Warning: Permanently added '[localhost]:4781' (ECDSA) to the list of known hosts.
2025/09/01 12:22:13 fuzzer started
2025/09/01 12:22:13 dialing manager at localhost:35473
syzkaller login: [   58.730528] cgroup: Unknown subsys name 'net'
[   58.836214] cgroup: Unknown subsys name 'cpuset'
[   58.865437] cgroup: Unknown subsys name 'rlimit'
2025/09/01 12:22:24 syscalls: 2214
2025/09/01 12:22:24 code coverage: enabled
2025/09/01 12:22:24 comparison tracing: enabled
2025/09/01 12:22:24 extra coverage: enabled
2025/09/01 12:22:24 setuid sandbox: enabled
2025/09/01 12:22:24 namespace sandbox: enabled
2025/09/01 12:22:24 Android sandbox: enabled
2025/09/01 12:22:24 fault injection: enabled
2025/09/01 12:22:24 leak checking: enabled
2025/09/01 12:22:24 net packet injection: enabled
2025/09/01 12:22:24 net device setup: enabled
2025/09/01 12:22:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 12:22:24 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 12:22:24 USB emulation: enabled
2025/09/01 12:22:24 hci packet injection: enabled
2025/09/01 12:22:24 wifi device emulation: enabled
2025/09/01 12:22:24 802.15.4 emulation: enabled
2025/09/01 12:22:24 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 12:22:25 fetching corpus: 48, signal 15052/18750 (executing program)
2025/09/01 12:22:25 fetching corpus: 98, signal 27078/32286 (executing program)
2025/09/01 12:22:25 fetching corpus: 148, signal 37042/43566 (executing program)
2025/09/01 12:22:25 fetching corpus: 198, signal 42002/49902 (executing program)
2025/09/01 12:22:25 fetching corpus: 248, signal 46773/55952 (executing program)
2025/09/01 12:22:25 fetching corpus: 298, signal 54401/64564 (executing program)
2025/09/01 12:22:25 fetching corpus: 348, signal 57673/68999 (executing program)
2025/09/01 12:22:25 fetching corpus: 398, signal 62849/75122 (executing program)
2025/09/01 12:22:25 fetching corpus: 448, signal 65172/78558 (executing program)
2025/09/01 12:22:25 fetching corpus: 498, signal 68735/83039 (executing program)
2025/09/01 12:22:25 fetching corpus: 548, signal 71553/86823 (executing program)
2025/09/01 12:22:26 fetching corpus: 598, signal 72776/89147 (executing program)
2025/09/01 12:22:26 fetching corpus: 648, signal 76639/93726 (executing program)
2025/09/01 12:22:26 fetching corpus: 698, signal 80237/97959 (executing program)
2025/09/01 12:22:26 fetching corpus: 748, signal 82329/100819 (executing program)
2025/09/01 12:22:26 fetching corpus: 798, signal 83774/103232 (executing program)
2025/09/01 12:22:26 fetching corpus: 848, signal 85032/105375 (executing program)
2025/09/01 12:22:26 fetching corpus: 898, signal 86980/108072 (executing program)
2025/09/01 12:22:26 fetching corpus: 948, signal 89134/110883 (executing program)
2025/09/01 12:22:26 fetching corpus: 998, signal 90877/113320 (executing program)
2025/09/01 12:22:26 fetching corpus: 1048, signal 92834/115937 (executing program)
2025/09/01 12:22:27 fetching corpus: 1098, signal 95060/118758 (executing program)
2025/09/01 12:22:27 fetching corpus: 1148, signal 96462/120843 (executing program)
2025/09/01 12:22:27 fetching corpus: 1198, signal 98466/123348 (executing program)
2025/09/01 12:22:27 fetching corpus: 1248, signal 99738/125274 (executing program)
2025/09/01 12:22:27 fetching corpus: 1298, signal 100520/126814 (executing program)
2025/09/01 12:22:27 fetching corpus: 1348, signal 102965/129542 (executing program)
2025/09/01 12:22:27 fetching corpus: 1398, signal 105609/132356 (executing program)
2025/09/01 12:22:27 fetching corpus: 1448, signal 108417/135280 (executing program)
2025/09/01 12:22:27 fetching corpus: 1498, signal 109473/136906 (executing program)
2025/09/01 12:22:27 fetching corpus: 1548, signal 110351/138340 (executing program)
2025/09/01 12:22:27 fetching corpus: 1598, signal 111055/139675 (executing program)
2025/09/01 12:22:28 fetching corpus: 1648, signal 112133/141233 (executing program)
2025/09/01 12:22:28 fetching corpus: 1698, signal 113337/142885 (executing program)
2025/09/01 12:22:28 fetching corpus: 1748, signal 114531/144572 (executing program)
2025/09/01 12:22:28 fetching corpus: 1798, signal 116002/146252 (executing program)
2025/09/01 12:22:28 fetching corpus: 1848, signal 117096/147750 (executing program)
2025/09/01 12:22:28 fetching corpus: 1898, signal 117869/149041 (executing program)
2025/09/01 12:22:28 fetching corpus: 1948, signal 119251/150647 (executing program)
2025/09/01 12:22:28 fetching corpus: 1998, signal 120247/152005 (executing program)
2025/09/01 12:22:28 fetching corpus: 2048, signal 121397/153397 (executing program)
2025/09/01 12:22:28 fetching corpus: 2098, signal 122170/154634 (executing program)
2025/09/01 12:22:28 fetching corpus: 2148, signal 123268/155995 (executing program)
2025/09/01 12:22:29 fetching corpus: 2198, signal 124049/157122 (executing program)
2025/09/01 12:22:29 fetching corpus: 2248, signal 124859/158364 (executing program)
2025/09/01 12:22:29 fetching corpus: 2298, signal 125768/159524 (executing program)
2025/09/01 12:22:29 fetching corpus: 2348, signal 126349/160566 (executing program)
2025/09/01 12:22:29 fetching corpus: 2398, signal 127238/161668 (executing program)
2025/09/01 12:22:29 fetching corpus: 2448, signal 128106/162806 (executing program)
2025/09/01 12:22:29 fetching corpus: 2498, signal 128830/163865 (executing program)
2025/09/01 12:22:29 fetching corpus: 2548, signal 129635/164946 (executing program)
2025/09/01 12:22:29 fetching corpus: 2598, signal 130576/166025 (executing program)
2025/09/01 12:22:29 fetching corpus: 2648, signal 131747/167249 (executing program)
2025/09/01 12:22:30 fetching corpus: 2698, signal 132553/168283 (executing program)
2025/09/01 12:22:30 fetching corpus: 2748, signal 133255/169223 (executing program)
2025/09/01 12:22:30 fetching corpus: 2798, signal 134297/170265 (executing program)
2025/09/01 12:22:30 fetching corpus: 2848, signal 136226/171622 (executing program)
2025/09/01 12:22:30 fetching corpus: 2898, signal 136698/172406 (executing program)
2025/09/01 12:22:30 fetching corpus: 2948, signal 137693/173411 (executing program)
2025/09/01 12:22:30 fetching corpus: 2998, signal 138484/174308 (executing program)
2025/09/01 12:22:30 fetching corpus: 3048, signal 139695/175391 (executing program)
2025/09/01 12:22:30 fetching corpus: 3098, signal 140209/176183 (executing program)
2025/09/01 12:22:30 fetching corpus: 3148, signal 140774/176955 (executing program)
2025/09/01 12:22:30 fetching corpus: 3198, signal 141756/177842 (executing program)
2025/09/01 12:22:31 fetching corpus: 3248, signal 142712/178809 (executing program)
2025/09/01 12:22:31 fetching corpus: 3298, signal 143467/179581 (executing program)
2025/09/01 12:22:31 fetching corpus: 3348, signal 143875/180206 (executing program)
2025/09/01 12:22:31 fetching corpus: 3398, signal 144562/180975 (executing program)
2025/09/01 12:22:31 fetching corpus: 3448, signal 145490/181750 (executing program)
2025/09/01 12:22:31 fetching corpus: 3498, signal 146019/182438 (executing program)
2025/09/01 12:22:31 fetching corpus: 3548, signal 146593/183119 (executing program)
2025/09/01 12:22:31 fetching corpus: 3598, signal 147279/183806 (executing program)
2025/09/01 12:22:31 fetching corpus: 3648, signal 147903/184459 (executing program)
2025/09/01 12:22:31 fetching corpus: 3698, signal 148673/185130 (executing program)
2025/09/01 12:22:32 fetching corpus: 3748, signal 149189/185715 (executing program)
2025/09/01 12:22:32 fetching corpus: 3798, signal 149843/186352 (executing program)
2025/09/01 12:22:32 fetching corpus: 3848, signal 150449/186966 (executing program)
2025/09/01 12:22:32 fetching corpus: 3898, signal 150808/187541 (executing program)
2025/09/01 12:22:32 fetching corpus: 3948, signal 151568/188168 (executing program)
2025/09/01 12:22:32 fetching corpus: 3998, signal 151898/188661 (executing program)
2025/09/01 12:22:32 fetching corpus: 4048, signal 152306/189175 (executing program)
2025/09/01 12:22:32 fetching corpus: 4098, signal 153076/189762 (executing program)
2025/09/01 12:22:32 fetching corpus: 4148, signal 153784/190423 (executing program)
2025/09/01 12:22:32 fetching corpus: 4198, signal 154272/190944 (executing program)
2025/09/01 12:22:33 fetching corpus: 4248, signal 154860/191423 (executing program)
2025/09/01 12:22:33 fetching corpus: 4298, signal 155383/191876 (executing program)
2025/09/01 12:22:33 fetching corpus: 4348, signal 155782/192329 (executing program)
2025/09/01 12:22:33 fetching corpus: 4398, signal 156317/192792 (executing program)
2025/09/01 12:22:33 fetching corpus: 4448, signal 156948/193293 (executing program)
