Warning: Permanently added '[localhost]:40456' (ECDSA) to the list of known hosts.
2025/08/29 11:40:34 fuzzer started
2025/08/29 11:40:34 dialing manager at localhost:43077
syzkaller login: [   50.133489] cgroup: Unknown subsys name 'net'
[   50.198451] cgroup: Unknown subsys name 'cpuset'
[   50.216317] cgroup: Unknown subsys name 'rlimit'
2025/08/29 11:40:45 syscalls: 2214
2025/08/29 11:40:45 code coverage: enabled
2025/08/29 11:40:45 comparison tracing: enabled
2025/08/29 11:40:45 extra coverage: enabled
2025/08/29 11:40:45 setuid sandbox: enabled
2025/08/29 11:40:45 namespace sandbox: enabled
2025/08/29 11:40:45 Android sandbox: enabled
2025/08/29 11:40:45 fault injection: enabled
2025/08/29 11:40:45 leak checking: enabled
2025/08/29 11:40:45 net packet injection: enabled
2025/08/29 11:40:45 net device setup: enabled
2025/08/29 11:40:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 11:40:45 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 11:40:45 USB emulation: enabled
2025/08/29 11:40:45 hci packet injection: enabled
2025/08/29 11:40:45 wifi device emulation: enabled
2025/08/29 11:40:45 802.15.4 emulation: enabled
2025/08/29 11:40:45 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 11:40:45 fetching corpus: 50, signal 20435/23999 (executing program)
2025/08/29 11:40:45 fetching corpus: 100, signal 30319/35407 (executing program)
2025/08/29 11:40:45 fetching corpus: 150, signal 40323/46685 (executing program)
2025/08/29 11:40:45 fetching corpus: 200, signal 46203/53819 (executing program)
2025/08/29 11:40:45 fetching corpus: 250, signal 50062/58942 (executing program)
2025/08/29 11:40:45 fetching corpus: 300, signal 54862/64867 (executing program)
2025/08/29 11:40:45 fetching corpus: 350, signal 60306/71267 (executing program)
2025/08/29 11:40:45 fetching corpus: 400, signal 65203/77060 (executing program)
2025/08/29 11:40:45 fetching corpus: 450, signal 70087/82755 (executing program)
2025/08/29 11:40:46 fetching corpus: 500, signal 74965/88340 (executing program)
2025/08/29 11:40:46 fetching corpus: 550, signal 76694/91042 (executing program)
2025/08/29 11:40:46 fetching corpus: 600, signal 79244/94440 (executing program)
2025/08/29 11:40:46 fetching corpus: 650, signal 81636/97697 (executing program)
2025/08/29 11:40:46 fetching corpus: 700, signal 84481/101190 (executing program)
2025/08/29 11:40:46 fetching corpus: 750, signal 87295/104710 (executing program)
2025/08/29 11:40:46 fetching corpus: 800, signal 89601/107667 (executing program)
2025/08/29 11:40:46 fetching corpus: 850, signal 92116/110783 (executing program)
2025/08/29 11:40:46 fetching corpus: 900, signal 94689/113876 (executing program)
2025/08/29 11:40:46 fetching corpus: 950, signal 96393/116296 (executing program)
2025/08/29 11:40:47 fetching corpus: 1000, signal 98032/118569 (executing program)
2025/08/29 11:40:47 fetching corpus: 1050, signal 99529/120692 (executing program)
2025/08/29 11:40:47 fetching corpus: 1100, signal 101174/122917 (executing program)
2025/08/29 11:40:47 fetching corpus: 1150, signal 102620/124995 (executing program)
2025/08/29 11:40:47 fetching corpus: 1200, signal 103414/126543 (executing program)
2025/08/29 11:40:47 fetching corpus: 1250, signal 105911/129283 (executing program)
2025/08/29 11:40:47 fetching corpus: 1300, signal 106764/130776 (executing program)
2025/08/29 11:40:47 fetching corpus: 1350, signal 107813/132404 (executing program)
2025/08/29 11:40:47 fetching corpus: 1400, signal 108884/134013 (executing program)
2025/08/29 11:40:47 fetching corpus: 1450, signal 109962/135632 (executing program)
2025/08/29 11:40:47 fetching corpus: 1500, signal 111003/137243 (executing program)
2025/08/29 11:40:48 fetching corpus: 1550, signal 112511/139061 (executing program)
2025/08/29 11:40:48 fetching corpus: 1600, signal 113569/140599 (executing program)
2025/08/29 11:40:48 fetching corpus: 1650, signal 114912/142267 (executing program)
2025/08/29 11:40:48 fetching corpus: 1700, signal 116073/143800 (executing program)
2025/08/29 11:40:48 fetching corpus: 1750, signal 117179/145287 (executing program)
2025/08/29 11:40:48 fetching corpus: 1800, signal 118137/146648 (executing program)
2025/08/29 11:40:48 fetching corpus: 1850, signal 119471/148186 (executing program)
2025/08/29 11:40:48 fetching corpus: 1900, signal 121329/150032 (executing program)
2025/08/29 11:40:48 fetching corpus: 1950, signal 122312/151357 (executing program)
2025/08/29 11:40:48 fetching corpus: 2000, signal 123316/152692 (executing program)
2025/08/29 11:40:49 fetching corpus: 2050, signal 124209/153893 (executing program)
2025/08/29 11:40:49 fetching corpus: 2100, signal 125069/155115 (executing program)
2025/08/29 11:40:49 fetching corpus: 2150, signal 126070/156468 (executing program)
2025/08/29 11:40:49 fetching corpus: 2200, signal 126873/157544 (executing program)
2025/08/29 11:40:49 fetching corpus: 2250, signal 127751/158672 (executing program)
2025/08/29 11:40:49 fetching corpus: 2300, signal 128286/159615 (executing program)
2025/08/29 11:40:49 fetching corpus: 2350, signal 129021/160658 (executing program)
2025/08/29 11:40:49 fetching corpus: 2400, signal 129580/161546 (executing program)
2025/08/29 11:40:49 fetching corpus: 2450, signal 130377/162604 (executing program)
2025/08/29 11:40:49 fetching corpus: 2500, signal 131407/163727 (executing program)
