Warning: Permanently added '[localhost]:24519' (ECDSA) to the list of known hosts.
2025/09/01 12:07:41 fuzzer started
2025/09/01 12:07:41 dialing manager at localhost:35473
syzkaller login: [   49.886949] cgroup: Unknown subsys name 'net'
[   50.001212] cgroup: Unknown subsys name 'cpuset'
[   50.014988] cgroup: Unknown subsys name 'rlimit'
2025/09/01 12:07:52 syscalls: 2214
2025/09/01 12:07:52 code coverage: enabled
2025/09/01 12:07:52 comparison tracing: enabled
2025/09/01 12:07:52 extra coverage: enabled
2025/09/01 12:07:52 setuid sandbox: enabled
2025/09/01 12:07:52 namespace sandbox: enabled
2025/09/01 12:07:52 Android sandbox: enabled
2025/09/01 12:07:52 fault injection: enabled
2025/09/01 12:07:52 leak checking: enabled
2025/09/01 12:07:52 net packet injection: enabled
2025/09/01 12:07:52 net device setup: enabled
2025/09/01 12:07:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 12:07:52 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 12:07:52 USB emulation: enabled
2025/09/01 12:07:52 hci packet injection: enabled
2025/09/01 12:07:52 wifi device emulation: enabled
2025/09/01 12:07:52 802.15.4 emulation: enabled
2025/09/01 12:07:52 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 12:07:52 fetching corpus: 50, signal 25547/29027 (executing program)
2025/09/01 12:07:52 fetching corpus: 100, signal 30874/35944 (executing program)
2025/09/01 12:07:52 fetching corpus: 150, signal 38732/45144 (executing program)
2025/09/01 12:07:52 fetching corpus: 200, signal 46343/53962 (executing program)
2025/09/01 12:07:52 fetching corpus: 250, signal 50986/59858 (executing program)
2025/09/01 12:07:52 fetching corpus: 300, signal 56183/66129 (executing program)
2025/09/01 12:07:52 fetching corpus: 350, signal 61272/72267 (executing program)
2025/09/01 12:07:52 fetching corpus: 400, signal 64903/76928 (executing program)
2025/09/01 12:07:52 fetching corpus: 450, signal 67517/80609 (executing program)
2025/09/01 12:07:53 fetching corpus: 500, signal 71052/85051 (executing program)
2025/09/01 12:07:53 fetching corpus: 550, signal 76039/90669 (executing program)
2025/09/01 12:07:53 fetching corpus: 600, signal 78145/93733 (executing program)
2025/09/01 12:07:53 fetching corpus: 650, signal 80742/97157 (executing program)
2025/09/01 12:07:53 fetching corpus: 700, signal 83970/101058 (executing program)
2025/09/01 12:07:53 fetching corpus: 750, signal 85732/103636 (executing program)
2025/09/01 12:07:53 fetching corpus: 800, signal 87223/105983 (executing program)
2025/09/01 12:07:53 fetching corpus: 850, signal 88860/108458 (executing program)
2025/09/01 12:07:53 fetching corpus: 900, signal 90952/111278 (executing program)
2025/09/01 12:07:53 fetching corpus: 950, signal 92653/113698 (executing program)
2025/09/01 12:07:53 fetching corpus: 1000, signal 94946/116517 (executing program)
2025/09/01 12:07:54 fetching corpus: 1050, signal 96533/118781 (executing program)
2025/09/01 12:07:54 fetching corpus: 1100, signal 98624/121395 (executing program)
2025/09/01 12:07:54 fetching corpus: 1150, signal 100604/123901 (executing program)
2025/09/01 12:07:54 fetching corpus: 1200, signal 102405/126177 (executing program)
2025/09/01 12:07:54 fetching corpus: 1250, signal 103470/127920 (executing program)
2025/09/01 12:07:54 fetching corpus: 1300, signal 104577/129628 (executing program)
2025/09/01 12:07:54 fetching corpus: 1350, signal 106219/131719 (executing program)
2025/09/01 12:07:54 fetching corpus: 1400, signal 107057/133181 (executing program)
2025/09/01 12:07:54 fetching corpus: 1450, signal 107930/134702 (executing program)
2025/09/01 12:07:54 fetching corpus: 1500, signal 109389/136581 (executing program)
2025/09/01 12:07:54 fetching corpus: 1550, signal 110693/138252 (executing program)
2025/09/01 12:07:54 fetching corpus: 1600, signal 111794/139876 (executing program)
2025/09/01 12:07:55 fetching corpus: 1650, signal 112804/141390 (executing program)
2025/09/01 12:07:55 fetching corpus: 1700, signal 114793/143530 (executing program)
2025/09/01 12:07:55 fetching corpus: 1750, signal 116233/145227 (executing program)
2025/09/01 12:07:55 fetching corpus: 1800, signal 118002/147147 (executing program)
2025/09/01 12:07:55 fetching corpus: 1850, signal 119452/148825 (executing program)
2025/09/01 12:07:55 fetching corpus: 1900, signal 120529/150311 (executing program)
2025/09/01 12:07:55 fetching corpus: 1950, signal 121298/151546 (executing program)
2025/09/01 12:07:55 fetching corpus: 2000, signal 122361/152929 (executing program)
2025/09/01 12:07:55 fetching corpus: 2050, signal 123048/154111 (executing program)
2025/09/01 12:07:55 fetching corpus: 2100, signal 124346/155572 (executing program)
2025/09/01 12:07:56 fetching corpus: 2150, signal 125191/156768 (executing program)
2025/09/01 12:07:56 fetching corpus: 2200, signal 125784/157773 (executing program)
2025/09/01 12:07:56 fetching corpus: 2250, signal 126822/159072 (executing program)
2025/09/01 12:07:56 fetching corpus: 2300, signal 128715/160760 (executing program)
2025/09/01 12:07:56 fetching corpus: 2350, signal 129570/161884 (executing program)
2025/09/01 12:07:56 fetching corpus: 2400, signal 130353/163010 (executing program)
2025/09/01 12:07:56 fetching corpus: 2450, signal 131746/164405 (executing program)
2025/09/01 12:07:56 fetching corpus: 2500, signal 132846/165599 (executing program)
2025/09/01 12:07:56 fetching corpus: 2550, signal 133702/166692 (executing program)
2025/09/01 12:07:56 fetching corpus: 2600, signal 134767/167816 (executing program)
2025/09/01 12:07:56 fetching corpus: 2650, signal 135584/168804 (executing program)
2025/09/01 12:07:57 fetching corpus: 2700, signal 136251/169756 (executing program)
