Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:63756' (ECDSA) to the list of known hosts.
2025/09/01 10:43:41 fuzzer started
2025/09/01 10:43:42 dialing manager at localhost:35473
syzkaller login: [   50.273380] cgroup: Unknown subsys name 'net'
[   50.315724] cgroup: Unknown subsys name 'cpuset'
[   50.324970] cgroup: Unknown subsys name 'rlimit'
2025/09/01 10:43:51 syscalls: 2214
2025/09/01 10:43:51 code coverage: enabled
2025/09/01 10:43:51 comparison tracing: enabled
2025/09/01 10:43:51 extra coverage: enabled
2025/09/01 10:43:51 setuid sandbox: enabled
2025/09/01 10:43:51 namespace sandbox: enabled
2025/09/01 10:43:51 Android sandbox: enabled
2025/09/01 10:43:51 fault injection: enabled
2025/09/01 10:43:51 leak checking: enabled
2025/09/01 10:43:51 net packet injection: enabled
2025/09/01 10:43:51 net device setup: enabled
2025/09/01 10:43:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 10:43:51 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 10:43:51 USB emulation: enabled
2025/09/01 10:43:51 hci packet injection: enabled
2025/09/01 10:43:51 wifi device emulation: enabled
2025/09/01 10:43:51 802.15.4 emulation: enabled
2025/09/01 10:43:51 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 10:43:51 fetching corpus: 50, signal 14063/17743 (executing program)
2025/09/01 10:43:51 fetching corpus: 100, signal 28527/33560 (executing program)
2025/09/01 10:43:51 fetching corpus: 150, signal 36685/43023 (executing program)
2025/09/01 10:43:51 fetching corpus: 200, signal 42555/50159 (executing program)
2025/09/01 10:43:52 fetching corpus: 250, signal 48288/57086 (executing program)
2025/09/01 10:43:52 fetching corpus: 300, signal 52412/62389 (executing program)
2025/09/01 10:43:52 fetching corpus: 350, signal 55602/66705 (executing program)
2025/09/01 10:43:52 fetching corpus: 400, signal 58664/70844 (executing program)
2025/09/01 10:43:52 fetching corpus: 450, signal 63325/76318 (executing program)
2025/09/01 10:43:52 fetching corpus: 500, signal 66190/80079 (executing program)
2025/09/01 10:43:52 fetching corpus: 550, signal 69035/83842 (executing program)
2025/09/01 10:43:52 fetching corpus: 600, signal 72587/88135 (executing program)
2025/09/01 10:43:52 fetching corpus: 650, signal 75743/92003 (executing program)
2025/09/01 10:43:52 fetching corpus: 700, signal 78321/95310 (executing program)
2025/09/01 10:43:52 fetching corpus: 750, signal 81425/99007 (executing program)
2025/09/01 10:43:52 fetching corpus: 800, signal 83669/101949 (executing program)
2025/09/01 10:43:53 fetching corpus: 850, signal 85431/104427 (executing program)
2025/09/01 10:43:53 fetching corpus: 900, signal 86742/106563 (executing program)
2025/09/01 10:43:53 fetching corpus: 950, signal 89353/109669 (executing program)
2025/09/01 10:43:53 fetching corpus: 1000, signal 90799/111760 (executing program)
2025/09/01 10:43:53 fetching corpus: 1050, signal 92517/114070 (executing program)
2025/09/01 10:43:53 fetching corpus: 1100, signal 93946/116111 (executing program)
2025/09/01 10:43:53 fetching corpus: 1150, signal 95115/117951 (executing program)
2025/09/01 10:43:53 fetching corpus: 1200, signal 96340/119795 (executing program)
2025/09/01 10:43:53 fetching corpus: 1250, signal 97970/121849 (executing program)
2025/09/01 10:43:54 fetching corpus: 1300, signal 99689/123958 (executing program)
2025/09/01 10:43:54 fetching corpus: 1350, signal 100947/125723 (executing program)
2025/09/01 10:43:54 fetching corpus: 1400, signal 105794/129961 (executing program)
2025/09/01 10:43:54 fetching corpus: 1450, signal 106839/131523 (executing program)
2025/09/01 10:43:54 fetching corpus: 1500, signal 108927/133783 (executing program)
2025/09/01 10:43:54 fetching corpus: 1550, signal 110022/135278 (executing program)
2025/09/01 10:43:54 fetching corpus: 1600, signal 111098/136793 (executing program)
2025/09/01 10:43:54 fetching corpus: 1650, signal 112077/138212 (executing program)
2025/09/01 10:43:54 fetching corpus: 1700, signal 113946/140189 (executing program)
2025/09/01 10:43:54 fetching corpus: 1750, signal 114758/141434 (executing program)
2025/09/01 10:43:55 fetching corpus: 1800, signal 115879/142886 (executing program)
2025/09/01 10:43:55 fetching corpus: 1850, signal 116676/144065 (executing program)
2025/09/01 10:43:55 fetching corpus: 1900, signal 117512/145266 (executing program)
2025/09/01 10:43:55 fetching corpus: 1950, signal 118886/146774 (executing program)
2025/09/01 10:43:55 fetching corpus: 2000, signal 119901/148062 (executing program)
2025/09/01 10:43:55 fetching corpus: 2050, signal 120835/149253 (executing program)
2025/09/01 10:43:55 fetching corpus: 2100, signal 121964/150497 (executing program)
2025/09/01 10:43:55 fetching corpus: 2150, signal 122665/151481 (executing program)
2025/09/01 10:43:55 fetching corpus: 2200, signal 123742/152681 (executing program)
2025/09/01 10:43:55 fetching corpus: 2250, signal 124791/153842 (executing program)
2025/09/01 10:43:55 fetching corpus: 2300, signal 125500/154820 (executing program)
2025/09/01 10:43:56 fetching corpus: 2350, signal 126361/155846 (executing program)
2025/09/01 10:43:56 fetching corpus: 2400, signal 127028/156787 (executing program)
2025/09/01 10:43:56 fetching corpus: 2450, signal 127665/157695 (executing program)
2025/09/01 10:43:56 fetching corpus: 2500, signal 128304/158561 (executing program)
2025/09/01 10:43:56 fetching corpus: 2550, signal 128943/159439 (executing program)
2025/09/01 10:43:56 fetching corpus: 2600, signal 129462/160230 (executing program)
2025/09/01 10:43:56 fetching corpus: 2650, signal 130030/161055 (executing program)
2025/09/01 10:43:56 fetching corpus: 2700, signal 130686/161904 (executing program)
2025/09/01 10:43:56 fetching corpus: 2750, signal 131479/162762 (executing program)
2025/09/01 10:43:56 fetching corpus: 2800, signal 133095/163933 (executing program)
2025/09/01 10:43:56 fetching corpus: 2850, signal 134090/164798 (executing program)
2025/09/01 10:43:57 fetching corpus: 2900, signal 134727/165538 (executing program)
2025/09/01 10:43:57 fetching corpus: 2950, signal 135877/166472 (executing program)
2025/09/01 10:43:57 fetching corpus: 3000, signal 136674/167287 (executing program)
2025/09/01 10:43:57 fetching corpus: 3050, signal 137698/168075 (executing program)
2025/09/01 10:43:57 fetching corpus: 3100, signal 138438/168790 (executing program)
2025/09/01 10:43:57 fetching corpus: 3150, signal 139126/169517 (executing program)
2025/09/01 10:43:57 fetching corpus: 3200, signal 139776/170155 (executing program)
2025/09/01 10:43:57 fetching corpus: 3250, signal 140429/170890 (executing program)
2025/09/01 10:43:57 fetching corpus: 3300, signal 141040/171548 (executing program)
2025/09/01 10:43:57 fetching corpus: 3350, signal 141691/172178 (executing program)
2025/09/01 10:43:58 fetching corpus: 3400, signal 142126/172755 (executing program)
2025/09/01 10:43:58 fetching corpus: 3450, signal 142749/173351 (executing program)
2025/09/01 10:43:58 fetching corpus: 3500, signal 143069/173844 (executing program)
2025/09/01 10:43:58 fetching corpus: 3550, signal 143548/174392 (executing program)