2025/08/29 11:40:49 fetching corpus: 2550, signal 132650/164906 (executing program)
2025/08/29 11:40:50 fetching corpus: 2600, signal 133306/165798 (executing program)
2025/08/29 11:40:50 fetching corpus: 2650, signal 134398/166856 (executing program)
2025/08/29 11:40:50 fetching corpus: 2700, signal 134897/167663 (executing program)
2025/08/29 11:40:50 fetching corpus: 2750, signal 135887/168667 (executing program)
2025/08/29 11:40:50 fetching corpus: 2800, signal 136555/169518 (executing program)
2025/08/29 11:40:50 fetching corpus: 2850, signal 137307/170396 (executing program)
2025/08/29 11:40:50 fetching corpus: 2900, signal 138013/171262 (executing program)
2025/08/29 11:40:50 fetching corpus: 2950, signal 138612/172032 (executing program)
2025/08/29 11:40:50 fetching corpus: 3000, signal 139411/172933 (executing program)
2025/08/29 11:40:50 fetching corpus: 3050, signal 140030/173710 (executing program)
2025/08/29 11:40:50 fetching corpus: 3100, signal 140817/174556 (executing program)
2025/08/29 11:40:50 fetching corpus: 3150, signal 141421/175296 (executing program)
2025/08/29 11:40:51 fetching corpus: 3200, signal 141850/175991 (executing program)
2025/08/29 11:40:51 fetching corpus: 3250, signal 142785/176905 (executing program)
2025/08/29 11:40:51 fetching corpus: 3300, signal 143287/177572 (executing program)
2025/08/29 11:40:51 fetching corpus: 3350, signal 143836/178248 (executing program)
2025/08/29 11:40:51 fetching corpus: 3400, signal 144410/178939 (executing program)
2025/08/29 11:40:51 fetching corpus: 3450, signal 144952/179570 (executing program)
2025/08/29 11:40:51 fetching corpus: 3500, signal 145598/180242 (executing program)
2025/08/29 11:40:51 fetching corpus: 3550, signal 146249/180926 (executing program)
2025/08/29 11:40:51 fetching corpus: 3600, signal 146856/181680 (executing program)
2025/08/29 11:40:51 fetching corpus: 3650, signal 147569/182327 (executing program)
2025/08/29 11:40:52 fetching corpus: 3700, signal 149676/183204 (executing program)
2025/08/29 11:40:52 fetching corpus: 3750, signal 150080/183714 (executing program)
2025/08/29 11:40:52 fetching corpus: 3800, signal 150546/184305 (executing program)
2025/08/29 11:40:52 fetching corpus: 3850, signal 151159/184864 (executing program)
2025/08/29 11:40:52 fetching corpus: 3900, signal 151547/185379 (executing program)
2025/08/29 11:40:52 fetching corpus: 3950, signal 151987/185892 (executing program)
2025/08/29 11:40:52 fetching corpus: 4000, signal 152415/186363 (executing program)
2025/08/29 11:40:52 fetching corpus: 4050, signal 153330/186949 (executing program)
2025/08/29 11:40:52 fetching corpus: 4100, signal 153963/187432 (executing program)
2025/08/29 11:40:52 fetching corpus: 4150, signal 154643/187961 (executing program)
2025/08/29 11:40:52 fetching corpus: 4200, signal 154962/188392 (executing program)
2025/08/29 11:40:53 fetching corpus: 4250, signal 155326/188801 (executing program)
2025/08/29 11:40:53 fetching corpus: 4300, signal 156122/189240 (executing program)
2025/08/29 11:40:53 fetching corpus: 4350, signal 156630/189694 (executing program)
2025/08/29 11:40:53 fetching corpus: 4400, signal 157051/190085 (executing program)
2025/08/29 11:40:53 fetching corpus: 4450, signal 157418/190471 (executing program)
2025/08/29 11:40:53 fetching corpus: 4500, signal 157904/190886 (executing program)
2025/08/29 11:40:53 fetching corpus: 4550, signal 158471/191266 (executing program)
2025/08/29 11:40:53 fetching corpus: 4600, signal 159034/191659 (executing program)
2025/08/29 11:40:53 fetching corpus: 4650, signal 159707/191839 (executing program)
2025/08/29 11:40:53 fetching corpus: 4700, signal 160191/191841 (executing program)
2025/08/29 11:40:53 fetching corpus: 4750, signal 160528/191853 (executing program)
2025/08/29 11:40:54 fetching corpus: 4800, signal 160911/191865 (executing program)
2025/08/29 11:40:54 fetching corpus: 4850, signal 161492/191981 (executing program)
2025/08/29 11:40:54 fetching corpus: 4900, signal 161985/192022 (executing program)
2025/08/29 11:40:54 fetching corpus: 4950, signal 162697/192027 (executing program)
2025/08/29 11:40:54 fetching corpus: 5000, signal 163268/192045 (executing program)
2025/08/29 11:40:54 fetching corpus: 5050, signal 163601/192047 (executing program)
2025/08/29 11:40:54 fetching corpus: 5100, signal 164140/192057 (executing program)
2025/08/29 11:40:54 fetching corpus: 5150, signal 164669/192146 (executing program)
2025/08/29 11:40:54 fetching corpus: 5200, signal 165030/192149 (executing program)
2025/08/29 11:40:54 fetching corpus: 5250, signal 165451/192150 (executing program)
2025/08/29 11:40:55 fetching corpus: 5300, signal 165894/192160 (executing program)
2025/08/29 11:40:55 fetching corpus: 5350, signal 166367/192204 (executing program)
2025/08/29 11:40:55 fetching corpus: 5400, signal 166638/192224 (executing program)
2025/08/29 11:40:55 fetching corpus: 5450, signal 167214/192227 (executing program)
2025/08/29 11:40:55 fetching corpus: 5500, signal 167591/192235 (executing program)
2025/08/29 11:40:55 fetching corpus: 5550, signal 168121/192253 (executing program)
2025/08/29 11:40:55 fetching corpus: 5600, signal 168412/192259 (executing program)
2025/08/29 11:40:55 fetching corpus: 5650, signal 168922/192267 (executing program)
2025/08/29 11:40:55 fetching corpus: 5700, signal 169343/192283 (executing program)
2025/08/29 11:40:55 fetching corpus: 5750, signal 169716/192305 (executing program)
