Warning: Permanently added '[localhost]:28718' (ECDSA) to the list of known hosts. 2025/08/29 08:07:34 fuzzer started 2025/08/29 08:07:34 dialing manager at localhost:43077 syzkaller login: [ 51.924460] cgroup: Unknown subsys name 'net' [ 51.978169] cgroup: Unknown subsys name 'cpuset' [ 51.995026] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:07:45 syscalls: 2214 2025/08/29 08:07:45 code coverage: enabled 2025/08/29 08:07:45 comparison tracing: enabled 2025/08/29 08:07:45 extra coverage: enabled 2025/08/29 08:07:45 setuid sandbox: enabled 2025/08/29 08:07:45 namespace sandbox: enabled 2025/08/29 08:07:45 Android sandbox: enabled 2025/08/29 08:07:45 fault injection: enabled 2025/08/29 08:07:45 leak checking: enabled 2025/08/29 08:07:45 net packet injection: enabled 2025/08/29 08:07:45 net device setup: enabled 2025/08/29 08:07:45 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:07:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:07:45 USB emulation: enabled 2025/08/29 08:07:45 hci packet injection: enabled 2025/08/29 08:07:45 wifi device emulation: enabled 2025/08/29 08:07:45 802.15.4 emulation: enabled 2025/08/29 08:07:45 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:07:45 fetching corpus: 50, signal 26442/29110 (executing program) 2025/08/29 08:07:45 fetching corpus: 100, signal 40537/43501 (executing program) 2025/08/29 08:07:46 fetching corpus: 150, signal 49180/52235 (executing program) 2025/08/29 08:07:46 fetching corpus: 200, signal 53897/57179 (executing program) 2025/08/29 08:07:46 fetching corpus: 250, signal 57386/60819 (executing program) 2025/08/29 08:07:46 fetching corpus: 300, signal 61472/64740 (executing program) 2025/08/29 08:07:46 fetching corpus: 350, signal 65221/68262 (executing program) 2025/08/29 08:07:46 fetching corpus: 400, signal 68529/71154 (executing program) 2025/08/29 08:07:46 fetching corpus: 450, signal 70702/73103 (executing program) 2025/08/29 08:07:47 fetching corpus: 500, signal 73005/75005 (executing program) 2025/08/29 08:07:47 fetching corpus: 550, signal 76586/77664 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78419 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78486 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78567 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78642 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78710 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78772 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78850 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78922 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/78995 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79063 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79133 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79215 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79274 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79339 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79405 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79462 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79547 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79610 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79690 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79759 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79828 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79901 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/79960 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/80035 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/80105 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/80169 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/80235 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/80299 (executing program) 2025/08/29 08:07:47 fetching corpus: 579, signal 77546/80299 (executing program) 2025/08/29 08:07:49 starting 8 fuzzer processes 08:07:49 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="8800170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}], 0x0, &(0x7f0000000400)) 08:07:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) 08:07:50 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) 08:07:50 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 08:07:50 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast1}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}]}, 0x48}}, 0x0) 08:07:50 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$search(0x12, 0x0, 0x0, 0x0, 0x0) 08:07:50 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x6, 0x4) 08:07:50 executing program 6: syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @dccp={{0xd, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@rr={0x44, 0x1f, 0x1c, [@broadcast=0x30b6fb55, @broadcast, @broadcast, @empty, @dev, @local, @private]}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) [ 67.133340] audit: type=1400 audit(1756454870.192:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 