Warning: Permanently added '[localhost]:12997' (ECDSA) to the list of known hosts. 2025/09/01 08:57:18 fuzzer started 2025/09/01 08:57:18 dialing manager at localhost:35473 syzkaller login: [ 50.407338] cgroup: Unknown subsys name 'net' [ 50.486755] cgroup: Unknown subsys name 'cpuset' [ 50.509127] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:57:30 syscalls: 2214 2025/09/01 08:57:30 code coverage: enabled 2025/09/01 08:57:30 comparison tracing: enabled 2025/09/01 08:57:30 extra coverage: enabled 2025/09/01 08:57:30 setuid sandbox: enabled 2025/09/01 08:57:30 namespace sandbox: enabled 2025/09/01 08:57:30 Android sandbox: enabled 2025/09/01 08:57:30 fault injection: enabled 2025/09/01 08:57:30 leak checking: enabled 2025/09/01 08:57:30 net packet injection: enabled 2025/09/01 08:57:30 net device setup: enabled 2025/09/01 08:57:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:57:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:57:30 USB emulation: enabled 2025/09/01 08:57:30 hci packet injection: enabled 2025/09/01 08:57:30 wifi device emulation: enabled 2025/09/01 08:57:30 802.15.4 emulation: enabled 2025/09/01 08:57:30 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:57:30 fetching corpus: 50, signal 27293/30479 (executing program) 2025/09/01 08:57:30 fetching corpus: 100, signal 35847/40257 (executing program) 2025/09/01 08:57:30 fetching corpus: 150, signal 47593/52756 (executing program) 2025/09/01 08:57:30 fetching corpus: 200, signal 53588/59589 (executing program) 2025/09/01 08:57:30 fetching corpus: 250, signal 59772/66445 (executing program) 2025/09/01 08:57:30 fetching corpus: 300, signal 63730/71145 (executing program) 2025/09/01 08:57:30 fetching corpus: 350, signal 66258/74444 (executing program) 2025/09/01 08:57:30 fetching corpus: 400, signal 69052/77984 (executing program) 2025/09/01 08:57:31 fetching corpus: 450, signal 72356/81817 (executing program) 2025/09/01 08:57:31 fetching corpus: 500, signal 75633/85503 (executing program) 2025/09/01 08:57:31 fetching corpus: 550, signal 77773/88172 (executing program) 2025/09/01 08:57:31 fetching corpus: 600, signal 80161/91010 (executing program) 2025/09/01 08:57:31 fetching corpus: 650, signal 83424/94375 (executing program) 2025/09/01 08:57:31 fetching corpus: 700, signal 87663/98478 (executing program) 2025/09/01 08:57:31 fetching corpus: 750, signal 88635/99970 (executing program) 2025/09/01 08:57:31 fetching corpus: 800, signal 90250/101909 (executing program) 2025/09/01 08:57:31 fetching corpus: 850, signal 91672/103661 (executing program) 2025/09/01 08:57:32 fetching corpus: 900, signal 95997/107486 (executing program) 2025/09/01 08:57:32 fetching corpus: 950, signal 97410/109127 (executing program) 2025/09/01 08:57:32 fetching corpus: 1000, signal 98749/110600 (executing program) 2025/09/01 08:57:32 fetching corpus: 1050, signal 102288/113605 (executing program) 2025/09/01 08:57:32 fetching corpus: 1100, signal 103470/114899 (executing program) 2025/09/01 08:57:32 fetching corpus: 1150, signal 104694/116183 (executing program) 2025/09/01 08:57:32 fetching corpus: 1200, signal 106153/117579 (executing program) 2025/09/01 08:57:32 fetching corpus: 1250, signal 108475/119481 (executing program) 2025/09/01 08:57:33 fetching corpus: 1300, signal 109773/120703 (executing program) 2025/09/01 08:57:33 fetching corpus: 1350, signal 111039/121849 (executing program) 2025/09/01 08:57:33 fetching corpus: 1400, signal 112033/122737 (executing program) 2025/09/01 08:57:33 fetching corpus: 1450, signal 113249/123767 (executing program) 2025/09/01 08:57:33 fetching corpus: 1500, signal 114071/124582 (executing program) 2025/09/01 08:57:33 fetching corpus: 1550, signal 115083/125437 (executing program) 2025/09/01 08:57:33 fetching corpus: 1600, signal 116718/126641 (executing program) 2025/09/01 08:57:33 fetching corpus: 1650, signal 117406/127299 (executing program) 2025/09/01 08:57:33 fetching corpus: 1700, signal 118688/128237 (executing program) 2025/09/01 08:57:34 fetching corpus: 1750, signal 119454/128880 (executing program) 2025/09/01 08:57:34 fetching corpus: 1800, signal 121048/129826 (executing program) 2025/09/01 08:57:34 fetching corpus: 1850, signal 122747/130899 (executing program) 2025/09/01 08:57:34 fetching corpus: 1900, signal 123571/131496 (executing program) 2025/09/01 08:57:34 fetching corpus: 1950, signal 124179/131940 (executing program) 2025/09/01 08:57:34 fetching corpus: 2000, signal 125603/132712 (executing program) 2025/09/01 08:57:34 fetching corpus: 2050, signal 126649/133300 (executing program) 2025/09/01 08:57:34 fetching corpus: 2100, signal 127645/133856 (executing program) 2025/09/01 08:57:34 fetching corpus: 2150, signal 128525/134320 (executing program) 2025/09/01 08:57:35 fetching corpus: 2200, signal 129211/134679 (executing program) 2025/09/01 08:57:35 fetching corpus: 2250, signal 130105/135114 (executing program) 2025/09/01 08:57:35 fetching corpus: 2300, signal 131457/135679 (executing program) 2025/09/01 08:57:35 fetching corpus: 2350, signal 132693/136150 (executing program) 2025/09/01 08:57:35 fetching corpus: 2400, signal 133578/136497 (executing program) 2025/09/01 08:57:35 fetching corpus: 2450, signal 134791/136906 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137000 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137042 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137074 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137105 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137148 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137181 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137233 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137263 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137290 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137329 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137365 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137410 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137451 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137487 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137533 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137561 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137603 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137625 (executing program) 2025/09/01 08:57:35 fetching corpus: 2470, signal 135052/137625 (executing program) 2025/09/01 08:57:38 starting 8 fuzzer processes 08:57:38 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) sched_yield() 08:57:38 executing program 1: mount$9p_fd(0xedc000000000, 0x0, 0x0, 0x0, 0x0) 08:57:38 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x6b}, {@val={0x8, 0xb}, @void}}}, 0x1c}}, 0x0) 08:57:38 executing program 6: syz_genetlink_get_family_id$ethtool(&(0x7f0000007cc0), 0xffffffffffffffff) 08:57:38 executing program 3: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:57:38 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x2}) 08:57:38 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:57:38 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000240)) [ 69.557312] audit: type=1400 audit(1756717058.300:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 70.821897] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.826128] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.834066] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.835877] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.841014] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.843392] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.845906] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.851883] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.861473] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.864272] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.906158] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.908862] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.912834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.921047] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.924119] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.942177] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.949169] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.950969] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.957415] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.959394] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.962349] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.965809] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.969631] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.973184] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.973301] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.977760] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.979782] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.982147] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.986891] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.991642] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.995943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.998180] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.000274] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.003784] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.008067] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.011316] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.022660] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.025247] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.026078] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.060145] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.917967] Bluetooth: hci1: command tx timeout [ 72.917980] Bluetooth: hci0: command tx timeout [ 72.981603] Bluetooth: hci3: command tx timeout [ 73.045919] Bluetooth: hci2: command tx timeout [ 73.109601] Bluetooth: hci4: command tx timeout [ 73.109719] Bluetooth: hci7: command tx timeout [ 73.110283] Bluetooth: hci6: command tx timeout [ 73.111017] Bluetooth: hci5: command tx timeout [ 74.965655] Bluetooth: hci1: command tx timeout [ 74.965736] Bluetooth: hci0: command tx timeout [ 75.029560] Bluetooth: hci3: command tx timeout [ 75.094368] Bluetooth: hci2: command tx timeout [ 75.157580] Bluetooth: hci6: command tx timeout [ 75.157671] Bluetooth: hci7: command tx timeout [ 75.158041] Bluetooth: hci4: command tx timeout [ 75.158865] Bluetooth: hci5: command tx timeout [ 77.013646] Bluetooth: hci0: command tx timeout [ 77.015031] Bluetooth: hci1: command tx timeout [ 77.077552] Bluetooth: hci3: command tx timeout [ 77.141542] Bluetooth: hci2: command tx timeout [ 77.205618] Bluetooth: hci6: command tx timeout [ 77.206066] Bluetooth: hci5: command tx timeout [ 77.206453] Bluetooth: hci4: command tx timeout [ 77.207441] Bluetooth: hci7: command tx timeout [ 79.061556] Bluetooth: hci1: command tx timeout [ 79.061574] Bluetooth: hci0: command tx timeout [ 79.127569] Bluetooth: hci3: command tx timeout [ 79.190597] Bluetooth: hci2: command tx timeout [ 79.254622] Bluetooth: hci7: command tx timeout [ 79.254675] Bluetooth: hci4: command tx timeout [ 79.255613] Bluetooth: hci5: command tx timeout [ 79.255635] Bluetooth: hci6: command tx timeout [ 106.901340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.902527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.105739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.106418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.194907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.195561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.382323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.383152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.487841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.488741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:58:16 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000240)) [ 107.561067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.561729] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:58:16 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000240)) 08:58:16 executing program 5: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000240)) [ 107.626868] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.627636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:58:16 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x25, 0x0) 08:58:16 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x25, 0x0) [ 107.687735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.688391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:58:16 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x25, 0x0) [ 107.737697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.738338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:58:16 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x25, 0x0) 08:58:16 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) [ 107.814304] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.814958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.839609] ======================================================= [ 107.839609] WARNING: The mand mount option has been deprecated and [ 107.839609] and is ignored by this kernel. Remove the mand [ 107.839609] option from the mount to silence this warning. [ 107.839609] ======================================================= [ 