2025/08/29 11:40:55 fetching corpus: 5800, signal 170144/192306 (executing program)
2025/08/29 11:40:56 fetching corpus: 5850, signal 170504/192312 (executing program)
2025/08/29 11:40:56 fetching corpus: 5900, signal 170840/192321 (executing program)
2025/08/29 11:40:56 fetching corpus: 5950, signal 171230/192322 (executing program)
2025/08/29 11:40:56 fetching corpus: 6000, signal 171966/192323 (executing program)
2025/08/29 11:40:56 fetching corpus: 6050, signal 173057/192329 (executing program)
2025/08/29 11:40:56 fetching corpus: 6100, signal 173339/192329 (executing program)
2025/08/29 11:40:56 fetching corpus: 6150, signal 173694/192378 (executing program)
2025/08/29 11:40:56 fetching corpus: 6200, signal 174081/192386 (executing program)
2025/08/29 11:40:56 fetching corpus: 6250, signal 174750/192398 (executing program)
2025/08/29 11:40:56 fetching corpus: 6300, signal 175055/192410 (executing program)
2025/08/29 11:40:56 fetching corpus: 6350, signal 175493/192423 (executing program)
2025/08/29 11:40:57 fetching corpus: 6400, signal 175855/192426 (executing program)
2025/08/29 11:40:57 fetching corpus: 6450, signal 176074/192430 (executing program)
2025/08/29 11:40:57 fetching corpus: 6500, signal 176540/192430 (executing program)
2025/08/29 11:40:57 fetching corpus: 6550, signal 176844/192437 (executing program)
2025/08/29 11:40:57 fetching corpus: 6600, signal 177243/192495 (executing program)
2025/08/29 11:40:57 fetching corpus: 6650, signal 177528/192503 (executing program)
2025/08/29 11:40:57 fetching corpus: 6700, signal 177775/192550 (executing program)
2025/08/29 11:40:57 fetching corpus: 6750, signal 178150/192561 (executing program)
2025/08/29 11:40:57 fetching corpus: 6800, signal 178431/192563 (executing program)
2025/08/29 11:40:57 fetching corpus: 6850, signal 178651/192577 (executing program)
2025/08/29 11:40:57 fetching corpus: 6900, signal 178915/192577 (executing program)
2025/08/29 11:40:58 fetching corpus: 6950, signal 179183/192581 (executing program)
2025/08/29 11:40:58 fetching corpus: 7000, signal 179510/192595 (executing program)
2025/08/29 11:40:58 fetching corpus: 7050, signal 179852/192595 (executing program)
2025/08/29 11:40:58 fetching corpus: 7100, signal 180145/192604 (executing program)
2025/08/29 11:40:58 fetching corpus: 7150, signal 180468/192608 (executing program)
2025/08/29 11:40:58 fetching corpus: 7200, signal 181095/192641 (executing program)
2025/08/29 11:40:58 fetching corpus: 7250, signal 181372/192643 (executing program)
2025/08/29 11:40:58 fetching corpus: 7300, signal 181718/192644 (executing program)
2025/08/29 11:40:58 fetching corpus: 7350, signal 181989/192663 (executing program)
2025/08/29 11:40:58 fetching corpus: 7400, signal 182234/192666 (executing program)
2025/08/29 11:40:59 fetching corpus: 7450, signal 182600/192668 (executing program)
2025/08/29 11:40:59 fetching corpus: 7500, signal 182971/192689 (executing program)
2025/08/29 11:40:59 fetching corpus: 7550, signal 183181/192703 (executing program)
2025/08/29 11:40:59 fetching corpus: 7600, signal 183379/192715 (executing program)
2025/08/29 11:40:59 fetching corpus: 7650, signal 183618/192715 (executing program)
2025/08/29 11:40:59 fetching corpus: 7700, signal 183826/192719 (executing program)
2025/08/29 11:40:59 fetching corpus: 7750, signal 184155/192748 (executing program)
2025/08/29 11:40:59 fetching corpus: 7800, signal 184428/192755 (executing program)
2025/08/29 11:40:59 fetching corpus: 7850, signal 184595/192761 (executing program)
2025/08/29 11:40:59 fetching corpus: 7900, signal 184908/192772 (executing program)
2025/08/29 11:40:59 fetching corpus: 7950, signal 185241/192773 (executing program)
2025/08/29 11:41:00 fetching corpus: 8000, signal 185433/192780 (executing program)
2025/08/29 11:41:00 fetching corpus: 8050, signal 185630/192794 (executing program)
2025/08/29 11:41:00 fetching corpus: 8100, signal 185932/192805 (executing program)
2025/08/29 11:41:00 fetching corpus: 8150, signal 186172/192806 (executing program)
2025/08/29 11:41:00 fetching corpus: 8200, signal 186438/192819 (executing program)
2025/08/29 11:41:00 fetching corpus: 8250, signal 186649/192826 (executing program)
2025/08/29 11:41:00 fetching corpus: 8300, signal 186993/192832 (executing program)
2025/08/29 11:41:00 fetching corpus: 8350, signal 187330/192839 (executing program)
2025/08/29 11:41:00 fetching corpus: 8400, signal 187732/192839 (executing program)
2025/08/29 11:41:00 fetching corpus: 8450, signal 188038/192849 (executing program)
2025/08/29 11:41:00 fetching corpus: 8500, signal 188252/192855 (executing program)
2025/08/29 11:41:01 fetching corpus: 8550, signal 188483/192863 (executing program)
2025/08/29 11:41:01 fetching corpus: 8600, signal 188680/192868 (executing program)
2025/08/29 11:41:01 fetching corpus: 8650, signal 188883/192868 (executing program)
2025/08/29 11:41:01 fetching corpus: 8700, signal 189249/192877 (executing program)
2025/08/29 11:41:01 fetching corpus: 8750, signal 189469/192891 (executing program)
2025/08/29 11:41:01 fetching corpus: 8764, signal 189544/192900 (executing program)
2025/08/29 11:41:01 fetching corpus: 8764, signal 189544/192900 (executing program)
2025/08/29 11:41:03 starting 8 fuzzer processes
11:41:03 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCMBIC(r0, 0x5418, &(0x7f0000000080))