2025/09/01 10:43:58 fetching corpus: 3600, signal 144547/175022 (executing program)
2025/09/01 10:43:58 fetching corpus: 3650, signal 144940/175512 (executing program)
2025/09/01 10:43:58 fetching corpus: 3700, signal 145663/176076 (executing program)
2025/09/01 10:43:58 fetching corpus: 3750, signal 146557/176611 (executing program)
2025/09/01 10:43:58 fetching corpus: 3800, signal 147068/177092 (executing program)
2025/09/01 10:43:58 fetching corpus: 3850, signal 147688/177570 (executing program)
2025/09/01 10:43:58 fetching corpus: 3900, signal 148210/178014 (executing program)
2025/09/01 10:43:59 fetching corpus: 3950, signal 148811/178526 (executing program)
2025/09/01 10:43:59 fetching corpus: 4000, signal 149232/178944 (executing program)
2025/09/01 10:43:59 fetching corpus: 4050, signal 149593/179351 (executing program)
2025/09/01 10:43:59 fetching corpus: 4100, signal 150465/179803 (executing program)
2025/09/01 10:43:59 fetching corpus: 4150, signal 150763/180171 (executing program)
2025/09/01 10:43:59 fetching corpus: 4200, signal 151337/180529 (executing program)
2025/09/01 10:43:59 fetching corpus: 4250, signal 151771/180920 (executing program)
2025/09/01 10:43:59 fetching corpus: 4300, signal 152144/181282 (executing program)
2025/09/01 10:43:59 fetching corpus: 4350, signal 152820/181652 (executing program)
2025/09/01 10:43:59 fetching corpus: 4400, signal 153433/182024 (executing program)
2025/09/01 10:43:59 fetching corpus: 4450, signal 153953/182297 (executing program)
2025/09/01 10:43:59 fetching corpus: 4500, signal 154520/182298 (executing program)
2025/09/01 10:44:00 fetching corpus: 4550, signal 154957/182304 (executing program)
2025/09/01 10:44:00 fetching corpus: 4600, signal 155321/182307 (executing program)
2025/09/01 10:44:00 fetching corpus: 4650, signal 155962/182337 (executing program)
2025/09/01 10:44:00 fetching corpus: 4700, signal 156515/182340 (executing program)
2025/09/01 10:44:00 fetching corpus: 4750, signal 157054/182344 (executing program)
2025/09/01 10:44:00 fetching corpus: 4799, signal 157427/182349 (executing program)
2025/09/01 10:44:00 fetching corpus: 4849, signal 157784/182353 (executing program)
2025/09/01 10:44:00 fetching corpus: 4899, signal 158109/182357 (executing program)
2025/09/01 10:44:00 fetching corpus: 4949, signal 158643/182430 (executing program)
2025/09/01 10:44:00 fetching corpus: 4999, signal 159140/182434 (executing program)
2025/09/01 10:44:00 fetching corpus: 5049, signal 159569/182498 (executing program)
2025/09/01 10:44:00 fetching corpus: 5099, signal 160225/182541 (executing program)
2025/09/01 10:44:00 fetching corpus: 5149, signal 160616/182545 (executing program)
2025/09/01 10:44:01 fetching corpus: 5199, signal 161457/182560 (executing program)
2025/09/01 10:44:01 fetching corpus: 5249, signal 161812/182563 (executing program)
2025/09/01 10:44:01 fetching corpus: 5299, signal 162168/182574 (executing program)
2025/09/01 10:44:01 fetching corpus: 5349, signal 162519/182583 (executing program)
2025/09/01 10:44:01 fetching corpus: 5399, signal 162986/182610 (executing program)
2025/09/01 10:44:01 fetching corpus: 5449, signal 163527/182736 (executing program)
2025/09/01 10:44:01 fetching corpus: 5499, signal 163934/182737 (executing program)
2025/09/01 10:44:01 fetching corpus: 5549, signal 164260/182754 (executing program)
2025/09/01 10:44:01 fetching corpus: 5599, signal 164719/182755 (executing program)
2025/09/01 10:44:01 fetching corpus: 5649, signal 165152/182796 (executing program)
2025/09/01 10:44:01 fetching corpus: 5699, signal 165507/182805 (executing program)
2025/09/01 10:44:01 fetching corpus: 5749, signal 165914/182811 (executing program)
2025/09/01 10:44:02 fetching corpus: 5799, signal 166173/182814 (executing program)
2025/09/01 10:44:02 fetching corpus: 5849, signal 166710/182844 (executing program)
2025/09/01 10:44:02 fetching corpus: 5899, signal 167046/182856 (executing program)
2025/09/01 10:44:02 fetching corpus: 5949, signal 167393/182865 (executing program)
2025/09/01 10:44:02 fetching corpus: 5999, signal 167729/182868 (executing program)
2025/09/01 10:44:02 fetching corpus: 6049, signal 168015/182868 (executing program)
2025/09/01 10:44:02 fetching corpus: 6099, signal 168398/182872 (executing program)
2025/09/01 10:44:02 fetching corpus: 6149, signal 168911/182884 (executing program)
2025/09/01 10:44:02 fetching corpus: 6199, signal 169409/182920 (executing program)
2025/09/01 10:44:02 fetching corpus: 6249, signal 171026/182964 (executing program)
2025/09/01 10:44:02 fetching corpus: 6299, signal 171580/182964 (executing program)
2025/09/01 10:44:02 fetching corpus: 6349, signal 171975/182992 (executing program)
2025/09/01 10:44:03 fetching corpus: 6399, signal 172301/183047 (executing program)
2025/09/01 10:44:03 fetching corpus: 6449, signal 172638/183068 (executing program)
2025/09/01 10:44:03 fetching corpus: 6499, signal 172950/183068 (executing program)
2025/09/01 10:44:03 fetching corpus: 6549, signal 173280/183102 (executing program)
2025/09/01 10:44:03 fetching corpus: 6599, signal 173689/183126 (executing program)
2025/09/01 10:44:03 fetching corpus: 6649, signal 174029/183126 (executing program)
2025/09/01 10:44:03 fetching corpus: 6699, signal 174688/183128 (executing program)
2025/09/01 10:44:03 fetching corpus: 6749, signal 175549/183143 (executing program)
2025/09/01 10:44:03 fetching corpus: 6799, signal 175810/183145 (executing program)
2025/09/01 10:44:03 fetching corpus: 6849, signal 176299/183157 (executing program)
2025/09/01 10:44:03 fetching corpus: 6899, signal 176631/183161 (executing program)
2025/09/01 10:44:03 fetching corpus: 6949, signal 176915/183161 (executing program)
2025/09/01 10:44:03 fetching corpus: 6999, signal 177139/183163 (executing program)
2025/09/01 10:44:04 fetching corpus: 7049, signal 177447/183184 (executing program)
2025/09/01 10:44:04 fetching corpus: 7099, signal 177723/183190 (executing program)
2025/09/01 10:44:04 fetching corpus: 7149, signal 178099/183204 (executing program)
2025/09/01 10:44:04 fetching corpus: 7199, signal 178395/183245 (executing program)
2025/09/01 10:44:04 fetching corpus: 7249, signal 178710/183293 (executing program)
2025/09/01 10:44:04 fetching corpus: 7299, signal 179072/183356 (executing program)
2025/09/01 10:44:04 fetching corpus: 7349, signal 179351/183365 (executing program)
2025/09/01 10:44:04 fetching corpus: 7399, signal 179684/183365 (executing program)
2025/09/01 10:44:04 fetching corpus: 7449, signal 180079/183365 (executing program)
2025/09/01 10:44:04 fetching corpus: 7499, signal 180219/183370 (executing program)
2025/09/01 10:44:04 fetching corpus: 7542, signal 180508/183381 (executing program)
2025/09/01 10:44:04 fetching corpus: 7542, signal 180508/183381 (executing program)
2025/09/01 10:44:06 starting 8 fuzzer processes
10:44:06 executing program 0:
r0 = shmget$private(0x0, 0x5000, 0x0, &(0x7f0000ffb000/0x5000)=nil)
shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000)
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x17)
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x15)

