Warning: Permanently added '[localhost]:51505' (ECDSA) to the list of known hosts.
2025/09/01 10:05:00 fuzzer started
2025/09/01 10:05:01 dialing manager at localhost:35473
syzkaller login: [   52.715943] cgroup: Unknown subsys name 'net'
[   52.887023] cgroup: Unknown subsys name 'cpuset'
[   52.970276] cgroup: Unknown subsys name 'rlimit'
2025/09/01 10:05:13 syscalls: 2214
2025/09/01 10:05:13 code coverage: enabled
2025/09/01 10:05:13 comparison tracing: enabled
2025/09/01 10:05:13 extra coverage: enabled
2025/09/01 10:05:13 setuid sandbox: enabled
2025/09/01 10:05:13 namespace sandbox: enabled
2025/09/01 10:05:13 Android sandbox: enabled
2025/09/01 10:05:13 fault injection: enabled
2025/09/01 10:05:13 leak checking: enabled
2025/09/01 10:05:13 net packet injection: enabled
2025/09/01 10:05:13 net device setup: enabled
2025/09/01 10:05:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 10:05:13 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 10:05:13 USB emulation: enabled
2025/09/01 10:05:13 hci packet injection: enabled
2025/09/01 10:05:13 wifi device emulation: enabled
2025/09/01 10:05:13 802.15.4 emulation: enabled
2025/09/01 10:05:13 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 10:05:13 fetching corpus: 43, signal 16140/19732 (executing program)
2025/09/01 10:05:13 fetching corpus: 85, signal 27407/32357 (executing program)
2025/09/01 10:05:13 fetching corpus: 135, signal 36579/42752 (executing program)
2025/09/01 10:05:14 fetching corpus: 185, signal 44761/52007 (executing program)
2025/09/01 10:05:14 fetching corpus: 235, signal 52425/60585 (executing program)
2025/09/01 10:05:14 fetching corpus: 285, signal 56284/65491 (executing program)
2025/09/01 10:05:14 fetching corpus: 335, signal 60241/70396 (executing program)
2025/09/01 10:05:14 fetching corpus: 383, signal 62686/73855 (executing program)
2025/09/01 10:05:14 fetching corpus: 433, signal 66098/78110 (executing program)
2025/09/01 10:05:14 fetching corpus: 483, signal 68509/81398 (executing program)
2025/09/01 10:05:14 fetching corpus: 533, signal 75561/88565 (executing program)
2025/09/01 10:05:14 fetching corpus: 582, signal 77467/91289 (executing program)
2025/09/01 10:05:14 fetching corpus: 632, signal 80196/94601 (executing program)
2025/09/01 10:05:14 fetching corpus: 682, signal 82401/97412 (executing program)
2025/09/01 10:05:15 fetching corpus: 731, signal 84284/99928 (executing program)
2025/09/01 10:05:15 fetching corpus: 781, signal 86619/102791 (executing program)
2025/09/01 10:05:15 fetching corpus: 831, signal 88174/104935 (executing program)
2025/09/01 10:05:15 fetching corpus: 881, signal 89925/107252 (executing program)
2025/09/01 10:05:15 fetching corpus: 931, signal 91643/109478 (executing program)
2025/09/01 10:05:15 fetching corpus: 981, signal 94517/112511 (executing program)
2025/09/01 10:05:15 fetching corpus: 1031, signal 96411/114812 (executing program)
2025/09/01 10:05:15 fetching corpus: 1081, signal 98204/116955 (executing program)
2025/09/01 10:05:15 fetching corpus: 1131, signal 99364/118600 (executing program)
2025/09/01 10:05:16 fetching corpus: 1181, signal 101104/120605 (executing program)
2025/09/01 10:05:16 fetching corpus: 1230, signal 102373/122207 (executing program)
2025/09/01 10:05:16 fetching corpus: 1280, signal 103828/123995 (executing program)
2025/09/01 10:05:16 fetching corpus: 1330, signal 105055/125604 (executing program)
2025/09/01 10:05:16 fetching corpus: 1380, signal 106741/127468 (executing program)
