Warning: Permanently added '[localhost]:57001' (ECDSA) to the list of known hosts.
2025/09/01 12:21:01 fuzzer started
2025/09/01 12:21:02 dialing manager at localhost:35473
syzkaller login: [   43.880945] cgroup: Unknown subsys name 'net'
[   43.936488] cgroup: Unknown subsys name 'cpuset'
[   43.956551] cgroup: Unknown subsys name 'rlimit'
2025/09/01 12:21:12 syscalls: 2214
2025/09/01 12:21:12 code coverage: enabled
2025/09/01 12:21:12 comparison tracing: enabled
2025/09/01 12:21:12 extra coverage: enabled
2025/09/01 12:21:12 setuid sandbox: enabled
2025/09/01 12:21:12 namespace sandbox: enabled
2025/09/01 12:21:12 Android sandbox: enabled
2025/09/01 12:21:12 fault injection: enabled
2025/09/01 12:21:12 leak checking: enabled
2025/09/01 12:21:12 net packet injection: enabled
2025/09/01 12:21:12 net device setup: enabled
2025/09/01 12:21:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 12:21:12 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 12:21:12 USB emulation: enabled
2025/09/01 12:21:12 hci packet injection: enabled
2025/09/01 12:21:12 wifi device emulation: enabled
2025/09/01 12:21:12 802.15.4 emulation: enabled
2025/09/01 12:21:12 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 12:21:13 fetching corpus: 50, signal 25225/28739 (executing program)
2025/09/01 12:21:13 fetching corpus: 100, signal 31772/36788 (executing program)
2025/09/01 12:21:13 fetching corpus: 150, signal 38100/44521 (executing program)
2025/09/01 12:21:13 fetching corpus: 200, signal 45949/53558 (executing program)
2025/09/01 12:21:13 fetching corpus: 250, signal 50861/59718 (executing program)
2025/09/01 12:21:13 fetching corpus: 300, signal 56120/66080 (executing program)
2025/09/01 12:21:13 fetching corpus: 350, signal 61238/72225 (executing program)
2025/09/01 12:21:13 fetching corpus: 400, signal 64973/76963 (executing program)
2025/09/01 12:21:13 fetching corpus: 450, signal 67466/80525 (executing program)
2025/09/01 12:21:13 fetching corpus: 500, signal 70990/84988 (executing program)
2025/09/01 12:21:14 fetching corpus: 550, signal 75933/90596 (executing program)
2025/09/01 12:21:14 fetching corpus: 600, signal 77800/93437 (executing program)
2025/09/01 12:21:14 fetching corpus: 650, signal 80630/97062 (executing program)
2025/09/01 12:21:14 fetching corpus: 700, signal 83743/100920 (executing program)
2025/09/01 12:21:14 fetching corpus: 750, signal 85598/103600 (executing program)
2025/09/01 12:21:14 fetching corpus: 800, signal 87110/105963 (executing program)
2025/09/01 12:21:14 fetching corpus: 850, signal 88826/108479 (executing program)
2025/09/01 12:21:14 fetching corpus: 900, signal 90297/110774 (executing program)
2025/09/01 12:21:14 fetching corpus: 950, signal 92210/113306 (executing program)
2025/09/01 12:21:14 fetching corpus: 1000, signal 94955/116541 (executing program)
2025/09/01 12:21:15 fetching corpus: 1050, signal 96310/118620 (executing program)
2025/09/01 12:21:15 fetching corpus: 1100, signal 98595/121362 (executing program)
2025/09/01 12:21:15 fetching corpus: 1150, signal 100503/123842 (executing program)
2025/09/01 12:21:15 fetching corpus: 1200, signal 102213/126044 (executing program)
2025/09/01 12:21:15 fetching corpus: 1250, signal 103657/128108 (executing program)
2025/09/01 12:21:15 fetching corpus: 1300, signal 104639/129763 (executing program)
2025/09/01 12:21:15 fetching corpus: 1350, signal 106085/131724 (executing program)
2025/09/01 12:21:15 fetching corpus: 1400, signal 107262/133483 (executing program)
2025/09/01 12:21:15 fetching corpus: 1450, signal 108222/135050 (executing program)
2025/09/01 12:21:15 fetching corpus: 1500, signal 109583/136820 (executing program)
2025/09/01 12:21:15 fetching corpus: 1550, signal 110515/138303 (executing program)
2025/09/01 12:21:16 fetching corpus: 1600, signal 111991/140189 (executing program)
2025/09/01 12:21:16 fetching corpus: 1650, signal 113016/141724 (executing program)
2025/09/01 12:21:16 fetching corpus: 1700, signal 114589/143590 (executing program)
2025/09/01 12:21:16 fetching corpus: 1750, signal 115967/145306 (executing program)
2025/09/01 12:21:16 fetching corpus: 1800, signal 118160/147464 (executing program)
2025/09/01 12:21:16 fetching corpus: 1850, signal 119172/148888 (executing program)
2025/09/01 12:21:16 fetching corpus: 1900, signal 120490/150499 (executing program)
2025/09/01 12:21:16 fetching corpus: 1950, signal 121438/151903 (executing program)
2025/09/01 12:21:16 fetching corpus: 2000, signal 122276/153161 (executing program)
2025/09/01 12:21:16 fetching corpus: 2050, signal 123188/154476 (executing program)
2025/09/01 12:21:16 fetching corpus: 2100, signal 124106/155734 (executing program)
2025/09/01 12:21:17 fetching corpus: 2150, signal 125949/157569 (executing program)
2025/09/01 12:21:17 fetching corpus: 2200, signal 126649/158663 (executing program)
2025/09/01 12:21:17 fetching corpus: 2250, signal 127319/159715 (executing program)
2025/09/01 12:21:17 fetching corpus: 2300, signal 129061/161309 (executing program)
2025/09/01 12:21:17 fetching corpus: 2350, signal 130147/162544 (executing program)
2025/09/01 12:21:17 fetching corpus: 2400, signal 130857/163546 (executing program)
2025/09/01 12:21:17 fetching corpus: 2450, signal 131478/164540 (executing program)
2025/09/01 12:21:17 fetching corpus: 2500, signal 133326/166106 (executing program)
2025/09/01 12:21:17 fetching corpus: 2550, signal 134183/167182 (executing program)
2025/09/01 12:21:17 fetching corpus: 2600, signal 135154/168256 (executing program)
2025/09/01 12:21:18 fetching corpus: 2650, signal 135861/169203 (executing program)
2025/09/01 12:21:18 fetching corpus: 2700, signal 136631/170185 (executing program)
2025/09/01 12:21:18 fetching corpus: 2750, signal 137566/171176 (executing program)
2025/09/01 12:21:18 fetching corpus: 2800, signal 138129/172010 (executing program)
2025/09/01 12:21:18 fetching corpus: 2850, signal 139140/172987 (executing program)
2025/09/01 12:21:18 fetching corpus: 2900, signal 139885/173872 (executing program)
2025/09/01 12:21:18 fetching corpus: 2950, signal 140366/174632 (executing program)
2025/09/01 12:21:18 fetching corpus: 3000, signal 140971/175465 (executing program)
2025/09/01 12:21:18 fetching corpus: 3050, signal 141514/176237 (executing program)
2025/09/01 12:21:18 fetching corpus: 3100, signal 142118/177012 (executing program)
2025/09/01 12:21:18 fetching corpus: 3150, signal 142741/177841 (executing program)
2025/09/01 12:21:18 fetching corpus: 3200, signal 143387/178632 (executing program)
2025/09/01 12:21:18 fetching corpus: 3250, signal 144367/179460 (executing program)
2025/09/01 12:21:19 fetching corpus: 3300, signal 144847/180170 (executing program)
2025/09/01 12:21:19 fetching corpus: 3350, signal 145519/180908 (executing program)
2025/09/01 12:21:19 fetching corpus: 3400, signal 146690/181757 (executing program)
2025/09/01 12:21:19 fetching corpus: 3450, signal 147667/182524 (executing program)
2025/09/01 12:21:19 fetching corpus: 3500, signal 148514/183274 (executing program)
2025/09/01 12:21:19 fetching corpus: 3550, signal 149114/183945 (executing program)
2025/09/01 12:21:19 fetching corpus: 3600, signal 149495/184507 (executing program)
2025/09/01 12:21:19 fetching corpus: 3650, signal 150108/185131 (executing program)
2025/09/01 12:21:19 fetching corpus: 3700, signal 150615/185713 (executing program)
2025/09/01 12:21:19 fetching corpus: 3750, signal 151102/186296 (executing program)
2025/09/01 12:21:19 fetching corpus: 3800, signal 151689/186853 (executing program)
2025/09/01 12:21:19 fetching corpus: 3850, signal 152052/187386 (executing program)
2025/09/01 12:21:19 fetching corpus: 3900, signal 152590/187951 (executing program)
2025/09/01 12:21:20 fetching corpus: 3950, signal 153101/188512 (executing program)
2025/09/01 12:21:20 fetching corpus: 4000, signal 153536/189055 (executing program)
2025/09/01 12:21:20 fetching corpus: 4050, signal 153931/189584 (executing program)
2025/09/01 12:21:20 fetching corpus: 4100, signal 154454/190114 (executing program)
2025/09/01 12:21:20 fetching corpus: 4150, signal 154887/190610 (executing program)
2025/09/01 12:21:20 fetching corpus: 4200, signal 155288/191102 (executing program)
2025/09/01 12:21:20 fetching corpus: 4250, signal 155709/191550 (executing program)
2025/09/01 12:21:20 fetching corpus: 4300, signal 156111/192014 (executing program)
2025/09/01 12:21:20 fetching corpus: 4350, signal 156486/192503 (executing program)
2025/09/01 12:21:20 fetching corpus: 4400, signal 157107/192962 (executing program)
2025/09/01 12:21:20 fetching corpus: 4450, signal 157566/193396 (executing program)
2025/09/01 12:21:20 fetching corpus: 4500, signal 157985/193850 (executing program)