10:44:06 executing program 7:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/slabinfo\x00', 0x0, 0x0)
lseek(r0, 0x0, 0x0)

10:44:06 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x31004b1, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000740)={0x414001}, 0x18)

[   74.591948] audit: type=1400 audit(1756723446.515:7): avc:  denied  { execmem } for  pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:44:06 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)=0x3)

10:44:06 executing program 5:
r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)

10:44:06 executing program 2:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

10:44:06 executing program 6:
r0 = io_uring_setup(0x1ff, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r0, 0x13, 0x0, 0x0)

10:44:06 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = getpid()
sched_getparam(r0, &(0x7f0000000000))

[   75.691509] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.694445] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.696507] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.703503] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.706352] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   75.813111] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   75.817245] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   75.819245] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   75.823366] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.826460] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   75.876882] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.883314] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.885038] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.890073] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.893911] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.901494] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   75.909399] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   75.914839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   75.919865] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   75.922762] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   76.020718] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   76.033129] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   76.037200] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   76.042665] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   76.044784] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   76.046781] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   76.054945] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   76.057570] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   76.059495] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   76.061202] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   76.065221] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   76.078792] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   76.082419] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   76.087937] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   76.108329] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   76.115257] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   76.118909] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   76.122141] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   76.125048] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   76.193016] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   77.783301] Bluetooth: hci0: command tx timeout
[   77.847845] Bluetooth: hci1: command tx timeout
[   77.910660] Bluetooth: hci2: command tx timeout
[   77.974709] Bluetooth: hci3: command tx timeout
[   78.166874] Bluetooth: hci5: command tx timeout
[   78.167888] Bluetooth: hci4: command tx timeout
[   78.168358] Bluetooth: hci7: command tx timeout
[   78.294671] Bluetooth: hci6: command tx timeout
[   79.832779] Bluetooth: hci0: command tx timeout
[   79.895734] Bluetooth: hci1: command tx timeout
[   79.959960] Bluetooth: hci2: command tx timeout
[   80.022633] Bluetooth: hci3: command tx timeout
[   80.214663] Bluetooth: hci5: command tx timeout
[   80.215104] Bluetooth: hci7: command tx timeout
[   80.215481] Bluetooth: hci4: command tx timeout
[   80.342845] Bluetooth: hci6: command tx timeout
[   81.878687] Bluetooth: hci0: command tx timeout
[   81.942696] Bluetooth: hci1: command tx timeout
[   82.007652] Bluetooth: hci2: command tx timeout
[   82.070630] Bluetooth: hci3: command tx timeout
[   82.262758] Bluetooth: hci5: command tx timeout
[   82.263180] Bluetooth: hci4: command tx timeout
[   82.263568] Bluetooth: hci7: command tx timeout
[   82.391632] Bluetooth: hci6: command tx timeout
[   83.927664] Bluetooth: hci0: command tx timeout
[   83.993622] Bluetooth: hci1: command tx timeout
[   84.054638] Bluetooth: hci2: command tx timeout
[   84.119800] Bluetooth: hci3: command tx timeout
[   84.312649] Bluetooth: hci7: command tx timeout
[   84.313072] Bluetooth: hci4: command tx timeout
[   84.313450] Bluetooth: hci5: command tx timeout
[   84.439806] Bluetooth: hci6: command tx timeout
[  112.860329] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.861079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.027086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.027741] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:44:45 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x28, 0x1, 0x1, 0x5, 0x0, 0x0, {}, [@CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8}]}, @CTA_ZONE={0x6}]}, 0x28}}, 0x0)

10:44:45 executing program 3:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
signalfd(r0, &(0x7f0000000140), 0x8)

10:44:45 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getgroups(0x0, 0x0)

10:44:45 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getgroups(0x0, 0x0)

10:44:45 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getgroups(0x0, 0x0)

10:44:45 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getgroups(0x0, 0x0)

10:44:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getpeername$netlink(r0, &(0x7f0000001480), &(0x7f00000014c0)=0xc)

10:44:46 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000400)=[{&(0x7f0000010000)="200000004000000003000000320000000f000000000000000200000002000000008000000080000020000000d4f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b000000000100002802", 0x5e, 0x400}, {&(0x7f0000000140)="000000010000ff0100000000c000000000000000000000000000000000200020000100000000000000000000000000e6ff000100000000000035000000000000290a3cec9261b04e71b9e15d91e733f9bf294a54e3e10ea085b1550537e9fe24b5890309d5ae6fd912e1b55256d31172e146607776eac4e3e5264d68e294510601c8f51c72c6d382b9ddafaaddbc2ef5889b5b7e2c91d71f2bd37c42f274529699ca91ad99a424be301d0ff9ce9cc39219f954a98491e4969ee4c1ca4c2b44987ea4fc2d8b5c4a3b9670b73a15b84135e24e2067a37dce281d27be9b7cc147a53c6485d41f7316f8209ffbc1db9d7eba82673ca5c4b282af3302d36a13e4ac69602399f4b9ca3634a4b7232c9f", 0x10d, 0x540}, {&(0x7f0000010300)="02000000030000000400000032000f000300040000000000000000000f002f7c", 0x20, 0x1000}, {&(0x7f0000012500)="ed41000000100000d4f4655fd4f4655fd4f4655f000000000000040008", 0x1d, 0x4100}], 0x0, &(0x7f0000013800))

[  114.306564] loop3: detected capacity change from 0 to 512
[  114.323473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.324190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.339262] EXT4-fs (loop3): failed to parse options in superblock: ~¤ü-‹\J;–p·:¸A5âN g£}Î('¾›|ÁG¥<d…Ôsø ŸûÁÛ�~º‚g<¥Ä²‚¯3Ójä¬i
[  114.360550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.442241] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.501082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.501762] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.592114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.592775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.695329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.696547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.830188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.830835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.013618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.014240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.241263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.242058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.341616] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.342230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.443904] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.444524] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.520455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.521686] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.300297] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.301014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.331068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.333123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.406068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.407162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.442928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.443497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:44:48 executing program 0:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