2025/09/01 12:22:33 fetching corpus: 4498, signal 157384/193713 (executing program)
2025/09/01 12:22:33 fetching corpus: 4548, signal 157707/194137 (executing program)
2025/09/01 12:22:33 fetching corpus: 4598, signal 158164/194587 (executing program)
2025/09/01 12:22:33 fetching corpus: 4648, signal 158580/194999 (executing program)
2025/09/01 12:22:33 fetching corpus: 4698, signal 158902/195415 (executing program)
2025/09/01 12:22:33 fetching corpus: 4748, signal 159360/195867 (executing program)
2025/09/01 12:22:33 fetching corpus: 4798, signal 159981/196226 (executing program)
2025/09/01 12:22:34 fetching corpus: 4848, signal 160422/196243 (executing program)
2025/09/01 12:22:34 fetching corpus: 4898, signal 162251/196244 (executing program)
2025/09/01 12:22:34 fetching corpus: 4948, signal 162601/196261 (executing program)
2025/09/01 12:22:34 fetching corpus: 4998, signal 163077/196297 (executing program)
2025/09/01 12:22:34 fetching corpus: 5048, signal 163601/196335 (executing program)
2025/09/01 12:22:34 fetching corpus: 5098, signal 164029/196339 (executing program)
2025/09/01 12:22:34 fetching corpus: 5148, signal 164457/196384 (executing program)
2025/09/01 12:22:34 fetching corpus: 5198, signal 164809/196392 (executing program)
2025/09/01 12:22:34 fetching corpus: 5248, signal 165168/196393 (executing program)
2025/09/01 12:22:34 fetching corpus: 5298, signal 165521/196400 (executing program)
2025/09/01 12:22:35 fetching corpus: 5348, signal 165828/196406 (executing program)
2025/09/01 12:22:35 fetching corpus: 5398, signal 166102/196414 (executing program)
2025/09/01 12:22:35 fetching corpus: 5448, signal 166483/196417 (executing program)
2025/09/01 12:22:35 fetching corpus: 5498, signal 166759/196419 (executing program)
2025/09/01 12:22:35 fetching corpus: 5548, signal 167324/196420 (executing program)
2025/09/01 12:22:35 fetching corpus: 5598, signal 167647/196423 (executing program)
2025/09/01 12:22:35 fetching corpus: 5648, signal 167913/196438 (executing program)
2025/09/01 12:22:35 fetching corpus: 5698, signal 168534/196442 (executing program)
2025/09/01 12:22:35 fetching corpus: 5748, signal 168944/196490 (executing program)
2025/09/01 12:22:35 fetching corpus: 5798, signal 169264/196492 (executing program)
2025/09/01 12:22:35 fetching corpus: 5848, signal 169633/196509 (executing program)
2025/09/01 12:22:36 fetching corpus: 5898, signal 170050/196521 (executing program)
2025/09/01 12:22:36 fetching corpus: 5948, signal 170363/196522 (executing program)
2025/09/01 12:22:36 fetching corpus: 5998, signal 170677/196524 (executing program)
2025/09/01 12:22:36 fetching corpus: 6048, signal 170978/196555 (executing program)
2025/09/01 12:22:36 fetching corpus: 6098, signal 171470/196575 (executing program)
2025/09/01 12:22:36 fetching corpus: 6148, signal 171749/196601 (executing program)
2025/09/01 12:22:36 fetching corpus: 6198, signal 172152/196616 (executing program)
2025/09/01 12:22:36 fetching corpus: 6248, signal 172479/196627 (executing program)
2025/09/01 12:22:36 fetching corpus: 6298, signal 172762/196657 (executing program)
2025/09/01 12:22:36 fetching corpus: 6348, signal 173058/196658 (executing program)
2025/09/01 12:22:36 fetching corpus: 6398, signal 173582/196668 (executing program)
2025/09/01 12:22:36 fetching corpus: 6448, signal 174449/196682 (executing program)
2025/09/01 12:22:36 fetching corpus: 6498, signal 174866/196687 (executing program)
2025/09/01 12:22:37 fetching corpus: 6548, signal 175303/196705 (executing program)
2025/09/01 12:22:37 fetching corpus: 6598, signal 175841/196706 (executing program)
2025/09/01 12:22:37 fetching corpus: 6648, signal 176232/196713 (executing program)
2025/09/01 12:22:37 fetching corpus: 6698, signal 176558/196724 (executing program)
2025/09/01 12:22:37 fetching corpus: 6748, signal 177077/196725 (executing program)
2025/09/01 12:22:37 fetching corpus: 6798, signal 177445/196740 (executing program)
2025/09/01 12:22:37 fetching corpus: 6848, signal 177687/196742 (executing program)
2025/09/01 12:22:37 fetching corpus: 6898, signal 177919/196767 (executing program)
2025/09/01 12:22:37 fetching corpus: 6948, signal 178134/196777 (executing program)
2025/09/01 12:22:37 fetching corpus: 6998, signal 178872/196786 (executing program)
2025/09/01 12:22:37 fetching corpus: 7048, signal 179290/196792 (executing program)
2025/09/01 12:22:37 fetching corpus: 7098, signal 179664/196794 (executing program)
2025/09/01 12:22:38 fetching corpus: 7148, signal 180091/196794 (executing program)
2025/09/01 12:22:38 fetching corpus: 7198, signal 180405/196794 (executing program)
2025/09/01 12:22:38 fetching corpus: 7248, signal 180654/196795 (executing program)
2025/09/01 12:22:38 fetching corpus: 7298, signal 181251/196862 (executing program)
2025/09/01 12:22:38 fetching corpus: 7348, signal 181711/196923 (executing program)
2025/09/01 12:22:38 fetching corpus: 7398, signal 181904/196924 (executing program)
2025/09/01 12:22:38 fetching corpus: 7448, signal 182288/196945 (executing program)
2025/09/01 12:22:38 fetching corpus: 7498, signal 182697/196945 (executing program)
2025/09/01 12:22:38 fetching corpus: 7548, signal 183126/196947 (executing program)
2025/09/01 12:22:38 fetching corpus: 7598, signal 183332/196954 (executing program)
2025/09/01 12:22:38 fetching corpus: 7648, signal 183539/196954 (executing program)
2025/09/01 12:22:39 fetching corpus: 7698, signal 184066/196956 (executing program)
2025/09/01 12:22:39 fetching corpus: 7748, signal 184510/196978 (executing program)
2025/09/01 12:22:39 fetching corpus: 7798, signal 184886/196982 (executing program)
2025/09/01 12:22:39 fetching corpus: 7848, signal 185126/197013 (executing program)
2025/09/01 12:22:39 fetching corpus: 7898, signal 185551/197018 (executing program)
2025/09/01 12:22:39 fetching corpus: 7948, signal 185973/197025 (executing program)
2025/09/01 12:22:39 fetching corpus: 7998, signal 186296/197031 (executing program)
2025/09/01 12:22:39 fetching corpus: 8048, signal 186733/197031 (executing program)
2025/09/01 12:22:39 fetching corpus: 8098, signal 186945/197031 (executing program)
2025/09/01 12:22:39 fetching corpus: 8148, signal 187202/197074 (executing program)
2025/09/01 12:22:39 fetching corpus: 8198, signal 187574/197074 (executing program)
2025/09/01 12:22:40 fetching corpus: 8248, signal 187813/197078 (executing program)
2025/09/01 12:22:40 fetching corpus: 8298, signal 188100/197081 (executing program)
2025/09/01 12:22:40 fetching corpus: 8348, signal 188311/197094 (executing program)
2025/09/01 12:22:40 fetching corpus: 8398, signal 188526/197193 (executing program)
2025/09/01 12:22:40 fetching corpus: 8448, signal 188761/197201 (executing program)
2025/09/01 12:22:40 fetching corpus: 8498, signal 188982/197214 (executing program)
2025/09/01 12:22:40 fetching corpus: 8546, signal 189242/197219 (executing program)
2025/09/01 12:22:40 fetching corpus: 8596, signal 189544/197238 (executing program)
2025/09/01 12:22:40 fetching corpus: 8646, signal 189835/197249 (executing program)
2025/09/01 12:22:40 fetching corpus: 8696, signal 190068/197255 (executing program)
2025/09/01 12:22:40 fetching corpus: 8746, signal 190304/197258 (executing program)
2025/09/01 12:22:40 fetching corpus: 8796, signal 190673/197260 (executing program)
2025/09/01 12:22:40 fetching corpus: 8846, signal 191003/197269 (executing program)
2025/09/01 12:22:41 fetching corpus: 8896, signal 191240/197283 (executing program)
2025/09/01 12:22:41 fetching corpus: 8946, signal 191567/197286 (executing program)
2025/09/01 12:22:41 fetching corpus: 8996, signal 191797/197287 (executing program)
2025/09/01 12:22:41 fetching corpus: 9046, signal 192030/197287 (executing program)
2025/09/01 12:22:41 fetching corpus: 9096, signal 192269/197287 (executing program)
2025/09/01 12:22:41 fetching corpus: 9146, signal 192506/197287 (executing program)
2025/09/01 12:22:41 fetching corpus: 9196, signal 192756/197291 (executing program)
2025/09/01 12:22:41 fetching corpus: 9246, signal 192982/197291 (executing program)
2025/09/01 12:22:41 fetching corpus: 9296, signal 193234/197295 (executing program)
2025/09/01 12:22:41 fetching corpus: 9345, signal 193617/197310 (executing program)
2025/09/01 12:22:41 fetching corpus: 9395, signal 193842/197311 (executing program)
2025/09/01 12:22:42 fetching corpus: 9441, signal 193975/197311 (executing program)
2025/09/01 12:22:42 fetching corpus: 9441, signal 193975/197311 (executing program)
2025/09/01 12:22:44 starting 8 fuzzer processes
12:22:44 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETLED(r0, 0x4b32, 0x0)