11:41:03 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

11:41:03 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001ac0)={0x28, r1, 0x5, 0x0, 0x0, {{0x15}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0)

11:41:03 executing program 7:
socket$inet(0x2, 0x1, 0x6)

11:41:03 executing program 6:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x43000000}}]})

11:41:03 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r0)
sendmsg$NLBL_MGMT_C_LISTDEF(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6}]}, 0x1c}}, 0x0)

11:41:03 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, 0x0)

[   79.407419] audit: type=1400 audit(1756467663.887:7): avc:  denied  { execmem } for  pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:41:03 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, 0x0, 0x4000010)

[   80.542477] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.544976] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.549578] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.553964] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.556723] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.665494] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   80.669569] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.674193] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.681517] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.687610] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   80.793064] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   80.801097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   80.802654] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   80.814367] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   80.819792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   80.827452] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   80.828574] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   80.837161] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   80.838198] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   80.844878] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   80.846407] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   80.852491] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   80.853546] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   80.854506] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   80.856284] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   80.858644] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   80.861265] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   80.864046] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   80.867462] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   80.868585] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   80.877005] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   80.884395] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   80.885459] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   80.886254] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   80.887189] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   80.889606] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   80.894917] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   80.896234] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   80.901434] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   80.911388] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   82.634420] Bluetooth: hci0: command tx timeout
[   82.762883] Bluetooth: hci1: command tx timeout
[   82.889773] Bluetooth: hci2: command tx timeout
[   82.953838] Bluetooth: hci4: command tx timeout
[   82.953868] Bluetooth: hci7: command tx timeout
[   83.016926] Bluetooth: hci6: command tx timeout
[   83.083868] Bluetooth: hci5: command tx timeout
[   83.209874] Bluetooth: hci3: command tx timeout
[   84.680817] Bluetooth: hci0: command tx timeout
[   84.809806] Bluetooth: hci1: command tx timeout
[   84.937907] Bluetooth: hci2: command tx timeout
[   85.000845] Bluetooth: hci4: command tx timeout
[   85.000861] Bluetooth: hci7: command tx timeout
[   85.066760] Bluetooth: hci6: command tx timeout
[   85.128894] Bluetooth: hci5: command tx timeout
[   85.256825] Bluetooth: hci3: command tx timeout
[   86.728801] Bluetooth: hci0: command tx timeout
[   86.856834] Bluetooth: hci1: command tx timeout
[   86.984881] Bluetooth: hci2: command tx timeout
[   87.048810] Bluetooth: hci4: command tx timeout
[   87.048843] Bluetooth: hci7: command tx timeout
[   87.114794] Bluetooth: hci6: command tx timeout
[   87.176787] Bluetooth: hci5: command tx timeout
[   87.304870] Bluetooth: hci3: command tx timeout
[   88.778283] Bluetooth: hci0: command tx timeout
[   88.904796] Bluetooth: hci1: command tx timeout
[   89.032913] Bluetooth: hci2: command tx timeout
[   89.096880] Bluetooth: hci4: command tx timeout
[   89.097324] Bluetooth: hci7: command tx timeout
[   89.160832] Bluetooth: hci6: command tx timeout
[   89.225040] Bluetooth: hci5: command tx timeout
[   89.352935] Bluetooth: hci3: command tx timeout
[  115.254314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.255408] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.449198] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.449830] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.588679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.589444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.744493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.745246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.048116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.049109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.222800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.223377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.333079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.333700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.484043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.484669] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.502766] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[  116.508302] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[  116.974823] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.975479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.045903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.046510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.091439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.092656] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.124264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.124954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.183619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.184253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.232510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.233198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.254571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.255236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.290621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.291241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.406429] audit: type=1400 audit(1756467701.885:8): avc:  denied  { open } for  pid=3891 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  117.412356] audit: type=1400 audit(1756467701.886:9): avc:  denied  { kernel } for  pid=3891 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
11:41:41 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCMBIC(r0, 0x5418, &(0x7f0000000080))