2025/09/01 12:07:57 fetching corpus: 2750, signal 137016/170660 (executing program)
2025/09/01 12:07:57 fetching corpus: 2800, signal 138055/171706 (executing program)
2025/09/01 12:07:57 fetching corpus: 2850, signal 138640/172546 (executing program)
2025/09/01 12:07:57 fetching corpus: 2900, signal 139282/173353 (executing program)
2025/09/01 12:07:57 fetching corpus: 2950, signal 139731/174160 (executing program)
2025/09/01 12:07:57 fetching corpus: 3000, signal 140432/174981 (executing program)
2025/09/01 12:07:57 fetching corpus: 3050, signal 141023/175760 (executing program)
2025/09/01 12:07:57 fetching corpus: 3100, signal 141685/176508 (executing program)
2025/09/01 12:07:57 fetching corpus: 3150, signal 142269/177286 (executing program)
2025/09/01 12:07:57 fetching corpus: 3200, signal 143195/178147 (executing program)
2025/09/01 12:07:58 fetching corpus: 3250, signal 143758/178838 (executing program)
2025/09/01 12:07:58 fetching corpus: 3300, signal 144497/179580 (executing program)
2025/09/01 12:07:58 fetching corpus: 3350, signal 145471/180376 (executing program)
2025/09/01 12:07:58 fetching corpus: 3400, signal 146036/181056 (executing program)
2025/09/01 12:07:58 fetching corpus: 3450, signal 147187/181924 (executing program)
2025/09/01 12:07:58 fetching corpus: 3500, signal 148033/182667 (executing program)
2025/09/01 12:07:58 fetching corpus: 3550, signal 148470/183287 (executing program)
2025/09/01 12:07:58 fetching corpus: 3600, signal 149162/183883 (executing program)
2025/09/01 12:07:58 fetching corpus: 3650, signal 149675/184467 (executing program)
2025/09/01 12:07:58 fetching corpus: 3700, signal 150189/185039 (executing program)
2025/09/01 12:07:58 fetching corpus: 3750, signal 150740/185630 (executing program)
2025/09/01 12:07:59 fetching corpus: 3800, signal 151116/186188 (executing program)
2025/09/01 12:07:59 fetching corpus: 3850, signal 151680/186780 (executing program)
2025/09/01 12:07:59 fetching corpus: 3900, signal 152158/187322 (executing program)
2025/09/01 12:07:59 fetching corpus: 3950, signal 152603/187877 (executing program)
2025/09/01 12:07:59 fetching corpus: 4000, signal 153014/188363 (executing program)
2025/09/01 12:07:59 fetching corpus: 4050, signal 153540/188886 (executing program)
2025/09/01 12:07:59 fetching corpus: 4100, signal 153965/189408 (executing program)
2025/09/01 12:07:59 fetching corpus: 4150, signal 154361/189882 (executing program)
2025/09/01 12:07:59 fetching corpus: 4200, signal 154845/190332 (executing program)
2025/09/01 12:07:59 fetching corpus: 4250, signal 155205/190777 (executing program)
2025/09/01 12:07:59 fetching corpus: 4300, signal 155591/191237 (executing program)
2025/09/01 12:07:59 fetching corpus: 4350, signal 156205/191688 (executing program)
2025/09/01 12:08:00 fetching corpus: 4400, signal 156609/192155 (executing program)
2025/09/01 12:08:00 fetching corpus: 4450, signal 157069/192586 (executing program)
2025/09/01 12:08:00 fetching corpus: 4500, signal 157572/193016 (executing program)
2025/09/01 12:08:00 fetching corpus: 4550, signal 157858/193447 (executing program)
2025/09/01 12:08:00 fetching corpus: 4600, signal 158583/193864 (executing program)
2025/09/01 12:08:00 fetching corpus: 4650, signal 159075/194276 (executing program)
2025/09/01 12:08:00 fetching corpus: 4700, signal 159852/194671 (executing program)
2025/09/01 12:08:00 fetching corpus: 4750, signal 160206/195057 (executing program)
2025/09/01 12:08:00 fetching corpus: 4800, signal 160643/195166 (executing program)
2025/09/01 12:08:00 fetching corpus: 4850, signal 161011/195169 (executing program)
2025/09/01 12:08:00 fetching corpus: 4900, signal 161492/195174 (executing program)
2025/09/01 12:08:00 fetching corpus: 4950, signal 161972/195185 (executing program)
2025/09/01 12:08:00 fetching corpus: 5000, signal 162480/195281 (executing program)
2025/09/01 12:08:01 fetching corpus: 5050, signal 163022/195313 (executing program)
2025/09/01 12:08:01 fetching corpus: 5100, signal 163409/195339 (executing program)
2025/09/01 12:08:01 fetching corpus: 5150, signal 163925/195352 (executing program)
2025/09/01 12:08:01 fetching corpus: 5200, signal 164289/195365 (executing program)
2025/09/01 12:08:01 fetching corpus: 5250, signal 164628/195369 (executing program)
2025/09/01 12:08:01 fetching corpus: 5300, signal 164920/195371 (executing program)
2025/09/01 12:08:01 fetching corpus: 5350, signal 165454/195378 (executing program)
2025/09/01 12:08:01 fetching corpus: 5400, signal 165906/195400 (executing program)
2025/09/01 12:08:01 fetching corpus: 5450, signal 166819/195401 (executing program)
2025/09/01 12:08:01 fetching corpus: 5500, signal 167209/195403 (executing program)
2025/09/01 12:08:01 fetching corpus: 5550, signal 167444/195411 (executing program)
2025/09/01 12:08:01 fetching corpus: 5600, signal 167896/195421 (executing program)
2025/09/01 12:08:02 fetching corpus: 5650, signal 168161/195442 (executing program)
2025/09/01 12:08:02 fetching corpus: 5700, signal 168577/195512 (executing program)
2025/09/01 12:08:02 fetching corpus: 5750, signal 168905/195512 (executing program)
2025/09/01 12:08:02 fetching corpus: 5800, signal 169310/195513 (executing program)
2025/09/01 12:08:02 fetching corpus: 5850, signal 169544/195535 (executing program)
2025/09/01 12:08:02 fetching corpus: 5900, signal 169928/195538 (executing program)
2025/09/01 12:08:02 fetching corpus: 5950, signal 170366/195539 (executing program)
2025/09/01 12:08:02 fetching corpus: 6000, signal 170729/195542 (executing program)
2025/09/01 12:08:02 fetching corpus: 6050, signal 171117/195546 (executing program)
2025/09/01 12:08:02 fetching corpus: 6100, signal 171489/195563 (executing program)