68.336564] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.339100] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.344783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.349484] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.358442] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.399585] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.402150] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.404890] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.408561] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.410890] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.468519] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.470394] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.471927] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.475750] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.477372] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.482874] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.485953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.487632] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.492093] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.493182] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.495230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.514114] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.521730] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.523212] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.529028] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.539351] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.552941] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.556893] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.558893] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.560413] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.573798] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.585023] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.588380] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.592420] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.598310] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.598475] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.600624] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.632156] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.672261] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.692944] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 70.430176] Bluetooth: hci1: command tx timeout [ 70.431064] Bluetooth: hci0: command tx timeout [ 70.557748] Bluetooth: hci2: command tx timeout [ 70.557772] Bluetooth: hci4: command tx timeout [ 70.622897] Bluetooth: hci3: command tx timeout [ 70.685849] Bluetooth: hci5: command tx timeout [ 70.749825] Bluetooth: hci7: command tx timeout [ 70.750878] Bluetooth: hci6: command tx timeout [ 72.477806] Bluetooth: hci0: command tx timeout [ 72.478006] Bluetooth: hci1: command tx timeout [ 72.606044] Bluetooth: hci4: command tx timeout [ 72.606566] Bluetooth: hci2: command tx timeout [ 72.669775] Bluetooth: hci3: command tx timeout [ 72.734707] Bluetooth: hci5: command tx timeout [ 72.797767] Bluetooth: hci6: command tx timeout [ 72.798379] Bluetooth: hci7: command tx timeout [ 74.525929] Bluetooth: hci1: command tx timeout [ 74.525956] Bluetooth: hci0: command tx timeout [ 74.653709] Bluetooth: hci4: command tx timeout [ 74.654178] Bluetooth: hci2: command tx timeout [ 74.718676] Bluetooth: hci3: command tx timeout [ 74.781879] Bluetooth: hci5: command tx timeout [ 74.846809] Bluetooth: hci7: command tx timeout [ 74.847226] Bluetooth: hci6: command tx timeout [ 76.573867] Bluetooth: hci1: command tx timeout [ 76.574797] Bluetooth: hci0: command tx timeout [ 76.701705] Bluetooth: hci4: command tx timeout [ 76.701737] Bluetooth: hci2: command tx timeout [ 76.765707] Bluetooth: hci3: command tx timeout [ 76.829776] Bluetooth: hci5: command tx timeout [ 76.895766] Bluetooth: hci6: command tx timeout [ 76.895791] Bluetooth: hci7: command tx timeout [ 105.386312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.387015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.532048] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.533020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.691011] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.691622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.819360] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.820020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.004207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.005495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.081028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.081664] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.121205] audit: type=1400 audit(1756454909.173:8): avc: denied { open } for pid=3860 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 106.129564] audit: type=1400 