11:41:41 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, 0x0)

11:41:41 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0)

11:41:41 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000a80), 0x4)

11:41:41 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x40181, 0x0)
write$P9_RREAD(r0, &(0x7f0000000100)={0x30, 0x75, 0x0, {0xa000000}}, 0xb)

11:41:41 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, 0x0, 0x4000010)

11:41:41 executing program 7:
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xff600000)

11:41:41 executing program 3:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2)

[  117.492365] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  117.501031] futex_wake_op: syz-executor.7 tries to shift op by 1536; fix this program
[  117.504399] futex_wake_op: syz-executor.7 tries to shift op by 1536; fix this program
11:41:42 executing program 3:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2)

11:41:42 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000a80), 0x4)

11:41:42 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0)

11:41:42 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, 0x0)

11:41:42 executing program 7:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCMBIC(r0, 0x5418, &(0x7f0000000080))

11:41:42 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, 0x0, 0x4000010)

11:41:42 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000a80), 0x4)

[  117.656268] audit: type=1400 audit(1756467702.134:10): avc:  denied  { block_suspend } for  pid=3923 comm="syz-executor.7" capability=36  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
11:41:42 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCMBIC(r0, 0x5418, &(0x7f0000000080))

11:41:42 executing program 3:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2)

11:41:42 executing program 2:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @void}}}, 0x1c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, 0x0, 0x4000010)

11:41:42 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, 0x0)

11:41:42 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0)

11:41:42 executing program 7:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r3 = dup3(r2, r1, 0x0)
r4 = eventfd(0x8)
dup3(r4, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}})

11:41:42 executing program 6:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000a80), 0x4)

11:41:42 executing program 3:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x2)

[  117.896285] kernel write not supported for file [eventfd] (pid: 145 comm: kworker/0:3)
[  117.914857] kernel write not supported for file [eventfd] (pid: 145 comm: kworker/0:3)
[  117.964297] kmemleak: Found object by alias at 0x607f1a639974
[  117.964314] CPU: 0 UID: 0 PID: 3943 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  117.964332] Tainted: [W]=WARN
[  117.964336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.964343] Call Trace:
[  117.964347]  <TASK>
[  117.964352]  dump_stack_lvl+0xca/0x120
[  117.964375]  __lookup_object+0x94/0xb0
[  117.964392]  delete_object_full+0x27/0x70
[  117.964408]  free_percpu+0x30/0x1160
[  117.964424]  ? arch_uprobe_clear_state+0x16/0x140
[  117.964444]  futex_hash_free+0x38/0xc0
[  117.964457]  mmput+0x2d3/0x390
[  117.964476]  do_exit+0x79d/0x2970
[  117.964490]  ? signal_wake_up_state+0x85/0x120
[  117.964505]  ? zap_other_threads+0x2b9/0x3a0
[  117.964521]  ? __pfx_do_exit+0x10/0x10
[  117.964533]  ? do_group_exit+0x1c3/0x2a0
[  117.964546]  ? lock_release+0xc8/0x290
[  117.964563]  do_group_exit+0xd3/0x2a0
[  117.964578]  __x64_sys_exit_group+0x3e/0x50
[  117.964591]  x64_sys_call+0x18c5/0x18d0
[  117.964606]  do_syscall_64+0xbf/0x360
[  117.964618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.964629] RIP: 0033:0x7fb40a0ceb19
[  117.964639] Code: Unable to access opcode bytes at 0x7fb40a0ceaef.
[  117.964644] RSP: 002b:00007fff90c07118 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  117.964655] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fb40a0ceb19
[  117.964662] RDX: 00007fb40a08172b RSI: ffffffffffffffbc RDI: 0000000000000000
[  117.964670] RBP: 0000000000000000 R08: 0000001b2d026870 R09: 0000000000000000
[  117.964677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.964684] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff90c07200
[  117.964699]  </TASK>
[  117.964703] kmemleak: Object (percpu) 0x607f1a639970 (size 8):
[  117.964710] kmemleak:   comm "syz-executor.3", pid 3956, jiffies 4294784826
[  117.964716] kmemleak:   min_count = 1
[  117.964721] kmemleak:   count = 0
[  117.964724] kmemleak:   flags = 0x21
[  117.964732] kmemleak:   checksum = 0
[  117.964736] kmemleak:   backtrace:
[  117.964740]  pcpu_alloc_noprof+0x87a/0x1170
[  117.964754]  alloc_vfsmnt+0x135/0x6e0
[  117.964767]  vfs_create_mount.part.0+0x40/0x440
[  117.964782]  path_mount+0x1637/0x1dd0
[  117.964794]  __x64_sys_mount+0x27b/0x300
[  117.964804]  do_syscall_64+0xbf/0x360
[  117.964813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
11:41:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)={0x28, 0x1d, 0x1, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@local}]}]}, 0x28}], 0x1}, 0x0)