2025/09/01 12:08:02 fetching corpus: 6150, signal 171864/195571 (executing program)
2025/09/01 12:08:03 fetching corpus: 6200, signal 172143/195591 (executing program)
2025/09/01 12:08:03 fetching corpus: 6250, signal 172444/195605 (executing program)
2025/09/01 12:08:03 fetching corpus: 6300, signal 172771/195605 (executing program)
2025/09/01 12:08:03 fetching corpus: 6350, signal 173147/195607 (executing program)
2025/09/01 12:08:03 fetching corpus: 6400, signal 173425/195613 (executing program)
2025/09/01 12:08:03 fetching corpus: 6450, signal 173804/195623 (executing program)
2025/09/01 12:08:03 fetching corpus: 6500, signal 174190/195627 (executing program)
2025/09/01 12:08:03 fetching corpus: 6550, signal 174678/195648 (executing program)
2025/09/01 12:08:03 fetching corpus: 6600, signal 174909/195668 (executing program)
2025/09/01 12:08:03 fetching corpus: 6650, signal 175265/195677 (executing program)
2025/09/01 12:08:03 fetching corpus: 6700, signal 175526/195689 (executing program)
2025/09/01 12:08:04 fetching corpus: 6750, signal 175921/195689 (executing program)
2025/09/01 12:08:04 fetching corpus: 6800, signal 176139/195698 (executing program)
2025/09/01 12:08:04 fetching corpus: 6850, signal 176364/195711 (executing program)
2025/09/01 12:08:04 fetching corpus: 6900, signal 176934/195722 (executing program)
2025/09/01 12:08:04 fetching corpus: 6950, signal 177346/195752 (executing program)
2025/09/01 12:08:04 fetching corpus: 7000, signal 177707/195759 (executing program)
2025/09/01 12:08:04 fetching corpus: 7050, signal 177977/195777 (executing program)
2025/09/01 12:08:04 fetching corpus: 7100, signal 178499/195795 (executing program)
2025/09/01 12:08:04 fetching corpus: 7150, signal 178981/195837 (executing program)
2025/09/01 12:08:04 fetching corpus: 7200, signal 179316/195839 (executing program)
2025/09/01 12:08:04 fetching corpus: 7250, signal 179690/195839 (executing program)
2025/09/01 12:08:05 fetching corpus: 7300, signal 179944/195847 (executing program)
2025/09/01 12:08:05 fetching corpus: 7350, signal 180318/195847 (executing program)
2025/09/01 12:08:05 fetching corpus: 7400, signal 180646/195854 (executing program)
2025/09/01 12:08:05 fetching corpus: 7450, signal 180977/195855 (executing program)
2025/09/01 12:08:05 fetching corpus: 7500, signal 181267/195864 (executing program)
2025/09/01 12:08:05 fetching corpus: 7550, signal 181518/195867 (executing program)
2025/09/01 12:08:05 fetching corpus: 7600, signal 181907/195868 (executing program)
2025/09/01 12:08:05 fetching corpus: 7650, signal 182262/195871 (executing program)
2025/09/01 12:08:05 fetching corpus: 7700, signal 182563/195871 (executing program)
2025/09/01 12:08:05 fetching corpus: 7750, signal 182856/195873 (executing program)
2025/09/01 12:08:05 fetching corpus: 7800, signal 183166/195875 (executing program)
2025/09/01 12:08:06 fetching corpus: 7850, signal 183701/195877 (executing program)
2025/09/01 12:08:06 fetching corpus: 7900, signal 183892/195883 (executing program)
2025/09/01 12:08:06 fetching corpus: 7950, signal 184113/195888 (executing program)
2025/09/01 12:08:06 fetching corpus: 8000, signal 184502/195900 (executing program)
2025/09/01 12:08:06 fetching corpus: 8050, signal 184861/195900 (executing program)
2025/09/01 12:08:06 fetching corpus: 8100, signal 185210/195937 (executing program)
2025/09/01 12:08:06 fetching corpus: 8150, signal 185502/195940 (executing program)
2025/09/01 12:08:06 fetching corpus: 8200, signal 185782/195942 (executing program)
2025/09/01 12:08:06 fetching corpus: 8250, signal 186014/195945 (executing program)
2025/09/01 12:08:06 fetching corpus: 8300, signal 186345/195950 (executing program)
2025/09/01 12:08:06 fetching corpus: 8350, signal 186746/195959 (executing program)
2025/09/01 12:08:06 fetching corpus: 8400, signal 186947/195959 (executing program)
2025/09/01 12:08:07 fetching corpus: 8450, signal 187185/195969 (executing program)
2025/09/01 12:08:07 fetching corpus: 8500, signal 187427/195996 (executing program)
2025/09/01 12:08:07 fetching corpus: 8550, signal 187708/196000 (executing program)
2025/09/01 12:08:07 fetching corpus: 8600, signal 187925/196011 (executing program)
2025/09/01 12:08:07 fetching corpus: 8650, signal 188292/196061 (executing program)
2025/09/01 12:08:07 fetching corpus: 8700, signal 188674/196128 (executing program)
2025/09/01 12:08:07 fetching corpus: 8750, signal 188966/196129 (executing program)
2025/09/01 12:08:07 fetching corpus: 8800, signal 190581/196130 (executing program)
2025/09/01 12:08:07 fetching corpus: 8850, signal 190779/196132 (executing program)
2025/09/01 12:08:07 fetching corpus: 8900, signal 191106/196138 (executing program)
2025/09/01 12:08:07 fetching corpus: 8950, signal 191413/196174 (executing program)
2025/09/01 12:08:07 fetching corpus: 9000, signal 191721/196175 (executing program)
2025/09/01 12:08:08 fetching corpus: 9050, signal 191946/196192 (executing program)
2025/09/01 12:08:08 fetching corpus: 9100, signal 192176/196197 (executing program)
2025/09/01 12:08:08 fetching corpus: 9150, signal 192381/196198 (executing program)
2025/09/01 12:08:08 fetching corpus: 9200, signal 192624/196201 (executing program)
2025/09/01 12:08:08 fetching corpus: 9250, signal 192843/196203 (executing program)
2025/09/01 12:08:08 fetching corpus: 9300, signal 193019/196213 (executing program)
2025/09/01 12:08:08 fetching corpus: 9301, signal 193021/196213 (executing program)
2025/09/01 12:08:08 fetching corpus: 9301, signal 193021/196213 (executing program)
2025/09/01 12:08:10 starting 8 fuzzer processes
12:08:10 executing program 0:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x1000)=nil, 0x4000)
remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0)