2025/09/01 10:05:16 fetching corpus: 1429, signal 107825/128919 (executing program)
2025/09/01 10:05:16 fetching corpus: 1479, signal 108907/130322 (executing program)
2025/09/01 10:05:16 fetching corpus: 1529, signal 110351/131848 (executing program)
2025/09/01 10:05:16 fetching corpus: 1579, signal 111812/133401 (executing program)
2025/09/01 10:05:16 fetching corpus: 1629, signal 113562/135099 (executing program)
2025/09/01 10:05:17 fetching corpus: 1679, signal 114617/136361 (executing program)
2025/09/01 10:05:17 fetching corpus: 1729, signal 115915/137736 (executing program)
2025/09/01 10:05:17 fetching corpus: 1779, signal 117007/138962 (executing program)
2025/09/01 10:05:17 fetching corpus: 1829, signal 117752/139957 (executing program)
2025/09/01 10:05:17 fetching corpus: 1879, signal 118998/141218 (executing program)
2025/09/01 10:05:17 fetching corpus: 1929, signal 120457/142567 (executing program)
2025/09/01 10:05:17 fetching corpus: 1979, signal 121246/143599 (executing program)
2025/09/01 10:05:17 fetching corpus: 2029, signal 121712/144375 (executing program)
2025/09/01 10:05:17 fetching corpus: 2077, signal 122690/145449 (executing program)
2025/09/01 10:05:17 fetching corpus: 2126, signal 123742/146438 (executing program)
2025/09/01 10:05:17 fetching corpus: 2176, signal 124813/147447 (executing program)
2025/09/01 10:05:18 fetching corpus: 2225, signal 125576/148278 (executing program)
2025/09/01 10:05:18 fetching corpus: 2275, signal 126214/149092 (executing program)
2025/09/01 10:05:18 fetching corpus: 2323, signal 127163/150003 (executing program)
2025/09/01 10:05:18 fetching corpus: 2373, signal 128008/150863 (executing program)
2025/09/01 10:05:18 fetching corpus: 2423, signal 128770/151623 (executing program)
2025/09/01 10:05:18 fetching corpus: 2473, signal 129886/152501 (executing program)
2025/09/01 10:05:18 fetching corpus: 2523, signal 130544/153158 (executing program)
2025/09/01 10:05:18 fetching corpus: 2573, signal 131349/153951 (executing program)
2025/09/01 10:05:18 fetching corpus: 2623, signal 132091/154620 (executing program)
2025/09/01 10:05:18 fetching corpus: 2673, signal 132959/155355 (executing program)
2025/09/01 10:05:19 fetching corpus: 2723, signal 133785/156063 (executing program)
2025/09/01 10:05:19 fetching corpus: 2773, signal 134908/156787 (executing program)
2025/09/01 10:05:19 fetching corpus: 2823, signal 135751/157408 (executing program)
2025/09/01 10:05:19 fetching corpus: 2873, signal 136427/157989 (executing program)
2025/09/01 10:05:19 fetching corpus: 2923, signal 137169/158630 (executing program)
2025/09/01 10:05:19 fetching corpus: 2972, signal 138002/159232 (executing program)
2025/09/01 10:05:19 fetching corpus: 3022, signal 138878/159823 (executing program)
2025/09/01 10:05:19 fetching corpus: 3072, signal 139663/160429 (executing program)
2025/09/01 10:05:19 fetching corpus: 3122, signal 140900/161023 (executing program)
2025/09/01 10:05:19 fetching corpus: 3172, signal 141844/161524 (executing program)
2025/09/01 10:05:20 fetching corpus: 3222, signal 142447/161972 (executing program)
2025/09/01 10:05:20 fetching corpus: 3272, signal 143233/162395 (executing program)
2025/09/01 10:05:20 fetching corpus: 3322, signal 143822/162793 (executing program)
2025/09/01 10:05:20 fetching corpus: 3372, signal 144373/163134 (executing program)
2025/09/01 10:05:20 fetching corpus: 3422, signal 144960/163478 (executing program)
