Warning: Permanently added '[localhost]:46174' (ECDSA) to the list of known hosts.
2025/08/29 13:10:49 fuzzer started
2025/08/29 13:10:50 dialing manager at localhost:43077
syzkaller login: [   52.252671] cgroup: Unknown subsys name 'net'
[   52.322845] cgroup: Unknown subsys name 'cpuset'
[   52.337346] cgroup: Unknown subsys name 'rlimit'
2025/08/29 13:11:00 syscalls: 2214
2025/08/29 13:11:00 code coverage: enabled
2025/08/29 13:11:00 comparison tracing: enabled
2025/08/29 13:11:00 extra coverage: enabled
2025/08/29 13:11:00 setuid sandbox: enabled
2025/08/29 13:11:00 namespace sandbox: enabled
2025/08/29 13:11:00 Android sandbox: enabled
2025/08/29 13:11:00 fault injection: enabled
2025/08/29 13:11:00 leak checking: enabled
2025/08/29 13:11:00 net packet injection: enabled
2025/08/29 13:11:00 net device setup: enabled
2025/08/29 13:11:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 13:11:00 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 13:11:00 USB emulation: enabled
2025/08/29 13:11:00 hci packet injection: enabled
2025/08/29 13:11:00 wifi device emulation: enabled
2025/08/29 13:11:00 802.15.4 emulation: enabled
2025/08/29 13:11:00 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 13:11:00 fetching corpus: 50, signal 22398/25913 (executing program)
2025/08/29 13:11:00 fetching corpus: 100, signal 33810/38786 (executing program)
2025/08/29 13:11:00 fetching corpus: 150, signal 42132/48451 (executing program)
2025/08/29 13:11:01 fetching corpus: 200, signal 48541/56050 (executing program)
2025/08/29 13:11:01 fetching corpus: 250, signal 54005/62705 (executing program)
2025/08/29 13:11:01 fetching corpus: 300, signal 60655/70333 (executing program)
2025/08/29 13:11:01 fetching corpus: 350, signal 62940/73789 (executing program)
2025/08/29 13:11:01 fetching corpus: 400, signal 67462/79268 (executing program)
2025/08/29 13:11:01 fetching corpus: 450, signal 70412/83212 (executing program)
2025/08/29 13:11:01 fetching corpus: 500, signal 74747/88371 (executing program)
2025/08/29 13:11:01 fetching corpus: 550, signal 77025/91651 (executing program)
2025/08/29 13:11:01 fetching corpus: 600, signal 79875/95344 (executing program)
2025/08/29 13:11:01 fetching corpus: 650, signal 84483/100613 (executing program)
2025/08/29 13:11:02 fetching corpus: 700, signal 86829/103787 (executing program)
2025/08/29 13:11:02 fetching corpus: 750, signal 89496/107089 (executing program)
2025/08/29 13:11:02 fetching corpus: 800, signal 92541/110689 (executing program)
2025/08/29 13:11:02 fetching corpus: 850, signal 94395/113323 (executing program)
2025/08/29 13:11:02 fetching corpus: 900, signal 96434/116056 (executing program)
2025/08/29 13:11:02 fetching corpus: 950, signal 98562/118817 (executing program)
2025/08/29 13:11:02 fetching corpus: 1000, signal 100315/121221 (executing program)
2025/08/29 13:11:02 fetching corpus: 1050, signal 102096/123560 (executing program)
2025/08/29 13:11:02 fetching corpus: 1100, signal 103266/125423 (executing program)
2025/08/29 13:11:02 fetching corpus: 1150, signal 106992/129306 (executing program)
2025/08/29 13:11:02 fetching corpus: 1200, signal 108406/131331 (executing program)
2025/08/29 13:11:03 fetching corpus: 1250, signal 109871/133276 (executing program)
2025/08/29 13:11:03 fetching corpus: 1300, signal 111609/135447 (executing program)
2025/08/29 13:11:03 fetching corpus: 1350, signal 112748/137149 (executing program)
2025/08/29 13:11:03 fetching corpus: 1400, signal 114078/138978 (executing program)
2025/08/29 13:11:03 fetching corpus: 1450, signal 115046/140586 (executing program)
2025/08/29 13:11:03 fetching corpus: 1500, signal 116269/142309 (executing program)
2025/08/29 13:11:03 fetching corpus: 1550, signal 117098/143724 (executing program)
2025/08/29 13:11:03 fetching corpus: 1600, signal 118508/145510 (executing program)
2025/08/29 13:11:03 fetching corpus: 1650, signal 119708/147156 (executing program)
2025/08/29 13:11:03 fetching corpus: 1700, signal 120711/148663 (executing program)
2025/08/29 13:11:03 fetching corpus: 1750, signal 121381/149866 (executing program)
2025/08/29 13:11:04 fetching corpus: 1800, signal 122168/151143 (executing program)
2025/08/29 13:11:04 fetching corpus: 1850, signal 122868/152366 (executing program)
2025/08/29 13:11:04 fetching corpus: 1900, signal 123873/153746 (executing program)
2025/08/29 13:11:04 fetching corpus: 1950, signal 124721/155049 (executing program)
2025/08/29 13:11:04 fetching corpus: 2000, signal 125900/156511 (executing program)
2025/08/29 13:11:04 fetching corpus: 2050, signal 126873/157831 (executing program)
2025/08/29 13:11:04 fetching corpus: 2100, signal 128115/159280 (executing program)
2025/08/29 13:11:04 fetching corpus: 2150, signal 129229/160662 (executing program)
2025/08/29 13:11:04 fetching corpus: 2200, signal 129949/161811 (executing program)
2025/08/29 13:11:05 fetching corpus: 2250, signal 130575/162843 (executing program)
2025/08/29 13:11:05 fetching corpus: 2300, signal 131738/164117 (executing program)
2025/08/29 13:11:05 fetching corpus: 2350, signal 132577/165211 (executing program)
2025/08/29 13:11:05 fetching corpus: 2400, signal 133391/166329 (executing program)
2025/08/29 13:11:05 fetching corpus: 2450, signal 134060/167337 (executing program)
2025/08/29 13:11:05 fetching corpus: 2500, signal 134572/168286 (executing program)
2025/08/29 13:11:05 fetching corpus: 2550, signal 135191/169263 (executing program)
2025/08/29 13:11:05 fetching corpus: 2600, signal 135832/170210 (executing program)
2025/08/29 13:11:05 fetching corpus: 2650, signal 136501/171165 (executing program)
2025/08/29 13:11:06 fetching corpus: 2700, signal 137027/172047 (executing program)
2025/08/29 13:11:06 fetching corpus: 2750, signal 137956/173114 (executing program)
2025/08/29 13:11:06 fetching corpus: 2800, signal 138551/173978 (executing program)
2025/08/29 13:11:06 fetching corpus: 2850, signal 139480/174958 (executing program)
2025/08/29 13:11:06 fetching corpus: 2900, signal 140274/175943 (executing program)
2025/08/29 13:11:06 fetching corpus: 2950, signal 140913/176913 (executing program)
2025/08/29 13:11:06 fetching corpus: 3000, signal 141663/177895 (executing program)