2025/09/01 12:21:21 fetching corpus: 4550, signal 158481/194294 (executing program)
2025/09/01 12:21:21 fetching corpus: 4600, signal 158778/194689 (executing program)
2025/09/01 12:21:21 fetching corpus: 4650, signal 159396/195080 (executing program)
2025/09/01 12:21:21 fetching corpus: 4700, signal 159928/195454 (executing program)
2025/09/01 12:21:21 fetching corpus: 4750, signal 160707/195838 (executing program)
2025/09/01 12:21:21 fetching corpus: 4800, signal 161073/196102 (executing program)
2025/09/01 12:21:21 fetching corpus: 4850, signal 161516/196112 (executing program)
2025/09/01 12:21:21 fetching corpus: 4900, signal 161898/196116 (executing program)
2025/09/01 12:21:21 fetching corpus: 4950, signal 162266/196121 (executing program)
2025/09/01 12:21:21 fetching corpus: 5000, signal 162658/196132 (executing program)
2025/09/01 12:21:21 fetching corpus: 5050, signal 163289/196226 (executing program)
2025/09/01 12:21:21 fetching corpus: 5100, signal 163859/196241 (executing program)
2025/09/01 12:21:22 fetching corpus: 5150, signal 164280/196286 (executing program)
2025/09/01 12:21:22 fetching corpus: 5200, signal 164694/196300 (executing program)
2025/09/01 12:21:22 fetching corpus: 5250, signal 165068/196311 (executing program)
2025/09/01 12:21:22 fetching corpus: 5300, signal 165397/196314 (executing program)
2025/09/01 12:21:22 fetching corpus: 5350, signal 165766/196319 (executing program)
2025/09/01 12:21:22 fetching corpus: 5400, signal 166181/196323 (executing program)
2025/09/01 12:21:22 fetching corpus: 5450, signal 166635/196339 (executing program)
2025/09/01 12:21:22 fetching corpus: 5500, signal 167482/196349 (executing program)
2025/09/01 12:21:22 fetching corpus: 5550, signal 167869/196349 (executing program)
2025/09/01 12:21:22 fetching corpus: 5600, signal 168177/196356 (executing program)
2025/09/01 12:21:22 fetching corpus: 5650, signal 168482/196363 (executing program)
2025/09/01 12:21:23 fetching corpus: 5700, signal 168836/196389 (executing program)
2025/09/01 12:21:23 fetching corpus: 5750, signal 169259/196427 (executing program)
2025/09/01 12:21:23 fetching corpus: 5800, signal 169549/196461 (executing program)
2025/09/01 12:21:23 fetching corpus: 5850, signal 169892/196462 (executing program)
2025/09/01 12:21:23 fetching corpus: 5900, signal 170106/196468 (executing program)
2025/09/01 12:21:23 fetching corpus: 5950, signal 170426/196485 (executing program)
2025/09/01 12:21:23 fetching corpus: 6000, signal 170874/196488 (executing program)
2025/09/01 12:21:23 fetching corpus: 6050, signal 171248/196488 (executing program)
2025/09/01 12:21:23 fetching corpus: 6100, signal 171605/196493 (executing program)
2025/09/01 12:21:23 fetching corpus: 6150, signal 171965/196495 (executing program)
2025/09/01 12:21:24 fetching corpus: 6200, signal 172335/196517 (executing program)
2025/09/01 12:21:24 fetching corpus: 6250, signal 172695/196541 (executing program)
2025/09/01 12:21:24 fetching corpus: 6300, signal 172953/196548 (executing program)
2025/09/01 12:21:24 fetching corpus: 6350, signal 173270/196555 (executing program)
2025/09/01 12:21:24 fetching corpus: 6400, signal 173614/196555 (executing program)
2025/09/01 12:21:24 fetching corpus: 6450, signal 173939/196558 (executing program)
2025/09/01 12:21:24 fetching corpus: 6500, signal 174222/196563 (executing program)
2025/09/01 12:21:24 fetching corpus: 6550, signal 174692/196577 (executing program)
2025/09/01 12:21:24 fetching corpus: 6600, signal 174939/196577 (executing program)
2025/09/01 12:21:24 fetching corpus: 6650, signal 175439/196598 (executing program)
2025/09/01 12:21:24 fetching corpus: 6700, signal 175699/196625 (executing program)
2025/09/01 12:21:25 fetching corpus: 6750, signal 176038/196631 (executing program)
2025/09/01 12:21:25 fetching corpus: 6800, signal 176351/196636 (executing program)
2025/09/01 12:21:25 fetching corpus: 6850, signal 176740/196643 (executing program)
2025/09/01 12:21:25 fetching corpus: 6900, signal 176937/196652 (executing program)
2025/09/01 12:21:25 fetching corpus: 6950, signal 177327/196665 (executing program)
2025/09/01 12:21:25 fetching corpus: 7000, signal 177784/196686 (executing program)
2025/09/01 12:21:25 fetching corpus: 7050, signal 178223/196713 (executing program)
2025/09/01 12:21:25 fetching corpus: 7100, signal 178520/196721 (executing program)
2025/09/01 12:21:25 fetching corpus: 7150, signal 178806/196732 (executing program)
2025/09/01 12:21:25 fetching corpus: 7200, signal 179368/196751 (executing program)
2025/09/01 12:21:25 fetching corpus: 7250, signal 179831/196787 (executing program)
2025/09/01 12:21:26 fetching corpus: 7300, signal 180120/196789 (executing program)
2025/09/01 12:21:26 fetching corpus: 7350, signal 180491/196789 (executing program)
2025/09/01 12:21:26 fetching corpus: 7400, signal 180777/196797 (executing program)
2025/09/01 12:21:26 fetching corpus: 7450, signal 181156/196802 (executing program)
2025/09/01 12:21:26 fetching corpus: 7500, signal 181476/196804 (executing program)
2025/09/01 12:21:26 fetching corpus: 7550, signal 181824/196805 (executing program)
2025/09/01 12:21:26 fetching corpus: 7600, signal 182099/196814 (executing program)
2025/09/01 12:21:26 fetching corpus: 7650, signal 182357/196817 (executing program)
2025/09/01 12:21:26 fetching corpus: 7700, signal 182734/196818 (executing program)
2025/09/01 12:21:26 fetching corpus: 7750, signal 183094/196821 (executing program)
2025/09/01 12:21:26 fetching corpus: 7800, signal 183398/196821 (executing program)
2025/09/01 12:21:27 fetching corpus: 7850, signal 183689/196823 (executing program)
2025/09/01 12:21:27 fetching corpus: 7900, signal 183990/196825 (executing program)
2025/09/01 12:21:27 fetching corpus: 7950, signal 184396/196827 (executing program)
2025/09/01 12:21:27 fetching corpus: 8000, signal 184626/196833 (executing program)
2025/09/01 12:21:27 fetching corpus: 8050, signal 184806/196840 (executing program)
2025/09/01 12:21:27 fetching corpus: 8100, signal 185197/196852 (executing program)
2025/09/01 12:21:27 fetching corpus: 8150, signal 185543/196852 (executing program)
2025/09/01 12:21:27 fetching corpus: 8200, signal 185883/196889 (executing program)
2025/09/01 12:21:27 fetching corpus: 8250, signal 186195/196892 (executing program)
2025/09/01 12:21:27 fetching corpus: 8300, signal 186435/196894 (executing program)
2025/09/01 12:21:27 fetching corpus: 8350, signal 186721/196897 (executing program)
2025/09/01 12:21:28 fetching corpus: 8400, signal 187060/196902 (executing program)
2025/09/01 12:21:28 fetching corpus: 8450, signal 187413/196911 (executing program)
2025/09/01 12:21:28 fetching corpus: 8500, signal 187679/196911 (executing program)
2025/09/01 12:21:28 fetching corpus: 8550, signal 187914/196920 (executing program)
2025/09/01 12:21:28 fetching corpus: 8600, signal 188126/196948 (executing program)
2025/09/01 12:21:28 fetching corpus: 8650, signal 188442/196951 (executing program)
2025/09/01 12:21:28 fetching corpus: 8700, signal 188608/196963 (executing program)
2025/09/01 12:21:28 fetching corpus: 8750, signal 188946/197013 (executing program)
2025/09/01 12:21:28 fetching corpus: 8800, signal 189254/197013 (executing program)
2025/09/01 12:21:28 fetching corpus: 8850, signal 189627/197080 (executing program)
2025/09/01 12:21:28 fetching corpus: 8900, signal 191190/197081 (executing program)
2025/09/01 12:21:28 fetching corpus: 8950, signal 191493/197082 (executing program)
2025/09/01 12:21:29 fetching corpus: 9000, signal 191772/197085 (executing program)
2025/09/01 12:21:29 fetching corpus: 9050, signal 192125/197112 (executing program)
2025/09/01 12:21:29 fetching corpus: 9100, signal 192353/197126 (executing program)
2025/09/01 12:21:29 fetching corpus: 9150, signal 192637/197144 (executing program)
2025/09/01 12:21:29 fetching corpus: 9200, signal 192888/197149 (executing program)
2025/09/01 12:21:29 fetching corpus: 9250, signal 193100/197149 (executing program)
2025/09/01 12:21:29 fetching corpus: 9300, signal 193316/197153 (executing program)
2025/09/01 12:21:29 fetching corpus: 9350, signal 193544/197155 (executing program)
2025/09/01 12:21:29 fetching corpus: 9400, signal 193724/197161 (executing program)
2025/09/01 12:21:29 fetching corpus: 9431, signal 193848/197165 (executing program)
2025/09/01 12:21:29 fetching corpus: 9431, signal 193848/197165 (executing program)
2025/09/01 12:21:32 starting 8 fuzzer processes
12:21:32 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x5cca, 0x4)
shutdown(r0, 0x1)
sendmmsg$inet6(r0, &(0x7f00000043c0)=[{{&(0x7f0000000080)={0x2, 0x4e24, 0x0, @loopback={0xffffff7f00000000}}, 0x1c, 0x0}}], 0x1, 0x0)