10:44:48 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x31004b1, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000740)={0x414001}, 0x18)

10:44:48 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/protocols\x00')
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
read$rfkill(r0, &(0x7f0000000240), 0x80000)

10:44:48 executing program 7:
syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='system.posix_acl_access\x00', &(0x7f00000049c0), 0x24, 0x0)
lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=@known='system.posix_acl_access\x00', 0x0, 0x2)

10:44:48 executing program 2:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

10:44:48 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)=0x3)

10:44:48 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000400)=[{&(0x7f0000010000)="200000004000000003000000320000000f000000000000000200000002000000008000000080000020000000d4f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b000000000100002802", 0x5e, 0x400}, {&(0x7f0000000140)="000000010000ff0100000000c000000000000000000000000000000000200020000100000000000000000000000000e6ff000100000000000035000000000000290a3cec9261b04e71b9e15d91e733f9bf294a54e3e10ea085b1550537e9fe24b5890309d5ae6fd912e1b55256d31172e146607776eac4e3e5264d68e294510601c8f51c72c6d382b9ddafaaddbc2ef5889b5b7e2c91d71f2bd37c42f274529699ca91ad99a424be301d0ff9ce9cc39219f954a98491e4969ee4c1ca4c2b44987ea4fc2d8b5c4a3b9670b73a15b84135e24e2067a37dce281d27be9b7cc147a53c6485d41f7316f8209ffbc1db9d7eba82673ca5c4b282af3302d36a13e4ac69602399f4b9ca3634a4b7232c9f", 0x10d, 0x540}, {&(0x7f0000010300)="02000000030000000400000032000f000300040000000000000000000f002f7c", 0x20, 0x1000}, {&(0x7f0000012500)="ed41000000100000d4f4655fd4f4655fd4f4655f000000000000040008", 0x1d, 0x4100}], 0x0, &(0x7f0000013800))

10:44:48 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x31004b1, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000740)={0x414001}, 0x18)

[  116.632703] audit: type=1400 audit(1756723488.554:8): avc:  denied  { open } for  pid=3918 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  116.643436] loop3: detected capacity change from 0 to 512
[  116.644023] audit: type=1400 audit(1756723488.554:9): avc:  denied  { kernel } for  pid=3918 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  116.666153] EXT4-fs (loop3): failed to parse options in superblock: ~¤ü-‹\J;–p·:¸A5âN g£}Î('¾›|ÁG¥<d…Ôsø ŸûÁÛ�~º‚g<¥Ä²‚¯3Ójä¬i
[  116.688435] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.782652] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
10:44:48 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)=0x3)

10:44:48 executing program 2:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

10:44:48 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000400)=[{&(0x7f0000010000)="200000004000000003000000320000000f000000000000000200000002000000008000000080000020000000d4f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b000000000100002802", 0x5e, 0x400}, {&(0x7f0000000140)="000000010000ff0100000000c000000000000000000000000000000000200020000100000000000000000000000000e6ff000100000000000035000000000000290a3cec9261b04e71b9e15d91e733f9bf294a54e3e10ea085b1550537e9fe24b5890309d5ae6fd912e1b55256d31172e146607776eac4e3e5264d68e294510601c8f51c72c6d382b9ddafaaddbc2ef5889b5b7e2c91d71f2bd37c42f274529699ca91ad99a424be301d0ff9ce9cc39219f954a98491e4969ee4c1ca4c2b44987ea4fc2d8b5c4a3b9670b73a15b84135e24e2067a37dce281d27be9b7cc147a53c6485d41f7316f8209ffbc1db9d7eba82673ca5c4b282af3302d36a13e4ac69602399f4b9ca3634a4b7232c9f", 0x10d, 0x540}, {&(0x7f0000010300)="02000000030000000400000032000f000300040000000000000000000f002f7c", 0x20, 0x1000}, {&(0x7f0000012500)="ed41000000100000d4f4655fd4f4655fd4f4655f000000000000040008", 0x1d, 0x4100}], 0x0, &(0x7f0000013800))

10:44:48 executing program 7:
syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='system.posix_acl_access\x00', &(0x7f00000049c0), 0x24, 0x0)
lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=@known='system.posix_acl_access\x00', 0x0, 0x2)

10:44:48 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 1:
syz_mount_image$iso9660(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x31004b1, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000740)={0x414001}, 0x18)

10:44:48 executing program 0:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

[  116.855118] loop3: detected capacity change from 0 to 512
[  116.864343] EXT4-fs (loop3): failed to parse options in superblock: ~¤ü-‹\J;–p·:¸A5âN g£}Î('¾›|ÁG¥<d…Ôsø ŸûÁÛ�~º‚g<¥Ä²‚¯3Ójä¬i
10:44:48 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000140)=0x3)

[  116.883293] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.964350] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
10:44:48 executing program 1:
clock_gettime(0x3, &(0x7f0000000380))

10:44:48 executing program 7:
syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='system.posix_acl_access\x00', &(0x7f00000049c0), 0x24, 0x0)
lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=@known='system.posix_acl_access\x00', 0x0, 0x2)

10:44:48 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 2:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

10:44:48 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:48 executing program 0:
r0 = syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))
mknodat$loop(r0, &(0x7f0000000000)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000003780)='./file0\x00', r0, &(0x7f0000003740)='./file0\x00')
linkat(r0, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file1\x00', 0x0)
unlinkat(r0, &(0x7f0000000200)='./file0\x00', 0x0)

10:44:48 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000400)=[{&(0x7f0000010000)="200000004000000003000000320000000f000000000000000200000002000000008000000080000020000000d4f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b000000000100002802", 0x5e, 0x400}, {&(0x7f0000000140)="000000010000ff0100000000c000000000000000000000000000000000200020000100000000000000000000000000e6ff000100000000000035000000000000290a3cec9261b04e71b9e15d91e733f9bf294a54e3e10ea085b1550537e9fe24b5890309d5ae6fd912e1b55256d31172e146607776eac4e3e5264d68e294510601c8f51c72c6d382b9ddafaaddbc2ef5889b5b7e2c91d71f2bd37c42f274529699ca91ad99a424be301d0ff9ce9cc39219f954a98491e4969ee4c1ca4c2b44987ea4fc2d8b5c4a3b9670b73a15b84135e24e2067a37dce281d27be9b7cc147a53c6485d41f7316f8209ffbc1db9d7eba82673ca5c4b282af3302d36a13e4ac69602399f4b9ca3634a4b7232c9f", 0x10d, 0x540}, {&(0x7f0000010300)="02000000030000000400000032000f000300040000000000000000000f002f7c", 0x20, 0x1000}, {&(0x7f0000012500)="ed41000000100000d4f4655fd4f4655fd4f4655f000000000000040008", 0x1d, 0x4100}], 0x0, &(0x7f0000013800))

[  117.051407] loop3: detected capacity change from 0 to 512
10:44:48 executing program 1:
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x18, 0x0, 0x0, @local, @remote, {[@hopopts={0x0, 0x1, '\x00', [@enc_lim, @pad1, @enc_lim]}]}}}}}, 0x0)

[  117.058865] EXT4-fs (loop3): failed to parse options in superblock: ~¤ü-‹\J;–p·:¸A5âN g£}Î('¾›|ÁG¥<d…Ôsø ŸûÁÛ�~º‚g<¥Ä²‚¯3Ójä¬i
[  117.072069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
10:44:48 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000000), 0xfffffffffffffeba)