12:08:10 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
read(r0, &(0x7f00000003c0)=""/4096, 0x1000)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

12:08:10 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000000)=[0xfa000000])

12:08:10 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='net/dev\x00')
pread64(r0, &(0x7f0000000100)=""/147, 0x93, 0x0)

12:08:10 executing program 4:
perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

12:08:10 executing program 7:
r0 = socket$netlink(0x10, 0x3, 0xf)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, <r2=>0x0}, &(0x7f0000000040)=0x5)
setuid(r2)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000780)={0x14, 0x2, 0x2, 0x5}, 0x14}}, 0x0)

12:08:11 executing program 5:
syz_emit_ethernet(0x6e, &(0x7f0000000040)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c770cc", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "2c7af9", 0x0, 0x2b, 0x0, @loopback, @ipv4={'\x00', '\xff\xff', @broadcast}, [@fragment]}}}}}}}, 0x0)

12:08:11 executing program 6:
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

[   78.864356] audit: type=1400 audit(1756728491.053:7): avc:  denied  { execmem } for  pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   80.114968] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   80.119001] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   80.122156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.124098] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   80.129486] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   80.131842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.134749] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   80.134785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.148266] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.151719] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.173798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   80.177999] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   80.186187] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   80.187984] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   80.190350] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   80.193847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   80.197699] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   80.199854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   80.201992] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   80.208283] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   80.223690] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   80.225869] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   80.227409] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   80.229235] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   80.232798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   80.234584] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   80.240311] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   80.244124] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   80.245899] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   80.246373] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   80.247995] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   80.250106] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   80.250158] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   80.261627] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   80.267866] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   80.270315] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   80.276832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   80.292125] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   80.308784] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   80.310812] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   82.201257] Bluetooth: hci1: command tx timeout
[   82.263548] Bluetooth: hci2: command tx timeout
[   82.263586] Bluetooth: hci0: command tx timeout
[   82.327815] Bluetooth: hci6: command tx timeout
[   82.327843] Bluetooth: hci4: command tx timeout
[   82.329079] Bluetooth: hci3: command tx timeout
[   82.391791] Bluetooth: hci7: command tx timeout
[   82.392570] Bluetooth: hci5: command tx timeout
[   84.247556] Bluetooth: hci1: command tx timeout
[   84.311659] Bluetooth: hci2: command tx timeout
[   84.314487] Bluetooth: hci0: command tx timeout
[   84.375603] Bluetooth: hci6: command tx timeout
[   84.375621] Bluetooth: hci4: command tx timeout
[   84.376849] Bluetooth: hci3: command tx timeout
[   84.440484] Bluetooth: hci5: command tx timeout
[   84.440499] Bluetooth: hci7: command tx timeout
[   86.295492] Bluetooth: hci1: command tx timeout
[   86.359573] Bluetooth: hci0: command tx timeout
[   86.359615] Bluetooth: hci2: command tx timeout
[   86.423493] Bluetooth: hci3: command tx timeout
[   86.423611] Bluetooth: hci6: command tx timeout
[   86.423909] Bluetooth: hci4: command tx timeout
[   86.487580] Bluetooth: hci5: command tx timeout
[   86.487692] Bluetooth: hci7: command tx timeout
[   88.343486] Bluetooth: hci1: command tx timeout
[   88.408972] Bluetooth: hci0: command tx timeout
[   88.409026] Bluetooth: hci2: command tx timeout
[   88.471586] Bluetooth: hci4: command tx timeout
[   88.472637] Bluetooth: hci6: command tx timeout
[   88.473036] Bluetooth: hci3: command tx timeout
[   88.535519] Bluetooth: hci5: command tx timeout
[   88.536003] Bluetooth: hci7: command tx timeout
[  117.665920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.667510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.826867] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.827528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:08:50 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='net/dev\x00')
pread64(r0, &(0x7f0000000100)=""/147, 0x93, 0x0)

12:08:50 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='net/dev\x00')
pread64(r0, &(0x7f0000000100)=""/147, 0x93, 0x0)

12:08:50 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='net/dev\x00')
pread64(r0, &(0x7f0000000100)=""/147, 0x93, 0x0)

[  118.593922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
12:08:50 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_setup(0xfff, &(0x7f0000000040)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x140241, 0x0)
io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)='r', 0x1}])

[  118.595121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.645524] audit: type=1400 audit(1756728530.831:8): avc:  denied  { open } for  pid=3783 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.647187] audit: type=1400 audit(1756728530.831:9): avc:  denied  { kernel } for  pid=3783 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  118.718686] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.719280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:08:50 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_buf(r0, 0x29, 0x3c, 0x0, 0x0)

[  118.812106] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
12:08:51 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x2f, &(0x7f0000000140)="58f2cdb0a708cac013912dea9f8fe007afaa32e1840af03976794377708ad6ecd6a916719d7c187a8e433003d1727b4ec20708537f1bfa49cfa328f2700f698e80ecc9292e5bcbe3e6cdbfb48bdd0deabf3f15b0bf75eb5d95c7d5fa200a8dd924aa249ae661d528ad02f784ea52ecb81fde961cd8888a9eb9016b43b05e384ba41ffaf38c8333489642c86f527dbf53e31c10d7cc2dec28df9549cc3f2fea47c857344cb8ac41b9b52a7838c73d026d08aa4992c94824c30dedb6a725defe8fe06c54644df6f59581330c922f85c3dea3c84e2f427e6e293fa3e0c2448b199de9ad2293821ab7134f2f09a1122cf5f86f3b3ab34e57967aa8c43d0736a84eba2ee0f94fbc5e77cb", 0x108)