12:21:32 executing program 1:
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0xffff)

12:21:32 executing program 2:
creat(&(0x7f0000000040)='./file0\x00', 0x0)

12:21:32 executing program 3:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890c, &(0x7f0000000000)={@dev, @dev, @remote, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, r3})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'syztnl2\x00', &(0x7f0000000640)={'gre0\x00', 0x0, 0x8000, 0x700, 0x1, 0x9, {{0xf, 0x4, 0x0, 0x5, 0x3c, 0x64, 0x0, 0x0, 0x4, 0x0, @broadcast, @local, {[@generic={0x44, 0x12, "af038a25f88374889f1d918745208212"}, @generic={0x89, 0x9, "8d65c4f21ad4f6"}, @timestamp_addr={0x44, 0xc, 0x5d, 0x1, 0x4, [{@empty, 0x72}]}]}}}}})
write$binfmt_misc(r0, 0x0, 0x0)

12:21:32 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
fcntl$lock(r0, 0x25, &(0x7f0000000700)={0x2, 0x2, 0x0, 0x9})

12:21:32 executing program 6:
r0 = syz_io_uring_setup(0x2262, &(0x7f0000003a00), &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000003ac0))
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="78000000000000001801000000020000a08c91caac1f43fc3cb00da6deaa503d79c2788ee4d392585369571d6b3b5fe333a0101160d844461524fe40193f23bd7e51071f6d5ea4046c878dde9afb63a167d45f7ad6a6e6e78ef400108f16fa06ea13f8a810f24df6dab8adf0da7f78379300000000000000b000000000000000080100000100000013deec1a0eb8fbb8006a7f053477a6bb35ded80f390fc302bb2c2fc621d130b0a9facb44ad575c375bebc64be388335dde0396309a0f26e04bf2c811cf1b186a172737036879eb03e1af7b9f0f546b0410833748770cd99f2a070a53897783c6969afed592c6a33544c9aa20b2b857d0cec7eec10a9c9ba8b3523e6a57e4afca28e8a6483600d28d52b120075480769d127557ee3fd661eb1de8470ed0d87000000000000000900000000000000010010000080000000e15cb0fa60f112d155fed0e14594608dba2c60edc3f67a64c32dad570e1cad670c937ba9d86ad5fdcc8d5d29472e7bbee37dc5efeb89089924e9f3894a588d10de678f4cb1493b73f2595f213ced0433e4f7e6491d46b73be682f279e1ebda8aec575151e6cd43977a3fc1d843fde3d272e162fa30e3307e1afdc00000000000801000000000000100100005a0c0000dc0acc25165a664b94c40da6103d8409d01471b0d21e703f331dbe40d13402573c291a13c9c33443ae09743d2d835981c10a9e4259e54d4d5fa4c9e239eb947418a389d38f1707078344084de6ab59f44b4c1d3a5ef9c888a83f232f29996710047ac144e234ce926ff9c57281e30ba564a30902d942db2f337f52a9702b3d16f33505d3310fdddfdcd44ea54f610bae7d4948e15aef8081cb8dc9ba76cc812b17279f7fd61d866b36e85e1a385716864215bcabc555e2704b158073bf3993f9424521ee878a960a4b2695bf7b2d16eb58ccb65f9f3212cd7fee5d25423c24a9ed81e0be0b72b016fc181d937b86f5f2473f08557e5c842510010000000000000101000000020000c593133edd9b0501b546088b8b7199e31f1d4479443cd500f307183db7c0eff02809b2448ac3fb930333ca16f14f08062ed87c2ffbae74f34361fb003df6e9765293f411501ad1f8a95abdc525c29e54173c6e633edf30ce98c9338d522a50b36bf809ee69f432ec41f9b47f7a1ba2f9474aaeb91150a94012913776a97426414b504fb5cf5d865dfdfa63108a18cf03a9c3d58014209ef9c5021a637f4b1036a2658b1b2a7edf0724ceb130f63f1045c70d1d58ecad85718f9046565ca300da940d64b248bcbf8601157786d886c84eacbb06a53d17363bce8c5b2b4b45dacbb8e53aed6f45fd3965aae2"], 0x3d0}}, 0x0)
io_uring_register$IORING_REGISTER_PROBE(r0, 0xd, &(0x7f0000001240)=ANY=[], 0x20)

12:21:32 executing program 5:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)

12:21:32 executing program 7:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