11:41:42 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev}, {@in6=@private2, 0x0, 0x33}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha1-ssse3\x00'}}}, @extra_flags={0x8}]}, 0x140}}, 0x0)

11:41:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r3 = dup3(r2, r1, 0x0)
r4 = eventfd(0x8)
dup3(r4, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}})

11:41:42 executing program 5:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

11:41:42 executing program 7:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 2:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 3:
madvise(&(0x7f0000904000/0x3000)=nil, 0x3000, 0x10)
mlock(&(0x7f0000aff000/0x2000)=nil, 0x2000)
mlock(&(0x7f0000f13000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000bae000/0x4000)=nil, 0x4000)
mlock2(&(0x7f00008b6000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f00005bf000/0x4000)=nil, 0x4000)
munmap(&(0x7f00008b4000/0x3000)=nil, 0x3000)
madvise(&(0x7f00008a4000/0x1000)=nil, 0x1000, 0x2)
mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
mremap(&(0x7f0000beb000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffa000/0x3000)=nil)

11:41:42 executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "0073d6b6d9aaf1058c4696bac200fc6ec421e61ec63bd1ddcc55d73d1742394b59fe3e6fcb34a939c482224b161d6877555b07bb3144bdfbf378e2304420b706b31f34abb7c74cd0f55f3880135ab6ec"}, 0xd8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup3(r1, r0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000001, 0x13, r2, 0x0)
fsopen(&(0x7f0000000000)='tracefs\x00', 0x0)

[  118.074541] kernel write not supported for file [eventfd] (pid: 145 comm: kworker/0:3)
11:41:42 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0x40045304, &(0x7f0000000100)={{}, 'port1\x00'})

11:41:42 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000040), 0x4)

11:41:42 executing program 5:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

11:41:42 executing program 2:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r3 = dup3(r2, r1, 0x0)
r4 = eventfd(0x8)
dup3(r4, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}})

11:41:42 executing program 7:
r0 = epoll_create1(0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0x20000000})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

11:41:42 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

11:41:42 executing program 5:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

[  118.191582] kmemleak: Found object by alias at 0x607f1a63912c
[  118.191599] CPU: 1 UID: 0 PID: 3971 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  118.191617] Tainted: [W]=WARN
[  118.191621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.191628] Call Trace:
[  118.191632]  <TASK>
[  118.191637]  dump_stack_lvl+0xca/0x120
[  118.191663]  __lookup_object+0x94/0xb0
[  118.191681]  delete_object_full+0x27/0x70
[  118.191697]  free_percpu+0x30/0x1160
[  118.191713]  ? arch_uprobe_clear_state+0x16/0x140
[  118.191736]  futex_hash_free+0x38/0xc0
[  118.191750]  mmput+0x2d3/0x390
[  118.191770]  do_exit+0x79d/0x2970
[  118.191783]  ? signal_wake_up_state+0x85/0x120
[  118.191799]  ? zap_other_threads+0x2b9/0x3a0
[  118.191814]  ? __pfx_do_exit+0x10/0x10
[  118.191827]  ? do_group_exit+0x1c3/0x2a0
[  118.191840]  ? lock_release+0xc8/0x290
[  118.191857]  do_group_exit+0xd3/0x2a0
[  118.191871]  __x64_sys_exit_group+0x3e/0x50
[  118.191885]  x64_sys_call+0x18c5/0x18d0
[  118.191900]  do_syscall_64+0xbf/0x360
[  118.191912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.191923] RIP: 0033:0x7f77e6a29b19
[  118.191932] Code: Unable to access opcode bytes at 0x7f77e6a29aef.
[  118.191937] RSP: 002b:00007ffed6000608 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  118.191948] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f77e6a29b19
[  118.191956] RDX: 00007f77e69dc72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  118.191963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  118.191970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.191977] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffed60006f0
[  118.191993]  </TASK>
[  118.191996] kmemleak: Object (percpu) 0x607f1a639128 (size 8):
[  118.192003] kmemleak:   comm "syz-executor.0", pid 3986, jiffies 4294785057
[  118.192010] kmemleak:   min_count = 1
[  118.192014] kmemleak:   count = 0
[  118.192017] kmemleak:   flags = 0x21
[  118.192021] kmemleak:   checksum = 0
[  118.192025] kmemleak:   backtrace:
[  118.192028]  pcpu_alloc_noprof+0x87a/0x1170
[  118.192043]  perf_trace_event_init+0x366/0xa10
[  118.192056]  perf_trace_init+0x1a4/0x2f0
[  118.192068]  perf_tp_event_init+0xa6/0x120
[  118.192083]  perf_try_init_event+0x140/0x9f0
[  118.192096]  perf_event_alloc.part.0+0x118e/0x45f0
[  118.192112]  __do_sys_perf_event_open+0x719/0x2c20
[  118.192124]  do_syscall_64+0xbf/0x360
[  118.192133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
11:41:42 executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)
sendmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001040)="ff", 0x1}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x12101)
recvmmsg(r1, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

[  118.222725] kernel write not supported for file [eventfd] (pid: 145 comm: kworker/0:3)
11:41:42 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000180)={0xd})

11:41:42 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

11:41:42 executing program 3:
perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

11:41:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r3 = dup3(r2, r1, 0x0)
r4 = eventfd(0x8)
dup3(r4, r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}})

11:41:42 executing program 5:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

11:41:42 executing program 1:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000180)={0xd})

11:41:42 executing program 2:
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x14, 0x2b, 0x0, @private2, @local, {[], {{0x2c02, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