2025/09/01 10:05:20 fetching corpus: 3472, signal 145760/163863 (executing program)
2025/09/01 10:05:20 fetching corpus: 3522, signal 146235/164202 (executing program)
2025/09/01 10:05:20 fetching corpus: 3572, signal 146772/164507 (executing program)
2025/09/01 10:05:20 fetching corpus: 3622, signal 147495/164872 (executing program)
2025/09/01 10:05:21 fetching corpus: 3671, signal 148132/165196 (executing program)
2025/09/01 10:05:21 fetching corpus: 3721, signal 148843/165505 (executing program)
2025/09/01 10:05:21 fetching corpus: 3771, signal 149381/165780 (executing program)
2025/09/01 10:05:21 fetching corpus: 3821, signal 149941/165996 (executing program)
2025/09/01 10:05:21 fetching corpus: 3871, signal 150689/166301 (executing program)
2025/09/01 10:05:21 fetching corpus: 3921, signal 151756/166533 (executing program)
2025/09/01 10:05:21 fetching corpus: 3971, signal 152263/166742 (executing program)
2025/09/01 10:05:21 fetching corpus: 4019, signal 152801/166932 (executing program)
2025/09/01 10:05:21 fetching corpus: 4069, signal 153360/166934 (executing program)
2025/09/01 10:05:22 fetching corpus: 4119, signal 153956/166936 (executing program)
2025/09/01 10:05:22 fetching corpus: 4169, signal 154469/166961 (executing program)
2025/09/01 10:05:22 fetching corpus: 4219, signal 154725/166967 (executing program)
2025/09/01 10:05:22 fetching corpus: 4269, signal 155232/167060 (executing program)
2025/09/01 10:05:22 fetching corpus: 4319, signal 155624/167065 (executing program)
2025/09/01 10:05:22 fetching corpus: 4369, signal 155963/167068 (executing program)
2025/09/01 10:05:22 fetching corpus: 4419, signal 156410/167072 (executing program)
2025/09/01 10:05:22 fetching corpus: 4469, signal 156686/167117 (executing program)
2025/09/01 10:05:22 fetching corpus: 4519, signal 156998/167117 (executing program)
2025/09/01 10:05:22 fetching corpus: 4569, signal 157403/167130 (executing program)
2025/09/01 10:05:22 fetching corpus: 4619, signal 159116/167158 (executing program)
2025/09/01 10:05:23 fetching corpus: 4668, signal 159482/167186 (executing program)
2025/09/01 10:05:23 fetching corpus: 4718, signal 159920/167193 (executing program)
2025/09/01 10:05:23 fetching corpus: 4768, signal 160335/167198 (executing program)
2025/09/01 10:05:23 fetching corpus: 4818, signal 160721/167204 (executing program)
2025/09/01 10:05:23 fetching corpus: 4868, signal 161149/167209 (executing program)
2025/09/01 10:05:23 fetching corpus: 4918, signal 161430/167210 (executing program)
2025/09/01 10:05:23 fetching corpus: 4968, signal 161882/167215 (executing program)
2025/09/01 10:05:23 fetching corpus: 5018, signal 162151/167230 (executing program)
2025/09/01 10:05:23 fetching corpus: 5068, signal 162537/167238 (executing program)
2025/09/01 10:05:23 fetching corpus: 5117, signal 163031/167286 (executing program)
2025/09/01 10:05:23 fetching corpus: 5167, signal 163446/167286 (executing program)
2025/09/01 10:05:24 fetching corpus: 5217, signal 163859/167332 (executing program)
2025/09/01 10:05:24 fetching corpus: 5267, signal 164404/167343 (executing program)
2025/09/01 10:05:24 fetching corpus: 5283, signal 164477/167344 (executing program)
2025/09/01 10:05:24 fetching corpus: 5283, signal 164477/167344 (executing program)
2025/09/01 10:05:26 starting 8 fuzzer processes
10:05:26 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x49, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)