10:44:49 executing program 6:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

10:44:49 executing program 7:
syz_mount_image$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='system.posix_acl_access\x00', &(0x7f00000049c0), 0x24, 0x0)
lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=@known='system.posix_acl_access\x00', 0x0, 0x2)

10:44:49 executing program 5:
r0 = msgget(0x0, 0x0)
msgsnd(r0, &(0x7f0000001080)={0x1}, 0x8, 0x0)

[  117.120415] ------------[ cut here ]------------
[  117.120876] WARNING: fs/namespace.c:1375 at cleanup_mnt+0x33f/0x430, CPU#1: syz-executor.2/280
[  117.121667] Modules linked in:
[  117.122032] CPU: 1 UID: 0 PID: 280 Comm: syz-executor.2 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.126604] Tainted: [W]=WARN
[  117.126867] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.127531] RIP: 0010:cleanup_mnt+0x33f/0x430
[  117.127937] Code: c7 20 49 d1 85 e8 41 b3 fa 02 49 8d 7d 40 5b 48 c7 c6 d0 fa be 81 5d 41 5c 41 5d 41 5e 41 5f e9 97 9a 9c ff e8 f2 3c b4 ff 90 <0f> 0b 90 e9 e6 fc ff ff e8 e4 3c b4 ff 4c 89 ef e8 6c d7 06 00 e9
[  117.129435] RSP: 0018:ffff888016427e20 EFLAGS: 00010293
[  117.129933] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81bfb6a5
[  117.130513] RDX: ffff888019a9d280 RSI: ffffffff81bfb9be RDI: 0000000000000005
[  117.131113] RBP: ffff888019a9e6f0 R08: 0000000000000001 R09: 0000000000000001
[  117.131715] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888019a9db58
[  117.132292] R13: ffff888020102e00 R14: 0000000000000001 R15: ffff888020102e40
[  117.132902] FS:  000055556317a400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  117.133561] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.134076] CR2: 0000555563183c58 CR3: 000000003c079000 CR4: 0000000000350ef0
[  117.134687] Call Trace:
[  117.134905]  <TASK>
[  117.135099]  task_work_run+0x172/0x280
[  117.135424]  ? __pfx_task_work_run+0x10/0x10
[  117.135816]  ? __x64_sys_umount+0x114/0x190
[  117.136174]  ? __pfx___x64_sys_umount+0x10/0x10
[  117.136557]  exit_to_user_mode_loop+0xef/0x110
[  117.136968]  do_syscall_64+0x2f7/0x360
[  117.137295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.137768] RIP: 0033:0x7fbd0103df87
[  117.138079] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.139569] RSP: 002b:00007ffc657ab108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  117.140204] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00007fbd0103df87
[  117.140814] RDX: 00007ffc657ab1d9 RSI: 000000000000000a RDI: 00007ffc657ab1d0
[  117.141402] RBP: 00007ffc657ab1d0 R08: 00000000ffffffff R09: 00007ffc657aafa0
[  117.142029] R10: 000055556317bc7b R11: 0000000000000246 R12: 00007fbd01096105
[  117.142641] R13: 00007ffc657ac290 R14: 000055556317bc20 R15: 00007ffc657ac2d0
[  117.143229]  </TASK>
[  117.143424] irq event stamp: 154221
[  117.143744] hardirqs last  enabled at (154231): [<ffffffff81541b18>] __up_console_sem+0x78/0x80
[  117.144454] hardirqs last disabled at (154238): [<ffffffff81541afd>] __up_console_sem+0x5d/0x80
[  117.145190] softirqs last  enabled at (153926): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
[  117.145956] softirqs last disabled at (153911): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
[  117.146689] ---[ end trace 0000000000000000 ]---
[  117.164154] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
10:44:49 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

[  117.183187] kmemleak: Found object by alias at 0x607f1a63ed54
[  117.183204] CPU: 1 UID: 0 PID: 3975 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.183222] Tainted: [W]=WARN
[  117.183226] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.183234] Call Trace:
[  117.183238]  <TASK>
[  117.183242]  dump_stack_lvl+0xca/0x120
[  117.183270]  __lookup_object+0x94/0xb0
[  117.183287]  delete_object_full+0x27/0x70
[  117.183304]  free_percpu+0x30/0x1160
[  117.183321]  ? arch_uprobe_clear_state+0x16/0x140
[  117.183341]  futex_hash_free+0x38/0xc0
[  117.183356]  mmput+0x2d3/0x390
[  117.183375]  do_exit+0x79d/0x2970
[  117.183389]  ? lock_release+0xc8/0x290
[  117.183406]  ? __pfx_do_exit+0x10/0x10
[  117.183420]  ? find_held_lock+0x2b/0x80
[  117.183438]  ? get_signal+0x835/0x2340
[  117.183458]  do_group_exit+0xd3/0x2a0
[  117.183474]  get_signal+0x2315/0x2340
[  117.183497]  ? __pfx_get_signal+0x10/0x10
[  117.183513]  ? do_futex+0x135/0x370
[  117.183527]  ? __pfx_do_futex+0x10/0x10
[  117.183543]  arch_do_signal_or_restart+0x80/0x790
[  117.183561]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  117.183582]  ? __x64_sys_futex+0x1c9/0x4d0
[  117.183595]  ? __x64_sys_futex+0x1d2/0x4d0
[  117.183611]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.183625]  ? __sys_setsockopt+0x13f/0x1a0
[  117.183647]  exit_to_user_mode_loop+0x8b/0x110
[  117.183661]  do_syscall_64+0x2f7/0x360
[  117.183674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.183686] RIP: 0033:0x7fb1509e0b19
[  117.183695] Code: Unable to access opcode bytes at 0x7fb1509e0aef.
[  117.183701] RSP: 002b:00007fb14df56218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.183712] RAX: fffffffffffffe00 RBX: 00007fb150af3f68 RCX: 00007fb1509e0b19
[  117.183720] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb150af3f68
[  117.183727] RBP: 00007fb150af3f60 R08: 0000000000000000 R09: 0000000000000000
[  117.183735] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb150af3f6c
[  117.183742] R13: 00007fffaf87237f R14: 00007fb14df56300 R15: 0000000000022000
[  117.183757]  </TASK>
[  117.183761] kmemleak: Object (percpu) 0x607f1a63ed50 (size 8):
[  117.183768] kmemleak:   comm "syz-executor.6", pid 3981, jiffies 4294783972
[  117.183775] kmemleak:   min_count = 1
[  117.183779] kmemleak:   count = 0
[  117.183783] kmemleak:   flags = 0x21
[  117.183787] kmemleak:   checksum = 0
[  117.183791] kmemleak:   backtrace:
[  117.183795]  pcpu_alloc_noprof+0x87a/0x1170
[  117.183811]  perf_trace_event_init+0x366/0xa10
[  117.183825]  perf_trace_init+0x1a4/0x2f0
[  117.183837]  perf_tp_event_init+0xa6/0x120
[  117.183853]  perf_try_init_event+0x140/0x9f0
[  117.183867]  perf_event_alloc.part.0+0x118e/0x45f0
[  117.183884]  __do_sys_perf_event_open+0x719/0x2c20
[  117.183898]  do_syscall_64+0xbf/0x360
[  117.183907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
10:44:49 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

10:44:49 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

10:44:49 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x24040841, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)
bind$inet(r0, &(0x7f0000001400)={0x2, 0x0, @loopback}, 0x10)