12:22:44 executing program 1:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x2000)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
fcntl$setstatus(r1, 0x4, 0x42000)

12:22:44 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

12:22:44 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @dev}, {0x0, 0x4e20, 0x8}}}}}, 0x0)

[   89.072795] audit: type=1400 audit(1756729364.379:7): avc:  denied  { execmem } for  pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:22:44 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r0, 0x11, 0x66, &(0x7f0000000000), 0x4)

12:22:44 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x89b0, &(0x7f0000000080)={'lo\x00', &(0x7f0000000000)=@ethtool_coalesce})

12:22:44 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000040)=0x3, 0x4)

12:22:44 executing program 6:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f0000000200)=@ethtool_perm_addr={0x20, 0x6, "d8246ba375d1"}})

[   90.227186] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   90.231344] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   90.233471] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   90.240024] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   90.242412] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   90.282087] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   90.286010] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   90.287766] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   90.292942] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   90.295609] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   90.489967] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   90.511654] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   90.516368] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   90.534002] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   90.563789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   90.565687] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   90.573073] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   90.581704] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   90.584902] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   90.587620] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   90.589096] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   90.594763] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   90.599803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   90.608999] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   90.611750] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   90.615723] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   90.619680] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   90.625369] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   90.626783] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   90.628072] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   90.629486] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   90.639867] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   90.641323] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   90.646605] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   90.660425] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   90.662018] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   90.671664] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   90.673053] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   90.697733] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   90.711316] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   92.256801] Bluetooth: hci0: command tx timeout
[   92.320154] Bluetooth: hci1: command tx timeout
[   92.641326] Bluetooth: hci2: command tx timeout
[   92.704280] Bluetooth: hci3: command tx timeout
[   92.768197] Bluetooth: hci5: command tx timeout
[   92.768710] Bluetooth: hci4: command tx timeout
[   92.834241] Bluetooth: hci7: command tx timeout
[   92.834758] Bluetooth: hci6: command tx timeout
[   94.304963] Bluetooth: hci0: command tx timeout
[   94.369230] Bluetooth: hci1: command tx timeout
[   94.688262] Bluetooth: hci2: command tx timeout
[   94.752196] Bluetooth: hci3: command tx timeout
[   94.817236] Bluetooth: hci5: command tx timeout
[   94.817622] Bluetooth: hci4: command tx timeout
[   94.880171] Bluetooth: hci7: command tx timeout
[   94.880572] Bluetooth: hci6: command tx timeout
[   96.353163] Bluetooth: hci0: command tx timeout
[   96.416310] Bluetooth: hci1: command tx timeout
[   96.736218] Bluetooth: hci2: command tx timeout
[   96.800193] Bluetooth: hci3: command tx timeout
[   96.864372] Bluetooth: hci5: command tx timeout
[   96.865277] Bluetooth: hci4: command tx timeout
[   96.928670] Bluetooth: hci7: command tx timeout
[   96.929440] Bluetooth: hci6: command tx timeout
[   97.011066] kmemleak: Found object by alias at 0x607f1a6364c4
[   97.011090] CPU: 0 UID: 0 PID: 58 Comm: kworker/0:2 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[   97.011120] Tainted: [W]=WARN
[   97.011125] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   97.011136] Workqueue: cgwb_release cgwb_release_workfn
[   97.011162] Call Trace:
[   97.011168]  <TASK>
[   97.011173]  dump_stack_lvl+0xca/0x120
[   97.011203]  __lookup_object+0x94/0xb0
[   97.011227]  delete_object_full+0x27/0x70
[   97.011250]  free_percpu+0x30/0x1160
[   97.011277]  percpu_counter_destroy_many+0x188/0x2b0
[   97.011304]  cgwb_release_workfn+0x25b/0x900
[   97.011325]  process_one_work+0x8e1/0x19c0
[   97.011356]  ? __pfx_process_one_work+0x10/0x10
[   97.011375]  ? move_linked_works+0x172/0x270
[   97.011404]  ? assign_work+0x196/0x240
[   97.011425]  worker_thread+0x67e/0xe90
[   97.011445]  ? trace_irq_enable.constprop.0+0xc2/0x100
[   97.011469]  ? __pfx_worker_thread+0x10/0x10
[   97.011486]  kthread+0x3c8/0x740
[   97.011504]  ? __pfx_kthread+0x10/0x10
[   97.011516]  ? ret_from_fork+0x23/0x430
[   97.011536]  ? lock_release+0xc8/0x290
[   97.011551]  ? __pfx_kthread+0x10/0x10
[   97.011565]  ret_from_fork+0x34b/0x430
[   97.011582]  ? __pfx_kthread+0x10/0x10
[   97.011596]  ret_from_fork_asm+0x1a/0x30
[   97.011630]  </TASK>
[   97.011636] kmemleak: Object (percpu) 0x607f1a6364c0 (size 16):
[   97.011646] kmemleak:   comm "(sshd)", pid 214, jiffies 4294718159
[   97.011656] kmemleak:   min_count = 1
[   97.011661] kmemleak:   count = 0
[   97.011666] kmemleak:   flags = 0x21
[   97.011672] kmemleak:   checksum = 0
[   97.011677] kmemleak:   backtrace:
[   97.011682]  pcpu_alloc_noprof+0x87a/0x1170
[   97.011703]  mm_init+0x99b/0x1170
[   97.011715]  mm_alloc+0xa0/0xd0
[   97.011725]  alloc_bprm+0x2e3/0x6e0
[   97.011738]  do_execveat_common+0x235/0x770
[   97.011751]  __x64_sys_execve+0x95/0xc0
[   97.011764]  do_syscall_64+0xbf/0x360
[   97.011778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.402088] Bluetooth: hci0: command tx timeout
[   98.464552] Bluetooth: hci1: command tx timeout
[   98.785159] Bluetooth: hci2: command tx timeout
[   98.849225] Bluetooth: hci3: command tx timeout
[   98.913165] Bluetooth: hci5: command tx timeout
[   98.913633] Bluetooth: hci4: command tx timeout
[   98.976218] Bluetooth: hci7: command tx timeout
[   98.976758] Bluetooth: hci6: command tx timeout
[  100.309384] kmemleak: Cannot insert 0x607f1a6364c8 into the object search tree (overlaps existing)
[  100.309407] CPU: 1 UID: 0 PID: 285 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  100.309425] Tainted: [W]=WARN
[  100.309429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  100.309436] Call Trace:
[  100.309440]  <TASK>
[  100.309445]  dump_stack_lvl+0xca/0x120
[  100.309474]  __link_object+0x190/0x210
[  100.309493]  __create_object+0x48/0x80
[  100.309511]  pcpu_alloc_noprof+0x87a/0x1170
[  100.309536]  fib_nh_init+0x92/0x400
[  100.309554]  fib_create_info+0x2640/0x4320
[  100.309579]  ? __pfx_fib_create_info+0x10/0x10
[  100.309595]  ? fib_release_info+0x7e/0x900
[  100.309608]  ? fib_find_alias+0x1fc/0x270