107.848332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.848957] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.927731] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.928354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.956220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.956821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.997311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.998234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.046133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.046843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.102562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.103186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.230633] audit: type=1400 audit(1756717096.972:8): avc: denied { open } for pid=3906 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 108.236946] audit: type=1400 audit(1756717096.972:9): avc: denied { kernel } for pid=3906 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.752596] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 110.754118] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 110.755756] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 110.758127] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 110.759660] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 112.789641] Bluetooth: hci6: command tx timeout [ 114.837620] Bluetooth: hci6: command tx timeout [ 116.886090] Bluetooth: hci6: command tx timeout [ 118.934710] Bluetooth: hci6: command tx timeout [ 126.358077] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.359458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.423812] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.425138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:58:35 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:58:35 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:35 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) sched_yield() 08:58:35 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x2}) 08:58:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x6b}, {@val={0x8, 0xb}, @void}}}, 0x1c}}, 0x0) 08:58:35 executing program 1: mount$9p_fd(0xedc000000000, 0x0, 0x0, 0x0, 0x0) 08:58:35 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:35 executing program 3: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:58:35 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x2}) 08:58:35 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) sched_yield() 08:58:35 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:35 executing program 3: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:58:35 executing program 1: mount$9p_fd(0xedc000000000, 0x0, 0x0, 0x0, 0x0) [ 126.818721] kmemleak: Found object by alias at 0x607f1a63ea8c [ 126.818753] CPU: 0 UID: 0 PID: 4371 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 126.818787] Tainted: [W]=WARN [ 126.818794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 126.818806] Call Trace: [ 126.818813] [ 126.818822] dump_stack_lvl+0xca/0x120 [ 126.818865] __lookup_object+0x94/0xb0 [ 126.818896] delete_object_full+0x27/0x70 [ 126.818927] free_percpu+0x30/0x1160 [ 126.818957] ? arch_uprobe_clear_state+0x16/0x140 [ 126.818994] futex_hash_free+0x38/0xc0 [ 126.819020] mmput+0x2d3/0x390 [ 126.819055] do_exit+0x79d/0x2970 [ 126.819080] ? signal_wake_up_state+0x85/0x120 [ 126.819109] ? zap_other_threads+0x2b9/0x3a0 [ 126.819139] ? __pfx_do_exit+0x10/0x10 [ 126.819164] ? do_group_exit+0x1c3/0x2a0 [ 126.819190] ? lock_release+0xc8/0x290 [ 126.819221] do_group_exit+0xd3/0x2a0 [ 126.819250] __x64_sys_exit_group+0x3e/0x50 [ 126.819276] x64_sys_call+0x18c5/0x18d0 [ 126.819305] do_syscall_64+0xbf/0x360 [ 126.819328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.819350] RIP: 0033:0x7f4bbf8e3b19 [ 126.819366] Code: Unable to access opcode bytes at 0x7f4bbf8e3aef. [ 126.819376] RSP: 002b:00007ffc2fdee948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 126.819397] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f4bbf8e3b19 [ 126.819411] RDX: 00007f4bbf89672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 126.819424] RBP: 0000000000000000 R08: 0000001b2d226e04 R09: 0000000000000000 [ 126.819437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.819449] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc2fdeea30 [ 126.819486] [ 126.819494] kmemleak: Object (percpu) 0x607f1a63ea88 (size 8): [ 126.819506] kmemleak: comm "syz-executor.3", pid 3917, jiffies 4294777968 [ 126.819519] kmemleak: min_count = 1 [ 126.819526] kmemleak: count = 1 [ 126.819533] kmemleak: flags = 0x21 [ 126.819540] kmemleak: checksum = 0 [ 126.819547] kmemleak: backtrace: [ 126.819553] pcpu_alloc_noprof+0x87a/0x1170 [ 126.819582] fib_nh_init+0x92/0x400 [ 126.819606] fib_create_info+0x2640/0x4320 [ 126.819630] fib_table_insert+0x137/0x1a80 [ 126.819659] fib_magic+0x32b/0x3a0 [ 