2025/08/29 13:11:06 fetching corpus: 3050, signal 142236/178723 (executing program)
2025/08/29 13:11:06 fetching corpus: 3100, signal 143059/179607 (executing program)
2025/08/29 13:11:06 fetching corpus: 3150, signal 143657/180428 (executing program)
2025/08/29 13:11:06 fetching corpus: 3200, signal 144448/181321 (executing program)
2025/08/29 13:11:07 fetching corpus: 3250, signal 144965/182072 (executing program)
2025/08/29 13:11:07 fetching corpus: 3300, signal 145653/182823 (executing program)
2025/08/29 13:11:07 fetching corpus: 3350, signal 146399/183613 (executing program)
2025/08/29 13:11:07 fetching corpus: 3400, signal 147279/184422 (executing program)
2025/08/29 13:11:07 fetching corpus: 3450, signal 147794/185128 (executing program)
2025/08/29 13:11:07 fetching corpus: 3500, signal 148604/185880 (executing program)
2025/08/29 13:11:07 fetching corpus: 3550, signal 149069/186584 (executing program)
2025/08/29 13:11:07 fetching corpus: 3600, signal 149709/187264 (executing program)
2025/08/29 13:11:07 fetching corpus: 3650, signal 150288/187903 (executing program)
2025/08/29 13:11:07 fetching corpus: 3700, signal 150812/188546 (executing program)
2025/08/29 13:11:07 fetching corpus: 3750, signal 151304/189123 (executing program)
2025/08/29 13:11:07 fetching corpus: 3800, signal 151668/189728 (executing program)
2025/08/29 13:11:08 fetching corpus: 3850, signal 152371/190426 (executing program)
2025/08/29 13:11:08 fetching corpus: 3900, signal 153282/191072 (executing program)
2025/08/29 13:11:08 fetching corpus: 3950, signal 153645/191642 (executing program)
2025/08/29 13:11:08 fetching corpus: 4000, signal 154014/192167 (executing program)
2025/08/29 13:11:08 fetching corpus: 4050, signal 154523/192676 (executing program)
2025/08/29 13:11:08 fetching corpus: 4100, signal 154818/193158 (executing program)
2025/08/29 13:11:08 fetching corpus: 4150, signal 155108/193696 (executing program)
2025/08/29 13:11:08 fetching corpus: 4200, signal 155612/194268 (executing program)
2025/08/29 13:11:08 fetching corpus: 4250, signal 156553/194895 (executing program)
2025/08/29 13:11:08 fetching corpus: 4300, signal 157032/195397 (executing program)
2025/08/29 13:11:09 fetching corpus: 4350, signal 157390/195868 (executing program)
2025/08/29 13:11:09 fetching corpus: 4400, signal 157922/196366 (executing program)
2025/08/29 13:11:09 fetching corpus: 4450, signal 158550/196867 (executing program)
2025/08/29 13:11:09 fetching corpus: 4500, signal 159054/197340 (executing program)
2025/08/29 13:11:09 fetching corpus: 4550, signal 159531/197814 (executing program)
2025/08/29 13:11:09 fetching corpus: 4600, signal 160072/198270 (executing program)
2025/08/29 13:11:09 fetching corpus: 4650, signal 160611/198727 (executing program)
2025/08/29 13:11:09 fetching corpus: 4700, signal 161137/199170 (executing program)
2025/08/29 13:11:09 fetching corpus: 4750, signal 161463/199558 (executing program)
2025/08/29 13:11:09 fetching corpus: 4800, signal 161991/199934 (executing program)
2025/08/29 13:11:10 fetching corpus: 4850, signal 162395/200079 (executing program)
2025/08/29 13:11:10 fetching corpus: 4900, signal 163063/200109 (executing program)
2025/08/29 13:11:10 fetching corpus: 4950, signal 163542/200198 (executing program)
2025/08/29 13:11:10 fetching corpus: 5000, signal 163865/200203 (executing program)
2025/08/29 13:11:10 fetching corpus: 5050, signal 164234/200211 (executing program)
2025/08/29 13:11:10 fetching corpus: 5100, signal 164738/200218 (executing program)
2025/08/29 13:11:10 fetching corpus: 5150, signal 165044/200239 (executing program)
2025/08/29 13:11:10 fetching corpus: 5200, signal 165545/200260 (executing program)
2025/08/29 13:11:10 fetching corpus: 5250, signal 166146/200264 (executing program)
2025/08/29 13:11:10 fetching corpus: 5300, signal 166567/200264 (executing program)
2025/08/29 13:11:10 fetching corpus: 5350, signal 166944/200269 (executing program)
2025/08/29 13:11:10 fetching corpus: 5400, signal 167357/200270 (executing program)
2025/08/29 13:11:11 fetching corpus: 5450, signal 167946/200276 (executing program)
2025/08/29 13:11:11 fetching corpus: 5500, signal 168251/200284 (executing program)
2025/08/29 13:11:11 fetching corpus: 5550, signal 168567/200296 (executing program)
2025/08/29 13:11:11 fetching corpus: 5600, signal 168913/200301 (executing program)
2025/08/29 13:11:11 fetching corpus: 5650, signal 169191/200303 (executing program)
2025/08/29 13:11:11 fetching corpus: 5700, signal 169582/200307 (executing program)
2025/08/29 13:11:11 fetching corpus: 5750, signal 169944/200325 (executing program)
2025/08/29 13:11:11 fetching corpus: 5800, signal 170261/200329 (executing program)
2025/08/29 13:11:11 fetching corpus: 5850, signal 170518/200354 (executing program)
2025/08/29 13:11:11 fetching corpus: 5900, signal 170798/200367 (executing program)
2025/08/29 13:11:11 fetching corpus: 5950, signal 171113/200388 (executing program)
2025/08/29 13:11:11 fetching corpus: 6000, signal 171377/200409 (executing program)
2025/08/29 13:11:11 fetching corpus: 6050, signal 172127/200477 (executing program)
2025/08/29 13:11:12 fetching corpus: 6100, signal 172577/200488 (executing program)
2025/08/29 13:11:12 fetching corpus: 6150, signal 172881/200488 (executing program)
2025/08/29 13:11:12 fetching corpus: 6200, signal 173424/200490 (executing program)
2025/08/29 13:11:12 fetching corpus: 6250, signal 173761/200492 (executing program)
2025/08/29 13:11:12 fetching corpus: 6300, signal 174182/200496 (executing program)
2025/08/29 13:11:12 fetching corpus: 6350, signal 174447/200498 (executing program)
2025/08/29 13:11:12 fetching corpus: 6400, signal 174751/200508 (executing program)
2025/08/29 13:11:12 fetching corpus: 6450, signal 175094/200517 (executing program)
2025/08/29 13:11:12 fetching corpus: 6500, signal 175529/200519 (executing program)
2025/08/29 13:11:12 fetching corpus: 6550, signal 175921/200528 (executing program)
2025/08/29 13:11:12 fetching corpus: 6600, signal 176217/200530 (executing program)
2025/08/29 13:11:12 fetching corpus: 6650, signal 177019/200530 (executing program)
2025/08/29 13:11:13 fetching corpus: 6700, signal 177282/200550 (executing program)
2025/08/29 13:11:13 fetching corpus: 6750, signal 177621/200566 (executing program)