[  100.309625]  fib_table_insert+0x137/0x1a80
[  100.309651]  ? __pfx_fib_table_insert+0x10/0x10
[  100.309669]  ? lock_acquire+0x15e/0x2f0
[  100.309683]  ? neigh_lookup+0xb2/0x6a0
[  100.309696]  ? find_held_lock+0x2b/0x80
[  100.309713]  ? neigh_lookup+0x3e9/0x6a0
[  100.309723]  ? lock_release+0xc8/0x290
[  100.309735]  ? lock_is_held_type+0x9e/0x120
[  100.309754]  ? fib_new_table+0xff/0x470
[  100.309768]  fib_magic+0x32b/0x3a0
[  100.309780]  ? __pfx_fib_magic+0x10/0x10
[  100.309798]  ? inetdev_event+0x188/0x1860
[  100.309815]  fib_add_ifaddr+0x170/0x590
[  100.309831]  fib_netdev_event+0x391/0x710
[  100.309846]  notifier_call_chain+0xc0/0x360
[  100.309863]  call_netdevice_notifiers_info+0xbe/0x140
[  100.309877]  __dev_notify_flags+0x11f/0x2d0
[  100.309894]  ? __pfx___dev_notify_flags+0x10/0x10
[  100.309909]  ? __dev_change_flags+0x4cd/0x6e0
[  100.309927]  ? __pfx___dev_change_flags+0x10/0x10
[  100.309944]  ? do_setlink.constprop.0+0x8b2/0x3df0
[  100.309962]  ? lock_release+0xc8/0x290
[  100.309978]  netif_change_flags+0x109/0x170
[  100.309996]  do_setlink.constprop.0+0xc4d/0x3df0
[  100.310020]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  100.310045]  ? __lock_acquire+0xc65/0x1b70
[  100.310060]  ? lock_release+0xc8/0x290
[  100.310075]  ? __mutex_trylock_common+0xf9/0x260
[  100.310091]  ? __pfx___mutex_trylock_common+0x10/0x10
[  100.310114]  ? trace_contention_end+0xca/0x110
[  100.310129]  ? __mutex_lock+0x166/0x1020
[  100.310146]  ? rtnl_newlink+0x877/0x1f30
[  100.310171]  ? ns_capable+0x20/0x120
[  100.310189]  ? netlink_ns_capable+0x101/0x140
[  100.310209]  rtnl_newlink+0x14a8/0x1f30
[  100.310231]  ? __pfx_rtnl_newlink+0x10/0x10
[  100.310247]  ? find_held_lock+0x2b/0x80
[  100.310264]  ? avc_has_perm_noaudit+0x11b/0x3d0
[  100.310284]  ? lock_release+0xc8/0x290
[  100.310300]  ? avc_has_perm_noaudit+0x150/0x3d0
[  100.310321]  ? cred_has_capability.isra.0+0x1be/0x2c0
[  100.310339]  ? __lock_acquire+0x694/0x1b70
[  100.310358]  ? lock_acquire+0x15e/0x2f0
[  100.310371]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  100.310388]  ? find_held_lock+0x2b/0x80
[  100.310404]  ? __pfx_rtnl_newlink+0x10/0x10
[  100.310421]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  100.310438]  ? lock_release+0xc8/0x290
[  100.310451]  ? __pfx_rtnl_newlink+0x10/0x10
[  100.310470]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  100.310489]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  100.310511]  ? __lock_acquire+0x694/0x1b70
[  100.310527]  netlink_rcv_skb+0x147/0x430
[  100.310545]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  100.310564]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  100.310581]  ? netlink_deliver_tap+0x103/0xce0
[  100.310604]  ? netlink_deliver_tap+0x1ae/0xce0
[  100.310620]  ? selinux_netlink_send+0x507/0x880
[  100.310634]  ? is_vmalloc_addr+0x86/0xa0
[  100.310655]  netlink_unicast+0x5a7/0x870
[  100.310676]  ? __pfx_netlink_unicast+0x10/0x10
[  100.310700]  netlink_sendmsg+0x8ac/0xd80
[  100.310721]  ? __pfx_netlink_sendmsg+0x10/0x10
[  100.310746]  __sys_sendto+0x506/0x570
[  100.310764]  ? __pfx___sys_sendto+0x10/0x10
[  100.310793]  ? fput_close_sync+0x114/0x240
[  100.310810]  ? __pfx_fput_close_sync+0x10/0x10
[  100.310826]  ? dnotify_flush+0x79/0x4c0
[  100.310841]  __x64_sys_sendto+0xe1/0x1c0
[  100.310857]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  100.310872]  do_syscall_64+0xbf/0x360
[  100.310884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.310897] RIP: 0033:0x7f66618888ac
[  100.310906] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b
[  100.310917] RSP: 002b:00007ffd444413b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  100.310929] RAX: ffffffffffffffda RBX: 00007f6662921320 RCX: 00007f66618888ac
[  100.310937] RDX: 000000000000002c RSI: 00007f6662921370 RDI: 0000000000000003
[  100.310944] RBP: 0000000000000000 R08: 00007ffd44441404 R09: 000000000000000c
[  100.310951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.310957] R13: 00007f6662921370 R14: 0000000000000003 R15: 0000000000000000
[  100.310973]  </TASK>
[  100.311569] kmemleak: Kernel memory leak detector disabled
[  100.311573] kmemleak: Object (percpu) 0x607f1a6364c0 (size 16):
[  100.311580] kmemleak:   comm "(sshd)", pid 214, jiffies 4294718159
[  100.311587] kmemleak:   min_count = 1
[  100.311590] kmemleak:   count = 0
[  100.311594] kmemleak:   flags = 0x21
[  100.311598] kmemleak:   checksum = 0
[  100.311601] kmemleak:   backtrace:
[  100.311605]  pcpu_alloc_noprof+0x87a/0x1170
[  100.311621]  mm_init+0x99b/0x1170
[  100.311631]  mm_alloc+0xa0/0xd0
[  100.311639]  alloc_bprm+0x2e3/0x6e0
[  100.311649]  do_execveat_common+0x235/0x770
[  100.311658]  __x64_sys_execve+0x95/0xc0
[  100.311668]  do_syscall_64+0xbf/0x360
[  100.311678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.369520] kmemleak: Found object by alias at 0x607f1a6364c8
[  100.369546] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  100.369584] Tainted: [W]=WARN
[  100.369591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  100.369605] Call Trace:
[  100.369612]  <TASK>
[  100.369621]  dump_stack_lvl+0xca/0x120
[  100.369663]  __lookup_object+0x94/0xb0
[  100.369696]  delete_object_full+0x27/0x70
[  100.369731]  free_percpu+0x30/0x1160
[  100.369767]  ? rt_fibinfo_free_cpus.part.0+0x136/0x1a0
[  100.369801]  fib_nh_common_release+0xa8/0x2c0
[  100.369830]  ? rcu_core+0x723/0x1800
[  100.369864]  free_fib_info_rcu+0x1cd/0x430
[  100.369898]  ? rcu_core+0x7c3/0x1800
[  100.369927]  rcu_core+0x7c8/0x1800
[  100.369966]  ? __pfx_rcu_core+0x10/0x10
[  100.369998]  ? lock_release+0xc8/0x290
[  100.370036]  handle_softirqs+0x1b1/0x770
[  100.370080]  ? __pfx_run_ksoftirqd+0x10/0x10
[  100.370127]  ? smpboot_thread_fn+0x371/0x9d0
[  100.370164]  run_ksoftirqd+0x2e/0x60
[  100.370201]  smpboot_thread_fn+0x41d/0x9d0
[  100.370242]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  100.370284]  kthread+0x3c8/0x740
[  100.370311]  ? __pfx_kthread+0x10/0x10
[  100.370336]  ? ret_from_fork+0x23/0x430
[  100.370376]  ? lock_release+0xc8/0x290
[  100.370405]  ? __pfx_kthread+0x10/0x10
[  100.370434]  ret_from_fork+0x34b/0x430
[  100.370471]  ? __pfx_kthread+0x10/0x10
[  100.370498]  ret_from_fork_asm+0x1a/0x30
[  100.370547]  </TASK>
[  100.370554] kmemleak: Object (percpu) 0x607f1a6364c0 (size 16):
[  100.370569] kmemleak:   comm "(sshd)", pid 214, jiffies 4294718159
[  100.370584] kmemleak:   min_count = 1
[  100.370592] kmemleak:   count = 0
[  100.370600] kmemleak:   flags = 0x21
[  100.370608] kmemleak:   checksum = 0
[  100.370615] kmemleak:   backtrace:
[  100.370621]  pcpu_alloc_noprof+0x87a/0x1170
[  100.370655]  mm_init+0x99b/0x1170
[  100.370673]  mm_alloc+0xa0/0xd0
[  100.370692]  alloc_bprm+0x2e3/0x6e0
[  100.370710]  do_execveat_common+0x235/0x770
[  100.370732]  __x64_sys_execve+0x95/0xc0
[  100.370753]  do_syscall_64+0xbf/0x360
[  100.370773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.309704] kmemleak: Automatic memory scanning thread ended
[  115.236776] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.237484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.349043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.349769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.488078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.489043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.565579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.566289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.572412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.573070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.668896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.669790] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:23:11 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
lsetxattr$security_capability(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