[   74.030239] audit: type=1400 audit(1756729292.436:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   75.238991] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.243188] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.245326] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.253565] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.255854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   75.316161] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   75.318487] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   75.321158] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   75.326398] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.331402] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   75.370311] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.375303] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.389292] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.396058] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.398270] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.445453] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   75.452383] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   75.454042] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   75.456562] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   75.457809] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   75.463413] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   75.476071] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   75.489542] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   75.491309] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   75.505282] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   75.506773] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   75.509152] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   75.523144] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   75.528655] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   75.530589] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   75.533295] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   75.534779] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   75.536572] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   75.538260] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   75.543962] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   75.546224] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   75.561231] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   75.588187] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   75.593905] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   75.607834] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   77.271419] Bluetooth: hci0: command tx timeout
[   77.397745] Bluetooth: hci1: command tx timeout
[   77.462728] Bluetooth: hci2: command tx timeout
[   77.589791] Bluetooth: hci4: command tx timeout
[   77.589880] Bluetooth: hci3: command tx timeout
[   77.653817] Bluetooth: hci6: command tx timeout
[   77.654440] Bluetooth: hci7: command tx timeout
[   77.654937] Bluetooth: hci5: command tx timeout
[   79.317788] Bluetooth: hci0: command tx timeout
[   79.447576] Bluetooth: hci1: command tx timeout
[   79.509776] Bluetooth: hci2: command tx timeout
[   79.637845] Bluetooth: hci3: command tx timeout
[   79.639520] Bluetooth: hci4: command tx timeout
[   79.701729] Bluetooth: hci7: command tx timeout
[   79.702730] Bluetooth: hci5: command tx timeout
[   79.703219] Bluetooth: hci6: command tx timeout
[   81.365732] Bluetooth: hci0: command tx timeout
[   81.493734] Bluetooth: hci1: command tx timeout
[   81.557905] Bluetooth: hci2: command tx timeout
[   81.687393] Bluetooth: hci4: command tx timeout
[   81.688014] Bluetooth: hci3: command tx timeout
[   81.749940] Bluetooth: hci5: command tx timeout
[   81.750394] Bluetooth: hci6: command tx timeout
[   81.750420] Bluetooth: hci7: command tx timeout
[   83.414846] Bluetooth: hci0: command tx timeout
[   83.542124] Bluetooth: hci1: command tx timeout
[   83.605894] Bluetooth: hci2: command tx timeout
[   83.734154] Bluetooth: hci4: command tx timeout
[   83.734586] Bluetooth: hci3: command tx timeout
[   83.798706] Bluetooth: hci6: command tx timeout
[   83.799174] Bluetooth: hci7: command tx timeout
[   83.799550] Bluetooth: hci5: command tx timeout
[  113.805322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.806694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.981027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.982914] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.202074] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.203185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.384927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.385550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.528951] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.529580] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.665473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.666133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:22:13 executing program 7:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

12:22:13 executing program 6:
openat$sr(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

[  114.847720] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.848336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:22:13 executing program 7:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

12:22:13 executing program 7:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000005, 0x32, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

12:22:13 executing program 6:
getgroups(0x2, &(0x7f0000000000)=[0xee01, <r0=>0xffffffffffffffff])
getgroups(0x2, &(0x7f0000000040)=[0x0, <r1=>r0])
setgid(r1)

12:22:13 executing program 2:
io_cancel(0x0, 0xfffffffffffffffd, 0x0)

[  115.037896] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.038487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.101739] kmemleak: Found object by alias at 0x607f1a639adc
[  115.101760] CPU: 0 UID: 0 PID: 3841 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  115.101779] Tainted: [W]=WARN
[  115.101782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  115.101789] Call Trace:
[  115.101794]  <TASK>
[  115.101799]  dump_stack_lvl+0xca/0x120
[  115.101825]  __lookup_object+0x94/0xb0
[  115.101842]  delete_object_full+0x27/0x70
[  115.101859]  free_percpu+0x30/0x1160
[  115.101876]  ? arch_uprobe_clear_state+0x16/0x140
[  115.101897]  futex_hash_free+0x38/0xc0
[  115.101911]  mmput+0x2d3/0x390
[  115.101930]  do_exit+0x79d/0x2970
[  115.101944]  ? signal_wake_up_state+0x85/0x120
[  115.101961]  ? zap_other_threads+0x2b9/0x3a0
[  115.101977]  ? __pfx_do_exit+0x10/0x10
[  115.101990]  ? do_group_exit+0x1c3/0x2a0
[  115.102004]  ? lock_release+0xc8/0x290
[  115.102022]  do_group_exit+0xd3/0x2a0
[  115.102037]  __x64_sys_exit_group+0x3e/0x50
[  115.102051]  x64_sys_call+0x18c5/0x18d0
[  115.102067]  do_syscall_64+0xbf/0x360
[  115.102080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.102091] RIP: 0033:0x7f8db3548b19
[  115.102100] Code: Unable to access opcode bytes at 0x7f8db3548aef.
[  115.102105] RSP: 002b:00007ffef5a5a5c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  115.102117] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8db3548b19
[  115.102125] RDX: 00007f8db34fb72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  115.102132] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  115.102139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.102146] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffef5a5a6b0
[  115.102161]  </TASK>
[  115.102165] kmemleak: Object (percpu) 0x607f1a639ad8 (size 8):
[  115.102172] kmemleak:   comm "kworker/u9:2", pid 49, jiffies 4294781899
[  115.102179] kmemleak:   min_count = 1
[  115.102182] kmemleak:   count = 0
[  115.102186] kmemleak:   flags = 0x21
[  115.102190] kmemleak:   checksum = 0
[  115.102193] kmemleak:   backtrace:
[  115.102197]  pcpu_alloc_noprof+0x87a/0x1170
[  115.102213]  fib_nh_common_init+0x30/0xd0
[  115.102227]  fib6_nh_init+0x968/0x1a00
[  115.102238]  ip6_route_info_create_nh+0x530/0xf80
[  115.102249]  ip6_route_add.part.0+0x59/0x170
[  115.102260]  ip6_route_add+0x48/0x60
[  115.102270]  addrconf_add_mroute+0x12d/0x190
[  115.102282]  addrconf_add_dev+0x148/0x1c0
[  115.102296]  addrconf_dev_config+0x1e9/0x430
[  115.102311]  addrconf_notify+0xa70/0x1920
[  115.102321]  notifier_call_chain+0xc0/0x360
[  115.102331]  call_netdevice_notifiers_info+0xbe/0x140
[  115.102344]  netif_state_change+0x157/0x330
[  115.102354]  linkwatch_do_dev+0x111/0x150
[  115.102366]  __linkwatch_run_queue+0x2ab/0x710
[  115.102377]  linkwatch_event+0x4e/0x70
12:22:13 executing program 6:
getgroups(0x2, &(0x7f0000000000)=[0xee01, <r0=>0xffffffffffffffff])
getgroups(0x2, &(0x7f0000000040)=[0x0, <r1=>r0])
setgid(r1)

12:22:13 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00')
pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34)