12:08:51 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x2f, &(0x7f0000000140)="58f2cdb0a708cac013912dea9f8fe007afaa32e1840af03976794377708ad6ecd6a916719d7c187a8e433003d1727b4ec20708537f1bfa49cfa328f2700f698e80ecc9292e5bcbe3e6cdbfb48bdd0deabf3f15b0bf75eb5d95c7d5fa200a8dd924aa249ae661d528ad02f784ea52ecb81fde961cd8888a9eb9016b43b05e384ba41ffaf38c8333489642c86f527dbf53e31c10d7cc2dec28df9549cc3f2fea47c857344cb8ac41b9b52a7838c73d026d08aa4992c94824c30dedb6a725defe8fe06c54644df6f59581330c922f85c3dea3c84e2f427e6e293fa3e0c2448b199de9ad2293821ab7134f2f09a1122cf5f86f3b3ab34e57967aa8c43d0736a84eba2ee0f94fbc5e77cb", 0x108)

12:08:51 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x2f, &(0x7f0000000140)="58f2cdb0a708cac013912dea9f8fe007afaa32e1840af03976794377708ad6ecd6a916719d7c187a8e433003d1727b4ec20708537f1bfa49cfa328f2700f698e80ecc9292e5bcbe3e6cdbfb48bdd0deabf3f15b0bf75eb5d95c7d5fa200a8dd924aa249ae661d528ad02f784ea52ecb81fde961cd8888a9eb9016b43b05e384ba41ffaf38c8333489642c86f527dbf53e31c10d7cc2dec28df9549cc3f2fea47c857344cb8ac41b9b52a7838c73d026d08aa4992c94824c30dedb6a725defe8fe06c54644df6f59581330c922f85c3dea3c84e2f427e6e293fa3e0c2448b199de9ad2293821ab7134f2f09a1122cf5f86f3b3ab34e57967aa8c43d0736a84eba2ee0f94fbc5e77cb", 0x108)

[  119.067720] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.068337] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.233665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.234320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.549798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.550456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.687472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.688105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.727990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.728711] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.809464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.810096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.962364] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.963215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.044255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.045207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.118646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.119279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.176736] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.177354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.212079] mmap: syz-executor.0 (3908) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  120.350847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.351616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.374243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.374964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
12:08:52 executing program 0:
r0 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', <r1=>0x0})
ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000100)={0x0, @rc={0x1f, @none, 0x9}, @phonet={0x23, 0x9, 0x4, 0x3}, @xdp={0x2c, 0x8, <r2=>0x0, 0x25}, 0xff, 0x0, 0x0, 0x0, 0x3f, &(0x7f00000000c0)='sit0\x00', 0x80000000, 0xd, 0x101})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000001c0)=0x14)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000200)={0x610, r0, 0x44a58df18a2c104e, 0x70bd2d, 0x25dfdbfb, {}, [{{0x8}, {0x1dc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4c2d}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x101}}, {0x8}}}]}}, {{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5e7281fc}}, {0x8}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}]}}, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}]}}]}, 0x610}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000940)=0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000980), &(0x7f00000009c0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000a00)={'wg2\x00'})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a40)={{{@in6=@ipv4={""/10, ""/2, @remote}, @in=@multicast1}}, {{@in6=@initdev}, 0x0, @in6}}, &(0x7f0000000b40)=0xe8)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000c40))
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r4, &(0x7f0000001140)={0x1f, @none}, 0x8)

12:08:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)={0x28, 0x10, 0xffffffffffffffff, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@remote}]}]}, 0x28}], 0x1}, 0x0)

12:08:52 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r0, 0x4b30, &(0x7f0000000000))

12:08:52 executing program 4:
perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

12:08:52 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x2f, &(0x7f0000000140)="58f2cdb0a708cac013912dea9f8fe007afaa32e1840af03976794377708ad6ecd6a916719d7c187a8e433003d1727b4ec20708537f1bfa49cfa328f2700f698e80ecc9292e5bcbe3e6cdbfb48bdd0deabf3f15b0bf75eb5d95c7d5fa200a8dd924aa249ae661d528ad02f784ea52ecb81fde961cd8888a9eb9016b43b05e384ba41ffaf38c8333489642c86f527dbf53e31c10d7cc2dec28df9549cc3f2fea47c857344cb8ac41b9b52a7838c73d026d08aa4992c94824c30dedb6a725defe8fe06c54644df6f59581330c922f85c3dea3c84e2f427e6e293fa3e0c2448b199de9ad2293821ab7134f2f09a1122cf5f86f3b3ab34e57967aa8c43d0736a84eba2ee0f94fbc5e77cb", 0x108)

12:08:52 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3, 0x0, &(0x7f00000018c0))

12:08:52 executing program 1:
keyctl$set_reqkey_keyring(0xe, 0x2)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

12:08:52 executing program 7:
mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
r0 = fork()
process_vm_writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/189, 0xbd}], 0x1, &(0x7f0000000340)=[{&(0x7f0000000100)=""/17, 0x11}, {&(0x7f0000000140)=""/119, 0x77}, {&(0x7f00000001c0)=""/111, 0x6f}, {&(0x7f0000000240)=""/135, 0x87}, {&(0x7f0000000300)=""/27, 0x1b}], 0x5, 0x0)

[  120.655964] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
[  120.660945] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
12:08:52 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
ustat(0x6, &(0x7f0000000040))

12:08:52 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x2c, r2, 0x969d2c5f856015af, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x2c}}, 0x0)

12:08:52 executing program 4:
perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

12:08:52 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3, 0x0, &(0x7f00000018c0))

12:08:52 executing program 1:
keyctl$set_reqkey_keyring(0xe, 0x2)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