10:05:26 executing program 1:
syz_mount_image$nfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fsc'])

10:05:26 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0)

10:05:26 executing program 7:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000100)=""/153, &(0x7f00000001c0)=0x99)

10:05:26 executing program 2:
syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x14, 0x0, 0x1}, 0x14}}, 0x0)

10:05:26 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)

10:05:26 executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

[   77.098765] audit: type=1400 audit(1756721126.731:7): avc:  denied  { execmem } for  pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
10:05:26 executing program 5:
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x0, 0x3c, 0x0, @local, @local}}}}, 0x0)

[   78.260827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.263788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.266082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.269699] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.273547] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.452049] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.454576] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.461832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.467814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.472210] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.491253] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   78.497648] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   78.501750] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   78.519040] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   78.525663] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   78.529287] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   78.533505] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   78.535165] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   78.541258] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   78.544878] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   78.547833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   78.559571] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   78.560989] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   78.563203] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   78.569589] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   78.571076] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   78.575645] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   78.578556] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   78.580434] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   78.584460] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   78.585337] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   78.586639] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   78.588673] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   78.606952] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   78.612782] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   78.621726] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   78.631862] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   78.634209] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   78.636556] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   78.640709] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   80.293596] Bluetooth: hci0: command tx timeout
[   80.547551] Bluetooth: hci1: command tx timeout
[   80.611367] Bluetooth: hci2: command tx timeout
[   80.612386] Bluetooth: hci4: command tx timeout
[   80.612881] Bluetooth: hci3: command tx timeout
[   80.739535] Bluetooth: hci5: command tx timeout
[   80.740189] Bluetooth: hci7: command tx timeout
[   80.803722] Bluetooth: hci6: command tx timeout
[   82.341626] Bluetooth: hci0: command tx timeout
[   82.595480] Bluetooth: hci1: command tx timeout
[   82.659407] Bluetooth: hci3: command tx timeout
[   82.660007] Bluetooth: hci4: command tx timeout
[   82.660935] Bluetooth: hci2: command tx timeout
[   82.787530] Bluetooth: hci7: command tx timeout
[   82.788080] Bluetooth: hci5: command tx timeout
[   82.851366] Bluetooth: hci6: command tx timeout
[   84.387463] Bluetooth: hci0: command tx timeout
[   84.644438] Bluetooth: hci1: command tx timeout
[   84.707499] Bluetooth: hci2: command tx timeout
[   84.707934] Bluetooth: hci3: command tx timeout
[   84.708904] Bluetooth: hci4: command tx timeout
[   84.836337] Bluetooth: hci5: command tx timeout
[   84.836774] Bluetooth: hci7: command tx timeout
[   84.900351] Bluetooth: hci6: command tx timeout
[   86.435436] Bluetooth: hci0: command tx timeout
[   86.691371] Bluetooth: hci1: command tx timeout
[   86.755384] Bluetooth: hci2: command tx timeout
[   86.755864] Bluetooth: hci4: command tx timeout
[   86.756248] Bluetooth: hci3: command tx timeout
[   86.884217] Bluetooth: hci7: command tx timeout
[   86.884699] Bluetooth: hci5: command tx timeout
[   86.948349] Bluetooth: hci6: command tx timeout
[  113.751426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.752079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.938460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.939087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.275971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.276951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:06:03 executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

[  114.395118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.395738] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:06:04 executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

10:06:04 executing program 4:
mq_notify(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}})

10:06:04 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

[  114.534869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.535528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:06:04 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

[  114.559608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.560194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.568826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.569598] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.598273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.598875] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:06:04 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

[  114.624496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.625079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
10:06:04 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private0, @in=@remote}, {@in6=@private2, 0x0, 0x2b}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)

10:06:04 executing program 4:
setrlimit(0x4, &(0x7f0000000080)={0x0, 0x30})

[  114.693339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.693942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.773362] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.773970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.822093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.822749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.842057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.842652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.888085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.889006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.967949] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.968663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.996660] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.997227] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.158584] audit: type=1400 audit(1756721164.788:8): avc:  denied  { open } for  pid=3912 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  115.162436] audit: type=1400 audit(1756721164.788:9): avc:  denied  { kernel } for  pid=3912 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  115.172633] audit: type=1400 audit(1756721164.796:10): avc:  denied  { write } for  pid=3912 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
10:06:04 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x49, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)

10:06:04 executing program 1:
syz_mount_image$nfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fsc'])

10:06:04 executing program 4:
setrlimit(0x4, &(0x7f0000000080)={0x0, 0x30})

10:06:04 executing program 5:
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x0, 0x3c, 0x0, @local, @local}}}}, 0x0)

10:06:04 executing program 7:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000100)=""/153, &(0x7f00000001c0)=0x99)

10:06:04 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x21, 0x0, 0x1300)

10:06:04 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0)

10:06:04 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)

10:06:04 executing program 1:
syz_mount_image$nfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fsc'])

10:06:04 executing program 4:
setrlimit(0x4, &(0x7f0000000080)={0x0, 0x30})

10:06:04 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)

10:06:04 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x21, 0x0, 0x1300)

10:06:04 executing program 5:
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x0, 0x3c, 0x0, @local, @local}}}}, 0x0)

10:06:04 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0)