10:44:49 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
recvmmsg(r0, &(0x7f0000001a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2002, 0x0)

10:44:49 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

10:44:49 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

10:44:49 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xf, r0, 0x0, 0x0)

10:44:49 executing program 4:
keyctl$join(0x1, 0x0)
keyctl$join(0x12, 0x0)

[  117.367514] kmemleak: Found object by alias at 0x607f1a63ed54
[  117.367535] CPU: 1 UID: 0 PID: 4000 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.367553] Tainted: [W]=WARN
[  117.367557] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.367564] Call Trace:
[  117.367569]  <TASK>
[  117.367574]  dump_stack_lvl+0xca/0x120
[  117.367608]  __lookup_object+0x94/0xb0
[  117.367627]  delete_object_full+0x27/0x70
[  117.367644]  free_percpu+0x30/0x1160
[  117.367661]  ? arch_uprobe_clear_state+0x16/0x140
[  117.367682]  futex_hash_free+0x38/0xc0
[  117.367697]  mmput+0x2d3/0x390
[  117.367717]  do_exit+0x79d/0x2970
[  117.367736]  ? __pfx_do_exit+0x10/0x10
[  117.367751]  ? find_held_lock+0x2b/0x80
[  117.367770]  ? get_signal+0x835/0x2340
[  117.367791]  do_group_exit+0xd3/0x2a0
[  117.367807]  get_signal+0x2315/0x2340
[  117.367825]  ? put_task_stack+0xd2/0x240
[  117.367841]  ? __pfx_get_signal+0x10/0x10
[  117.367858]  ? __schedule+0xe91/0x3590
[  117.367881]  arch_do_signal_or_restart+0x80/0x790
[  117.367899]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  117.367916]  ? __x64_sys_futex+0x1c9/0x4d0
[  117.367929]  ? __x64_sys_futex+0x1d2/0x4d0
[  117.367945]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.367965]  exit_to_user_mode_loop+0x8b/0x110
[  117.367979]  do_syscall_64+0x2f7/0x360
[  117.367993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.368005] RIP: 0033:0x7fb1509e0b19
[  117.368014] Code: Unable to access opcode bytes at 0x7fb1509e0aef.
[  117.368019] RSP: 002b:00007fb14df56218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.368031] RAX: 0000000000000001 RBX: 00007fb150af3f68 RCX: 00007fb1509e0b19
[  117.368039] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb150af3f6c
[  117.368047] RBP: 00007fb150af3f60 R08: 000000000000000e R09: 0000000000000000
[  117.368054] R10: 00000000064a0d85 R11: 0000000000000246 R12: 00007fb150af3f6c
[  117.368061] R13: 00007fffaf87237f R14: 00007fb14df56300 R15: 0000000000022000
[  117.368079]  </TASK>
[  117.368083] kmemleak: Object (percpu) 0x607f1a63ed50 (size 8):
[  117.368089] kmemleak:   comm "syz-executor.2", pid 4001, jiffies 4294784156
[  117.368097] kmemleak:   min_count = 1
[  117.368101] kmemleak:   count = 0
[  117.368105] kmemleak:   flags = 0x21
[  117.368108] kmemleak:   checksum = 0
[  117.368112] kmemleak:   backtrace:
[  117.368116]  pcpu_alloc_noprof+0x87a/0x1170
[  117.368132]  perf_trace_event_init+0x366/0xa10
[  117.368146]  perf_trace_init+0x1a4/0x2f0
[  117.368159]  perf_tp_event_init+0xa6/0x120
[  117.368175]  perf_try_init_event+0x140/0x9f0
[  117.368189]  perf_event_alloc.part.0+0x118e/0x45f0
[  117.368206]  __do_sys_perf_event_open+0x719/0x2c20
[  117.368219]  do_syscall_64+0xbf/0x360
[  117.368229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
10:44:49 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

10:44:49 executing program 0:
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x8864, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0)

10:44:49 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000fc0)=0xffffffffffffffff)
sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1d", 0x1}], 0x1}, 0x40011)

10:44:49 executing program 3:
syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0xb, 0x0, 0x0, 0x2000, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0)

10:44:49 executing program 6:
utime(0x0, 0xffffffffffffffff)

10:44:49 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000032840)='net/sockstat6\x00')
preadv(r0, &(0x7f00000321c0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1, 0xc2, 0x0)

10:44:49 executing program 4:
keyctl$join(0x1, 0x0)
keyctl$join(0x12, 0x0)

10:44:49 executing program 0:
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xffe6, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)

10:44:49 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xf, r0, 0x0, 0x0)

10:44:49 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000032840)='net/sockstat6\x00')
preadv(r0, &(0x7f00000321c0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1, 0xc2, 0x0)

10:44:49 executing program 3:
syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0xb, 0x0, 0x0, 0x2000, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0)

10:44:49 executing program 6:
utime(0x0, 0xffffffffffffffff)

10:44:49 executing program 1:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x6)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040))
close_range(r0, 0xffffffffffffffff, 0x0)

10:44:49 executing program 4:
keyctl$join(0x1, 0x0)
keyctl$join(0x12, 0x0)

10:44:49 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
getdents64(r0, &(0x7f0000000080)=""/127, 0x7f)

10:44:49 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000032840)='net/sockstat6\x00')
preadv(r0, &(0x7f00000321c0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1, 0xc2, 0x0)

10:44:49 executing program 6:
utime(0x0, 0xffffffffffffffff)

10:44:49 executing program 3:
syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0xb, 0x0, 0x0, 0x2000, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0)

10:44:49 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x13, 0x0, 0x0)