2025/08/29 13:11:13 fetching corpus: 6800, signal 177962/200570 (executing program)
2025/08/29 13:11:13 fetching corpus: 6850, signal 178173/200578 (executing program)
2025/08/29 13:11:13 fetching corpus: 6900, signal 178444/200659 (executing program)
2025/08/29 13:11:13 fetching corpus: 6950, signal 178703/200669 (executing program)
2025/08/29 13:11:13 fetching corpus: 7000, signal 179058/200673 (executing program)
2025/08/29 13:11:13 fetching corpus: 7050, signal 179391/200697 (executing program)
2025/08/29 13:11:13 fetching corpus: 7100, signal 179768/200717 (executing program)
2025/08/29 13:11:13 fetching corpus: 7150, signal 180126/200722 (executing program)
2025/08/29 13:11:13 fetching corpus: 7200, signal 180487/200723 (executing program)
2025/08/29 13:11:14 fetching corpus: 7250, signal 180859/200744 (executing program)
2025/08/29 13:11:14 fetching corpus: 7300, signal 181157/200746 (executing program)
2025/08/29 13:11:14 fetching corpus: 7350, signal 181471/200752 (executing program)
2025/08/29 13:11:14 fetching corpus: 7400, signal 181961/200763 (executing program)
2025/08/29 13:11:14 fetching corpus: 7450, signal 182253/200766 (executing program)
2025/08/29 13:11:14 fetching corpus: 7500, signal 182480/200773 (executing program)
2025/08/29 13:11:14 fetching corpus: 7550, signal 182725/200774 (executing program)
2025/08/29 13:11:14 fetching corpus: 7600, signal 182994/200786 (executing program)
2025/08/29 13:11:14 fetching corpus: 7650, signal 183329/200799 (executing program)
2025/08/29 13:11:14 fetching corpus: 7700, signal 183509/200819 (executing program)
2025/08/29 13:11:14 fetching corpus: 7750, signal 183840/200858 (executing program)
2025/08/29 13:11:14 fetching corpus: 7800, signal 184105/200864 (executing program)
2025/08/29 13:11:15 fetching corpus: 7850, signal 184329/200865 (executing program)
2025/08/29 13:11:15 fetching corpus: 7900, signal 184552/200875 (executing program)
2025/08/29 13:11:15 fetching corpus: 7950, signal 184872/200894 (executing program)
2025/08/29 13:11:15 fetching corpus: 8000, signal 185079/200898 (executing program)
2025/08/29 13:11:15 fetching corpus: 8050, signal 185308/200915 (executing program)
2025/08/29 13:11:15 fetching corpus: 8100, signal 185554/200929 (executing program)
2025/08/29 13:11:15 fetching corpus: 8150, signal 185830/200933 (executing program)
2025/08/29 13:11:15 fetching corpus: 8200, signal 186633/200946 (executing program)
2025/08/29 13:11:15 fetching corpus: 8250, signal 186856/200947 (executing program)
2025/08/29 13:11:15 fetching corpus: 8300, signal 187172/200947 (executing program)
2025/08/29 13:11:15 fetching corpus: 8350, signal 187413/200954 (executing program)
2025/08/29 13:11:15 fetching corpus: 8400, signal 187817/200964 (executing program)
2025/08/29 13:11:15 fetching corpus: 8450, signal 188065/200967 (executing program)
2025/08/29 13:11:16 fetching corpus: 8500, signal 188359/200981 (executing program)
2025/08/29 13:11:16 fetching corpus: 8550, signal 188606/200983 (executing program)
2025/08/29 13:11:16 fetching corpus: 8600, signal 189007/200987 (executing program)
2025/08/29 13:11:16 fetching corpus: 8650, signal 189216/201000 (executing program)
2025/08/29 13:11:16 fetching corpus: 8700, signal 189496/201021 (executing program)
2025/08/29 13:11:16 fetching corpus: 8750, signal 189840/201026 (executing program)
2025/08/29 13:11:16 fetching corpus: 8800, signal 190023/201028 (executing program)
2025/08/29 13:11:16 fetching corpus: 8850, signal 190277/201035 (executing program)
2025/08/29 13:11:16 fetching corpus: 8900, signal 190492/201069 (executing program)
2025/08/29 13:11:16 fetching corpus: 8950, signal 190691/201077 (executing program)
2025/08/29 13:11:16 fetching corpus: 9000, signal 190916/201083 (executing program)
2025/08/29 13:11:17 fetching corpus: 9050, signal 191213/201084 (executing program)
2025/08/29 13:11:17 fetching corpus: 9100, signal 191644/201084 (executing program)
2025/08/29 13:11:17 fetching corpus: 9150, signal 191956/201085 (executing program)
2025/08/29 13:11:17 fetching corpus: 9200, signal 192244/201099 (executing program)
2025/08/29 13:11:17 fetching corpus: 9250, signal 192506/201110 (executing program)
2025/08/29 13:11:17 fetching corpus: 9300, signal 192737/201113 (executing program)
2025/08/29 13:11:17 fetching corpus: 9350, signal 192918/201122 (executing program)
2025/08/29 13:11:17 fetching corpus: 9400, signal 193161/201126 (executing program)
2025/08/29 13:11:17 fetching corpus: 9450, signal 193392/201132 (executing program)
2025/08/29 13:11:17 fetching corpus: 9500, signal 193650/201132 (executing program)
2025/08/29 13:11:17 fetching corpus: 9550, signal 193846/201143 (executing program)
2025/08/29 13:11:17 fetching corpus: 9600, signal 193992/201145 (executing program)
2025/08/29 13:11:18 fetching corpus: 9650, signal 194253/201152 (executing program)
2025/08/29 13:11:18 fetching corpus: 9700, signal 194479/201157 (executing program)
2025/08/29 13:11:18 fetching corpus: 9750, signal 194763/201157 (executing program)
2025/08/29 13:11:18 fetching corpus: 9800, signal 194983/201165 (executing program)
2025/08/29 13:11:18 fetching corpus: 9850, signal 195288/201168 (executing program)
2025/08/29 13:11:18 fetching corpus: 9900, signal 195562/201187 (executing program)
2025/08/29 13:11:18 fetching corpus: 9950, signal 195845/201201 (executing program)
2025/08/29 13:11:18 fetching corpus: 10000, signal 196134/201213 (executing program)
2025/08/29 13:11:18 fetching corpus: 10050, signal 196371/201213 (executing program)
2025/08/29 13:11:18 fetching corpus: 10100, signal 196678/201219 (executing program)
2025/08/29 13:11:18 fetching corpus: 10150, signal 196924/201220 (executing program)
2025/08/29 13:11:18 fetching corpus: 10200, signal 197121/201275 (executing program)
2025/08/29 13:11:18 fetching corpus: 10223, signal 197200/201277 (executing program)
2025/08/29 13:11:18 fetching corpus: 10223, signal 197200/201277 (executing program)
2025/08/29 13:11:21 starting 8 fuzzer processes
13:11:21 executing program 0:
sigaltstack(&(0x7f0000ffc000/0x3000)=nil, 0x0)
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ffc000/0x2000)=nil], &(0x7f0000000080), &(0x7f00000000c0), 0x0)