[  120.833676] kmemleak: Found object by alias at 0x607f1a63e56c
[  120.833704] CPU: 0 UID: 0 PID: 3936 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  120.833738] Tainted: [W]=WARN
[  120.833745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  120.833758] Call Trace:
[  120.833765]  <TASK>
[  120.833773]  dump_stack_lvl+0xca/0x120
[  120.833827]  __lookup_object+0x94/0xb0
[  120.833859]  delete_object_full+0x27/0x70
[  120.833890]  free_percpu+0x30/0x1160
[  120.833920]  ? arch_uprobe_clear_state+0x16/0x140
[  120.833957]  futex_hash_free+0x38/0xc0
[  120.833983]  mmput+0x2d3/0x390
[  120.834018]  do_exit+0x79d/0x2970
[  120.834044]  ? lock_release+0xc8/0x290
[  120.834074]  ? __pfx_do_exit+0x10/0x10
[  120.834101]  ? find_held_lock+0x2b/0x80
[  120.834133]  ? get_signal+0x835/0x2340
[  120.834170]  do_group_exit+0xd3/0x2a0
[  120.834199]  get_signal+0x2315/0x2340
[  120.834232]  ? fd_install+0x1d8/0x660
[  120.834252]  ? putname.part.0+0x11b/0x160
[  120.834289]  ? __pfx_get_signal+0x10/0x10
[  120.834320]  ? do_futex+0x135/0x370
[  120.834345]  ? __pfx_do_futex+0x10/0x10
[  120.834374]  arch_do_signal_or_restart+0x80/0x790
[  120.834407]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  120.834438]  ? __x64_sys_futex+0x1c9/0x4d0
[  120.834461]  ? __x64_sys_futex+0x1d2/0x4d0
[  120.834488]  ? __x64_sys_openat+0x142/0x200
[  120.834520]  ? __pfx___x64_sys_futex+0x10/0x10
[  120.834544]  ? selinux_file_ioctl+0xb9/0x280
[  120.834582]  exit_to_user_mode_loop+0x8b/0x110
[  120.834606]  do_syscall_64+0x2f7/0x360
[  120.834630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.834652] RIP: 0033:0x7f81c10cfb19
[  120.834668] Code: Unable to access opcode bytes at 0x7f81c10cfaef.
[  120.834677] RSP: 002b:00007f81be645218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  120.834699] RAX: 0000000000000000 RBX: 00007f81c11e2f68 RCX: 00007f81c10cfb19
[  120.834712] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f81c11e2f68
[  120.834726] RBP: 00007f81c11e2f60 R08: 0000000000000000 R09: 0000000000000000
[  120.834739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81c11e2f6c
[  120.834752] R13: 00007ffea9f0b92f R14: 00007f81be645300 R15: 0000000000022000
[  120.834781]  </TASK>
[  120.834788] kmemleak: Object (percpu) 0x607f1a63e568 (size 16):
[  120.834800] kmemleak:   comm "syz-executor.4", pid 284, jiffies 4294787748
[  120.834813] kmemleak:   min_count = 1
[  120.834820] kmemleak:   count = 0
[  120.834827] kmemleak:   flags = 0x21
[  120.834834] kmemleak:   checksum = 0
[  120.834841] kmemleak:   backtrace:
[  120.834847]  pcpu_alloc_noprof+0x87a/0x1170
[  120.834876]  mm_init+0x99b/0x1170
[  120.834892]  copy_process+0x3ab7/0x73c0
[  120.834911]  kernel_clone+0xea/0x7f0
[  120.834930]  __do_sys_clone+0xce/0x120
[  120.834949]  do_syscall_64+0xbf/0x360
[  120.834966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.847558] kmemleak: Found object by alias at 0x607f1a63e570
[  120.847581] CPU: 1 UID: 0 PID: 3939 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  120.847600] Tainted: [W]=WARN
[  120.847604] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  120.847611] Call Trace:
[  120.847615]  <TASK>
[  120.847620]  dump_stack_lvl+0xca/0x120
[  120.847648]  __lookup_object+0x94/0xb0
[  120.847666]  delete_object_full+0x27/0x70
[  120.847683]  free_percpu+0x30/0x1160
[  120.847700]  ? arch_uprobe_clear_state+0x16/0x140
[  120.847721]  futex_hash_free+0x38/0xc0
[  120.847736]  mmput+0x2d3/0x390
[  120.847756]  do_exit+0x79d/0x2970
[  120.847770]  ? signal_wake_up_state+0x85/0x120
[  120.847787]  ? zap_other_threads+0x2b9/0x3a0
[  120.847803]  ? __pfx_do_exit+0x10/0x10
[  120.847816]  ? do_group_exit+0x1c3/0x2a0
[  120.847830]  ? lock_release+0xc8/0x290
[  120.847848]  do_group_exit+0xd3/0x2a0
[  120.847863]  __x64_sys_exit_group+0x3e/0x50
[  120.847878]  x64_sys_call+0x18c5/0x18d0
[  120.847895]  do_syscall_64+0xbf/0x360
[  120.847908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.847920] RIP: 0033:0x7f4211adab19
[  120.847929] Code: Unable to access opcode bytes at 0x7f4211adaaef.
[  120.847935] RSP: 002b:00007fffa77f68b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  120.847946] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f4211adab19
[  120.847954] RDX: 00007f4211a8d72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  120.847961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  120.847968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.847975] R13: 0000000000000001 R14: 0000000000000001 R15: 00007fffa77f69a0
[  120.847994]  </TASK>
[  120.847998] kmemleak: Object (percpu) 0x607f1a63e568 (size 16):
[  120.848005] kmemleak:   comm "syz-executor.4", pid 284, jiffies 4294787748
[  120.848013] kmemleak:   min_count = 1
[  120.848017] kmemleak:   count = 0
[  120.848021] kmemleak:   flags = 0x21
[  120.848024] kmemleak:   checksum = 0
[  120.848028] kmemleak:   backtrace:
[  120.848032]  pcpu_alloc_noprof+0x87a/0x1170
[  120.848048]  mm_init+0x99b/0x1170
[  120.848056]  copy_process+0x3ab7/0x73c0
[  120.848066]  kernel_clone+0xea/0x7f0
[  120.848076]  __do_sys_clone+0xce/0x120
[  120.848087]  do_syscall_64+0xbf/0x360
[  120.848096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:08:53 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
clone3(&(0x7f00000002c0)={0x1720e0180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

12:08:53 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x28, 0x0, &(0x7f00000001c0))

12:08:53 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4)
sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e23, 0x9c9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0}}], 0x2, 0x0)

12:08:53 executing program 4:
perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

12:08:53 executing program 7:
syz_genetlink_get_family_id$nl80211(&(0x7f0000003080), 0xffffffffffffffff)

12:08:53 executing program 1:
keyctl$set_reqkey_keyring(0xe, 0x2)
request_key(&(0x7f0000001dc0)='id_resolver\x00', &(0x7f0000001e00)={'syz', 0x2}, &(0x7f0000001e40)='k\\\xc5(&}\x00', 0x0)

12:08:53 executing program 0:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5})

12:08:53 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3, 0x0, &(0x7f00000018c0))

12:08:53 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
fcntl$notify(r0, 0x402, 0x80000024)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='status\x00')

12:08:53 executing program 7:
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
sync_file_range(r0, 0x0, 0x0, 0x0)

12:08:53 executing program 0:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5})