[  115.717819] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.718406] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.730784] audit: type=1400 audit(1756729391.037:8): avc:  denied  { open } for  pid=3852 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  115.732642] audit: type=1400 audit(1756729391.037:9): avc:  denied  { kernel } for  pid=3852 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  115.796150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.796957] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:23:11 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
lsetxattr$security_capability(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

12:23:11 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

[  115.890267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.890930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:23:11 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
lsetxattr$security_capability(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

12:23:11 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

[  115.995311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.995981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:23:11 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
lsetxattr$security_capability(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

12:23:11 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

12:23:11 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000040)=0x3, 0x4)

[  116.133161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.133796] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.222525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.223186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.243898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.244736] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.266384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.267060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.302030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.302726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.334022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.334745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:23:11 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af3010004", 0x2d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

12:23:11 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

12:23:11 executing program 1:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_TTY(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x464, 0x6}, 0x10}}, 0x0)

12:23:11 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

12:23:11 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00')

12:23:11 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000040)=0x3, 0x4)

12:23:11 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'wlan0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}})

12:23:11 executing program 3:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

12:23:11 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00')

12:23:11 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

12:23:11 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000040)=0x3, 0x4)

12:23:11 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x3}, 0x4)

12:23:11 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

[  116.497619] loop6: detected capacity change from 0 to 2048
12:23:11 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'wlan0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}})

[  116.521816] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #2: comm syz-executor.6: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  116.523558] EXT4-fs (loop6): get root inode failed
[  116.523932] EXT4-fs (loop6): mount failed
12:23:11 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00')

[  116.549958] loop6: detected capacity change from 0 to 2048
12:23:11 executing program 3:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

[  116.557734] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #2: comm syz-executor.6: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  116.562505] EXT4-fs (loop6): get root inode failed
[  116.562901] EXT4-fs (loop6): mount failed
12:23:11 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCGSND(r0, 0x400445a0, &(0x7f0000000180)=""/44)

12:23:11 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_buf(r0, 0x1, 0x4c, 0x0, &(0x7f00000000c0))

12:23:11 executing program 3:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

12:23:11 executing program 7:
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0)
unshare(0x4040000)

12:23:11 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00')

12:23:11 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

12:23:11 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'wlan0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}})

12:23:11 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af3010004", 0x2d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

[  116.689336] loop6: detected capacity change from 0 to 2048
[  116.690792] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
[  116.691669] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  116.692266] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  116.693213] Tainted: [W]=WARN
[  116.693464] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.697519] RIP: 0010:__queue_work+0x202/0x1240
[  116.697898] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  116.699303] RSP: 0018:ffff888017267398 EFLAGS: 00010056
[  116.699718] RAX: 0000000000000000 RBX: ffff888045ae1218 RCX: ffffc900086cd000
[  116.700271] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  116.700833] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  116.701385] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  116.701938] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880172c1800
[  116.702489] FS:  00007f7f16dbd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  116.703118] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.703570] CR2: 00007f7f16dbe000 CR3: 0000000013af5000 CR4: 0000000000350ef0
[  116.704124] Call Trace:
[  116.704330]  <TASK>
[  116.704513]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  116.704898]  queue_work_on+0xd0/0xe0
[  116.705205]  loop_queue_rq+0x5c8/0x1180
[  116.705529]  __blk_mq_issue_directly+0xd5/0x260
[  116.705906]  ? __pfx___blk_mq_issue_directly+0x10/0x10
[  116.706324]  ? bdev_count_inflight_rw.part.0+0x5f/0x380
[  116.706747]  blk_mq_request_issue_directly+0x11c/0x1e0
[  116.707166]  blk_mq_issue_direct+0x192/0x640
12:23:11 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'wlan0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}})