13:11:21 executing program 1:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0)

13:11:21 executing program 7:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000080))

13:11:21 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8)
listen(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

13:11:21 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
ioprio_set$uid(0x0, 0x0, 0x2000)

13:11:21 executing program 4:
prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0)

[   83.445023] audit: type=1400 audit(1756473081.624:7): avc:  denied  { execmem } for  pid=276 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
13:11:21 executing program 5:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000140)='./file0\x00')
umount2(&(0x7f0000000180)='./file0\x00', 0x2)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00')

13:11:21 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f8", 0x16}], 0x0, &(0x7f0000010d00)=ANY=[])

[   84.643826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.646833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.650330] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.655009] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.657793] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.711869] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.718491] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.720078] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.734327] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.739526] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.800846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.806945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.810471] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.812419] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   84.813796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.818449] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.819761] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   84.823550] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   84.828510] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   84.831979] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   84.834124] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   84.839126] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   84.840492] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   84.842583] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   84.846370] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   84.847787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.853459] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.854825] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.871331] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   84.884101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   84.887634] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   84.895630] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   84.900450] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   84.904458] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   84.906149] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   84.908437] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   84.912981] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   84.924319] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   84.943489] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   84.958021] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   86.740662] Bluetooth: hci0: command tx timeout
[   86.805370] Bluetooth: hci1: command tx timeout
[   86.868465] Bluetooth: hci5: command tx timeout
[   86.934490] Bluetooth: hci3: command tx timeout
[   86.935949] Bluetooth: hci4: command tx timeout
[   86.996510] Bluetooth: hci7: command tx timeout
[   86.997698] Bluetooth: hci2: command tx timeout
[   87.061419] Bluetooth: hci6: command tx timeout
[   88.789327] Bluetooth: hci0: command tx timeout
[   88.852377] Bluetooth: hci1: command tx timeout
[   88.917935] Bluetooth: hci5: command tx timeout
[   88.980325] Bluetooth: hci4: command tx timeout
[   88.980816] Bluetooth: hci3: command tx timeout
[   89.045412] Bluetooth: hci2: command tx timeout
[   89.045885] Bluetooth: hci7: command tx timeout
[   89.108337] Bluetooth: hci6: command tx timeout
[   90.836476] Bluetooth: hci0: command tx timeout
[   90.901240] Bluetooth: hci1: command tx timeout
[   90.965234] Bluetooth: hci5: command tx timeout
[   91.029401] Bluetooth: hci4: command tx timeout
[   91.029807] Bluetooth: hci3: command tx timeout
[   91.093264] Bluetooth: hci2: command tx timeout
[   91.093666] Bluetooth: hci7: command tx timeout
[   91.157511] Bluetooth: hci6: command tx timeout
[   92.885861] Bluetooth: hci0: command tx timeout
[   92.948300] Bluetooth: hci1: command tx timeout
[   93.012421] Bluetooth: hci5: command tx timeout
[   93.076297] Bluetooth: hci3: command tx timeout
[   93.077022] Bluetooth: hci4: command tx timeout
[   93.140342] Bluetooth: hci2: command tx timeout
[   93.141074] Bluetooth: hci7: command tx timeout
[   93.205245] Bluetooth: hci6: command tx timeout
[  127.141051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.142405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.472754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.473411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:12:06 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8)
listen(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

13:12:06 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8)
listen(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

13:12:06 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8)
listen(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[  128.565218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.565831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:12:06 executing program 2:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x1}, r0)

13:12:06 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc0bc5310, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})

[  128.770334] audit: type=1400 audit(1756473126.945:8): avc:  denied  { open } for  pid=3829 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  128.772823] audit: type=1400 audit(1756473126.945:9): avc:  denied  { kernel } for  pid=3829 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  128.797785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.798446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:12:07 executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8)
bind$bt_sco(r0, &(0x7f0000000080)={0x1f, @none}, 0x8)

13:12:07 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000280)=@getae={0x4c, 0x1f, 0x1, 0x0, 0x0, {{@in6=@private0}, @in6=@remote}, [@mark={0xc}]}, 0x4c}}, 0x0)

13:12:07 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = dup(r0)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x4, &(0x7f0000001080)=0x4, 0x4)

[  128.994961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.995606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.068072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.069057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.207808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.208580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.293787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.294446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.543986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.544659] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.619764] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.620446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.641160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.641771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.700982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.701697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.809052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.811293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.818447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.819092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.854837] FAT-fs (loop6): count of clusters too big (3992318)
[  129.855463] FAT-fs (loop6): Can't find a valid FAT filesystem
[  129.864355] FAT-fs (loop6): count of clusters too big (3992318)
[  129.864842] FAT-fs (loop6): Can't find a valid FAT filesystem
[  129.872570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.873218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.923762] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.924501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
13:12:09 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0xb341daa0822653b3, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)

13:12:09 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
ioprio_set$uid(0x0, 0x0, 0x2000)

13:12:09 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x7, 0x0, &(0x7f0000000280))

13:12:09 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, &(0x7f0000000040))

13:12:09 executing program 7:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, 0xfffffffffffffff9, 0x0)

13:12:09 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000270000004f801", 0x17}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530", 0x45, 0x600}], 0x0, &(0x7f0000010d00)=ANY=[])
futimesat(r0, &(0x7f0000000040)='./file0\x00', 0x0)

13:12:09 executing program 6:
keyctl$reject(0x13, 0x0, 0x0, 0x200, 0x0)

13:12:09 executing program 4:
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x29, 0x0, 0x490)

[  131.047064] loop5: detected capacity change from 0 to 6
13:12:09 executing program 6:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x31006, 0x0)
mount$bind(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2000868, 0x0)

13:12:09 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
ioprio_set$uid(0x0, 0x0, 0x2000)

13:12:09 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x7, 0x0, &(0x7f0000000280))

[  131.079445] FAT-fs (loop5): Directory bread(block 6) failed
[  131.084320] FAT-fs (loop5): Directory bread(block 7) failed
[  131.090649] FAT-fs (loop5): Directory bread(block 8) failed
[  131.094300] FAT-fs (loop5): Directory bread(block 9) failed
13:12:09 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
open(&(0x7f0000000000)='./file0\x00', 0x40, 0x0)