10:06:04 executing program 7:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000100)=""/153, &(0x7f00000001c0)=0x99)

10:06:05 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x49, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)

10:06:05 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)

10:06:05 executing program 1:
syz_mount_image$nfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fsc'])

10:06:05 executing program 4:
setrlimit(0x4, &(0x7f0000000080)={0x0, 0x30})

10:06:05 executing program 5:
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2f2802", 0x0, 0x3c, 0x0, @local, @local}}}}, 0x0)

10:06:05 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x21, 0x0, 0x1300)

10:06:05 executing program 6:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000540)="ae98d7aa", 0x4}], 0x1, &(0x7f0000000000)=[@flowinfo={{0x14, 0x29, 0xb, 0x100}}], 0x18}}], 0x1, 0x0)

10:06:05 executing program 7:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000100)=""/153, &(0x7f00000001c0)=0x99)

10:06:05 executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x49, &(0x7f0000002680)={0x4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)

10:06:05 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x21, 0x0, 0x1300)

10:06:05 executing program 4:
munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil)

10:06:05 executing program 1:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000000))
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x2284, 0x0)

10:06:05 executing program 6:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
creat(&(0x7f00000003c0)='./file0\x00', 0x0)
utime(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x2000000000})

10:06:05 executing program 4:
munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil)

10:06:05 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000bc0)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @empty}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10d})

10:06:05 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x30, r1, 0x16566fdb4c104121, 0x0, 0x0, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan3\x00'}, @NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x30}}, 0x0)

10:06:05 executing program 7:
keyctl$set_reqkey_keyring(0xe, 0x1)
keyctl$set_reqkey_keyring(0xe, 0x1)

10:06:05 executing program 0:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
clone3(&(0x7f0000000240)={0x61020100, &(0x7f00000056c0), 0x0, 0x0, {}, &(0x7f00000001c0)=""/96, 0x54, 0x0, &(0x7f0000000000), 0x3}, 0x58)

10:06:05 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000240))

[  115.694102] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure
[  115.696206] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[  115.697146] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  115.697751] CPU: 1 UID: 0 PID: 3977 Comm: syz-executor.6 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  115.699362] Tainted: [W]=WARN
[  115.700105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  115.701784] RIP: 0010:perf_tp_event+0x175/0xe70
10:06:05 executing program 4:
munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffa000/0x1000)=nil)