audit(1756454909.173:9): avc: denied { kernel } for pid=3860 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 106.133725] audit: type=1400 audit(1756454909.187:10): avc: denied { read } for pid=3860 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 106.137722] audit: type=1400 audit(1756454909.189:11): avc: denied { write } for pid=3860 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 08:08:29 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) [ 106.195689] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.196303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.252400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.253185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:08:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) 08:08:29 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) [ 106.309550] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.310213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:08:29 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) [ 106.387524] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.388167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:08:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) 08:08:29 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 08:08:29 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) [ 106.478588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.479293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:08:29 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x6, 0x4) [ 106.521195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.521851] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.596065] syz_tun: entered promiscuous mode [ 106.597246] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 106.599067] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 106.600134] syz_tun: left promiscuous mode [ 106.604466] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.605072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.608860] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 106.609546] syz_tun: entered promiscuous mode [ 106.610735] syz_tun: left promiscuous mode [ 106.611218] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 106.664150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.664967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.729190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.729840] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.745478] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.746137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.856234] loop0: detected capacity change from 0 to 736 08:08:30 executing program 6: syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @dccp={{0xd, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@rr={0x44, 0x1f, 0x1c, [@broadcast=0x30b6fb55, @broadcast, @broadcast, @empty, @dev, @local, @private]}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 08:08:30 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 08:08:30 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 08:08:30 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x6, 0x4) 08:08:30 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast1}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}]}, 0x48}}, 0x0) 08:08:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) 08:08:30 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$search(0x12, 0x0, 0x0, 0x0, 0x0) 08:08:30 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="8800170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}], 0x0, &(0x7f0000000400)) [ 107.051925] syz_tun: entered promiscuous mode [ 107.060620] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 107.062441] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 107.063208] syz_tun: left promiscuous mode [ 107.074625] loop0: detected capacity change from 0 to 736 08:08:30 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5c000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="8800170000000000001700080000000008007809140b2a3a0802", 0x1a, 0xb800}], 0x0, &(0x7f0000000400)) 08:08:30 executing program 6: syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @dccp={{0xd, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@rr={0x44, 0x1f, 0x1c, [@broadcast=0x30b6fb55, @broadcast, @broadcast, @empty, @dev, @local, @private]}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 08:08:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) 08:08:30 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x6, 0x4) 08:08:30 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast1}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}]}, 0x48}}, 0x0) 08:08:30 executing program 7: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) 08:08:30 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$search(0x12, 0x0, 0x0, 0x0, 0x0) 08:08:30 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) [ 