[  131.107304] =======================================================
[  131.107304] WARNING: The mand mount option has been deprecated and
[  131.107304]          and is ignored by this kernel. Remove the mand
[  131.107304]          option from the mount to silence this warning.
[  131.107304] =======================================================
13:12:09 executing program 0:
ioctl$DVD_READ_STRUCT(0xffffffffffffffff, 0x5390, &(0x7f0000000480)=@manufact={0x4, 0x0, 0x800, "cd33ebe03c1c2e4b12dbbd929c630121f1f07490cc8a110ba7d427d126e09efab8619a57c855d7fa1e270d5ef66cc1fe9427b45dcb8cac604c8a1b2a5fb33698f44c7af8fbd9ea42b8f7c15e147f2e8ee04d95b1a51ea926c2916ad4a22246080ee46333aba3441f15cfd7058fb42ad8353712b235b94f0286837b375bd38655bb834f292efd7a17d0a22749e00f361b669c6a31ab8a7a17d09f5f1be34b412019b8a2472f5a3145c1f0b49af8b9395bb586b334345395df2d09c626d1c58a303dbbf7981b6a44658c42a6bdc54879fb9f66d449d757331260dff634fc18592eb0d38595ef30d6dccc10c93e9a654500dab50648519c6bb846d02c50479d158b060cd5cbb608130b7e09f1529a77acfb34ff23dc2c02f07a70b71a2e59d3b8d97173037df770f16db114eba7eca3e2e767f92385470faeb95d44d5eb3b71dd3e444e5c18f0d6c26226009388fd4fb38d108ceb3e3d5c53ebf557b6cc6f2cbfffd87a0839f74f6886d886c914f45f69bbc9ab9158357fe3cc393bcc17cc771df8558ffa935928d5f280c05ba76fd89093272d4687a6dd31599ae4664bc667ac2c86c4d8fa2f97ddd018011ec2f10fba48af140510e063de02391b82c2ddfdc75bd69a6e1b3498278d534d9f12296cd5f1ec4f7a8036eb424da16352fe30bf1c81b77a73e690c018070e5afa4b431e60a99b806ae4bb06510e9696770f8796baa680d0223b57d5a80001c27ba5692148ee870da071157eb49feb5dad2eda05c82693d6500534fad8359940ec310a81a789145233b4b5b0acc185640e1cfc820aefc1ef1393877692adc5f50815b6dd22bc808901a21441dd31d935894121adfb80c0fb6c275a6ca866c7b2ea522f714db0ef4c0bd4c3095a0f5bff58f0f59359211c630259ad0c7901f34799c2838d75b11f0aecc6200588227d9cebbb5ba57084dfa22541619020ea515b437bcbf4f68d791c767d19d8bda06283d6c1e53717c82c1348b0b42482f3d11120117708d6fc93e84da3d4839aad10ce85fae6afc190753b79a87db00213f0c8ad330e66db821e22ab1f710bd8e9a76d76de97843e79613ec8993fed4c13ff4b3170c9c1f16f2d3404578eedb5d609c8e84d6bf35286aa7ea5bcdc5ae341e1911a73765400688d681f275d670d39159075e94a64b0575d9ae823e48b8d79d14ea3a8824183e5a4c8376530f32fd97df2464fb2cc6829c85655b7ab274c5b3acb8724b8cea83080e3d798294be7181ee1e14426e84abf24f3ca0245b4770c2446a74493d77ac01a40e94a685bc6d645c833d53460cbba007c22dd9de268ae221025e90b0e338011cbe0639eb57c15420727b3a78af3ce0782556dcd815f96272c97ca204ef3e073bd6b7d3097f0bc2f9d28ed8994002b8c8d7ca6cbaa761b6e6c76f4d37643e8bebbc32086af0a9df85714739abb926146f71cdab64edbf1eac62f67ed51ccee8e674ea8fd1eef862f810e0f6d901cc80a9b4f38f0b67a0824a8db12b941e53ed525ffdca71ea884a434904a3292d6b8e2004eb0e8766f1b9410dbb807aa0d4bd8c87ea429359a240f495e2a3f3ce803b5c7038f3ad9f3319bf998af71fabaf03769c76b3560c738b9e7f9622981f43b06d1e90c93028080590a13ebc6ce725f1257a77fb3f276fc703363a3c79ec63caf2ed370c1fa098ccc4ddee9b2571c4c44011e371e7a1441e4ac514696068ef37c7ef33bcf461b43c82c5a5724f53ae31b135619772891bb957f1c8c5d7a6f10447616198aa999e403c960ab7aff45203579539dac54ccf3b75927d19a43fb238be3fd24b1a6995bf83bd2df6891480c7dbd7536b374ef3e74c087149f051af901d71803cc7f12c09750938517448db0b0583f24bc8b648bd7a9a3c1c27ad15b7a4fce7d8daa31984d51679eb10d14f4da8d1fbfbbc15f16890aee733d45236f8aa062bd917649996f41b928eb31ac1538ba1e927cefaffcf9844604a3c380656fdd25a3c519a1a8cad35a6fb62ae982a426f84673a03c9610cef35d507625d0f9fa7b8b0b406b484a13dce6e44a846b04e7930463f0d3877f129d90b51b81e5a29ab9ca5e6ad64e0c6bd00a153f360fd754161d86b65f3a25a971803f6fb45fd6e5159cceee34b6013cc3b064d83b8a502ec17f755180dead379e940c46ba469c5856f0801502ef03dc4232dfcdc40dee6b479bda2dbcdb6320ee79695b5f4f8fd32b42b8130a166b0c8ba86292e58db66c54489abd3c415dbf3d1c19176f193d2dff0bce32a6d2f74d9e7638056390173e6f542c97472aef61c50259446f5becf768d60e97b24adcb872dcc40a33b2d6d8495fdb80fc781a7d5027b808f9b7b187f20f48f6f8d3a5d496ff458902568a6eb9cdc16e9d46dd5a1e8d028ce2cc82f2d6e1bce3bcd0a6ec87fb085ec2fe98789ea5c1a5657b91a93e1c22cd4e3a320776cede57216f8017c20e8b700bb84e6905ef2a26a3903505cefa8b0a7b3de0c161a9200737b8453995374eb2cec7b67e64c98e45eba4ea65df8a4f2b14ebb8249f827a7edd4c2c8b2051ec2993fe48bb8f756b9456e69b5523d8396ec1418be1a716e1f5708408be77136ea43f7b62e5eda26a4ace9f958798e922d2a22a04cd85dff134a1400abe6bb81c5f37a59391caac5f9b255d2b1e1e38ba3428ee74146220fac6f34065c1412d93a251ed18612e1b4afdd6270b64cc11e1de033489eedc16dfed4193c9ae02686b46b8aa10f0abaf9aac81d07d4896597a17e47ca558eb4677f306eb9844f9cf9b1781bd59a2b192a31cfa45db955fc5402ccd4c9efa35301b0b3ed4bc4bd1294dcfe286f45199f2bd8d531bf3c71b65d10cd67a95730ccb08cccf6d6390758425758c1f63d907d54a5c9d48873997e6ad7482c8"})
keyctl$read(0xa, 0x0, &(0x7f0000000c00)=""/229, 0xe5)

[  131.142803] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
[  131.153948] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
13:12:09 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x7, 0x0, &(0x7f0000000280))