[  115.225419] kmemleak: Found object by alias at 0x607f1a639adc
[  115.225441] CPU: 0 UID: 0 PID: 3850 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  115.225460] Tainted: [W]=WARN
[  115.225463] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  115.225470] Call Trace:
[  115.225474]  <TASK>
[  115.225479]  dump_stack_lvl+0xca/0x120
[  115.225505]  __lookup_object+0x94/0xb0
[  115.225523]  delete_object_full+0x27/0x70
[  115.225539]  free_percpu+0x30/0x1160
[  115.225557]  ? arch_uprobe_clear_state+0x16/0x140
[  115.225577]  futex_hash_free+0x38/0xc0
[  115.225592]  mmput+0x2d3/0x390
[  115.225611]  do_exit+0x79d/0x2970
[  115.225625]  ? signal_wake_up_state+0x85/0x120
[  115.225642]  ? zap_other_threads+0x2b9/0x3a0
[  115.225663]  ? __pfx_do_exit+0x10/0x10
[  115.225676]  ? do_group_exit+0x1c3/0x2a0
[  115.225690]  ? lock_release+0xc8/0x290
[  115.225707]  do_group_exit+0xd3/0x2a0
[  115.225722]  __x64_sys_exit_group+0x3e/0x50
[  115.225736]  x64_sys_call+0x18c5/0x18d0
[  115.225752]  do_syscall_64+0xbf/0x360
[  115.225765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.225776] RIP: 0033:0x7f8db3548b19
[  115.225785] Code: Unable to access opcode bytes at 0x7f8db3548aef.
[  115.225790] RSP: 002b:00007ffef5a5a5c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  115.225803] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f8db3548b19
[  115.225810] RDX: 00007f8db34fb72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  115.225818] RBP: 0000000000000000 R08: 0000001b2d6201e0 R09: 0000000000000000
[  115.225825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.225831] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffef5a5a6b0
[  115.225847]  </TASK>
[  115.225850] kmemleak: Object (percpu) 0x607f1a639ad8 (size 8):
[  115.225857] kmemleak:   comm "syz-executor.0", pid 287, jiffies 4294782017
[  115.225864] kmemleak:   min_count = 1
[  115.225868] kmemleak:   count = 0
[  115.225872] kmemleak:   flags = 0x21
[  115.225876] kmemleak:   checksum = 0
[  115.225879] kmemleak:   backtrace:
[  115.225883]  pcpu_alloc_noprof+0x87a/0x1170
[  115.225899]  percpu_ref_init+0x37/0x400
[  115.225910]  cgroup_mkdir+0x28a/0x1110
[  115.225923]  kernfs_iop_mkdir+0x111/0x190
[  115.225938]  vfs_mkdir+0x59a/0x8d0
[  115.225954]  do_mkdirat+0x19f/0x3d0
[  115.225965]  __x64_sys_mkdir+0xf3/0x140
[  115.225977]  do_syscall_64+0xbf/0x360
[  115.225986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.382317] kmemleak: Cannot insert 0x607f1a639adc into the object search tree (overlaps existing)
[  115.382338] CPU: 1 UID: 0 PID: 287 Comm: syz-executor.0 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  115.382357] Tainted: [W]=WARN
[  115.382360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  115.382368] Call Trace:
[  115.382372]  <TASK>
[  115.382377]  dump_stack_lvl+0xca/0x120
[  115.382404]  __link_object+0x190/0x210
[  115.382423]  __create_object+0x48/0x80
[  115.382441]  pcpu_alloc_noprof+0x87a/0x1170
[  115.382467]  __percpu_counter_init_many+0x44/0x360
[  115.382486]  fprop_local_init_percpu+0x2b/0xb0
[  115.382505]  wb_init+0x583/0x740
[  115.382517]  wb_get_create+0x225/0x1120
[  115.382532]  ? __inode_attach_wb+0x2c8/0xc70
[  115.382547]  ? lock_release+0xc8/0x290
[  115.382565]  __inode_attach_wb+0x2e2/0xc70
[  115.382583]  __mark_inode_dirty+0xae3/0xd00
[  115.382600]  ext4_mb_new_blocks+0x5f5/0x45b0
[  115.382619]  ? kasan_save_track+0x14/0x30
[  115.382634]  ? __kasan_kmalloc+0x7f/0x90
[  115.382649]  ? trace_kmalloc+0x1f/0xb0
[  115.382669]  ? __kmalloc_noprof+0x29d/0x6e0
[  115.382687]  ? ext4_find_extent+0x7f5/0xa00
[  115.382703]  ? __pfx_ext4_mb_new_blocks+0x10/0x10
[  115.382717]  ? ext4_ext_search_right+0x2e8/0xbd0
[  115.382731]  ? ext4_inode_to_goal_block+0x323/0x430
[  115.382749]  ext4_ext_map_blocks+0x1c4b/0x5f70
[  115.382771]  ? lock_acquire+0x15e/0x2f0
[  115.382784]  ? fs_reclaim_acquire+0xae/0x150
[  115.382799]  ? lock_is_held_type+0x9e/0x120
[  115.382821]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[  115.382841]  ? look_up_lock_class+0x56/0x150
[  115.382860]  ? lock_acquire+0x15e/0x2f0
[  115.382873]  ? ext4_map_blocks+0x55b/0x14a0
[  115.382892]  ? __pfx_down_write+0x10/0x10
[  115.382902]  ? ext4_es_lookup_extent+0xc8/0xb30
[  115.382925]  ext4_map_blocks+0x624/0x14a0
[  115.382940]  ? __up_read+0x197/0x750
[  115.382955]  ? __pfx_ext4_map_blocks+0x10/0x10
[  115.382967]  ? __pfx___up_read+0x10/0x10
[  115.382982]  ? lock_release+0xc8/0x290
[  115.382999]  ? ext4_map_blocks+0x1e0/0x14a0
[  115.383014]  ext4_getblk+0x682/0x8e0
[  115.383027]  ? __pfx_ext4_getblk+0x10/0x10
[  115.383038]  ? __pfx_security_inode_init_security+0x10/0x10
[  115.383055]  ? crc32c+0x1ae/0x350
[  115.383071]  ext4_bread+0x2e/0x1a0
[  115.383084]  ext4_append+0x224/0x530
[  115.383100]  ? __pfx_ext4_append+0x10/0x10
[  115.383123]  ? __pfx___ext4_new_inode+0x10/0x10
[  115.383142]  ext4_init_new_dir+0x13c/0x240
[  115.383158]  ? __pfx_ext4_init_new_dir+0x10/0x10
[  115.383180]  ext4_mkdir+0x3c5/0xb30
[  115.383200]  ? __pfx_ext4_mkdir+0x10/0x10
[  115.383216]  ? security_inode_permission+0x72/0xe0
[  115.383237]  vfs_mkdir+0x59a/0x8d0
[  115.383258]  do_mkdirat+0x19f/0x3d0
[  115.383272]  ? __pfx_do_mkdirat+0x10/0x10
[  115.383291]  __x64_sys_mkdir+0xf3/0x140
[  115.383305]  do_syscall_64+0xbf/0x360
[  115.383317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.383330] RIP: 0033:0x7f1361ecbc27
[  115.383339] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  115.383350] RSP: 002b:00007ffceec21798 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[  115.383362] RAX: ffffffffffffffda RBX: 00007ffceec21820 RCX: 00007f1361ecbc27
[  115.383370] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00007ffceec21820
[  115.383377] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000003
[  115.383384] R10: 00007ffceec21537 R11: 0000000000000202 R12: 0000000000000003
[  115.383391] R13: 00007f1361fac140 R14: 00007f1361face48 R15: 00007ffceec21860
[  115.383407]  </TASK>
[  115.383818] kmemleak: Kernel memory leak detector disabled
[  115.383822] kmemleak: Object (percpu) 0x607f1a639ad8 (size 8):
[  115.383829] kmemleak:   comm "syz-executor.0", pid 287, jiffies 4294782017
[  115.383837] kmemleak:   min_count = 1
[  115.383840] kmemleak:   count = 0
[  115.383844] kmemleak:   flags = 0x21
[  115.383848] kmemleak:   checksum = 0
[  115.383852] kmemleak:   backtrace:
[  115.383855]  pcpu_alloc_noprof+0x87a/0x1170
[  115.383871]  percpu_ref_init+0x37/0x400
[  115.383881]  cgroup_mkdir+0x28a/0x1110
[  115.383895]  kernfs_iop_mkdir+0x111/0x190
[  115.383910]  vfs_mkdir+0x59a/0x8d0
[  115.383926]  do_mkdirat+0x19f/0x3d0
[  115.383936]  __x64_sys_mkdir+0xf3/0x140
[  115.383947]  do_syscall_64+0xbf/0x360
[  115.383957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.539066] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.539743] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.568062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.568713] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.667449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.668564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.730018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.730644] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.755779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.756420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.841368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.842468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.875084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.875284] audit: type=1400 audit(1756729334.280:8): avc:  denied  { open } for  pid=3904 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  115.876292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.880595] audit: type=1400 audit(1756729334.280:9): avc:  denied  { kernel } for  pid=3904 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  115.953567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.954713] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:22:14 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x8001)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xa2942)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
dup2(r0, r1)

12:22:14 executing program 0:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:14 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
fcntl$lock(r0, 0x25, &(0x7f0000000700)={0x2, 0x2, 0x0, 0x9})

12:22:14 executing program 6:
getgroups(0x2, &(0x7f0000000000)=[0xee01, <r0=>0xffffffffffffffff])
getgroups(0x2, &(0x7f0000000040)=[0x0, <r1=>r0])
setgid(r1)

12:22:14 executing program 3:
syz_emit_ethernet(0x22, &(0x7f0000000040)={@local, @multicast, @val={@void}, {@generic={0x88ca, "6dd05c42802dafdfc0a261d96d8bc318"}}}, 0x0)

12:22:14 executing program 7:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:14 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00')
pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34)

12:22:14 executing program 5:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)