[  116.707598]  blk_mq_dispatch_queue_requests+0x4b0/0x7c0
[  116.708117]  blk_mq_flush_plug_list+0x1ec/0x5b0
[  116.708492]  ? read_tsc+0x9/0x20
[  116.708777]  ? ktime_get+0x16d/0x270
[  116.709079]  ? trace_block_plug+0x149/0x1b0
[  116.709427]  ? blk_add_rq_to_plug+0x234/0x550
[  116.709785]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  116.710192]  ? blk_mq_submit_bio+0x4fd/0x2220
[  116.710550]  __blk_flush_plug+0x25c/0x460
[  116.710880]  ? __pfx___blk_flush_plug+0x10/0x10
[  116.711250]  __submit_bio+0x480/0x5b0
[  116.711552]  ? __pfx___submit_bio+0x10/0x10
[  116.711895]  ? read_tsc+0x9/0x20
[  116.712173]  ? ktime_get+0x16d/0x270
[  116.712474]  submit_bio_noacct_nocheck+0x68e/0xcb0
[  116.712868]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  116.713296]  submit_bio_noacct+0x359/0x1350
[  116.713636]  ? __pfx_end_buffer_read_sync+0x10/0x10
[  116.714032]  ext4_read_bh+0x15a/0x2e0
[  116.714343]  ext4_read_bh_lock+0x7a/0xd0
[  116.714667]  ext4_sb_bread_unmovable+0x172/0x260
[  116.715045]  ext4_fill_super+0x662/0xba20
[  116.715383]  ? wake_bit_function+0x210/0x240
[  116.715742]  ? snprintf+0xbe/0x100
[  116.716037]  ? __pfx_snprintf+0x10/0x10
[  116.716363]  ? __pfx_ext4_fill_super+0x10/0x10
[  116.716739]  ? find_held_lock+0x2b/0x80
[  116.717058]  ? setup_bdev_super+0x2ed/0x6e0
[  116.717414]  ? set_blocksize+0x1b4/0x470
[  116.717735]  ? lock_release+0xc8/0x290
[  116.718048]  ? sb_set_blocksize+0x177/0x1c0
[  116.718392]  ? setup_bdev_super+0x31f/0x6e0
[  116.718741]  get_tree_bdev_flags+0x38a/0x620
[  116.719092]  ? __pfx_ext4_fill_super+0x10/0x10
[  116.719461]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  116.719847]  ? cap_capable+0xdb/0x3b0
[  116.720156]  ? security_capable+0x2f/0x90
[  116.720496]  vfs_get_tree+0x93/0x340
[  116.720805]  path_mount+0x132d/0x1dd0
[  116.721113]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  116.721527]  ? __pfx_path_mount+0x10/0x10
[  116.721857]  ? kmem_cache_free+0x2a1/0x540
[  116.722190]  ? putname.part.0+0x11b/0x160
[  116.722526]  ? getname_flags.part.0+0x1c6/0x540
[  116.722900]  ? putname.part.0+0x11b/0x160
[  116.723233]  __x64_sys_mount+0x27b/0x300
[  116.723559]  ? __pfx___x64_sys_mount+0x10/0x10
[  116.723928]  do_syscall_64+0xbf/0x360
[  116.724232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.724642] RIP: 0033:0x7f7f1984904a
[  116.724937] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  116.726346] RSP: 002b:00007f7f16dbcfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  116.726939] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7f1984904a
[  116.727499] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7f16dbd000
[  116.728054] RBP: 00007f7f16dbd040 R08: 00007f7f16dbd040 R09: 0000000020000000
[  116.728611] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  116.729171] R13: 0000000020000100 R14: 00007f7f16dbd000 R15: 0000000020013b00
[  116.729730]  </TASK>
[  116.729916] Modules linked in:
[  116.730174] ---[ end trace 0000000000000000 ]---
[  116.730546] RIP: 0010:__queue_work+0x202/0x1240
[  116.730917] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  116.732318] RSP: 0018:ffff888017267398 EFLAGS: 00010056
[  116.732743] RAX: 0000000000000000 RBX: ffff888045ae1218 RCX: ffffc900086cd000
[  116.733305] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  116.733855] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  116.734411] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  116.734967] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880172c1800
[  116.735523] FS:  00007f7f16dbd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  116.736149] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.736604] CR2: 00007f7f16dbe000 CR3: 0000000013af5000 CR4: 0000000000350ef0
[  116.737166] note: syz-executor.6[3964] exited with irqs disabled
[  116.737910] note: syz-executor.6[3964] exited with preempt_count 1
[  116.738798] ------------[ cut here ]------------
[  116.739267] WARNING: kernel/exit.c:898 at do_exit+0x1c36/0x2970, CPU#1: syz-executor.6/3964
[  116.739926] Modules linked in:
[  116.740254] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  116.741213] Tainted: [D]=DIE, [W]=WARN
[  116.741517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.742171] RIP: 0010:do_exit+0x1c36/0x2970
[  116.742519] Code: 96 0a 00 00 c7 43 18 00 00 00 00 e9 21 e6 ff ff e8 ef b3 38 00 bf 02 24 00 00 e8 f5 ab 0b 00 e9 41 ff ff ff e8 db b3 38 00 90 <0f> 0b 90 e9 87 e4 ff ff e8 cd b3 38 00 4c 89 e6 bf 05 06 00 00 e8
[  116.743946] RSP: 0018:ffff888017267e40 EFLAGS: 00010216
[  116.744384] RAX: 000000000003db97 RBX: 0000000000000200 RCX: ffffc900086cd000
[  116.744947] RDX: 0000000000040000 RSI: ffffffff813b42d5 RDI: ffff888017e148e8
[  116.745523] RBP: ffff888017e13700 R08: 0000000000000001 R09: fffffbfff0f126d8
[  116.746081] R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000000b
[  116.746655] R13: 0000000000002710 R14: dffffc0000000000 R15: 0000000000000000
[  116.747233] FS:  00007f7f16dbd700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  116.747862] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.748335] CR2: 00007f7f16dbe000 CR3: 0000000013af5000 CR4: 0000000000350ef0
[  116.748901] Call Trace:
[  116.749125]  <TASK>
[  116.749319]  ? _printk+0xbe/0xf0
[  116.749596]  ? __pfx__printk+0x10/0x10
[  116.749909]  ? __pfx_do_exit+0x10/0x10
[  116.750244]  make_task_dead+0x174/0x3b0
[  116.750568]  ? do_syscall_64+0xbf/0x360
[  116.750887]  rewind_stack_and_make_dead+0x16/0x20
[  116.751293] RIP: 0033:0x7f7f1984904a
[  116.751589] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  116.753038] RSP: 002b:00007f7f16dbcfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  116.753651] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7f1984904a
[  116.754231] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7f16dbd000
[  116.754790] RBP: 00007f7f16dbd040 R08: 00007f7f16dbd040 R09: 0000000020000000
[  116.755375] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  116.755931] R13: 0000000020000100 R14: 00007f7f16dbd000 R15: 0000000020013b00
[  116.756507]  </TASK>
[  116.756711] irq event stamp: 350
[  116.756977] hardirqs last  enabled at (349): [<ffffffff816263b7>] ktime_get+0x1c7/0x270
[  116.757620] hardirqs last disabled at (350): [<ffffffff84be30a2>] _raw_spin_lock_irq+0x42/0x50
[  116.758310] softirqs last  enabled at (276): [<ffffffff812c76d9>] kernel_fpu_end+0x59/0x70
[  116.758953] softirqs last disabled at (274): [<ffffffff812c8817>] kernel_fpu_begin_mask+0x1b7/0x290
[  116.759670] ---[ end trace 0000000000000000 ]---
[  116.760043] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
[  116.760760] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor.6
[  116.761435] preempt_count: 0, expected: 0
[  116.761757] RCU nest depth: 2, expected: 0
[  116.762083] INFO: lockdep is turned off.
[  116.762412] CPU: 1 UID: 0 PID: 3964 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  116.762430] Tainted: [D]=DIE, [W]=WARN
[  116.762434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  116.762440] Call Trace:
[  116.762444]  <TASK>
[  116.762448]  dump_stack_lvl+0xfa/0x120
[  116.762468]  __might_resched+0x2f3/0x510
[  116.762482]  exit_signals+0x25/0x940
[  116.762500]  do_exit+0x2db/0x2970
[  116.762513]  ? _printk+0xbe/0xf0
[  116.762525]  ? __pfx__printk+0x10/0x10
[  116.762538]  ? __pfx_do_exit+0x10/0x10
[  116.762554]  make_task_dead+0x174/0x3b0
[  116.762567]  ? do_syscall_64+0xbf/0x360
[  116.762578]  rewind_stack_and_make_dead+0x16/0x20
[  116.762594] RIP: 0033:0x7f7f1984904a
[  116.762602] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  116.762613] RSP: 002b:00007f7f16dbcfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  116.762623] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7f1984904a
[  116.762631] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7f16dbd000
[  116.762638] RBP: 00007f7f16dbd040 R08: 00007f7f16dbd040 R09: 0000000020000000
[  116.762646] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
[  116.762653] R13: 0000000020000100 R14: 00007f7f16dbd000 R15: 0000000020013b00
[  116.762664]  </TASK>
12:23:12 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_buf(r0, 0x1, 0x4c, 0x0, &(0x7f00000000c0))

12:23:12 executing program 1:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454e2, &(0x7f00000000c0))

12:23:12 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0x5)
setuid(r1)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

12:23:12 executing program 0:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x1c)
getsockopt$inet6_buf(r2, 0x29, 0x3d, &(0x7f0000000100)=""/160, &(0x7f00000001c0)=0xa0)

12:23:12 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=<r0=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_FLAGS(r0, 0x0, &(0x7f0000000280), 0x0, 0x4)

12:23:12 executing program 5:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_buf(r0, 0x1, 0x4c, 0x0, &(0x7f00000000c0))

12:23:12 executing program 3:
ppoll(&(0x7f0000000000)=[{}, {}, {}], 0x3, &(0x7f00000000c0), &(0x7f0000000100), 0xfffffffffffffd00)