[  131.176708] kmemleak: Found object by alias at 0x607f1a6398f4
[  131.176723] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  131.176741] Tainted: [W]=WARN
[  131.176745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  131.176751] Call Trace:
[  131.176756]  <TASK>
[  131.176760]  dump_stack_lvl+0xca/0x120
[  131.176783]  __lookup_object+0x94/0xb0
[  131.176799]  delete_object_full+0x27/0x70
[  131.176814]  free_percpu+0x30/0x1160
[  131.176830]  ? arch_uprobe_clear_state+0x16/0x140
[  131.176850]  futex_hash_free+0x38/0xc0
[  131.176864]  mmput+0x2d3/0x390
[  131.176886]  do_exit+0x79d/0x2970
[  131.176903]  ? __pfx_do_exit+0x10/0x10
[  131.176916]  ? find_held_lock+0x2b/0x80
[  131.176934]  ? get_signal+0x835/0x2340
[  131.176953]  do_group_exit+0xd3/0x2a0
[  131.176967]  get_signal+0x2315/0x2340
[  131.176985]  ? mntput_no_expire+0x14f/0xbe0
[  131.177006]  ? __pfx_get_signal+0x10/0x10
[  131.177024]  ? __pfx_mntput_no_expire+0x10/0x10
[  131.177042]  arch_do_signal_or_restart+0x80/0x790
[  131.177059]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  131.177079]  ? __x64_sys_mount+0x226/0x300
[  131.177091]  ? __pfx___x64_sys_mount+0x10/0x10
[  131.177108]  exit_to_user_mode_loop+0x8b/0x110
[  131.177120]  do_syscall_64+0x2f7/0x360
[  131.177132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.177143] RIP: 0033:0x7f0a3583bb19
[  131.177152] Code: Unable to access opcode bytes at 0x7f0a3583baef.
[  131.177157] RSP: 002b:00007f0a32db1188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  131.177168] RAX: 0000000000000000 RBX: 00007f0a3594ef60 RCX: 00007f0a3583bb19
[  131.177175] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000
[  131.177181] RBP: 00007f0a35895f6d R08: 0000000000000000 R09: 0000000000000000
[  131.177188] R10: 0000000002000868 R11: 0000000000000246 R12: 0000000000000000
[  131.177195] R13: 00007fffe034d1af R14: 00007f0a32db1300 R15: 0000000000022000
[  131.177210]  </TASK>
[  131.177213] kmemleak: Object (percpu) 0x607f1a6398f0 (size 8):
[  131.177220] kmemleak:   comm "syz-executor.5", pid 3930, jiffies 4294797642
[  131.177227] kmemleak:   min_count = 1
[  131.177231] kmemleak:   count = 0
[  131.177234] kmemleak:   flags = 0x21
[  131.177238] kmemleak:   checksum = 0
[  131.177241] kmemleak:   backtrace:
[  131.177245]  pcpu_alloc_noprof+0x87a/0x1170
[  131.177259]  __alloc_workqueue+0x74b/0x1820
[  131.177276]  alloc_workqueue_noprof+0xc7/0x200
[  131.177285]  loop_configure+0xf73/0x1590
[  131.177299]  lo_ioctl+0x66d/0x1c70
[  131.177310]  blkdev_ioctl+0x27c/0x6c0
[  131.177327]  __x64_sys_ioctl+0x18f/0x210
[  131.177342]  do_syscall_64+0xbf/0x360
[  131.177350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
13:12:09 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000040)=@FILEID_INO32_GEN={0x8, 0x1, {0x2}}, 0x0)

13:12:09 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "5eff7a00"})
readv(r0, &(0x7f00000027c0)=[{&(0x7f0000000200)=""/67, 0x43}], 0x1)

13:12:09 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x7, 0x0, &(0x7f0000000280))

13:12:09 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
ioprio_set$uid(0x0, 0x0, 0x2000)

13:12:09 executing program 4:
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140))
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000080)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)

13:12:09 executing program 7:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r1, 0x4, 0x2000)
shutdown(r0, 0x2)

13:12:09 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x5460, &(0x7f0000000000))

13:12:09 executing program 0:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x1c, 0x14, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='wlan1\x00'}]}, 0x1c}], 0x1}, 0x0)

[  131.440810] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  131.453525] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
13:12:09 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x5460, &(0x7f0000000000))

[  131.484321] kmemleak: Found object by alias at 0x607f1a6398f4
[  131.484338] CPU: 1 UID: 0 PID: 3952 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  131.484356] Tainted: [W]=WARN
[  131.484359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  131.484366] Call Trace:
[  131.484370]  <TASK>
[  131.484375]  dump_stack_lvl+0xca/0x120
[  131.484398]  __lookup_object+0x94/0xb0
[  131.484414]  delete_object_full+0x27/0x70
[  131.484430]  free_percpu+0x30/0x1160
[  131.484446]  ? arch_uprobe_clear_state+0x16/0x140
[  131.484465]  futex_hash_free+0x38/0xc0
[  131.484479]  mmput+0x2d3/0x390
[  131.484497]  do_exit+0x79d/0x2970
[  131.484511]  ? signal_wake_up_state+0x85/0x120
[  131.484526]  ? zap_other_threads+0x2b9/0x3a0
[  131.484541]  ? __pfx_do_exit+0x10/0x10
[  131.484554]  ? do_group_exit+0x1c3/0x2a0
[  131.484567]  ? lock_release+0xc8/0x290
[  131.484588]  do_group_exit+0xd3/0x2a0
[  131.484603]  __x64_sys_exit_group+0x3e/0x50
[  131.484616]  x64_sys_call+0x18c5/0x18d0
[  131.484631]  do_syscall_64+0xbf/0x360
[  131.484642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.484653] RIP: 0033:0x7f0a3583bb19
[  131.484662] Code: Unable to access opcode bytes at 0x7f0a3583baef.
[  131.484667] RSP: 002b:00007fffe034d3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  131.484678] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f0a3583bb19
[  131.484685] RDX: 00007f0a357ee72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  131.484692] RBP: 0000000000000000 R08: 00007f0a35953230 R09: 0000000000000001
[  131.484698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.484705] R13: 0000000000000001 R14: 0000000000000001 R15: 00007fffe034d4c0
[  131.484720]  </TASK>
[  131.484724] kmemleak: Object (percpu) 0x607f1a6398f0 (size 8):
[  131.484730] kmemleak:   comm "syz-executor.0", pid 3964, jiffies 4294798037
[  131.484737] kmemleak:   min_count = 1
[  131.484741] kmemleak:   count = 0
[  131.484744] kmemleak:   flags = 0x21
[  131.484748] kmemleak:   checksum = 0
[  131.484752] kmemleak:   backtrace:
[  131.484755]  pcpu_alloc_noprof+0x87a/0x1170
[  131.484770]  perf_trace_event_init+0x366/0xa10
[  131.484782]  perf_trace_init+0x1a4/0x2f0
[  131.484794]  perf_tp_event_init+0xa6/0x120
[  131.484809]  perf_try_init_event+0x140/0x9f0
[  131.484821]  perf_event_alloc.part.0+0x118e/0x45f0
[  131.484837]  __do_sys_perf_event_open+0x719/0x2c20
[  131.484849]  do_syscall_64+0xbf/0x360
[  131.484857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
13:12:09 executing program 6:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "5eff7a00"})
readv(r0, &(0x7f00000027c0)=[{&(0x7f0000000200)=""/67, 0x43}], 0x1)

13:12:09 executing program 1:
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)

13:12:09 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x574c, &(0x7f0000003a00)={0x0, 0x0, 0x6}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000300), &(0x7f0000003ac0))

13:12:09 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x5460, &(0x7f0000000000))

13:12:09 executing program 0:
mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

13:12:09 executing program 7:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xa800b0, &(0x7f0000003700)={[{@gid}]})

13:12:09 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)

13:12:09 executing program 2:
r0 = getpid()
wait4(r0, 0x0, 0x20000000, 0x0)