[  116.086995] =======================================================
[  116.086995] WARNING: The mand mount option has been deprecated and
[  116.086995]          and is ignored by this kernel. Remove the mand
[  116.086995]          option from the mount to silence this warning.
[  116.086995] =======================================================
12:22:14 executing program 0:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:14 executing program 7:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:14 executing program 3:
syz_emit_ethernet(0x22, &(0x7f0000000040)={@local, @multicast, @val={@void}, {@generic={0x88ca, "6dd05c42802dafdfc0a261d96d8bc318"}}}, 0x0)

12:22:14 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00')
pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34)

12:22:14 executing program 6:
getgroups(0x2, &(0x7f0000000000)=[0xee01, <r0=>0xffffffffffffffff])
getgroups(0x2, &(0x7f0000000040)=[0x0, <r1=>r0])
setgid(r1)

[  116.168949] Oops: general protection fault, probably for non-canonical address 0xdffffc00000139aa: 0000 [#1] SMP KASAN NOPTI
[  116.169892] KASAN: probably user-memory-access in range [0x000000000009cd50-0x000000000009cd57]
[  116.170571] CPU: 1 UID: 0 PID: 3931 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  116.172191] Tainted: [W]=WARN
[  116.173003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.174822] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.175728] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.179865] RSP: 0018:ffff888047c076c0 EFLAGS: 00010216
[  116.180757] RAX: 00000000000139aa RBX: 000000000009cb60 RCX: 0000000000000002
[  116.181320] RDX: ffff88801699b700 RSI: ffffffff8189a4e7 RDI: 000000000009cd50
[  116.181881] RBP: ffff888047c07930 R08: ffff88806cf31340 R09: ffffe8ffffd11ad8
[  116.182436] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.182999] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.183575] FS:  000055558ea2c400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  116.184208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.184667] CR2: 00007ffc8947bf48 CR3: 0000000016d90000 CR4: 0000000000350ef0
[  116.185228] Call Trace:
[  116.185433]  <TASK>
[  116.185614]  ? __lock_acquire+0x694/0x1b70
[  116.185955]  ? __pfx_perf_tp_event+0x10/0x10
[  116.186313]  ? __lock_acquire+0x694/0x1b70
[  116.186650]  ? __lock_acquire+0x694/0x1b70
[  116.186989]  ? lock_acquire+0x15e/0x2f0
[  116.187315]  ? __is_insn_slot_addr+0x2e/0x290
[  116.187683]  ? find_held_lock+0x2b/0x80
[  116.188004]  ? __is_insn_slot_addr+0x136/0x290
[  116.188373]  ? lock_release+0xc8/0x290
[  116.188685]  ? perf_trace_run_bpf_submit+0xef/0x180
[  116.189084]  ? kernel_text_address+0x5b/0xc0
[  116.189435]  perf_trace_run_bpf_submit+0xef/0x180
[  116.189825]  perf_trace_contention_begin+0x235/0x3e0
[  116.190231]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  116.190675]  ? lock_acquire+0x15e/0x2f0
[  116.190993]  ? __set_oom_adj.isra.0+0x68/0xf40
[  116.191370]  trace_contention_begin+0xae/0x110
[  116.191737]  __mutex_lock+0x14b/0x1020
[  116.192057]  ? __set_oom_adj.isra.0+0x68/0xf40
[  116.192423]  ? __set_oom_adj.isra.0+0x68/0xf40
[  116.192792]  ? __x64_sys_openat+0xa1/0x200
[  116.193135]  ? __pfx___mutex_lock+0x10/0x10
[  116.193481]  ? get_pid_task+0x29/0x250
[  116.193790]  ? find_held_lock+0x2b/0x80
[  116.194111]  ? get_pid_task+0xfd/0x250
[  116.194419]  ? lock_release+0xc8/0x290
[  116.194737]  __set_oom_adj.isra.0+0x68/0xf40
[  116.195097]  oom_score_adj_write+0x1ba/0x200
[  116.195459]  ? __pfx_oom_score_adj_write+0x10/0x10
[  116.195848]  ? ksys_write+0x121/0x240
[  116.196154]  ? lock_is_held_type+0x9e/0x120
[  116.196502]  vfs_write+0x2b7/0x1150
[  116.196793]  ? __pfx_oom_score_adj_write+0x10/0x10
[  116.197183]  ? __pfx_vfs_write+0x10/0x10
[  116.197510]  ? putname+0x3c/0x50
[  116.197790]  ? do_sys_openat2+0x141/0x1b0
[  116.198128]  ? __pfx_do_sys_openat2+0x10/0x10
[  116.198489]  ? handle_mm_fault+0x590/0x9b0
[  116.198832]  ? lock_release+0xc8/0x290
[  116.199155]  ksys_write+0x121/0x240
[  116.199449]  ? __pfx_ksys_write+0x10/0x10
[  116.199783]  do_syscall_64+0xbf/0x360
[  116.200090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.200496] RIP: 0033:0x7f0dc7a8a5ff
[  116.200793] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[  116.202205] RSP: 002b:00007ffc8947c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.202799] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f0dc7a8a5ff
[  116.203359] RDX: 0000000000000004 RSI: 00007ffc8947c5d0 RDI: 0000000000000003
[  116.203915] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007ffc8947c520
[  116.204476] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f0dc7b31ff5
[  116.205033] R13: 00007ffc8947c5d0 R14: 0000000000000000 R15: 00007ffc8947cb70
[  116.205595]  </TASK>
[  116.205783] Modules linked in:
[  116.206443] ---[ end trace 0000000000000000 ]---
[  116.207177] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.207561] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.208998] RSP: 0018:ffff888047c076c0 EFLAGS: 00010216
[  116.209418] RAX: 00000000000139aa RBX: 000000000009cb60 RCX: 0000000000000002
[  116.209989] RDX: ffff88801699b700 RSI: ffffffff8189a4e7 RDI: 000000000009cd50
[  116.210546] RBP: ffff888047c07930 R08: ffff88806cf31340 R09: ffffe8ffffd11ad8
[  116.211134] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.211713] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.212276] FS:  000055558ea2c400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  116.212980] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.213438] CR2: 00007ffc8947bf48 CR3: 0000000016d90000 CR4: 0000000000350ef0
[  116.214019] note: syz-executor.7[3931] exited with preempt_count 2
12:22:14 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
fcntl$lock(r0, 0x25, &(0x7f0000000700)={0x2, 0x2, 0x0, 0x9})

12:22:14 executing program 5:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)

12:22:14 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='uid_map\x00')
pread64(r0, &(0x7f0000000000)=""/72, 0x48, 0x34)

12:22:14 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x8001)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xa2942)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
dup2(r0, r1)

12:22:14 executing program 2:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:14 executing program 6:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:14 executing program 7:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:14 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
fcntl$lock(r0, 0x25, &(0x7f0000000700)={0x2, 0x2, 0x0, 0x9})

12:22:14 executing program 0:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:14 executing program 3:
syz_emit_ethernet(0x22, &(0x7f0000000040)={@local, @multicast, @val={@void}, {@generic={0x88ca, "6dd05c42802dafdfc0a261d96d8bc318"}}}, 0x0)

12:22:14 executing program 5:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)

12:22:14 executing program 0:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:14 executing program 3:
syz_emit_ethernet(0x22, &(0x7f0000000040)={@local, @multicast, @val={@void}, {@generic={0x88ca, "6dd05c42802dafdfc0a261d96d8bc318"}}}, 0x0)

12:22:14 executing program 7:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:14 executing program 6:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:14 executing program 2:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:14 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x8001)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xa2942)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
dup2(r0, r1)

12:22:14 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x18, 0x0, &(0x7f0000000240))

12:22:14 executing program 0:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
bind$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e23}, 0x6e)

12:22:15 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x8001)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xa2942)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
dup2(r0, r1)

12:22:15 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
getpid()
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000006c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}]}, 0x20}}, 0x0)

12:22:15 executing program 7:
r0 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e)

12:22:15 executing program 6:
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='mand\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)

12:22:15 executing program 2:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock(&(0x7f00008b5000/0x3000)=nil, 0x3000)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

12:22:15 executing program 5:
r0 = gettid()
sched_setscheduler(r0, 0x0, &(0x7f0000004140)=0x8000)

12:22:15 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x8001)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xa2942)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
dup2(r0, r1)

12:22:15 executing program 0:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
bind$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e23}, 0x6e)