126.819676] fib_add_ifaddr+0x170/0x590 [ 126.819697] fib_inetaddr_event+0x147/0x270 [ 126.819718] notifier_call_chain+0xc0/0x360 [ 126.819737] blocking_notifier_call_chain+0x6b/0xa0 [ 126.819757] __inet_insert_ifa+0x904/0xcc0 [ 126.819789] inet_rtm_newaddr+0x104a/0x1530 [ 126.819806] rtnetlink_rcv_msg+0x9c6/0xfc0 [ 126.819837] netlink_rcv_skb+0x147/0x430 [ 126.819868] netlink_unicast+0x5a7/0x870 [ 126.819898] netlink_sendmsg+0x8ac/0xd80 [ 126.819928] __sys_sendto+0x506/0x570 08:58:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x6b}, {@val={0x8, 0xb}, @void}}}, 0x1c}}, 0x0) 08:58:35 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x2}) 08:58:35 executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) sched_yield() 08:58:35 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:58:35 executing program 1: mount$9p_fd(0xedc000000000, 0x0, 0x0, 0x0, 0x0) 08:58:35 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:35 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x6b}, {@val={0x8, 0xb}, @void}}}, 0x1c}}, 0x0) 08:58:35 executing program 3: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:58:35 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:35 executing program 7: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:58:35 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:58:35 executing program 7: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:58:36 executing program 5: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:36 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:58:36 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:58:36 executing program 7: syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 08:58:36 executing program 1: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1005841, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001851, 0x0) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[]) umount2(&(0x7f0000001380)='./file0\x00', 0x3) 08:58:36 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x1}, &(0x7f0000000280), 0x0, 0x0) 08:58:36 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, @redirect={0x5, 0x0, 0x0, @rand_addr, {0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1=0xe0000010, @broadcast=0x20020000, {[@generic={0x0, 0x9, "71b59d6f7e66dc"}]}}}}}}}, 0x0) 08:58:36 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') lseek(r0, 0x100000000, 0x1) [ 127.482654] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 127.484288] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 127.485372] CPU: 0 UID: 0 PID: 4426 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.490673] Tainted: [W]=WARN [ 127.491129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.492295] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.492985] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.495566] RSP: 0018:ffff888016427800 EFLAGS: 00010212 [ 127.496331] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 127.497342] RDX: ffff888019abb700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 127.498371] RBP: ffff888016427a70 R08: ffff88806ce31340 R09: ffffe8ffffc16a88 [ 127.499390] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.500406] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.501432] FS: 000055557b548400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 127.502584] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.503418] CR2: 000055557b549c18 CR3: 000000004435b000 CR4: 0000000000350ef0 [ 127.504432] Call Trace: [ 127.504815] [ 127.505156] ? arch_scale_cpu_capacity+0x17/0xa0 [ 127.505872] ? __pfx_perf_tp_event+0x10/0x10 [ 127.506522] ? __asan_memset+0x24/0x50 [ 127.507115] ? perf_trace_lock+0xb5/0x5d0 [ 127.507723] ? kvm_sched_clock_read+0x16/0x30 [ 127.508383] ? sched_clock+0x37/0x60 [ 127.508938] ? sched_clock_cpu+0x6c/0x4e0 [ 127.509549] ? lock_is_held_type+0x9e/0x120 [ 127.510211] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.510940] perf_trace_run_bpf_submit+0xef/0x180 [ 127.511654] perf_trace_lock+0x337/0x5d0 [ 127.512251] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.512923] ? lock_acquire+0x15e/0x2f0 [ 127.513506] ? futex_ref_get+0x48/0x300 [ 127.514093] ? futex_ref_get+0x114/0x300 [ 127.514677] ? futex_hash+0x15c/0x390 [ 127.515231] lock_release+0x1ab/0x290 [ 127.515799] ? futex_hash+0x15c/0x390 [ 127.516351] futex_ref_get+0x119/0x300 [ 127.516918] ? futex_hash+0x15c/0x390 [ 127.517478] futex_hash+0x70/0x390 [ 127.518020] futex_wake+0x143/0x540 [ 127.518564] ? put_pid+0x1f/0x30 [ 127.519068] ? kernel_clone+0x204/0x7f0 [ 127.519646] ? __pfx_futex_wake+0x10/0x10 [ 127.520253] ? __pfx_kernel_clone+0x10/0x10 [ 127.520882] ? perf_trace_lock+0xb5/0x5d0 [ 127.521492] do_futex+0x26d/0x370 [ 127.522018] ? __pfx_do_futex+0x10/0x10 [ 127.522604] ? __pfx___do_sys_clone+0x10/0x10 [ 127.523259] ? find_held_lock+0x2b/0x80 [ 127.523851] __x64_sys_futex+0x1c9/0x4d0 [ 127.524448] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.525122] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 127.525889] do_syscall_64+0xbf/0x360 [ 127.526450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.527190] RIP: 0033:0x7f4f0b2bdb19 [ 127.527731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.530317] RSP: 002b:00007ffe6bdf6ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.531399] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4f0b2bdb19 [ 127.532459] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4f0b3d0f68 [ 127.533506] RBP: 00007f4f0b3d0f60 R08: 00007f4f08833700 R09: 0000000000000000 [ 127.534568] R10: 00007f4f08833700 R11: 0000000000000246 R12: 00007f4f0b3d5758 [ 127.535628] R13: 00007ffe6bdf6bf0 R14: 00007f4f0b3d0f60 R15: 000000000001f17e [ 127.536693] [ 127.537049] Modules linked in: [ 127.537543] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 127.538821] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.539779] CPU: 1 UID: 0 PID: 4425 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.541061] Tainted: [D]=DIE, [W]=WARN [ 127.541480] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.542365] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.542875] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.544791] RSP: 0018:ffff888044d1f800 EFLAGS: 00010212 [ 127.545361] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.546128] RDX: ffff888017065280 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.546891] RBP: ffff888044d1fa70 R08: ffff88806cf31340 R09: ffffe8ffffd16a88 [ 127.547647] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 127.548393] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 127.549142] FS: 0000555563aa8400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 127.550000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.550621] CR2: 0000555563aa9c18 CR3: 0000000044e5b000 CR4: 0000000000350ef0 [ 127.551391] Call Trace: [ 127.551674] [ 127.551926] ? arch_scale_cpu_capacity+0x17/0xa0 [ 127.552450] ? __pfx_perf_tp_event+0x10/0x10 [ 127.552938] ? __asan_memset+0x24/0x50 [ 127.553378] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.553887] ? __pfx___mutex_lock+0x10/0x10 [ 127.554366] ? perf_trace_lock+0xb5/0x5d0 [ 127.554818] ? kvm_sched_clock_read+0x16/0x30 [ 127.555315] ? sched_clock+0x37/0x60 [ 127.555727] ? sched_clock_cpu+0x6c/0x4e0 [ 127.556183] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.556734] perf_trace_run_bpf_submit+0xef/0x180 [ 127.557255] perf_trace_lock+0x337/0x5d0 [ 127.557699] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.558192] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.558688] ? get_futex_key+0x592/0x14a0 [ 127.559131] ? futex_ref_get+0x114/0x300 [ 127.559564] ? futex_hash+0x15c/0x390 [ 127.559973] lock_release+0x1ab/0x290 [ 127.560388] ? futex_hash+0x15c/0x390 [ 127.560798] futex_ref_get+0x119/0x300 [ 127.561215] ? futex_hash+0x15c/0x390 [ 127.561632] futex_hash+0x70/0x390 [ 127.562014] futex_wake+0x143/0x540 [ 127.562403] ? put_pid+0x1f/0x30 [ 127.562764] ? kernel_clone+0x204/0x7f0 [ 127.563184] ? __pfx_futex_wake+0x10/0x10 [ 127.563622] ? __pfx_kernel_clone+0x10/0x10 [ 127.564078] ? perf_trace_lock+0xb5/0x5d0 [ 127.564524] ? __pfx___handle_mm_fault+0x10/0x10 [ 127.565049] do_futex+0x26d/0x370 [ 127.565430] ? __pfx_do_futex+0x10/0x10 [ 127.565869] ? __pfx___do_sys_clone+0x10/0x10 [ 127.566351] ? handle_mm_fault+0x590/0x9b0 [ 127.566812] __x64_sys_futex+0x1c9/0x4d0 [ 127.567251] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.567760] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 127.568318] do_syscall_64+0xbf/0x360 [ 127.568725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.569271] RIP: 0033:0x7f4bbf8e3b19 [ 127.569672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.571580] RSP: 002b:00007ffc2fdee798 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.572373] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4bbf8e3b19 [ 127.573120] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4bbf9f6f68 [ 127.573879] RBP: 00007f4bbf9f6f60 R08: 00007f4bbce59700 R09: 0000000000000000 [ 127.574622] R10: 00007f4bbce59700 R11: 0000000000000246 R12: 00007f4bbf9fba68 [ 127.575367] R13: 00007ffc2fdee8a0 R14: 00007f4bbf9f6f60 R15: 000000000001f180 [ 127.576122] [ 