[  117.623453] kmemleak: Found object by alias at 0x607f1a63ed54
[  117.623474] CPU: 1 UID: 0 PID: 4031 Comm: syz-executor.4 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.623493] Tainted: [W]=WARN
[  117.623497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.623504] Call Trace:
[  117.623508]  <TASK>
[  117.623513]  dump_stack_lvl+0xca/0x120
[  117.623538]  __lookup_object+0x94/0xb0
[  117.623556]  delete_object_full+0x27/0x70
[  117.623573]  free_percpu+0x30/0x1160
[  117.623593]  ? arch_uprobe_clear_state+0x16/0x140
[  117.623614]  futex_hash_free+0x38/0xc0
[  117.623628]  mmput+0x2d3/0x390
[  117.623647]  do_exit+0x79d/0x2970
[  117.623661]  ? lock_release+0xc8/0x290
[  117.623678]  ? __pfx_do_exit+0x10/0x10
[  117.623693]  ? find_held_lock+0x2b/0x80
[  117.623710]  ? get_signal+0x835/0x2340
[  117.623731]  do_group_exit+0xd3/0x2a0
[  117.623745]  get_signal+0x2315/0x2340
[  117.623765]  ? __virt_addr_valid+0x2e8/0x5d0
[  117.623787]  ? __pfx_get_signal+0x10/0x10
[  117.623803]  ? do_futex+0x135/0x370
[  117.623817]  ? __pfx_do_futex+0x10/0x10
[  117.623829]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  117.623846]  arch_do_signal_or_restart+0x80/0x790
[  117.623865]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  117.623882]  ? __x64_sys_futex+0x1c9/0x4d0
[  117.623894]  ? __x64_sys_futex+0x1d2/0x4d0
[  117.623909]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.623923]  ? keyctl_session_to_parent+0x3c5/0xb30
[  117.623940]  exit_to_user_mode_loop+0x8b/0x110
[  117.623953]  do_syscall_64+0x2f7/0x360
[  117.623966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.623978] RIP: 0033:0x7fb1509e0b19
[  117.623989] Code: Unable to access opcode bytes at 0x7fb1509e0aef.
[  117.623995] RSP: 002b:00007fb14df56218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.624008] RAX: fffffffffffffe00 RBX: 00007fb150af3f68 RCX: 00007fb1509e0b19
[  117.624017] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb150af3f68
[  117.624023] RBP: 00007fb150af3f60 R08: 0000000000000000 R09: 0000000000000000
[  117.624030] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb150af3f6c
[  117.624037] R13: 00007fffaf87237f R14: 00007fb14df56300 R15: 0000000000022000
[  117.624053]  </TASK>
[  117.624057] kmemleak: Object (percpu) 0x607f1a63ed50 (size 8):
[  117.624063] kmemleak:   comm "syz-executor.1", pid 4027, jiffies 4294784362
[  117.624071] kmemleak:   min_count = 1
[  117.624075] kmemleak:   count = 0
[  117.624078] kmemleak:   flags = 0x21
[  117.624082] kmemleak:   checksum = 0
[  117.624086] kmemleak:   backtrace:
[  117.624090]  pcpu_alloc_noprof+0x87a/0x1170
[  117.624105]  perf_trace_event_init+0x366/0xa10
[  117.624119]  perf_trace_init+0x1a4/0x2f0
[  117.624131]  perf_tp_event_init+0xa6/0x120
[  117.624148]  perf_try_init_event+0x140/0x9f0
[  117.624162]  perf_event_alloc.part.0+0x118e/0x45f0
[  117.624179]  __do_sys_perf_event_open+0x719/0x2c20
[  117.624193]  do_syscall_64+0xbf/0x360
[  117.624202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
10:44:49 executing program 2:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xf, r0, 0x0, 0x0)

10:44:49 executing program 6:
utime(0x0, 0xffffffffffffffff)

10:44:49 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000980)='fdinfo/3\x00')
pread64(r0, &(0x7f0000000040)=""/156, 0x9c, 0x0)

10:44:49 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000032840)='net/sockstat6\x00')
preadv(r0, &(0x7f00000321c0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1, 0xc2, 0x0)

10:44:49 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
getdents64(r0, &(0x7f0000000080)=""/127, 0x7f)

10:44:49 executing program 4:
keyctl$join(0x1, 0x0)
keyctl$join(0x12, 0x0)

10:44:49 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x13, 0x0, 0x0)

10:44:49 executing program 3:
syz_emit_ethernet(0x82, &(0x7f00000000c0)={@local, @empty, @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0xb, 0x0, 0x0, 0x2000, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @dev, @loopback, {[@cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "ba4906dca0ac3f21ee4d"}, {0x0, 0xa, "0b1bb9011e61db13"}, {0x0, 0xe, "9fb8dedc4ea32f0be3c4157e"}, {0x0, 0x6, "3f70cd62"}, {0x0, 0xd, "20126d234d2862265a340c"}]}]}}}}}}}, 0x0)