12:22:15 executing program 6:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setstatus(r1, 0x4, 0x42400)
write$binfmt_script(r1, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r0, 0x0, r2, 0x0, 0x802, 0x0)

12:22:15 executing program 5:
r0 = gettid()
sched_setscheduler(r0, 0x0, &(0x7f0000004140)=0x8000)

12:22:15 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
getpid()
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000006c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}]}, 0x20}}, 0x0)

[  116.733885] Oops: general protection fault, probably for non-canonical address 0xdffffc0000007331: 0000 [#2] SMP KASAN NOPTI
[  116.735251] KASAN: probably user-memory-access in range [0x0000000000039988-0x000000000003998f]
12:22:15 executing program 0:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = dup(r0)
bind$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e23}, 0x6e)

[  116.736385] CPU: 0 UID: 0 PID: 286 Comm: syz-executor.7 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  116.737778] Tainted: [D]=DIE, [W]=WARN
[  116.738260] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.739228] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.739787] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.741889] RSP: 0018:ffff88801b37f6c0 EFLAGS: 00010212
[  116.742505] RAX: 0000000000007331 RBX: 0000000000039798 RCX: 0000000000000002
[  116.743324] RDX: ffff8880168b9b80 RSI: ffffffff8189a4e7 RDI: 0000000000039988
[  116.744136] RBP: ffff88801b37f930 R08: ffff88806ce31340 R09: ffffe8ffffc11ad8
[  116.744939] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  116.745724] R13: 000000000000001c R14: ffff88806ce31340 R15: dffffc0000000000
[  116.746511] FS:  000055558ea2c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  116.747415] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.748073] CR2: 0000001b2cd23000 CR3: 000000004390a000 CR4: 0000000000350ef0
[  116.748867] Call Trace:
[  116.749161]  <TASK>
[  116.749420]  ? kasan_save_stack+0x34/0x50
[  116.749895]  ? __do_wait+0x218/0x8f0
[  116.750324]  ? __pfx_perf_tp_event+0x10/0x10
[  116.750828]  ? delete_node+0x20e/0x730
[  116.751283]  ? destroy_inode+0x12b/0x1b0
[  116.751750]  ? __radix_tree_delete+0x13e/0x380
[  116.752277]  ? radix_tree_delete_item+0xef/0x230
[  116.752818]  ? lock_acquire+0x18c/0x2f0
[  116.753279]  ? lock_acquire+0x18c/0x2f0
[  116.753735]  ? lock_release+0x1c7/0x290
[  116.754191]  ? __virt_addr_valid+0x100/0x5d0
[  116.754703]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  116.755305]  ? perf_trace_run_bpf_submit+0xef/0x180
[  116.755868]  perf_trace_run_bpf_submit+0xef/0x180
[  116.756422]  perf_trace_contention_begin+0x235/0x3e0
[  116.757005]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  116.757626]  ? __pfx_release_task+0x10/0x10
[  116.758113]  ? lock_acquire+0x18c/0x2f0
[  116.758564]  ? lock_release+0x1c7/0x290
[  116.759016]  trace_contention_begin+0xae/0x110
[  116.759543]  __mutex_lock+0x14b/0x1020
[  116.759998]  ? anon_pipe_write+0x12a/0x1a80
[  116.760476]  ? anon_pipe_write+0x12a/0x1a80
[  116.760964]  ? avc_has_perm+0x12b/0x1d0
[  116.761421]  ? __pfx___mutex_lock+0x10/0x10
[  116.761908]  ? __pfx_wait_consider_task+0x10/0x10
[  116.762444]  ? lock_acquire+0x18c/0x2f0
[  116.762890]  ? inode_has_perm+0x170/0x1c0
[  116.763357]  anon_pipe_write+0x12a/0x1a80
[  116.763823]  ? lock_release+0x1c7/0x290
[  116.764290]  ? lock_acquire+0x18c/0x2f0
[  116.764743]  ? __pfx_anon_pipe_write+0x10/0x10
[  116.765253]  ? selinux_file_permission+0x99/0x600
[  116.765796]  ? security_file_permission+0x22/0x90
[  116.766340]  vfs_write+0xbe9/0x1150
[  116.766754]  ? __pfx_anon_pipe_write+0x10/0x10
[  116.767276]  ? __pfx_vfs_write+0x10/0x10
[  116.767736]  ? __do_sys_wait4+0xb3/0x150
[  116.768197]  ? common_nsleep+0xaa/0xd0
[  116.768637]  ksys_write+0x1ef/0x240
[  116.769049]  ? __pfx_ksys_write+0x10/0x10
[  116.769520]  do_syscall_64+0xbf/0x360
[  116.769956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.770528] RIP: 0033:0x7f0dc7a8a5ff
[  116.770948] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[  116.772936] RSP: 002b:00007ffc8947ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  116.773772] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00007f0dc7a8a5ff
[  116.774553] RDX: 000000000000000c RSI: 00007ffc8947cb70 RDI: 00000000000000f8
[  116.775342] RBP: 00007ffc8947cb0c R08: 0000000000000000 R09: 00007f0dc7bc7000
[  116.776117] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  116.776894] R13: 000000000001c760 R14: 0000000000000004 R15: 00007ffc8947cb70
[  116.777674]  </TASK>
[  116.777936] Modules linked in:
[  116.778440] ---[ end trace 0000000000000000 ]---
[  116.779926] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.780481] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.782800] RSP: 0018:ffff888047c076c0 EFLAGS: 00010216
[  116.783629] RAX: 00000000000139aa RBX: 000000000009cb60 RCX: 0000000000000002
[  116.784544] RDX: ffff88801699b700 RSI: ffffffff8189a4e7 RDI: 000000000009cd50
12:22:15 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x8001)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xa2942)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
dup2(r0, r1)

[  116.785347] RBP: ffff888047c07930 R08: ffff88806cf31340 R09: ffffe8ffffd11ad8
[  116.786898] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.788318] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.789417] FS:  000055558ea2c400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
12:22:15 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
getpid()
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000006c0)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}]}, 0x20}}, 0x0)