[  131.666779] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  131.668289] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  131.669491] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  131.671915] Tainted: [W]=WARN
[  131.672690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  131.674475] RIP: 0010:perf_tp_event+0x175/0xe70
[  131.675502] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  131.678844] RSP: 0018:ffff8880176ff800 EFLAGS: 00010212
[  131.679867] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
13:12:09 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x5460, &(0x7f0000000000))

[  131.681313] RDX: ffff88801bd9d280 RSI: ffffffff818995b7 RDI: 0000000000000191
[  131.682815] RBP: ffff8880176ffa70 R08: ffff88806ce31340 R09: ffffe8ffffc15d00
13:12:09 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0xffff3710, 0x401, 0x0, "215278324f3114ec1002ce513402c7d2d9eccb"})

[  131.684812] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  131.686684] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  131.688977] FS:  000055556a9e5400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  131.690125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  131.690970] CR2: 0000000020003a04 CR3: 000000000dd7e000 CR4: 0000000000350ef0
[  131.691996] Call Trace:
[  131.692400]  <TASK>
[  131.692749]  ? __pfx_perf_tp_event+0x10/0x10
[  131.693407]  ? do_raw_spin_unlock+0x53/0x220
[  131.694063]  ? __kasan_unpoison_pages+0x2f/0x40
[  131.694757]  ? get_page_from_freelist+0x194a/0x24b0
[  131.695500]  ? should_fail_alloc_page+0xe8/0x110
[  131.696218]  ? trace_mm_page_alloc+0xfc/0x150
[  131.696882]  ? __alloc_frozen_pages_noprof+0x296/0x1f20
[  131.697679]  ? perf_trace_run_bpf_submit+0xef/0x180
[  131.698425]  perf_trace_run_bpf_submit+0xef/0x180
[  131.699155]  perf_trace_lock+0x337/0x5d0
[  131.699766]  ? __pfx_perf_trace_lock+0x10/0x10
[  131.700463]  ? lock_acquire+0x15e/0x2f0
[  131.701059]  ? futex_ref_get+0x48/0x300
[  131.701656]  ? futex_ref_get+0x114/0x300
[  131.702254]  ? futex_hash+0x15c/0x390
[  131.702814]  lock_release+0x1ab/0x290
[  131.703390]  ? futex_hash+0x15c/0x390
[  131.703951]  futex_ref_get+0x119/0x300
[  131.704554]  ? futex_hash+0x15c/0x390
[  131.705142]  futex_hash+0x70/0x390
[  131.705680]  futex_wake+0x143/0x540
[  131.706245]  ? lock_release+0xc8/0x290
[  131.706821]  ? __pfx_futex_wake+0x10/0x10
[  131.707425]  ? __handle_mm_fault+0x753/0x3260
[  131.708103]  ? perf_trace_lock+0xb5/0x5d0
[  131.708710]  do_futex+0x26d/0x370
[  131.709232]  ? __pfx_do_futex+0x10/0x10
[  131.709819]  ? __pfx_perf_trace_lock+0x10/0x10
[  131.710491]  ? find_held_lock+0x2b/0x80
[  131.711094]  __x64_sys_futex+0x1c9/0x4d0
[  131.711709]  ? exc_page_fault+0xb0/0x180
[  131.712356]  ? __pfx___x64_sys_futex+0x10/0x10
[  131.713056]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  131.713844]  do_syscall_64+0xbf/0x360
[  131.714420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.715175] RIP: 0033:0x7fc63c8e6b19
[  131.715734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  131.718345] RSP: 002b:00007ffe482ddc38 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  131.719469] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc63c8e6b19
[  131.720487] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc63c9f9f68
[  131.721555] RBP: 00007fc63c9f9f60 R08: 000000000000000f R09: 0000000000000000
[  131.722572] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc63c9fec08
[  131.723632] R13: 00007ffe482ddd40 R14: 00007fc63c9f9f60 R15: 0000000000020189
[  131.724677]  </TASK>
[  131.725052] Modules linked in:
[  131.725578] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  131.727202] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  131.728305] CPU: 0 UID: 0 PID: 3972 Comm: syz-executor.4 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  131.728337] Tainted: [D]=DIE, [W]=WARN
[  131.728345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  131.728356] RIP: 0010:perf_tp_event+0x175/0xe70
[  131.728384] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  131.728402] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[  131.728419] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  131.728431] RDX: ffff88801bd9d280 RSI: ffffffff818995b7 RDI: 0000000000000191
[  131.728444] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc15d00
[  131.728456] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000
[  131.728468] R13: 0000000000000024 R14: ffff88806ce31490 R15: dffffc0000000000
[  131.728484] FS:  000055556a9e5400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  131.728501] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  131.728514] CR2: 0000000020003a04 CR3: 000000000dd7e000 CR4: 0000000000350ef0
[  131.728526] Call Trace:
[  131.728532]  <IRQ>
[  131.728548]  ? __pfx_perf_tp_event+0x10/0x10
[  131.728577]  ? stack_depot_save_flags+0x2c/0xa20
[  131.728603]  ? kasan_save_stack+0x34/0x50
[  131.728624]  ? kasan_save_stack+0x24/0x50
[  131.728644]  ? kasan_save_track+0x14/0x30
[  131.728665]  ? __kasan_save_free_info+0x3a/0x60
[  131.728682]  ? __kasan_slab_free+0x3f/0x50
[  131.728704]  ? kmem_cache_free+0x2a1/0x540
[  131.728722]  ? rcu_core+0x7c8/0x1800
[  131.749475]  ? handle_softirqs+0x1b1/0x770
[  131.750102]  ? __irq_exit_rcu+0xc4/0x100
[  131.750684]  ? irq_exit_rcu+0x9/0x20
[  131.751220]  ? sysvec_apic_timer_interrupt+0x70/0x80
[  131.751936]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  131.752716]  ? _raw_spin_unlock_irqrestore+0x34/0x50
[  131.753452]  ? hrtimer_try_to_cancel.part.0+0x128/0x250
[  131.754255]  ? hrtimer_cancel+0x34/0x70
[  131.754841]  ? futex_wait+0xf3/0x380
[  131.755421]  ? do_futex+0x2ee/0x370
[  131.755955]  ? __x64_sys_futex+0x1c9/0x4d0
[  131.756567]  ? do_syscall_64+0xbf/0x360
[  131.757138]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.757908]  ? __mutex_add_waiter+0x202/0x220
[  131.758550]  ? __pfx_perf_trace_lock+0x10/0x10
[  131.759205]  ? perf_trace_run_bpf_submit+0xef/0x180
[  131.759906]  perf_trace_run_bpf_submit+0xef/0x180
[  131.760580]  perf_trace_lock+0x337/0x5d0
[  131.761136]  ? place_entity+0x1c/0x410
[  131.761664]  ? kvm_sched_clock_read+0x16/0x30
[  131.762288]  ? __pfx_perf_trace_lock+0x10/0x10
[  131.762919]  ? check_preempt_wakeup_fair+0x6e/0x950
[  131.763587]  ? rcu_core+0x7c3/0x1800
[  131.764117]  ? sched_ttwu_pending+0x2e0/0x4a0
[  131.764735]  lock_release+0x1ab/0x290
[  131.765259]  ? ttwu_do_activate+0x1a4/0x8a0
[  131.765849]  _raw_spin_unlock+0x16/0x40
[  131.766385]  sched_ttwu_pending+0x2e0/0x4a0
[  131.766978]  ? __pfx_sched_ttwu_pending+0x10/0x10
[  131.767626]  ? hrtimer_interrupt+0x652/0x830