11:41:42 executing program 7:
r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x5452, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x0, 0x0, 0x1}})

11:41:42 executing program 4:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$DVD_AUTH(r0, 0x5390, &(0x7f0000000140)=@lsc={0x3, 0x0, "8c2e9c993edfe1625d5a"})

11:41:42 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)

[  118.371070] kernel write not supported for file [eventfd] (pid: 145 comm: kworker/0:3)
11:41:42 executing program 5:
prctl$PR_GET_TIMERSLACK(0x1e)

11:41:42 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$rtc(&(0x7f0000000800), 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x7003, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x9, 0x0, 0x49})

11:41:42 executing program 7:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000042c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pwrite64(r0, 0x0, 0x0, 0x9)

11:41:42 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000180))

[  118.400901] sr 1:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
11:41:42 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

[  118.440477] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  118.441380] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  118.442135] CPU: 1 UID: 0 PID: 4018 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  118.443493] Tainted: [W]=WARN
[  118.443969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.445197] RIP: 0010:perf_tp_event+0x175/0xe70
[  118.445889] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  118.448552] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[  118.449552] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  118.450600] RDX: ffff8880397cd280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  118.451635] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16128
[  118.452635] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[  118.453543] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000
[  118.454105] FS:  000055557a506400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  118.454752] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.455214] CR2: 000055557a507c18 CR3: 000000000b67c000 CR4: 0000000000350ef0
[  118.455776] Call Trace:
[  118.455987]  <IRQ>
[  118.456169]  ? __pfx_perf_tp_event+0x10/0x10
[  118.456526]  ? sched_clock_cpu+0x6c/0x4e0
[  118.456865]  ? lock_is_held_type+0x9e/0x120
[  118.457219]  ? lock_is_held_type+0x9e/0x120
[  118.457567]  ? perf_trace_lock+0xb5/0x5d0
[  118.457901]  ? perf_trace_lock+0xb5/0x5d0
[  118.458232]  ? __resched_curr+0x2a2/0x330
[  118.458576]  ? __pfx_perf_trace_lock+0x10/0x10
[  118.458948]  ? __pfx_perf_trace_lock+0x10/0x10
[  118.459319]  ? lock_is_held_type+0x9e/0x120
[  118.459673]  ? perf_trace_run_bpf_submit+0xef/0x180
[  118.460070]  perf_trace_run_bpf_submit+0xef/0x180
[  118.460458]  perf_trace_lock+0x337/0x5d0
[  118.460792]  ? __pfx_perf_trace_lock+0x10/0x10
[  118.461166]  ? lock_acquire+0x15e/0x2f0
[  118.461487]  ? hrtimer_interrupt+0x114/0x830
[  118.461839]  ? hrtimer_interrupt+0x114/0x830
[  118.462197]  lock_release+0x1ab/0x290
[  118.462506]  ktime_get_update_offsets_now+0xab/0x3c0
[  118.462919]  ? hrtimer_interrupt+0x114/0x830
[  118.463277]  hrtimer_interrupt+0x114/0x830
[  118.463612]  ? __pfx_sched_ttwu_pending+0x10/0x10
[  118.463998]  ? trace_csd_function_exit+0x134/0x190
[  118.464393]  ? __flush_smp_call_function_queue+0x443/0x740
[  118.464842]  __sysvec_apic_timer_interrupt+0xbb/0x330
[  118.465255]  sysvec_apic_timer_interrupt+0x6b/0x80
[  118.465649]  </IRQ>
[  118.465831]  <TASK>
[  118.466014]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  118.466434] RIP: 0010:insn_get_prefixes.part.0+0x1b4/0x1450
[  118.466899] Code: 0f b6 3c 2e 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 22 38 ca 7f 08 84 d2 0f 85 76 10 00 00 45 0f b6 ad a0 39 32 85 <44> 89 ff 44 89 ee e8 a1 07 b9 fc 45 38 ef 75 61 e8 87 0d b9 fc 48
[  118.468328] RSP: 0018:ffff8880162cf468 EFLAGS: 00000206
[  118.468755] RAX: 0000000000000000 RBX: ffff8880162cf641 RCX: 0000000000000000
[  118.469314] RDX: 0000000000000005 RSI: ffffffff84bad990 RDI: ffffffff853239a0
[  118.469877] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  118.470443] R10: 000000000000000f R11: 0000000000000001 R12: dffffc0000000000
[  118.471014] R13: 000000000000000f R14: ffff8880162cf640 R15: 0000000000000042
[  118.471580]  ? insn_get_prefixes.part.0+0x160/0x1450
[  118.471986]  ? insn_get_prefixes.part.0+0x160/0x1450
[  118.472399]  insn_get_modrm+0x37d/0x870
[  118.472724]  ? hw_breakpoint_exceptions_notify+0x38/0x370
[  118.473170]  insn_get_displacement+0x31a/0x950
[  118.473539]  insn_decode+0x262/0x350
[  118.473845]  get_kernel_gp_address+0x131/0x230
[  118.474220]  ? __pfx_get_kernel_gp_address+0x10/0x10
[  118.474627]  ? atomic_notifier_call_chain+0xa9/0x1c0
[  118.475052]  ? search_exception_tables+0x37/0x50
[  118.475453]  ? fixup_exception+0x10d/0xc00
[  118.475815]  exc_general_protection+0x259/0x330
[  118.476215]  asm_exc_general_protection+0x26/0x30
[  118.476625] RIP: 0010:perf_tp_event+0x175/0xe70
[  118.477015] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  118.478525] RSP: 0018:ffff8880162cf800 EFLAGS: 00010212
[  118.478978] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  118.479586] RDX: ffff8880397cd280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  118.480188] RBP: ffff8880162cfa70 R08: ffff88806cf31340 R09: ffffe8ffffd16128