[  117.769179] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  117.770128] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  117.770742] CPU: 0 UID: 0 PID: 4049 Comm: syz-executor.5 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.771701] Tainted: [W]=WARN
[  117.771957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.772607] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.772994] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.774431] RSP: 0018:ffff888047187800 EFLAGS: 00010212
[  117.774857] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000be68000
[  117.775418] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  117.775982] RBP: ffff888047187a70 R08: ffff88806ce31340 R09: ffffe8ffffc16d50
[  117.776538] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  117.777097] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  117.777666] FS:  00007f0e45798700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.778301] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.778759] CR2: 00007fbd01150018 CR3: 000000000f016000 CR4: 0000000000350ef0
[  117.779326] Call Trace:
[  117.779536]  <TASK>
[  117.779721]  ? __mutex_add_waiter+0x202/0x220
[  117.780092]  ? __pfx_perf_tp_event+0x10/0x10
[  117.780452]  ? find_held_lock+0x2b/0x80
[  117.780786]  ? __is_insn_slot_addr+0x136/0x290
[  117.781162]  ? lock_release+0xc8/0x290
[  117.781480]  ? __is_insn_slot_addr+0x140/0x290
[  117.781863]  ? kernel_text_address+0x5b/0xc0
[  117.782219]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  117.782671]  ? __kernel_text_address+0xd/0x40
[  117.783050]  ? unwind_get_return_address+0x59/0xa0
[  117.783451]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  117.783881]  ? arch_stack_walk+0x9c/0xf0
[  117.784229]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.784632]  perf_trace_run_bpf_submit+0xef/0x180
[  117.785023]  perf_trace_lock+0x337/0x5d0
[  117.785352]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.785733]  ? lock_acquire+0x15e/0x2f0
[  117.786052]  ? futex_ref_get+0x48/0x300
[  117.786372]  ? futex_ref_get+0x114/0x300
[  117.786704]  ? futex_hash+0x15c/0x390
[  117.787010]  lock_release+0x1ab/0x290
[  117.787321]  ? futex_hash+0x15c/0x390
[  117.787630]  futex_ref_get+0x119/0x300
[  117.787942]  ? futex_hash+0x15c/0x390
[  117.788249]  futex_hash+0x70/0x390
[  117.788539]  futex_wake+0x143/0x540
[  117.788842]  ? __pfx_futex_wake+0x10/0x10
[  117.789179]  ? kmem_cache_free+0x2a1/0x540
[  117.789517]  ? fd_install+0x1d8/0x660
[  117.789838]  ? putname.part.0+0x11b/0x160
[  117.790180]  do_futex+0x26d/0x370
[  117.790467]  ? __pfx_do_futex+0x10/0x10
[  117.790790]  ? __pfx___schedule+0x10/0x10
[  117.791130]  __x64_sys_futex+0x1c9/0x4d0
[  117.791459]  ? __x64_sys_openat+0x142/0x200
[  117.791812]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.792186]  do_syscall_64+0xbf/0x360
[  117.792496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.792906] RIP: 0033:0x7f0e48222b19
[  117.793202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.794634] RSP: 002b:00007f0e45798218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.795233] RAX: ffffffffffffffda RBX: 00007f0e48335f68 RCX: 00007f0e48222b19
[  117.795802] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0e48335f6c
[  117.796362] RBP: 00007f0e48335f60 R08: 0000000000000015 R09: 0000000000000000
[  117.796924] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f0e48335f6c
[  117.797487] R13: 00007ffe1289abaf R14: 00007f0e45798300 R15: 0000000000022000
[  117.798069]  </TASK>
[  117.798258] Modules linked in:
[  117.798541] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  117.799403] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  117.799993] CPU: 0 UID: 0 PID: 4049 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  117.800922] Tainted: [D]=DIE, [W]=WARN
[  117.801227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  117.801906] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.802281] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.803695] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012
[  117.804113] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  117.804679] RDX: ffff888047128000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  117.805236] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16d50
[  117.805803] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000
[  117.806361] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000
[  117.806920] FS:  00007f0e45798700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.807552] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.808011] CR2: 00007fbd01150018 CR3: 000000000f016000 CR4: 0000000000350ef0
[  117.808567] Call Trace:
[  117.808776]  <IRQ>
[  117.808958]  ? __pfx_perf_tp_event+0x10/0x10
[  117.809317]  ? perf_trace_lock+0xb5/0x5d0
[  117.809664]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.810031]  ? trace_softirq_raise+0xbe/0x100
[  117.810402]  ? lock_acquire+0x15e/0x2f0
[  117.810722]  ? select_task_rq_fair+0x2b6/0x38b0
[  117.811095]  ? find_held_lock+0x2b/0x80
[  117.811418]  ? select_task_rq_fair+0x48c/0x38b0
[  117.811793]  ? perf_trace_lock+0xb5/0x5d0
[  117.812124]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.812489]  ? __smp_call_single_queue+0x15b/0x2f0
[  117.812884]  ? __pfx___smp_call_single_queue+0x10/0x10
[  117.813306]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.813720]  perf_trace_run_bpf_submit+0xef/0x180
[  117.814109]  perf_trace_lock+0x337/0x5d0
[  117.814436]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.814808]  ? mark_held_locks+0x49/0x80
[  117.815133]  ? hrtimer_interrupt+0x114/0x830
[  117.815482]  lock_release+0x1ab/0x290
[  117.815798]  ktime_get_update_offsets_now+0xab/0x3c0
[  117.816203]  ? hrtimer_interrupt+0x114/0x830
[  117.816561]  ? __pfx_rcu_core+0x10/0x10
[  117.816887]  hrtimer_interrupt+0x114/0x830
[  117.817223]  ? __local_bh_enable+0x7b/0x90
[  117.817582]  ? handle_softirqs+0x50c/0x770
[  117.817926]  __sysvec_apic_timer_interrupt+0xbb/0x330
[  117.818341]  sysvec_apic_timer_interrupt+0x6b/0x80
[  117.818738]  </IRQ>
[  117.818921]  <TASK>
[  117.819109]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  117.819528] RIP: 0010:oops_exit+0x0/0x50
[  117.819860] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57
[  117.821280] RSP: 0018:ffff888047187690 EFLAGS: 00000202
[  117.821711] RAX: 000000000002afc7 RBX: 0000000000000212 RCX: ffffc9000be68000
[  117.822266] RDX: 0000000000040000 RSI: ffffffff812a3dca RDI: 0000000000000007
[  117.822821] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690
[  117.823383] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888047187758
[  117.823941] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  117.824504]  ? oops_end+0x4a/0xe0
[  117.824797]  oops_end+0x65/0xe0
[  117.825076]  exc_general_protection+0x1a2/0x330
[  117.825455]  asm_exc_general_protection+0x26/0x30
[  117.825845] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.826229] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.827670] RSP: 0018:ffff888047187800 EFLAGS: 00010212
[  117.828090] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000be68000
[  117.828649] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  117.829207] RBP: ffff888047187a70 R08: ffff88806ce31340 R09: ffffe8ffffc16d50
[  117.829779] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  117.830337] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  117.830906]  ? perf_tp_event+0x167/0xe70
[  117.831235]  ? __mutex_add_waiter+0x202/0x220
[  117.831604]  ? __pfx_perf_tp_event+0x10/0x10
[  117.831965]  ? find_held_lock+0x2b/0x80
[  117.832302]  ? __is_insn_slot_addr+0x136/0x290
[  117.832682]  ? lock_release+0xc8/0x290
[  117.832998]  ? __is_insn_slot_addr+0x140/0x290
[  117.833373]  ? kernel_text_address+0x5b/0xc0
[  117.833743]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  117.834175]  ? __kernel_text_address+0xd/0x40
[  117.834540]  ? unwind_get_return_address+0x59/0xa0
[  117.834940]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  117.835372]  ? arch_stack_walk+0x9c/0xf0
[  117.835709]  ? perf_trace_run_bpf_submit+0xef/0x180
[  117.836109]  perf_trace_run_bpf_submit+0xef/0x180
[  117.836492]  perf_trace_lock+0x337/0x5d0
[  117.836834]  ? __pfx_perf_trace_lock+0x10/0x10
[  117.837204]  ? lock_acquire+0x15e/0x2f0
[  117.837525]  ? futex_ref_get+0x48/0x300
[  117.837855]  ? futex_ref_get+0x114/0x300
[  117.838176]  ? futex_hash+0x15c/0x390
[  117.838485]  lock_release+0x1ab/0x290
[  117.838796]  ? futex_hash+0x15c/0x390
[  117.839105]  futex_ref_get+0x119/0x300
[  117.839421]  ? futex_hash+0x15c/0x390
[  117.839725]  futex_hash+0x70/0x390
[  117.840016]  futex_wake+0x143/0x540
[  117.840312]  ? __pfx_futex_wake+0x10/0x10
[  117.840652]  ? kmem_cache_free+0x2a1/0x540
[  117.840986]  ? fd_install+0x1d8/0x660
[  117.841288]  ? putname.part.0+0x11b/0x160
[  117.841637]  do_futex+0x26d/0x370
[  117.841922]  ? __pfx_do_futex+0x10/0x10
[  117.842242]  ? __pfx___schedule+0x10/0x10
[  117.842579]  __x64_sys_futex+0x1c9/0x4d0
[  117.842911]  ? __x64_sys_openat+0x142/0x200
[  117.843272]  ? __pfx___x64_sys_futex+0x10/0x10
[  117.843647]  do_syscall_64+0xbf/0x360
[  117.843954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.844371] RIP: 0033:0x7f0e48222b19
[  117.844672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  117.846123] RSP: 002b:00007f0e45798218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  117.846728] RAX: ffffffffffffffda RBX: 00007f0e48335f68 RCX: 00007f0e48222b19
[  117.847290] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0e48335f6c
[  117.847849] RBP: 00007f0e48335f60 R08: 0000000000000015 R09: 0000000000000000
[  117.848404] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f0e48335f6c
[  117.848981] R13: 00007ffe1289abaf R14: 00007f0e45798300 R15: 0000000000022000
[  117.849563]  </TASK>
[  117.849758] Modules linked in:
[  117.850019] ---[ end trace 0000000000000000 ]---
[  117.850388] RIP: 0010:perf_tp_event+0x175/0xe70
[  117.850769] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  117.852191] RSP: 0018:ffff888047187800 EFLAGS: 00010212
[  117.852612] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc9000be68000
[  117.853172] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  117.853742] RBP: ffff888047187a70 R08: ffff88806ce31340 R09: ffffe8ffffc16d50
[  117.854300] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  117.854852] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000
[  117.855418] FS:  00007f0e45798700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[  117.856053] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.856507] CR2: 00007fbd01150018 CR3: 000000000f016000 CR4: 0000000000350ef0
[  117.857071] Kernel panic - not syncing: Fatal exception in interrupt
[  117.857780] Kernel Offset: disabled
[  117.858067] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
10:44:49  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88800c8e0280 RCX=ffffffff81a023ce RDX=ffff888019978000
RSI=0000000000000000 RDI=ffff88800c8e0280 RBP=ffff88800c8e0280 RSP=ffff8880198cf968
R8 =0000000000000001 R9 =ffffed1001cd96c0 R10=000000000000000f R11=0000000000000001
R12=0000000000000011 R13=dffffc0000000000 R14=0000000000000001 R15=0000000000000028
RIP=ffffffff819bef86 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555560ef8400 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe0600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9fb7762630 CR3=0000000045a47000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016427760
R8 =0000000000000000 R9 =ffffed1001531046 R10=0000000000000074 R11=0000000000000001
R12=0000000000000074 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055556317a400 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe4c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555563183c58 CR3=000000003c079000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000