127.576372] Modules linked in: [ 127.576717] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 127.578302] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 127.579372] CPU: 0 UID: 0 PID: 4426 Comm: syz-executor.2 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.581056] Tainted: [D]=DIE, [W]=WARN [ 127.581614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.582777] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.583457] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.586026] RSP: 0018:ffff88806ce08a80 EFLAGS: 00010012 [ 127.586789] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 127.587792] RDX: ffff888019abb700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 127.588826] RBP: ffff88806ce08cf0 R08: ffff88806ce31490 R09: ffffe8ffffc16a88 [ 127.589858] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 127.590938] R13: 000000000000002c R14: ffff88806ce31490 R15: dffffc0000000000 [ 127.592001] FS: 000055557b548400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 127.593182] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.594049] CR2: 000055557b549c18 CR3: 000000004435b000 CR4: 0000000000350ef0 [ 127.595098] Call Trace: [ 127.595489] [ 127.595827] ? __pfx_perf_tp_event+0x10/0x10 [ 127.596503] ? perf_trace_lock+0xb5/0x5d0 [ 127.597133] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.597830] ? trace_rcu_utilization+0x26/0x190 [ 127.598516] ? rcu_sched_clock_irq+0x7a0/0x2b40 [ 127.599200] ? perf_trace_lock+0xb5/0x5d0 [ 127.599804] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.600468] ? lock_acquire+0x15e/0x2f0 [ 127.601054] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.601785] perf_trace_run_bpf_submit+0xef/0x180 [ 127.602493] perf_trace_lock+0x337/0x5d0 [ 127.603093] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.603762] ? hrtimer_interrupt+0x114/0x830 [ 127.604428] lock_release+0x1ab/0x290 [ 127.605010] ktime_get_update_offsets_now+0xab/0x3c0 [ 127.605777] ? hrtimer_interrupt+0x114/0x830 [ 127.606443] hrtimer_interrupt+0x114/0x830 [ 127.607072] ? __pfx_sched_ttwu_pending+0x10/0x10 [ 127.607803] ? trace_csd_function_exit+0x134/0x190 [ 127.608552] ? __flush_smp_call_function_queue+0x443/0x740 [ 127.609397] __sysvec_apic_timer_interrupt+0xbb/0x330 [ 127.610182] sysvec_apic_timer_interrupt+0x6b/0x80 [ 127.610918] [ 127.611259] [ 127.611602] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 127.612376] RIP: 0010:oops_exit+0x0/0x50 [ 127.612994] Code: 00 3a 00 be ff ff ff ff 48 c7 c7 50 b4 43 86 e8 c6 0f f9 ff 5b e9 50 00 3a 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 53 e8 36 00 3a 00 8b 1d c0 3d 4f 06 31 ff 89 de e8 57 [ 127.615666] RSP: 0018:ffff888016427690 EFLAGS: 00000202 [ 127.616454] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff8139f06f [ 127.617502] RDX: ffff888019abb700 RSI: ffffffff812a3dca RDI: 0000000000000007 [ 127.618558] RBP: 000000000000000b R08: 0000000000000001 R09: fffffbfff0f12690 [ 127.619609] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888016427758 [ 127.620656] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 127.621727] ? add_taint+0x5f/0xd0 [ 127.622259] ? oops_end+0x4a/0xe0 [ 127.622786] oops_end+0x65/0xe0 [ 127.623287] exc_general_protection+0x1a2/0x330 [ 127.623983] asm_exc_general_protection+0x26/0x30 [ 127.624688] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.625368] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.627946] RSP: 0018:ffff888016427800 EFLAGS: 00010212 [ 127.628704] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 127.629732] RDX: ffff888019abb700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 127.630738] RBP: ffff888016427a70 R08: ffff88806ce31340 R09: ffffe8ffffc16a88 [ 127.631751] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.632761] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.633794] ? perf_tp_event+0x167/0xe70 [ 127.634397] ? arch_scale_cpu_capacity+0x17/0xa0 [ 127.635090] ? __pfx_perf_tp_event+0x10/0x10 [ 127.635733] ? __asan_memset+0x24/0x50 [ 127.636322] ? perf_trace_lock+0xb5/0x5d0 [ 127.636927] ? kvm_sched_clock_read+0x16/0x30 [ 127.637593] ? sched_clock+0x37/0x60 [ 127.638149] ? sched_clock_cpu+0x6c/0x4e0 [ 127.638750] ? lock_is_held_type+0x9e/0x120 [ 127.639380] ? perf_trace_run_bpf_submit+0xef/0x180 [ 127.640108] perf_trace_run_bpf_submit+0xef/0x180 [ 127.640818] perf_trace_lock+0x337/0x5d0 [ 127.641421] ? __pfx_perf_trace_lock+0x10/0x10 [ 127.642101] ? lock_acquire+0x15e/0x2f0 [ 127.642691] ? futex_ref_get+0x48/0x300 [ 127.643273] ? futex_ref_get+0x114/0x300 [ 127.643860] ? futex_hash+0x15c/0x390 [ 127.644415] lock_release+0x1ab/0x290 [ 127.644976] ? futex_hash+0x15c/0x390 [ 127.645529] futex_ref_get+0x119/0x300 [ 127.646106] ? futex_hash+0x15c/0x390 [ 127.646661] futex_hash+0x70/0x390 [ 127.647186] futex_wake+0x143/0x540 [ 127.647722] ? put_pid+0x1f/0x30 [ 127.648223] ? kernel_clone+0x204/0x7f0 [ 127.648797] ? __pfx_futex_wake+0x10/0x10 [ 127.649404] ? __pfx_kernel_clone+0x10/0x10 [ 127.650034] ? perf_trace_lock+0xb5/0x5d0 [ 127.650638] do_futex+0x26d/0x370 [ 127.651153] ? __pfx_do_futex+0x10/0x10 [ 127.651740] ? __pfx___do_sys_clone+0x10/0x10 [ 127.652390] ? find_held_lock+0x2b/0x80 [ 127.652983] __x64_sys_futex+0x1c9/0x4d0 [ 127.653575] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.654253] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 127.655006] do_syscall_64+0xbf/0x360 [ 127.655565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.656302] RIP: 0033:0x7f4f0b2bdb19 [ 127.656838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.659421] RSP: 002b:00007ffe6bdf6ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.660493] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4f0b2bdb19 [ 127.661513] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4f0b3d0f68 [ 127.662530] RBP: 00007f4f0b3d0f60 R08: 00007f4f08833700 R09: 0000000000000000 [ 127.663537] R10: 00007f4f08833700 R11: 0000000000000246 R12: 00007f4f0b3d5758 [ 127.664549] R13: 00007ffe6bdf6bf0 R14: 00007f4f0b3d0f60 R15: 000000000001f17e [ 127.665594] [ 127.665955] Modules linked in: [ 127.666425] ---[ end trace 0000000000000000 ]--- [ 127.666426] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI [ 127.667096] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.668152] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 127.668808] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.669641] CPU: 1 UID: 0 PID: 4425 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 127.672186] RSP: 0018:ffff888016427800 EFLAGS: 00010212 [ 127.673331] Tainted: [D]=DIE, [W]=WARN [ 127.673339] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 127.674080] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 127.674453] RIP: 0010:perf_tp_event+0x175/0xe70 [ 127.675598] RDX: ffff888019abb700 RSI: ffffffff8189a4e7 RDI: 0000000000000191 [ 127.676277] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 127.676922] RBP: ffff888016427a70 R08: ffff88806ce31340 R09: ffffe8ffffc16a88 [ 127.677594] RSP: 0018:ffff88806cf08a80 EFLAGS: 00010012 [ 127.680143] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 127.680824] [ 127.681560] R13: 000000000000002c R14: ffff88806ce31340 R15: dffffc0000000000 [ 127.682244] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 127.682499] FS: 000055557b548400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 127.683174] RDX: ffff888017065280 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 127.684178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.684942] RBP: ffff88806cf08cf0 R08: ffff88806cf31490 R09: ffffe8ffffd16a88 [ 127.685955] CR2: 000055557b549c18 CR3: 000000004435b000 CR4: 0000000000350ef0 [ 127.686502] R10: 0000000000000000 R11: 746e756f63716573 R12: dffffc0000000000 [ 127.687514] Kernel panic - not syncing: Fatal exception in interrupt [ 128.774819] Shutting down cpus with NMI [ 128.776660] Kernel Offset: disabled [ 128.776994] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:58:36 Registers: info registers vcpu 0 RAX=0000000000000044 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888016427160 R8 =0000000000000000 R9 =ffffed1001e2a046 R10=0000000000000044 R11=552030203a555043 R12=0000000000000044 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557b548400 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055557b549c18 CR3=000000004435b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f4f0b3a47c000007f4f0b3a47c8 XMM02=00007f4f0b3a47e000007f4f0b3a47c0 XMM03=00007f4f0b3a47c800007f4f0b3a47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609 RSI=0000000000000004 RDI=ffffffff8787b044 RBP=ffffffff8787b044 RSP=ffff888044d1f5b0 R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620 R12=1ffff110089a3eb7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff888044d1f5e8 RIP=ffffffff84be3da0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555563aa8400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555563aa9c18 CR3=0000000044e5b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f4bbf9ca7c000007f4bbf9ca7c8 XMM02=00007f4bbf9ca7e000007f4bbf9ca7c0 XMM03=00007f4bbf9ca7c800007f4bbf9ca7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000