[  118.480785] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  118.481389] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000
[  118.481990]  ? perf_tp_event+0x167/0xe70
[  118.482349]  ? arch_scale_cpu_capacity+0x17/0xa0
[  118.482783]  ? __pfx_perf_tp_event+0x10/0x10
[  118.483161]  ? __asan_memset+0x24/0x50
[  118.483509]  ? perf_trace_lock+0xb5/0x5d0
[  118.483858]  ? kvm_sched_clock_read+0x16/0x30
[  118.484247]  ? sched_clock+0x37/0x60
[  118.484562]  ? sched_clock_cpu+0x6c/0x4e0
[  118.484914]  ? lock_is_held_type+0x9e/0x120
[  118.485289]  ? perf_trace_run_bpf_submit+0xef/0x180
[  118.485716]  perf_trace_run_bpf_submit+0xef/0x180
[  118.486134]  perf_trace_lock+0x337/0x5d0
[  118.486487]  ? __pfx_perf_trace_lock+0x10/0x10
[  118.486890]  ? lock_acquire+0x15e/0x2f0
[  118.487224]  ? futex_ref_get+0x48/0x300
[  118.487567]  ? futex_ref_get+0x114/0x300
[  118.487910]  ? futex_hash+0x15c/0x390
[  118.488242]  lock_release+0x1ab/0x290
[  118.488574]  ? futex_hash+0x15c/0x390
[  118.488902]  futex_ref_get+0x119/0x300
[  118.489234]  ? futex_hash+0x15c/0x390
[  118.489554]  futex_hash+0x70/0x390
[  118.489867]  futex_wake+0x143/0x540
[  118.490185]  ? put_pid+0x1f/0x30
[  118.490475]  ? kernel_clone+0x204/0x7f0
[  118.490828]  ? __pfx_futex_wake+0x10/0x10
[  118.491186]  ? __pfx_kernel_clone+0x10/0x10
[  118.491557]  ? perf_trace_lock+0xb5/0x5d0
[  118.491916]  do_futex+0x26d/0x370
[  118.492210]  ? __pfx_do_futex+0x10/0x10
[  118.492555]  ? __pfx___do_sys_clone+0x10/0x10
[  118.492935]  ? find_held_lock+0x2b/0x80
[  118.493283]  __x64_sys_futex+0x1c9/0x4d0
[  118.493631]  ? __pfx___x64_sys_futex+0x10/0x10
[  118.494022]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  118.494450]  do_syscall_64+0xbf/0x360
[  118.494765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.495183] RIP: 0033:0x7f77e6a29b19
[  118.495484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  118.496940] RSP: 002b:00007ffed6000458 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  118.497546] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f77e6a29b19
[  118.498122] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f77e6b3cf68
[  118.498703] RBP: 00007f77e6b3cf60 R08: 00007f77e3f9f700 R09: 0000000000000000
[  118.499274] R10: 00007f77e3f9f700 R11: 0000000000000246 R12: 00007f77e6b41090
[  118.499853] R13: 00007ffed6000560 R14: 00007f77e6b3cf60 R15: 000000000001ce3f
[  118.500432]  </TASK>
[  118.500628] Modules linked in:
[  118.500895] ---[ end trace 0000000000000000 ]---
[  118.500896] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  118.501276] RIP: 0010:perf_tp_event+0x175/0xe70
[  118.502179] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  118.502541] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  118.503157] CPU: 0 UID: 0 PID: 4022 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  118.504597] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012
[  118.505561] Tainted: [D]=DIE, [W]=WARN
[  118.505981] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  118.506295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  118.506866] RDX: ffff8880397cd280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  118.507522] RIP: 0010:perf_tp_event+0x175/0xe70
[  118.508087] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16128
[  118.508460] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  118.509025] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[  118.510481] RSP: 0018:ffff888016e17600 EFLAGS: 00010212
[  118.511055] R13: 000000000000002c R14: ffff88806cf31490 R15: dffffc0000000000
[  118.511064] FS:  000055557a506400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  118.511489] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90008c3b000
[  118.512061] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.512700] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000000000191
[  118.513261] CR2: 000055557a507c18 CR3: 000000000b67c000 CR4: 0000000000350ef0
[  118.513726] RBP: ffff888016e17870 R08: ffff88806ce31340 R09: ffffe8ffffc16128
[  118.514296] Kernel panic - not syncing: Fatal exception in interrupt
[  118.516144] Kernel Offset: disabled
[  118.516437] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
11:41:43  Registers:
info registers vcpu 0
RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09
RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff888016e173b0
R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620
R12=1ffff11002dc2e77 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff888016e173e8
RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f29d3229700 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe4300000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa5e3681004 CR3=00000000469be000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f29d5d9a7c000007f29d5d9a7c8
XMM02=00007f29d5d9a7e000007f29d5d9a7c0 XMM03=00007f29d5d9a7c800007f29d5d9a7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff88806cf083f0
R8 =0000000000000000 R9 =ffffed1001490046 R10=000000000000005b R11=3537653634372052
R12=000000000000005b R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055557a506400 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055557a507c18 CR3=000000000b67c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f77e6b107c000007f77e6b107c8
XMM02=00007f77e6b107e000007f77e6b107c0 XMM03=00007f77e6b107c800007f77e6b107c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000