001 RDI=0000000000000001 RBP=ffff88800f497870 RSP=ffff88800f497758
R8 =ffffffff867e3964 R9 =0000000000000000 R10=000000000003bea3 R11=0000000000006cee
R12=ffff88800f497878 R13=ffff88800f497860 R14=0000000000000005 R15=ffff88800f497818
RIP=ffffffff8135886e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe3300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa88fde16f4 CR3=0000000005a88000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fa88fdf047000007fa88fdeff20
XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000