[  121.194738] kmemleak: Found object by alias at 0x607f1a63e574
[  121.194768] CPU: 0 UID: 0 PID: 3958 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  121.194802] Tainted: [W]=WARN
[  121.194809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  121.194822] Call Trace:
[  121.194830]  <TASK>
[  121.194840]  dump_stack_lvl+0xca/0x120
[  121.194891]  __lookup_object+0x94/0xb0
[  121.194926]  delete_object_full+0x27/0x70
[  121.194963]  free_percpu+0x30/0x1160
[  121.194994]  ? arch_uprobe_clear_state+0x16/0x140
[  121.195045]  futex_hash_free+0x38/0xc0
[  121.195075]  mmput+0x2d3/0x390
[  121.195117]  do_exit+0x79d/0x2970
[  121.195146]  ? signal_wake_up_state+0x85/0x120
[  121.195180]  ? zap_other_threads+0x2b9/0x3a0
[  121.195218]  ? __pfx_do_exit+0x10/0x10
[  121.195244]  ? do_group_exit+0x1c3/0x2a0
[  121.195274]  ? lock_release+0xc8/0x290
[  121.195321]  do_group_exit+0xd3/0x2a0
[  121.195358]  __x64_sys_exit_group+0x3e/0x50
[  121.195386]  x64_sys_call+0x18c5/0x18d0
[  121.195423]  do_syscall_64+0xbf/0x360
[  121.195454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.195476] RIP: 0033:0x7f343413ab19
[  121.195493] Code: Unable to access opcode bytes at 0x7f343413aaef.
[  121.195503] RSP: 002b:00007fff198febd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  121.195524] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f343413ab19
[  121.195539] RDX: 00007f34340ed72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  121.195552] RBP: 0000000000000000 R08: 0000001b2d32001c R09: 0000000000000000
[  121.195565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.195578] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fff198fecc0
[  121.195640]  </TASK>
[  121.195647] kmemleak: Object (percpu) 0x607f1a63e570 (size 8):
[  121.195660] kmemleak:   comm "syz-executor.3", pid 3967, jiffies 4294788059
[  121.195672] kmemleak:   min_count = 1
[  121.195680] kmemleak:   count = 0
[  121.195687] kmemleak:   flags = 0x21
[  121.195694] kmemleak:   checksum = 0
[  121.195701] kmemleak:   backtrace:
[  121.195707]  pcpu_alloc_noprof+0x87a/0x1170
[  121.195736]  alloc_vfsmnt+0x135/0x6e0
[  121.195761]  clone_mnt+0x6c/0xb70
[  121.195789]  copy_tree+0x34b/0xaf0
[  121.195808]  copy_mnt_ns+0x1ab/0xab0
[  121.195830]  create_new_namespaces+0xd6/0xab0
[  121.195860]  copy_namespaces+0x45c/0x580
[  121.195889]  copy_process+0x2649/0x73c0
[  121.195908]  kernel_clone+0xea/0x7f0
[  121.195927]  __do_sys_clone3+0x1f5/0x280
[  121.195946]  do_syscall_64+0xbf/0x360
[  121.195964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
12:08:53 executing program 0:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5})

12:08:53 executing program 7:
r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e40)=ANY=[])
fcntl$getflags(r0, 0x401)

[  121.252866] audit: type=1400 audit(1756728533.396:10): avc:  denied  { watch } for  pid=3976 comm="syz-executor.2" path="/proc/3976/task" dev="proc" ino=5537 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
12:08:53 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00')
fcntl$notify(r0, 0x402, 0x80000024)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='status\x00')

12:08:53 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x28, 0x0, &(0x7f00000001c0))

12:08:53 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3, 0x0, &(0x7f00000018c0))