[  131.768234]  __flush_smp_call_function_queue+0x434/0x740
[  131.768978]  __sysvec_call_function_single+0x6d/0x370
[  131.769693]  sysvec_call_function_single+0xa1/0xc0
[  131.770352]  </IRQ>
[  131.770663]  <TASK>
[  131.770975]  asm_sysvec_call_function_single+0x1a/0x20
[  131.771667] RIP: 0010:oops_exit+0x0/0x50
[  131.772241] Code: f1 39 00 be ff ff ff ff 48 c7 c7 50 ac 43 86 e8 c6 0f f9 ff 5b e9 20 f1 39 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 06 f1 39 00 8b 1d c0 ed 4e 06 31 ff 89 de e8 27
[  131.774591] RSP: 0018:ffff8880176ff690 EFLAGS: 00000202
[  131.775290] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f
[  131.776226] RDX: ffff88801bd9d280 RSI: ffffffff812a3dca RDI: 0000000000000007
[  131.777167] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f11c90
[  131.778091] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880176ff758
[  131.779021] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  131.779948]  ? add_taint+0x5f/0xd0
[  131.780440]  ? oops_end+0x4a/0xe0
[  131.780930]  oops_end+0x65/0xe0
[  131.781390]  exc_general_protection+0x1a2/0x330
[  131.782024]  asm_exc_general_protection+0x26/0x30
[  131.782660] RIP: 0010:perf_tp_event+0x175/0xe70
[  131.783284] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  131.785624] RSP: 0018:ffff8880176ff800 EFLAGS: 00010212
[  131.786318] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  131.787241] RDX: ffff88801bd9d280 RSI: ffffffff818995b7 RDI: 0000000000000191
[  131.788164] RBP: ffff8880176ffa70 R08: ffff88806ce31340 R09: ffffe8ffffc15d00
[  131.789080] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  131.789994] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  131.790924]  ? perf_tp_event+0x167/0xe70
[  131.791477]  ? __pfx_perf_tp_event+0x10/0x10
[  131.792071]  ? do_raw_spin_unlock+0x53/0x220
[  131.792663]  ? __kasan_unpoison_pages+0x2f/0x40
[  131.793283]  ? get_page_from_freelist+0x194a/0x24b0
[  131.793953]  ? should_fail_alloc_page+0xe8/0x110
[  131.794585]  ? trace_mm_page_alloc+0xfc/0x150
[  131.795183]  ? __alloc_frozen_pages_noprof+0x296/0x1f20
[  131.795894]  ? perf_trace_run_bpf_submit+0xef/0x180
[  131.796571]  perf_trace_run_bpf_submit+0xef/0x180
[  131.797218]  perf_trace_lock+0x337/0x5d0
[  131.797769]  ? __pfx_perf_trace_lock+0x10/0x10
[  131.798382]  ? lock_acquire+0x15e/0x2f0
[  131.798912]  ? futex_ref_get+0x48/0x300
[  131.799434]  ? futex_ref_get+0x114/0x300
[  131.799966]  ? futex_hash+0x15c/0x390
[  131.800475]  lock_release+0x1ab/0x290
[  131.800977]  ? futex_hash+0x15c/0x390
[  131.801476]  futex_ref_get+0x119/0x300
[  131.801994]  ? futex_hash+0x15c/0x390
[  131.802490]  futex_hash+0x70/0x390
[  131.802971]  futex_wake+0x143/0x540
[  131.803460]  ? lock_release+0xc8/0x290
[  131.803977]  ? __pfx_futex_wake+0x10/0x10
[  131.804536]  ? __handle_mm_fault+0x753/0x3260
[  131.805142]  ? perf_trace_lock+0xb5/0x5d0
[  131.805691]  do_futex+0x26d/0x370
[  131.806158]  ? __pfx_do_futex+0x10/0x10
[  131.806680]  ? __pfx_perf_trace_lock+0x10/0x10
[  131.807284]  ? find_held_lock+0x2b/0x80
[  131.807815]  __x64_sys_futex+0x1c9/0x4d0
[  131.808364]  ? exc_page_fault+0xb0/0x180
[  131.808895]  ? __pfx___x64_sys_futex+0x10/0x10
[  131.809508]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  131.810181]  do_syscall_64+0xbf/0x360
[  131.810676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.811350] RIP: 0033:0x7fc63c8e6b19
[  131.811836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  131.814124] RSP: 002b:00007ffe482ddc38 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  131.815093] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc63c8e6b19
[  131.816007] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc63c9f9f68
[  131.816913] RBP: 00007fc63c9f9f60 R08: 000000000000000f R09: 0000000000000000
[  131.817820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc63c9fec08
[  131.818728] R13: 00007ffe482ddd40 R14: 00007fc63c9f9f60 R15: 0000000000020189
[  131.819646]  </TASK>
[  131.819964] Modules linked in:
[  131.820402] ---[ end trace 0000000000000000 ]---
[  131.821007] RIP: 0010:perf_tp_event+0x175/0xe70
[  131.821606] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  131.823867] RSP: 0018:ffff8880176ff800 EFLAGS: 00010212
[  131.824551] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  131.825449] RDX: ffff88801bd9d280 RSI: ffffffff818995b7 RDI: 0000000000000191
[  131.826337] RBP: ffff8880176ffa70 R08: ffff88806ce31340 R09: ffffe8ffffc15d00
[  131.827224] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  131.828120] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  131.829016] FS:  000055556a9e5400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
[  131.830018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  131.830756] CR2: 0000000020003a04 CR3: 000000000dd7e000 CR4: 0000000000350ef0
[  131.831656] Kernel panic - not syncing: Fatal exception in interrupt
[  132.892906] Shutting down cpus with NMI
[  132.893467] Kernel Offset: disabled
[  132.893767] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
13:12:10  Registers:
info registers vcpu 0
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880176ff178
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=3838666666662052
R12=0000000000000051 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400
RIP=ffffffff828e3285 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055556a9e5400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe2400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020003a04 CR3=000000000dd7e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000ff0000 XMM01=6a6e695f31313230385f7a7973006273
XMM02=000000000000000000ffffffff000000 XMM03=00007fc63c9cd7c800007fc63c9cd7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000007 RBX=0000000000000001 RCX=ffffffff81aff4d8 RDX=000000000000aff4
RSI=000000000000aff4 RDI=ffffffff86cc5534 RBP=ffff888017f779c8 RSP=ffff888017f77900
R8 =0000000000000000 R9 =0000000000000000 R10=000000000003be53 R11=0000000000024c42
R12=ffff888017f779d0 R13=ffff888017f779b8 R14=ffff888017f779b1 R15=ffff888017f77970
RIP=ffffffff8135858a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f64fc2ba8c0 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe0600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055556c3cec58 CR3=000000000b5b4000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f
XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973
XMM04=00000003ffffffff0000562051eb2bf0 XMM05=0000562051e353f00000562051e5fc30
XMM06=0000562051e820c00000000000000000 XMM07=00000000000000000000000000000000
XMM08=6e753c007325732575253a5d73255b00 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000