12:23:12 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000500000000f000000000000000200000006000000000008000080000020000000dcf4655fdcf4655f0100ffff53ef010001000000dbf4655f000000000000000001000000000000000b0000008000000018000000c20500002b82", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000039c043f6970341999833e8e90d2470c4010040", 0x1f, 0x4e0}, {&(0x7f0000010200)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012500)="ed41000000100000dbf4655fdcf4655fdcf4655f00000000000004008000000000000800050000000af3010004", 0x2d, 0x4080}, {&(0x7f0000013000)="504d4d00504d4dff", 0x8, 0x40000}, {0x0, 0x0, 0x80000}], 0x0, &(0x7f0000013b00))

12:23:12 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000007c0)={&(0x7f0000000700), 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x24, 0x1, 0x4, 0x201, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_NLBUFSIZ={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040040}, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000200)=@generic, &(0x7f0000000280)=0x80)
sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

[  117.603260] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  117.605283] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  117.606809] CPU: 0 UID: 0 PID: 3994 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.608930] Tainted: [D]=DIE, [W]=WARN
[  117.609684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.611288] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.612226] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.615294] RSP: 0018:ffff888009fe7780 EFLAGS: 00010012
[  117.616172] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90008cd0000
[  117.617353] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  117.618493] RBP: ffff888009fe79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15eb8
[  117.619626] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  117.620768] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[  117.621866] FS:  00007f1f829d0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.623010] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.623845] CR2: 00007fdd05f31000 CR3: 000000000ec9e000 CR4: 0000000000350ef0
[  117.624879] Call Trace:
[  117.625263]  <TASK>
[  117.625604]  ? lock_release+0x1c7/0x290
[  117.626186]  ? __pfx_perf_tp_event+0x10/0x10
[  117.626829]  ? lock_acquire+0x18c/0x2f0
[  117.627409]  ? lock_acquire+0x18c/0x2f0
[  117.627983]  ? lock_release+0x1c7/0x290
[  117.628578]  ? __is_insn_slot_addr+0x140/0x290
[  117.629262]  ? kernel_text_address+0x5b/0xc0
[  117.629907]  ? __kernel_text_address+0xd/0x40
[  117.630561]  ? unwind_get_return_address+0x59/0xa0
[  117.631294]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  117.632075]  ? arch_stack_walk+0x9c/0xf0
[  117.632691]  ? lock_acquire+0x18c/0x2f0
12:23:12 executing program 1:
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454e2, &(0x7f00000000c0))