[  148.529044] watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.5:285]
[  148.529064] Modules linked in:
[  148.529072] irq event stamp: 399918
[  148.529076] hardirqs last  enabled at (399917): [<ffffffff84bbe1eb>] irqentry_exit+0x3b/0x90
[  148.529104] hardirqs last disabled at (399918): [<ffffffff84bbce0f>] sysvec_apic_timer_interrupt+0xf/0x80
[  148.529122] softirqs last  enabled at (399832): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
[  148.529142] softirqs last disabled at (399827): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
[  148.529167] CPU: 1 UID: 0 PID: 285 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  148.529185] Tainted: [W]=WARN
[  148.529188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  148.529195] RIP: 0010:smp_call_function_many_cond+0xa38/0x1110
[  148.529216] Code: 31 ff 83 e5 01 89 ee e8 26 71 0b 00 85 ed 74 43 4d 89 ec 4c 89 ed 49 c1 ec 03 83 e5 07 4d 01 fc 83 c5 03 e8 da 75 0b 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 d5 04 00 00 8b 43 08 31
[  148.529227] RSP: 0018:ffff8880174276f8 EFLAGS: 00000293
[  148.529235] RAX: 0000000000000000 RBX: ffff88806ce3de20 RCX: ffffffff816880fc
[  148.529243] RDX: ffff8880141f3700 RSI: ffffffff816880d6 RDI: 0000000000000005
[  148.529250] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000001
[  148.529256] R10: 0000000000000001 R11: 1ffff1100d9e6bb1 R12: ffffed100d9c7bc5
[  148.529263] R13: ffff88806ce3de28 R14: 0000000000000001 R15: dffffc0000000000
[  148.529273] FS:  000055558c36a400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  148.529283] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  148.529290] CR2: 0000555583a74c58 CR3: 000000004399e000 CR4: 0000000000350ef0
[  148.529297] Call Trace:
[  148.529301]  <TASK>
[  148.529316]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  148.529336]  ? find_held_lock+0x2b/0x80
[  148.529354]  ? __pfx_flush_tlb_func+0x10/0x10
[  148.529367]  on_each_cpu_cond_mask+0x57/0xa0
[  148.529386]  kvm_flush_tlb_multi+0x1e8/0x320
[  148.529401]  ? __pfx_kvm_flush_tlb_multi+0x10/0x10
[  148.529411]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  148.529430]  ? mas_next_slot+0x13cc/0x1ac0
[  148.529445]  flush_tlb_mm_range+0x3fc/0x1420
[  148.529460]  ? up_write+0x195/0x520
[  148.529473]  ? lock_is_held_type+0x9e/0x120
[  148.529491]  dup_mmap+0xe4a/0x1d10
[  148.529515]  ? __pfx_dup_mmap+0x10/0x10
[  148.529539]  ? lock_is_held_type+0x9e/0x120
[  148.529559]  copy_process+0x3ad5/0x73c0
[  148.529580]  ? __pfx_copy_process+0x10/0x10
[  148.529596]  ? do_raw_spin_lock+0x123/0x260
[  148.529615]  kernel_clone+0xea/0x7f0
[  148.529628]  ? __pfx_kernel_clone+0x10/0x10
[  148.529642]  ? __lock_acquire+0x694/0x1b70
[  148.529656]  ? css_rstat_updated+0x1b8/0x4d0
[  148.529673]  ? __pfx_css_rstat_updated+0x10/0x10
[  148.529692]  __do_sys_clone+0xce/0x120
[  148.529703]  ? __pfx___do_sys_clone+0x10/0x10
[  148.529714]  ? find_held_lock+0x2b/0x80
[  148.529742]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  148.529758]  do_syscall_64+0xbf/0x360
[  148.529771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.529782] RIP: 0033:0x7f4211ad910b
[  148.529793] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00
[  148.529803] RSP: 002b:00007fffa77f68c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  148.529813] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4211ad910b
[  148.529820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  148.529826] RBP: 0000000000000001 R08: 0000000000000000 R09: 000055558c36a400
[  148.529833] R10: 000055558c36a6d0 R11: 0000000000000246 R12: 0000000000000001
[  148.529839] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffa77f69a0
[  148.529856]  </TASK>
[  148.529860] Sending NMI from CPU 1 to CPUs 0:
[  148.566416] NMI backtrace for cpu 0
[  148.566436] CPU: 0 UID: 0 PID: 287 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  148.566454] Tainted: [W]=WARN
[  148.566458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  148.566465] RIP: 0010:__mm_cid_try_get.constprop.0+0x393/0x490
[  148.566490] Code: 89 c3 89 c2 89 54 24 68 0f b6 55 00 84 d2 74 09 80 fa 03 0f 8e b0 00 00 00 41 8b 95 d8 00 00 00 39 da 0f 87 38 ff ff ff f3 90 <41> 80 3e 00 0f 85 ad 00 00 00 49 8b 04 24 48 83 f8 ff 75 ba ba 40
[  148.566501] RSP: 0018:ffff888018877978 EFLAGS: 00000046
[  148.566511] RAX: 0000000000000002 RBX: 0000000000000002 RCX: dffffc0000000000
[  148.566518] RDX: 0000000000000002 RSI: 0000000000000004 RDI: ffff8880189dca44
[  148.566524] RBP: ffffed100313b94b R08: 0000000000000000 R09: ffffed100313b948
[  148.566532] R10: ffff8880189dca47 R11: 1ffff1100d9c6f7b R12: ffff8880189dd350
[  148.566539] R13: ffff8880189dc980 R14: ffffed100313ba6a R15: ffff8880189dca44
[  148.566548] FS:  0000555556587400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  148.566559] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  148.566566] CR2: 00007f3967acb510 CR3: 000000001c6b4000 CR4: 0000000000350ef0
[  148.566573] Call Trace:
[  148.566580]  <TASK>
[  148.566590]  ? __update_load_avg_se+0x428/0xa40
[  148.566611]  ? __pfx___mm_cid_try_get.constprop.0+0x10/0x10
[  148.566626]  ? __perf_event_task_sched_out+0x103/0x14e0
[  148.566645]  ? update_load_avg+0x17d/0x1ef0
[  148.566658]  ? lock_is_held_type+0x9e/0x120
[  148.566682]  mm_cid_get.isra.0+0x16a/0x570
[  148.566700]  ? set_next_entity+0x331/0x940
[  148.566713]  ? __pfx_mm_cid_get.isra.0+0x10/0x10
[  148.566736]  ? lock_is_held_type+0x9e/0x120
[  148.566758]  __schedule+0x1744/0x3590
[  148.566787]  ? __pfx___schedule+0x10/0x10
[  148.566807]  ? lock_acquire+0x15e/0x2f0
[  148.566824]  ? find_held_lock+0x2b/0x80
[  148.566842]  ? schedule+0x2c7/0x390
[  148.566857]  ? lock_release+0xc8/0x290
[  148.566876]  schedule+0xdb/0x390
[  148.566894]  do_nanosleep+0x15e/0x560
[  148.566916]  ? __pfx_do_nanosleep+0x10/0x10
[  148.566928]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  148.566947]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  148.566963]  ? __hrtimer_setup+0x1a4/0x2c0
[  148.566985]  hrtimer_nanosleep+0x13a/0x340
[  148.566998]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  148.567016]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  148.567037]  ? get_timespec64+0x11c/0x190
[  148.567054]  ? __pfx_get_timespec64+0x10/0x10
[  148.567076]  common_nsleep+0xaa/0xd0
[  148.567094]  __x64_sys_clock_nanosleep+0x331/0x470
[  148.567116]  ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[  148.567148]  do_syscall_64+0xbf/0x360
[  148.567163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.567176] RIP: 0033:0x7f81c10f48e1
[  148.567185] Code: Unable to access opcode bytes at 0x7f81c10f48b7.
[  148.567190] RSP: 002b:00007ffea9f0bb10 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  148.567200] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f81c10f48e1
[  148.567206] RDX: 00007ffea9f0bb50 RSI: 0000000000000000 RDI: 0000000000000000
[  148.567213] RBP: 00007ffea9f0bbdc R08: 0000000000000000 R09: 00007f81c11bf000
[  148.567219] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  148.567226] R13: 000000000001d8aa R14: 0000000000000002 R15: 00007ffea9f0bc40
[  148.567254]  </TASK>

VM DIAGNOSIS:
12:09:20  Registers:
info registers vcpu 0
RAX=0000000000000002 RBX=0000000000000002 RCX=dffffc0000000000 RDX=0000000000000002
RSI=0000000000000004 RDI=ffff8880189dca44 RBP=ffffed100313b94b RSP=ffff888018877978
R8 =0000000000000000 R9 =ffffed100313b948 R10=ffff8880189dca47 R11=1ffff1100d9c6f7b
R12=ffff8880189dd350 R13=ffff8880189dc980 R14=ffffed100313ba6a R15=ffff8880189dca44
RIP=ffffffff81467503 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555556587400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe4f00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f3967acb510 CR3=000000001c6b4000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88806cf08928
R8 =0000000000000000 R9 =ffffed10016d1046 R10=0000000000000030 R11=0000000000000001
R12=0000000000000030 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055558c36a400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555583a74c58 CR3=000000004399e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000