107.216430] syz_tun: entered promiscuous mode [ 107.219892] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 107.224079] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 107.224757] syz_tun: left promiscuous mode [ 107.246542] kmemleak: Found object by alias at 0x607f1a63949c [ 107.246558] CPU: 1 UID: 0 PID: 3933 Comm: syz-executor.5 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 107.246576] Tainted: [W]=WARN [ 107.246580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.246587] Call Trace: [ 107.246591] [ 107.246596] dump_stack_lvl+0xca/0x120 [ 107.246621] __lookup_object+0x94/0xb0 [ 107.246642] delete_object_full+0x27/0x70 [ 107.246661] free_percpu+0x30/0x1160 [ 107.246677] ? arch_uprobe_clear_state+0x16/0x140 [ 107.246697] futex_hash_free+0x38/0xc0 [ 107.246710] mmput+0x2d3/0x390 [ 107.246728] do_exit+0x79d/0x2970 [ 107.246741] ? signal_wake_up_state+0x85/0x120 [ 107.246757] ? zap_other_threads+0x2b9/0x3a0 [ 107.246772] ? __pfx_do_exit+0x10/0x10 [ 107.246784] ? do_group_exit+0x1c3/0x2a0 [ 107.246798] ? lock_release+0xc8/0x290 [ 107.246814] do_group_exit+0xd3/0x2a0 [ 107.246829] __x64_sys_exit_group+0x3e/0x50 [ 107.246842] x64_sys_call+0x18c5/0x18d0 [ 107.246857] do_syscall_64+0xbf/0x360 [ 107.246869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.246880] RIP: 0033:0x7fd9265c7b19 [ 107.246889] Code: Unable to access opcode bytes at 0x7fd9265c7aef. [ 107.246894] RSP: 002b:00007ffc8fd8e8b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 107.246905] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd9265c7b19 [ 107.246912] RDX: 00007fd92657a72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 107.246919] RBP: 0000000000000000 R08: 0000001b2ce21744 R09: 0000000000000000 [ 107.246926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.246932] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc8fd8e9a0 [ 107.246947] [ 107.246951] kmemleak: Object (percpu) 0x607f1a639498 (size 8): [ 107.246957] kmemleak: comm "syz-executor.7", pid 3939, jiffies 4294774076 [ 107.246964] kmemleak: min_count = 1 [ 107.246968] kmemleak: count = 0 [ 107.246971] kmemleak: flags = 0x21 [ 107.246975] kmemleak: checksum = 0 [ 107.246978] kmemleak: backtrace: [ 107.246982] pcpu_alloc_noprof+0x87a/0x1170 [ 107.246997] perf_trace_event_init+0x366/0xa10 [ 107.247009] perf_trace_init+0x1a4/0x2f0 [ 107.247021] perf_tp_event_init+0xa6/0x120 [ 107.247036] perf_try_init_event+0x140/0x9f0 [ 107.247048] perf_event_alloc.part.0+0x118e/0x45f0 [ 107.247064] __do_sys_perf_event_open+0x719/0x2c20 [ 107.247076] do_syscall_64+0xbf/0x360 [ 107.247085] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:08:30 executing program 6: syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @dccp={{0xd, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @private=0xa010101, {[@rr={0x44, 0x1f, 0x1c, [@broadcast=0x30b6fb55, @broadcast, @broadcast, @empty, @dev, @local, @private]}]}}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00\x00W', 0x0, "944856"}}}}}}, 0x0) 08:08:30 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x48, r1, 0xf1b5a43ca6b9a97, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast1}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}]}, 0x48}}, 0x0) 08:08:30 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) 08:08:30 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$search(0x12, 0x0, 0x0, 0x0, 0x0) 08:08:30 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6, @multicast}, 0x10) [ 107.338096] syz_tun: entered promiscuous mode [ 107.343150] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 107.347985] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 107.348629] syz_tun: left promiscuous mode 08:08:30 executing program 1: r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) [ 107.357413] loop0: detected capacity change from 0 to 736 [ 107.359768] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 107.360678] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 107.361362] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 107.363836] Tainted: [W]=WARN [ 107.364564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.366598] Workqueue: ipv6_addrconf addrconf_dad_work [ 107.368059] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.369183] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.371610] RSP: 0018:ffff8880095ff440 EFLAGS: 00010012 [ 107.372027] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 107.372582] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 107.373135] RBP: ffff8880095ff6b0 R08: ffff88806ce31340 R09: ffffe8ffffc16498 [ 107.373685] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 107.374244] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 107.374798] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 107.375427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.375882] CR2: 00007fa2ba404fe8 CR3: 0000000005a88000 CR4: 0000000000350ef0 [ 107.376433] Call Trace: [ 107.376640] [ 107.376820] ? __lock_acquire+0x694/0x1b70 [ 107.377163] ? __pfx_perf_tp_event+0x10/0x10 [ 107.377515] ? lock_acquire+0x15e/0x2f0 [ 107.377833] ? unwind_next_frame+0xb9/0x2540 [ 107.378202] ? lock_acquire+0x15e/0x2f0 [ 107.378526] ? unwind_next_frame+0xb9/0x2540 [ 107.378881] ? find_held_lock+0x2b/0x80 [ 107.379201] ? unwind_next_frame+0x3b2/0x2540 [ 107.379562] ? lock_release+0xc8/0x290 [ 107.379874] ? unwind_next_frame+0x3bc/0x2540 [ 107.380233] ? ret_from_fork_asm+0x1a/0x30 [ 107.380569] ? ret_from_fork_asm+0x1a/0x30 [ 107.380905] ? kernel_text_address+0x11/0xc0 [ 107.381257] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 107.381684] ? arch_stack_walk+0x86/0xf0 [ 107.382007] ? perf_trace_run_bpf_submit+0xef/0x180 [ 107.382412] perf_trace_run_bpf_submit+0xef/0x180 [ 107.382802] perf_trace_preemptirq_template+0x259/0x430 [ 107.383227] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.383692] ? find_held_lock+0x2b/0x80 [ 107.384011] ? __create_object+0x59/0x80 [ 107.384339] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 107.384741] trace_irq_enable.constprop.0+0xa6/0x100 [ 107.385138] trace_hardirqs_on+0x26/0x40 [ 107.385466] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 107.385855] __create_object+0x59/0x80 [ 107.386176] __kmalloc_cache_noprof+0x42a/0x690 [ 107.386549] ? __pfx_percpu_counter_add_batch+0x10/0x10 [ 107.386967] ? kmem_cache_alloc_noprof+0x264/0x690 [ 107.387355] ? dst_cow_metrics_generic+0x4c/0x1e0 [ 107.387739] ? dst_alloc+0x44f/0x620 [ 107.388037] dst_cow_metrics_generic+0x4c/0x1e0 [ 107.388412] icmp6_dst_alloc+0x4a7/0x650 [ 107.388734] ? icmpv6_flow_init+0x3d/0x280 [ 107.389076] ? selinux_sk_getsecid+0x7c/0xd0 [ 107.389425] ndisc_send_skb+0x11f0/0x1d10 [ 107.389762] ? __pfx_ndisc_send_skb+0x10/0x10 [ 107.390129] ? lock_release+0xc8/0x290 [ 107.390439] ? lock_is_held_type+0x9e/0x120 [ 107.390786] ? __asan_memcpy+0x3d/0x60 [ 107.391098] ? mark_held_locks+0x49/0x80 [ 107.391421] ndisc_send_ns+0xa9/0x130 [ 107.391725] ? __pfx_ndisc_send_ns+0x10/0x10 [ 107.392072] ? mark_held_locks+0x49/0x80 [ 107.392395] addrconf_dad_work+0xae2/0x11a0 [ 107.392736] ? __pfx_addrconf_dad_work+0x10/0x10 [ 107.393115] process_one_work+0x8e1/0x19c0 [ 107.393452] ? __pfx_process_one_work+0x10/0x10 [ 107.393823] ? move_linked_works+0x172/0x270 [ 107.394191] ? assign_work+0x196/0x240 [ 107.394502] worker_thread+0x67e/0xe90 [ 107.394810] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 107.395221] ? __pfx_worker_thread+0x10/0x10 [ 107.395576] kthread+0x3c8/0x740 [ 107.395850] ? __pfx_kthread+0x10/0x10 [ 107.396159] ? ret_from_fork+0x23/0x430 [ 107.396486] ? lock_release+0xc8/0x290 [ 107.396795] ? __pfx_kthread+0x10/0x10 [ 107.397104] ret_from_fork+0x34b/0x430 [ 107.397419] ? __pfx_kthread+0x10/0x10 [ 107.397731] ret_from_fork_asm+0x1a/0x30 [ 107.398058] [ 107.398252] Modules linked in: [ 107.398508] ---[ end trace 0000000000000000 ]--- [ 107.398511] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 107.398875] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.399763] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 107.400120] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.400702] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 107.402100] RSP: 0018:ffff8880095ff440 EFLAGS: 00010012 [ 107.403018] Tainted: [D]=DIE, [W]=WARN [ 107.403425] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 107.403719] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.404264] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 107.404901] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.405446] RBP: ffff8880095ff6b0 R08: ffff88806ce31340 R09: ffffe8ffffc16498 [ 107.405806] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.406361] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 107.407762] RSP: 0018:ffff88804203f780 EFLAGS: 00010012 [ 107.408312] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 107.408324] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 107.408732] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 107.409281] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.409892] RDX: ffff888042035280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 107.410452] CR2: 00007fa2ba404fe8 CR3: 0000000005a88000 CR4: 0000000000350ef0 [ 107.410895] RBP: ffff88804203f9f0 R08: ffff88806cf31340 R09: ffffe8ffffd16498 [ 107.411449] note: kworker/u8:0[12] exited with irqs disabled [ 107.411994] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 107.413526] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 107.414084] FS: 00005555765b9400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 107.414725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.415180] CR2: 00007fd9266daf64 CR3: 000000001ee5d000 CR4: 0000000000350ef0 [ 107.415739] Call Trace: [ 107.415946] [ 107.416128] ? __pfx_perf_tp_event+0x10/0x10 [ 107.416485] ? arch_scale_cpu_capacity+0x17/0xa0 [ 