[  115.703158] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  115.706977] RSP: 0018:ffff88801c1cf780 EFLAGS: 00010012
[  115.707398] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004005000
[  115.707952] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  115.708519] RBP: ffff88801c1cf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd111c8
[  115.709080] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  115.709640] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  115.710212] FS:  00007eff8765a700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  115.710845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.711305] CR2: 00007eff8a1f8018 CR3: 000000000e647000 CR4: 0000000000350ef0
[  115.711864] Call Trace:
[  115.712071]  <TASK>
[  115.712255]  ? __pfx_perf_tp_event+0x10/0x10
[  115.712613]  ? __is_insn_slot_addr+0x140/0x290
[  115.712984]  ? kernel_text_address+0x5b/0xc0
[  115.713338]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  115.713771]  ? __kernel_text_address+0xd/0x40
[  115.714140]  ? unwind_get_return_address+0x59/0xa0
[  115.714542]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  115.714968]  ? arch_stack_walk+0x9c/0xf0
[  115.715295]  ? stack_trace_save+0x8e/0xc0
[  115.715626]  ? stack_depot_save_flags+0x2c/0xa20
[  115.716008]  ? perf_trace_run_bpf_submit+0xef/0x180
[  115.716407]  perf_trace_run_bpf_submit+0xef/0x180
[  115.716796]  perf_trace_preemptirq_template+0x259/0x430
[  115.717224]  ? trace_sched_set_need_resched_tp+0xd4/0x110
[  115.717665]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  115.718137]  ? __pfx___resched_curr+0x10/0x10
[  115.718505]  ? find_held_lock+0x2b/0x80
[  115.718829]  ? try_to_wake_up+0x8ae/0x11d0
[  115.719169]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  115.719574]  trace_irq_enable.constprop.0+0xa6/0x100
[  115.719974]  trace_hardirqs_on+0x26/0x40
[  115.720293]  _raw_spin_unlock_irqrestore+0x2c/0x50
[  115.720685]  try_to_wake_up+0x8ae/0x11d0
[  115.721013]  ? __pfx_try_to_wake_up+0x10/0x10
[  115.721372]  ? plist_del+0x122/0x270
[  115.721673]  ? find_held_lock+0x2b/0x80
[  115.721991]  ? futex_wake+0x474/0x540
[  115.722311]  wake_up_q+0xa1/0x130
[  115.722594]  futex_wake+0x47e/0x540
[  115.722890]  ? __pfx_futex_wake+0x10/0x10
[  115.723220]  ? bpf_prog_store_orig_filter+0x103/0x1e0
[  115.723632]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  115.724089]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  115.724498]  do_futex+0x26d/0x370
[  115.724777]  ? __pfx_do_futex+0x10/0x10
[  115.725092]  ? _raw_spin_unlock_irq+0x23/0x40
[  115.725450]  __x64_sys_futex+0x1c9/0x4d0
[  115.725771]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  115.726239]  ? __pfx___x64_sys_futex+0x10/0x10
[  115.726602]  ? __secure_computing+0x18d/0x290
[  115.726961]  do_syscall_64+0xbf/0x360
[  115.727264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.727669] RIP: 0033:0x7eff8a0e4b19
[  115.727960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  115.729361] RSP: 002b:00007eff8765a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  115.729946] RAX: ffffffffffffffda RBX: 00007eff8a1f7f68 RCX: 00007eff8a0e4b19
[  115.730516] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007eff8a1f7f6c
[  115.731067] RBP: 00007eff8a1f7f60 R08: 000000000000000e R09: 0000000000000000
[  115.731621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff8a1f7f6c
[  115.732174] R13: 00007ffcce0a999f R14: 00007eff8765a300 R15: 0000000000022000
[  115.732730]  </TASK>
[  115.732916] Modules linked in:
[  115.733178] ---[ end trace 0000000000000000 ]---
[  115.733543] RIP: 0010:perf_tp_event+0x175/0xe70
[  115.733916] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  115.735329] RSP: 0018:ffff88801c1cf780 EFLAGS: 00010012
[  115.735747] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004005000
10:06:05 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x30, r1, 0x16566fdb4c104121, 0x0, 0x0, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan3\x00'}, @NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x30}}, 0x0)