[  116.790503] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.791572] CR2: 0000001b2cd23000 CR3: 000000004390a000 CR4: 0000000000350ef0
[  116.792513] note: syz-executor.7[286] exited with preempt_count 2
[  116.804698] Oops: general protection fault, probably for non-canonical address 0xdffffc0000001124: 0000 [#3] SMP KASAN NOPTI
[  116.805917] KASAN: probably user-memory-access in range [0x0000000000008920-0x0000000000008927]
[  116.806857] CPU: 0 UID: 0 PID: 289 Comm: syz-executor.2 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  116.808232] Tainted: [D]=DIE, [W]=WARN
[  116.808652] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.809539] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.810054] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.812030] RSP: 0018:ffff88806ce087c0 EFLAGS: 00010016
[  116.812612] RAX: 0000000000001124 RBX: 0000000000008731 RCX: 0000000000000002
[  116.813382] RDX: ffff888015cfd280 RSI: ffffffff8189a4e7 RDI: 0000000000008921
[  116.814155] RBP: ffff88806ce08a30 R08: ffff88806ce31490 R09: ffffe8ffffc11ad8
[  116.814926] R10: 0000000000000000 R11: 000000000000002c R12: dffffc0000000000
[  116.815706] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[  116.816475] FS:  000055558ee09400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  116.817339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.817965] CR2: 00007f9bb7859020 CR3: 0000000045324000 CR4: 0000000000350ef0
[  116.818728] Call Trace:
[  116.819011]  <IRQ>
[  116.819267]  ? __pfx_perf_tp_event+0x10/0x10
[  116.819753]  ? ip_list_rcv+0x2c9/0x3e0
[  116.820189]  ? asm_exc_general_protection+0x26/0x30
[  116.820728]  ? perf_tp_event+0x175/0xe70
[  116.821175]  ? __pfx_ip_list_rcv+0x10/0x10
[  116.821640]  ? __mutex_lock+0x14b/0x1020
[  116.822090]  ? ksys_write+0x1ef/0x240
[  116.822506]  ? do_syscall_64+0xbf/0x360
[  116.822936]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.823506]  ? tcp_gro_receive+0xbb3/0x1e20
[  116.823974]  ? __pfx_call_function_single_prep_ipi+0x10/0x10
[  116.824591]  ? lock_acquire+0x18c/0x2f0
[  116.825022]  ? trace_ipi_send_cpu.constprop.0+0x158/0x1c0
[  116.825613]  ? __smp_call_single_queue+0x15b/0x2f0
[  116.826152]  ? __pfx___smp_call_single_queue+0x10/0x10
[  116.826717]  ? lock_acquire+0x18c/0x2f0
[  116.827152]  ? lock_acquire+0x18c/0x2f0
[  116.827585]  ? generic_exec_single+0x95/0x2c0
[  116.828082]  ? perf_trace_run_bpf_submit+0xef/0x180
[  116.828618]  ? blk_mq_complete_request_remote+0x163/0xa30
[  116.829208]  perf_trace_run_bpf_submit+0xef/0x180
[  116.829736]  perf_trace_lock_acquire+0x3c2/0x700
[  116.830256]  ? __pfx_perf_trace_lock_acquire+0x10/0x10
[  116.830816]  ? ata_scsi_qc_complete+0x20f/0x15f0
[  116.831348]  ? trace_softirq_raise+0xbe/0x100
[  116.831846]  lock_acquire+0xc5/0x2f0
[  116.832251]  ? __virt_addr_valid+0x1c6/0x5d0
[  116.832727]  ? __pfx_css_rstat_updated+0x10/0x10
[  116.833248]  __virt_addr_valid+0x1e2/0x5d0
[  116.833705]  ? __virt_addr_valid+0x1c6/0x5d0
[  116.834188]  kasan_addr_to_slab+0xd/0xa0
[  116.834622]  kasan_record_aux_stack+0xe/0xa0
[  116.835091]  task_work_add+0x23f/0x340
[  116.835519]  ? update_load_avg+0x17d/0x1ef0
[  116.835981]  ? __pfx_task_work_add+0x10/0x10
[  116.836457]  ? update_cfs_group+0x11d/0x260
[  116.836918]  ? arch_scale_cpu_capacity+0x17/0xa0
[  116.837440]  sched_tick+0x21b/0x6c0
[  116.837836]  ? hrtimer_run_queues+0x64/0x450
[  116.838310]  update_process_times+0x116/0x210
[  116.838802]  tick_nohz_handler+0x414/0x6d0
[  116.839266]  ? do_raw_spin_unlock+0x53/0x220
[  116.839742]  ? __pfx_tick_nohz_handler+0x10/0x10
[  116.840252]  __hrtimer_run_queues+0x60f/0xac0
[  116.840747]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  116.841284]  ? ktime_get_update_offsets_now+0x252/0x3c0
[  116.841865]  hrtimer_interrupt+0x369/0x830
[  116.842327]  __sysvec_apic_timer_interrupt+0xbb/0x330
[  116.842881]  sysvec_apic_timer_interrupt+0x6b/0x80
[  116.843415]  </IRQ>
[  116.843659]  <TASK>
[  116.843904]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  116.844458] RIP: 0010:lock_mm_and_find_vma+0x8b/0x6f0
[  116.845009] Code: 6b 6d 03 00 49 89 c4 48 85 c0 0f 84 39 03 00 00 e8 5a c0 d7 ff 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 d4 05 00 00 4d 8b 3c 24 4c 89 ee 4c 89 ff e8 d0 ba d7 ff 4d
[  116.846902] RSP: 0018:ffff88801b057908 EFLAGS: 00000246
[  116.847464] RAX: dffffc0000000000 RBX: ffff88801b0579c8 RCX: 0000000000000000
[  116.848202] RDX: 1ffff11001aa4518 RSI: ffffffff819c3656 RDI: ffff888015cfd67c
[  116.848947] RBP: ffff88800b290000 R08: ffffffff84b49a3f R09: 0000000000000000
[  116.849687] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88800d5228c0
[  116.850426] R13: 00007f9bb7859020 R14: ffff88800b290170 R15: ffff88800b290000
[  116.851187]  ? mt_find+0x12f/0x870
[  116.851567]  ? lock_mm_and_find_vma+0x76/0x6f0
[  116.852056]  ? lock_mm_and_find_vma+0x76/0x6f0
[  116.852543]  do_user_addr_fault+0x34b/0xeb0
[  116.853006]  exc_page_fault+0xb0/0x180
[  116.853428]  asm_exc_page_fault+0x26/0x30
[  116.853867] RIP: 0010:rep_movs_alternative+0x54/0x90
[  116.854408] Code: 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 eb 05 e9 5f a2 03 00 48 8b 06 <48> 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01 c7 48 01 c6 48 29
[  116.856308] RSP: 0018:ffff88801b057a78 EFLAGS: 00050246
[  116.856861] RAX: badc0ffeebadface RBX: ffff88801b057da0 RCX: 0000000000000040
[  116.857601] RDX: ffffed1006d66408 RSI: ffff888036b32000 RDI: 00007f9bb7859020
[  116.858342] RBP: 0000000000000040 R08: 0000000000000000 R09: ffffed1006d66407
[  116.859085] R10: ffff888036b3203f R11: 0000000000000000 R12: 00007f9bb7859020
[  116.859828] R13: ffff88801b057da8 R14: 00007ffffffff000 R15: ffff888036b32000
[  116.860584]  _copy_to_iter+0x35f/0x1660
[  116.861014]  ? __mutex_lock+0x166/0x1020
[  116.861447]  ? anon_pipe_read+0x686/0xd10
[  116.861887]  ? __pfx__copy_to_iter+0x10/0x10
[  116.862360]  ? __pfx___mutex_lock+0x10/0x10
[  116.862819]  ? lock_acquire+0x18c/0x2f0
[  116.863249]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  116.863797]  copy_page_to_iter+0x12c/0x1e0
[  116.864248]  anon_pipe_read+0x364/0xd10
[  116.864679]  ? __pfx_anon_pipe_read+0x10/0x10
[  116.865150]  ? __pfx_autoremove_wake_function+0x10/0x10
[  116.865713]  ? security_file_permission+0x22/0x90
[  116.866231]  vfs_read+0xa36/0xc70
[  116.866606]  ? __pfx_vfs_read+0x10/0x10
[  116.867026]  ? kmem_cache_free+0x15b/0x540
[  116.867495]  ksys_read+0x1ef/0x240
[  116.867878]  ? __pfx_ksys_read+0x10/0x10
[  116.868325]  do_syscall_64+0xbf/0x360
[  116.868730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.869267] RIP: 0033:0x7f9bb76fc69c
[  116.869659] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  116.871533] RSP: 002b:00007fff930b0460 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.872321] RAX: ffffffffffffffda RBX: 00007fff930b0510 RCX: 00007f9bb76fc69c
[  116.873054] RDX: 0000000000000040 RSI: 00007f9bb7859020 RDI: 00000000000000f9
[  116.873786] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fff930b0320
[  116.874519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032
[  116.875259] R13: 0000000000000000 R14: 0000000000000008 R15: 00007fff930b0550
[  116.876003]  </TASK>
[  116.876250] Modules linked in:
[  116.876596] ---[ end trace 0000000000000000 ]---
[  116.877084] RIP: 0010:perf_tp_event+0x175/0xe70
[  116.877579] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  116.879442] RSP: 0018:ffff888047c076c0 EFLAGS: 00010216
[  116.879995] RAX: 00000000000139aa RBX: 000000000009cb60 RCX: 0000000000000002
[  116.880731] RDX: ffff88801699b700 RSI: ffffffff8189a4e7 RDI: 000000000009cd50
[  116.881463] RBP: ffff888047c07930 R08: ffff88806cf31340 R09: ffffe8ffffd11ad8
[  116.882193] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  116.882919] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  116.883649] FS:  000055558ee09400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  116.884469] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.885065] CR2: 00007f9bb7859020 CR3: 0000000045324000 CR4: 0000000000350ef0
[  116.885801] Kernel panic - not syncing: Fatal exception in interrupt
[  116.886660] Kernel Offset: disabled
[  116.887034] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
12:22:14  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff88801b289b80
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880479f7980
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1
R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff8173f6b8 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555570efc400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe5100000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8db45953a4 CR3=000000000ea12000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000000000ff00000000ff00000000 XMM01=00000000000001000000000100000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f1a9bcba7c800007f1a9bcba7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888047c07030
R8 =0000000000000000 R9 =ffffed10014a6046 R10=000000000000005b R11=313030203a505352
R12=000000000000005b R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558ea2c400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc8947bf48 CR3=0000000016d90000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000