[  117.633458]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.634182]  ? __might_fault+0xe0/0x190
[  117.634767]  perf_trace_run_bpf_submit+0xef/0x180
[  117.635468]  perf_trace_preemptirq_template+0x259/0x430
[  117.636227]  ? __pick_eevdf+0x326/0x570
[  117.636824]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  117.637668]  ? update_curr+0x39e/0x500
[  117.638243]  ? check_preempt_wakeup_fair+0x406/0x950
[  117.638977]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  117.639712]  trace_irq_enable.constprop.0+0xa6/0x100
[  117.640437]  trace_hardirqs_on+0x26/0x40
[  117.641041]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  117.641753]  try_to_wake_up+0x8ae/0x11d0
[  117.642354]  ? __pfx_try_to_wake_up+0x10/0x10
[  117.643009]  ? plist_del+0x122/0x270
[  117.643555]  ? __futex_unqueue+0xda/0x1c0
[  117.644166]  wake_up_q+0xa1/0x130
[  117.644693]  futex_wake+0x47e/0x540
[  117.645243]  ? __pfx_futex_wake+0x10/0x10
[  117.645847]  ? __might_fault+0xe0/0x190
[  117.646434]  do_futex+0x26d/0x370
[  117.646950]  ? __pfx_do_futex+0x10/0x10
[  117.647523]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  117.648223]  __x64_sys_futex+0x1c9/0x4d0
[  117.648823]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  117.649654]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.650315]  ? __sys_getsockopt+0x146/0x1b0
[  117.650950]  do_syscall_64+0xbf/0x360
[  117.651500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.652236] RIP: 0033:0x7f1f8545ab19
[  117.652788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.655376] RSP: 002b:00007f1f829d0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.656461] RAX: ffffffffffffffda RBX: 00007f1f8556df68 RCX: 00007f1f8545ab19
[  117.657480] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1f8556df6c
[  117.658496] RBP: 00007f1f8556df60 R08: 000000000000005f R09: 0000000000000000
[  117.659495] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f1f8556df6c
[  117.660505] R13: 00007ffc37c0867f R14: 00007f1f829d0300 R15: 0000000000022000
[  117.661521]  </TASK>
[  117.661868] Modules linked in:
[  117.662340] ---[ end trace 0000000000000000 ]---
[  117.662344] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI
[  117.663005] RIP: 0010:__queue_work+0x202/0x1240
[  117.664593] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  117.665261] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  117.666326] CPU: 1 UID: 0 PID: 3991 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.668881] RSP: 0018:ffff888017267398 EFLAGS: 00010056
[  117.670533] Tainted: [D]=DIE, [W]=WARN
[  117.671272] RAX: 0000000000000000 RBX: ffff888045ae1218 RCX: ffffc900086cd000
[  117.671809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.672822] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  117.673965] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.674960] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  117.675606] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.676600] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  117.679194] RSP: 0018:ffff88801301f780 EFLAGS: 00010012
[  117.680198] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880172c1800
[  117.680218] FS:  00007f1f829d0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.680957] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  117.681972] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.683099] RDX: ffff888015d31b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  117.684106] CR2: 00007fdd05f31000 CR3: 000000000ec9e000 CR4: 0000000000350ef0
[  117.684944] RBP: ffff88801301f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd15eb8
[  117.685946] note: syz-executor.5[3994] exited with irqs disabled
[  117.686956] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  117.689839] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  117.690872] FS:  00005555932c5400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  117.692026] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.692871] CR2: 00007f2d769ff000 CR3: 000000000e5be000 CR4: 0000000000350ef0
[  117.693902] Call Trace:
[  117.694280]  <TASK>
[  117.694618]  ? __pfx_perf_tp_event+0x10/0x10
[  117.695286]  ? flush_tlb_func+0x3eb/0x560
[  117.695893]  ? smp_call_function_many_cond+0xf19/0x1110
[  117.696690]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  117.697458]  ? __pfx_flush_tlb_func+0x10/0x10
[  117.698112]  ? __pfx_flush_tlb_func+0x10/0x10
[  117.698781]  ? smp_call_function_many_cond+0x332/0x1110
[  117.699561]  ? __pfx_should_flush_tlb+0x10/0x10
[  117.700249]  ? __pfx_flush_tlb_func+0x10/0x10
[  117.700949]  ? css_rstat_updated+0x1b8/0x4d0
[  117.701604]  ? __pfx_css_rstat_updated+0x10/0x10
[  117.702310]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  117.703130]  ? trace_pelt_se_tp+0xdf/0x130
[  117.703755]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.704491]  ? place_entity+0x300/0x410
[  117.705083]  perf_trace_run_bpf_submit+0xef/0x180
[  117.705798]  perf_trace_preemptirq_template+0x259/0x430
[  117.706573]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  117.707415]  ? check_preempt_wakeup_fair+0x406/0x950
[  117.708161]  ? wakeup_preempt+0x140/0x2a0
[  117.708773]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  117.709516]  trace_irq_enable.constprop.0+0xa6/0x100
[  117.710251]  trace_hardirqs_on+0x26/0x40
[  117.710845]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  117.711588]  try_to_wake_up+0x8ae/0x11d0
[  117.712204]  ? __pfx_try_to_wake_up+0x10/0x10
[  117.712897]  ? plist_del+0x122/0x270
[  117.713469]  ? __futex_unqueue+0xda/0x1c0
[  117.714094]  wake_up_q+0xa1/0x130
[  117.714630]  futex_wake+0x47e/0x540
[  117.715190]  ? __pfx_futex_wake+0x10/0x10
[  117.715820]  ? __handle_mm_fault+0x753/0x3260
[  117.716508]  ? vma_start_read+0x25e/0x8e0
[  117.717144]  ? vma_start_read+0x304/0x8e0
[  117.717768]  ? __pfx___handle_mm_fault+0x10/0x10
[  117.718493]  do_futex+0x26d/0x370
[  117.719024]  ? __pfx_do_futex+0x10/0x10
[  117.719622]  ? count_memcg_events+0x32b/0x420
[  117.720308]  __x64_sys_futex+0x1c9/0x4d0
[  117.720934]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  117.721803]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  117.722508]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.723194]  ? lock_release+0x1c7/0x290
[  117.723801]  ? do_raw_spin_unlock+0x53/0x220
[  117.724475]  do_syscall_64+0xbf/0x360
[  117.725059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.725825] RIP: 0033:0x7f2d768efb19
[  117.726384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.729079] RSP: 002b:00007fff1ff73168 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.730200] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2d768efb19
[  117.731248] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2d76a02f68
[  117.732301] RBP: 00007f2d76a02f60 R08: 0000000000000000 R09: 0000000000000000
[  117.733359] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d76a07270
[  117.734416] R13: 00007fff1ff73270 R14: 00007f2d76a02f60 R15: 000000000001caf4
[  117.735476]  </TASK>
[  117.735830] Modules linked in:
[  117.736319] ---[ end trace 0000000000000000 ]---
[  117.736322] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[  117.737025] RIP: 0010:__queue_work+0x202/0x1240
[  117.738657] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  117.739334] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  117.740597] CPU: 0 UID: 0 PID: 3994 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.743251] RSP: 0018:ffff888017267398 EFLAGS: 00010056
[  117.744993] Tainted: [D]=DIE, [W]=WARN
[  117.745761] RAX: 0000000000000000 RBX: ffff888045ae1218 RCX: ffffc900086cd000
[  117.746334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.747330] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  117.748702] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.749696] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  117.750469] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.751465] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  117.754466] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[  117.755463] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880172c1800
[  117.755469] 
[  117.755484] FS:  00005555932c5400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  117.756339] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  117.757356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.757648] RDX: ffff88800e6dd280 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[  117.758773] CR2: 00007f2d769ff000 CR3: 000000000e5be000 CR4: 0000000000350ef0
[  117.759953] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15eb8
[  117.760766] note: syz-executor.3[3991] exited with irqs disabled
[  117.761942] R10: 0000000000000000 R11: ffff888015fde498 R12: dffffc0000000000
[  117.766254] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[  117.767439] FS:  00007f1f829d0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.768797] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.769761] CR2: 00007fdd05f31000 CR3: 000000000ec9e000 CR4: 0000000000350ef0
[  117.770949] Call Trace:
[  117.771400]  <IRQ>
[  117.771785]  ? __pfx_perf_tp_event+0x10/0x10
[  117.772544]  ? enqueue_task_fair+0xded/0x1e00
[  117.773326]  ? check_preempt_wakeup_fair+0x6e/0x950
[  117.774168]  ? wakeup_preempt+0x140/0x2a0
[  117.774859]  ? lock_release+0x1c7/0x290
[  117.775531]  ? lock_release+0x1c7/0x290
[  117.776211]  ? do_raw_spin_unlock+0x53/0x220
[  117.776982]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  117.777854]  ? try_to_wake_up+0x8ae/0x11d0
[  117.778575]  ? do_raw_spin_lock+0x123/0x260
[  117.779308]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  117.780103]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.780965]  perf_trace_run_bpf_submit+0xef/0x180
[  117.781795]  perf_trace_preemptirq_template+0x259/0x430
[  117.782687]  ? read_tsc+0x9/0x20
[  117.783279]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  117.784258]  ? clockevents_program_event+0x135/0x360
[  117.785140]  ? tick_program_event+0xac/0x140
[  117.785886]  ? handle_softirqs+0x16e/0x770
[  117.786611]  trace_irq_enable.constprop.0+0xa6/0x100
[  117.787472]  trace_hardirqs_on+0x26/0x40
[  117.788160]  handle_softirqs+0x16e/0x770
[  117.788873]  __irq_exit_rcu+0xc4/0x100
[  117.789551]  irq_exit_rcu+0x9/0x20
[  117.790159]  sysvec_apic_timer_interrupt+0x70/0x80
[  117.790990]  </IRQ>
[  117.791386]  <TASK>
[  117.791777]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  117.792685] RIP: 0010:make_task_dead+0xa2/0x3b0
[  117.793479] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 <e8> e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[  117.796465] RSP: 0018:ffff888009fe7f28 EFLAGS: 00000246
[  117.797368] RAX: 0000000000000001 RBX: ffff88800e6dd280 RCX: ffffffff817c3ab6
[  117.798541] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  117.799717] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  117.800911] R10: ffffffff8643b457 R11: 3838666666662052 R12: ffff88800e6dd280
[  117.802087] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[  117.803283]  ? trace_irq_enable.constprop.0+0x26/0x100
[  117.804174]  ? make_task_dead+0x214/0x3b0
[  117.804892]  ? make_task_dead+0x214/0x3b0
[  117.805593]  ? do_syscall_64+0xbf/0x360
[  117.806265]  rewind_stack_and_make_dead+0x16/0x20
[  117.807093] RIP: 0033:0x7f1f8545ab19
[  117.807718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.810737] RSP: 002b:00007f1f829d0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.811990] RAX: ffffffffffffffda RBX: 00007f1f8556df68 RCX: 00007f1f8545ab19
[  117.813191] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1f8556df6c
[  117.814391] RBP: 00007f1f8556df60 R08: 000000000000005f R09: 0000000000000000
[  117.815576] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f1f8556df6c
[  117.816775] R13: 00007ffc37c0867f R14: 00007f1f829d0300 R15: 0000000000022000
[  117.817967]  </TASK>
[  117.818365] Modules linked in:
[  117.818919] ---[ end trace 0000000000000000 ]---
[  117.818921] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#5] SMP KASAN NOPTI
[  117.819706] RIP: 0010:__queue_work+0x202/0x1240
[  117.821271] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  117.822035] Code: 48 8b 6d 00 e8 4f ee 79 03 31 ff 41 89 c5 89 c6 e8 c3 02 32 00 45 85 ed 0f 85 e1 05 00 00 e8 85 07 32 00 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 a0 0e 00 00 4c 8b 75 00 48 89 df 4c 89 34 24
[  117.823095] CPU: 1 UID: 0 PID: 3991 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.826057] RSP: 0018:ffff888017267398 EFLAGS: 00010056
[  117.827720] Tainted: [D]=DIE, [W]=WARN
[  117.827730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.828584] RAX: 0000000000000000 RBX: ffff888045ae1218 RCX: ffffc900086cd000
[  117.829133] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.830487] RDX: 0000000000040000 RSI: ffffffff8141ef2b RDI: 0000000000000005
[  117.831478] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.832239] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0f128f4
[  117.833247] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  117.836216] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  117.837224] 
[  117.837232] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  117.838097] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880172c1800
[  117.839097] RDX: ffff888015d31b80 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  117.839397] FS:  00007f1f829d0700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.840390] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd15eb8
[  117.841560] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.842553] R10: 0000000000000000 R11: ffff88801bd37c98 R12: dffffc0000000000
[  117.843878] CR2: 00007fdd05f31000 CR3: 000000000ec9e000 CR4: 0000000000350ef0
[  117.844876] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[  117.845851] Kernel panic - not syncing: Fatal exception in interrupt
[  118.934306] Shutting down cpus with NMI
[  118.936610] Kernel Offset: disabled
[  118.936949] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
12:23:12  Registers:
info registers vcpu 0
RAX=0000000000000040 RBX=ffffea0000d592c0 RCX=ffffffff81a297df RDX=ffff88801bf25280
RSI=ffffffff81a2980d RDI=0000000000000007 RBP=0000000000000001 RSP=ffff8880109bf628
R8 =0000000000000000 R9 =fffff940001ab258 R10=0000000000000000 R11=1ffff1100d9c6f7b
R12=ffffea0000d592c0 R13=ffffea0000d592c0 R14=ffff88800e596b40 R15=ffffea0000d592f0
RIP=ffffffff81a29819 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdd06e6e3a4 CR3=000000003811a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888017266d28
R8 =0000000000000000 R9 =ffffed10014ef046 R10=0000000000000064 R11=6572617764726148
R12=0000000000000064 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7f16dbd700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe6d00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7f16dbe000 CR3=0000000013af5000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=65756e69746e6f633d73726f7272652c XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=ffffffffffffffffffffffffffffffff XMM05=000b0000000000000001000000000000
XMM06=00005f65f4db000000010001ef53ffff XMM07=00015f65f4dc5f65f4dc000000200000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000