107.416867] ? cpu_util.constprop.0+0x17d/0x340 [ 107.417241] ? __asan_memset+0x24/0x50 [ 107.417550] ? sched_balance_find_dst_group+0xa9a/0x1c00 [ 107.417971] ? lock_release+0xc8/0x290 [ 107.418295] ? __pfx_sched_balance_find_dst_group+0x10/0x10 [ 107.418736] ? __lock_acquire+0x694/0x1b70 [ 107.419068] ? perf_trace_run_bpf_submit+0xef/0x180 [ 107.419460] ? sched_clock+0x37/0x60 [ 107.419761] ? sched_clock_cpu+0x6c/0x4e0 [ 107.420090] perf_trace_run_bpf_submit+0xef/0x180 [ 107.420478] perf_trace_preemptirq_template+0x259/0x430 [ 107.420906] ? __pick_eevdf+0x326/0x570 [ 107.421217] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.421683] ? update_curr+0x39e/0x500 [ 107.421990] ? check_preempt_wakeup_fair+0x406/0x950 [ 107.422399] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 107.422802] trace_irq_enable.constprop.0+0xa6/0x100 [ 107.423196] trace_hardirqs_on+0x26/0x40 [ 107.423516] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 107.423905] try_to_wake_up+0x8ae/0x11d0 [ 107.424231] ? __pfx_try_to_wake_up+0x10/0x10 [ 107.424589] ? plist_del+0x122/0x270 [ 107.424886] ? __futex_unqueue+0xda/0x1c0 [ 107.425219] wake_up_q+0xa1/0x130 [ 107.425503] futex_wake+0x47e/0x540 [ 107.425794] ? __pfx_futex_wake+0x10/0x10 [ 107.426132] ? xfd_validate_state+0x55/0x180 [ 107.426489] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 107.426901] ? finish_task_switch.isra.0+0x206/0x840 [ 107.427310] do_futex+0x26d/0x370 [ 107.427586] ? __pfx_do_futex+0x10/0x10 [ 107.427902] ? __pfx___schedule+0x10/0x10 [ 107.428231] __x64_sys_futex+0x1c9/0x4d0 [ 107.428555] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.429020] ? __pfx___x64_sys_futex+0x10/0x10 [ 107.429383] ? xfd_validate_state+0x55/0x180 [ 107.429734] do_syscall_64+0xbf/0x360 [ 107.430033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.430441] RIP: 0033:0x7f01588dcb19 [ 107.430734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 107.432136] RSP: 002b:00007ffe7411ded8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 107.432720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f01588dcb19 [ 107.433271] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f01589eff68 [ 107.433823] RBP: 00007f01589eff60 R08: 00007f0155e52700 R09: 0000000000000000 [ 107.434376] R10: 00007f0155e52700 R11: 0000000000000246 R12: 00007f01589f4a68 [ 107.434927] R13: 00007ffe7411dfe0 R14: 00007f01589eff60 R15: 000000000001a2ed [ 107.435483] [ 107.435674] Modules linked in: [ 107.435932] ---[ end trace 0000000000000000 ]--- [ 107.435934] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI [ 107.436302] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.437147] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 107.437502] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.438175] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 107.439566] RSP: 0018:ffff8880095ff440 EFLAGS: 00010012 [ 107.440454] Tainted: [D]=DIE, [W]=WARN [ 107.440861] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 107.441162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.441706] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 107.442350] Workqueue: ipv6_addrconf addrconf_dad_work [ 107.442897] RBP: ffff8880095ff6b0 R08: ffff88806ce31340 R09: ffffe8ffffc16498 [ 107.442907] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 107.443305] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.443852] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 107.444401] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.444757] FS: 00005555765b9400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 107.445305] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 107.446717] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.447338] [ 107.447748] CR2: 00007fd9266daf64 CR3: 000000001ee5d000 CR4: 0000000000350ef0 [ 107.448194] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 107.448334] note: syz-executor.4[3948] exited with irqs disabled [ 107.448883] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 107.450462] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16498 [ 107.451016] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 107.451577] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 107.452135] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 107.452761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.453216] CR2: 00007fa2ba404fe8 CR3: 0000000005a88000 CR4: 0000000000350ef0 [ 107.453773] Call Trace: [ 107.453978] [ 107.454162] ? __pfx_perf_tp_event+0x10/0x10 [ 107.454521] ? trace_pelt_se_tp+0xdf/0x130 [ 107.454860] ? __update_load_avg_cfs_rq+0x636/0x950 [ 107.455263] ? cpufreq_update_util+0x91/0x240 [ 107.455618] ? lock_acquire+0x18c/0x2f0 [ 107.455933] ? update_curr+0x2b0/0x500 [ 107.456243] ? lock_release+0x1c7/0x290 [ 107.456561] ? trace_softirq_raise+0xbe/0x100 [ 107.456931] ? run_posix_cpu_timers+0x160/0x7d0 [ 107.457306] ? __raise_softirq_irqoff+0x5f/0x90 [ 