[  115.736305] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  115.736945] RBP: ffff88801c1cf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd111c8
[  115.737574] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  115.738142] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  115.738713] FS:  00007eff8765a700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  115.739353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.739819] CR2: 00007eff8a1f8018 CR3: 000000000e647000 CR4: 0000000000350ef0
[  115.740391] note: syz-executor.6[3977] exited with irqs disabled
[  115.740960] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[  115.741852] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[  115.742470] CPU: 1 UID: 0 PID: 3977 Comm: syz-executor.6 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
[  115.743431] Tainted: [D]=DIE, [W]=WARN
[  115.743742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  115.744402] RIP: 0010:perf_tp_event+0x175/0xe70
[  115.744789] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  115.746244] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[  115.746676] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[  115.747248] RDX: ffff88801421d280 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  115.747818] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd111c8
[  115.748396] R10: 0000000000000000 R11: ffff88801edf2098 R12: dffffc0000000000
[  115.748965] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[  115.749542] FS:  00007eff8765a700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  115.750195] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.750668] CR2: 00007eff8a1f8018 CR3: 000000000e647000 CR4: 0000000000350ef0
[  115.751237] Call Trace:
[  115.751451]  <IRQ>
[  115.751633]  ? __pfx_perf_tp_event+0x10/0x10
[  115.751999]  ? enqueue_task_fair+0xded/0x1e00
[  115.752371]  ? check_preempt_wakeup_fair+0x6e/0x950
[  115.752778]  ? wakeup_preempt+0x140/0x2a0
[  115.753114]  ? lock_release+0x1c7/0x290
[  115.753441]  ? lock_release+0x1c7/0x290
[  115.753767]  ? do_raw_spin_unlock+0x53/0x220
[  115.754139]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  115.754556]  ? try_to_wake_up+0x8ae/0x11d0
[  115.754904]  ? do_raw_spin_lock+0x123/0x260
[  115.755262]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  115.755646]  ? perf_trace_run_bpf_submit+0xef/0x180
[  115.756051]  perf_trace_run_bpf_submit+0xef/0x180
[  115.756448]  perf_trace_preemptirq_template+0x259/0x430
[  115.756877]  ? read_tsc+0x9/0x20
[  115.757163]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  115.757634]  ? clockevents_program_event+0x135/0x360
[  115.758056]  ? tick_program_event+0xac/0x140
[  115.758419]  ? handle_softirqs+0x16e/0x770
[  115.758772]  trace_irq_enable.constprop.0+0xa6/0x100
[  115.759183]  trace_hardirqs_on+0x26/0x40
[  115.759514]  handle_softirqs+0x16e/0x770
[  115.759858]  __irq_exit_rcu+0xc4/0x100
[  115.760184]  irq_exit_rcu+0x9/0x20
[  115.760479]  sysvec_apic_timer_interrupt+0x70/0x80
[  115.760884]  </IRQ>
[  115.761068]  <TASK>
[  115.761255]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  115.761666] RIP: 0010:make_task_dead+0xa2/0x3b0
[  115.762038] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 <e8> e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[  115.763447] RSP: 0018:ffff88801c1cff28 EFLAGS: 00000246
[  115.763862] RAX: 0000000000000001 RBX: ffff88801421d280 RCX: ffffffff817c3ab6
[  115.764410] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[  115.764961] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  115.765515] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801421d280
[  115.766075] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[  115.766628]  ? trace_irq_enable.constprop.0+0x26/0x100
[  115.767035]  ? make_task_dead+0x214/0x3b0
[  115.767366]  ? make_task_dead+0x214/0x3b0
[  115.767694]  ? do_syscall_64+0xbf/0x360
[  115.768007]  rewind_stack_and_make_dead+0x16/0x20
[  115.768397] RIP: 0033:0x7eff8a0e4b19
[  115.768686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  115.770091] RSP: 002b:00007eff8765a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  115.770681] RAX: ffffffffffffffda RBX: 00007eff8a1f7f68 RCX: 00007eff8a0e4b19
[  115.771232] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007eff8a1f7f6c
[  115.771787] RBP: 00007eff8a1f7f60 R08: 000000000000000e R09: 0000000000000000
[  115.772341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff8a1f7f6c
[  115.772893] R13: 00007ffcce0a999f R14: 00007eff8765a300 R15: 0000000000022000
[  115.773449]  </TASK>
[  115.773636] Modules linked in:
[  115.773891] ---[ end trace 0000000000000000 ]---
[  115.774263] RIP: 0010:perf_tp_event+0x175/0xe70
[  115.774635] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  115.776035] RSP: 0018:ffff88801c1cf780 EFLAGS: 00010012
[  115.776453] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90004005000
[  115.777016] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[  115.777584] RBP: ffff88801c1cf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd111c8
[  115.778159] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  115.778719] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[  115.779283] FS:  00007eff8765a700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[  115.779914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  115.780371] CR2: 00007eff8a1f8018 CR3: 000000000e647000 CR4: 0000000000350ef0
[  115.780933] Kernel panic - not syncing: Fatal exception in interrupt
[  115.781622] Kernel Offset: disabled
[  115.781909] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

VM DIAGNOSIS:
10:06:05  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffffea0000cf4a00 RCX=ffffffff819d1309 RDX=ffff8880164cb700
RSI=0000000000000008 RDI=ffffea0000cf4a00 RBP=0000000000000000 RSP=ffff88804561f878
R8 =0000000000000000 R9 =fffff9400019e940 R10=0000000000000000 R11=ffff88806ce3c540
R12=0000000000000000 R13=00007fafad795000 R14=ffff88804561fce0 R15=8000000033d28007
RIP=ffffffff81b01738 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe5a00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=0000000005a88000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fafaf9f17c000007fafaf9f17c8
XMM02=00007fafaf9f17e000007fafaf9f17c0 XMM03=00007fafaf9f17c800007fafaf9f17c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88801c1cf070
R8 =0000000000000000 R9 =ffffed100145e046 R10=0000000000000062 R11=0000000065646f43
R12=0000000000000062 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007eff8765a700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007eff8a1f8018 CR3=000000000e647000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007eff8a1cb7c000007eff8a1cb7c8
XMM02=00007eff8a1cb7e000007eff8a1cb7c0 XMM03=00007eff8a1cb7c800007eff8a1cb7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000