107.457677] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 107.458072] ? sched_balance_trigger+0x1ac/0xcb0 [ 107.458462] ? sched_tick+0x27c/0x6c0 [ 107.458777] ? do_raw_spin_lock+0x123/0x260 [ 107.459124] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 107.459499] ? perf_trace_run_bpf_submit+0xef/0x180 [ 107.459899] perf_trace_run_bpf_submit+0xef/0x180 [ 107.460288] perf_trace_preemptirq_template+0x259/0x430 [ 107.460716] ? read_tsc+0x9/0x20 [ 107.460995] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 107.461462] ? clockevents_program_event+0x135/0x360 [ 107.461867] ? tick_program_event+0xac/0x140 [ 107.462225] ? handle_softirqs+0x16e/0x770 [ 107.462565] trace_irq_enable.constprop.0+0xa6/0x100 [ 107.462964] trace_hardirqs_on+0x26/0x40 [ 107.463286] handle_softirqs+0x16e/0x770 [ 107.463622] __irq_exit_rcu+0xc4/0x100 [ 107.463940] irq_exit_rcu+0x9/0x20 [ 107.464223] sysvec_apic_timer_interrupt+0x70/0x80 [ 107.464615] [ 107.464798] [ 107.464980] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 107.465393] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 107.465765] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 107.467178] RSP: 0018:ffff8880095fff28 EFLAGS: 00000246 [ 107.467595] RAX: 0000000000000001 RBX: ffff8880095dd280 RCX: ffffffff817c2b86 [ 107.468146] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 107.468696] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 107.469253] R10: ffffffff8643ac57 R11: 3838666666662052 R12: ffff8880095dd280 [ 107.469807] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 107.470379] ? trace_irq_enable.constprop.0+0x26/0x100 [ 107.470794] ? make_task_dead+0x214/0x3b0 [ 107.471126] ? make_task_dead+0x214/0x3b0 [ 107.471455] ? ret_from_fork+0x34b/0x430 [ 107.471784] rewind_stack_and_make_dead+0x16/0x20 [ 107.472168] RIP: 0000:0x0 [ 107.472394] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 107.472899] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 107.473491] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 107.474058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 107.474640] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 107.475206] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 107.475777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 107.476355] [ 107.476557] Modules linked in: [ 107.476821] ---[ end trace 0000000000000000 ]--- [ 107.476822] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#4] SMP KASAN NOPTI [ 107.477198] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.478075] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 107.478451] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.479049] CPU: 1 UID: 0 PID: 3948 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 107.480479] RSP: 0018:ffff8880095ff440 EFLAGS: 00010012 [ 107.481420] Tainted: [D]=DIE, [W]=WARN [ 107.481845] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 107.482169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 107.482741] RDX: ffff8880095dd280 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 107.483413] RIP: 0010:perf_tp_event+0x175/0xe70 [ 107.483982] RBP: ffff8880095ff6b0 R08: ffff88806ce31340 R09: ffffe8ffffc16498 [ 107.484362] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 107.484951] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 107.486438] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012 [ 107.487019] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 107.487449] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 107.488029] FS: 0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 107.488609] RDX: ffff888042035280 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 107.489273] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.489838] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16498 [ 107.490331] CR2: ffffffffffffffd6 CR3: 0000000005a88000 CR4: 0000000000350ef0 [ 107.490908] R10: 0000000000000000 R11: ffff888015902898 R12: dffffc0000000000 [ 107.491492] Kernel panic - not syncing: Fatal exception in interrupt [ 108.538631] Shutting down cpus with NMI [ 108.539632] Kernel Offset: disabled [ 108.539918] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:08:30 Registers: info registers vcpu 0 RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880095fedd8 R8 =0000000000000000 R9 =ffffed100172f046 R10=0000000000000000 R11=6572617764726148 R12=0000000000000005 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe3a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa2ba404fe8 CR3=0000000005a88000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=ffffffff812c835effffffff812c82b4 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84bdec0e RDX=fffffbfff0f0ec09 RSI=0000000000000004 RDI=ffffffff87876044 RBP=ffffffff87876044 RSP=ffff88804203f530 R8 =0000000000000000 R9 =fffffbfff0f0ec08 R10=ffffffff87876047 R11=202c746c75616620 R12=1ffff11008407ea7 R13=0000000000000007 R14=fffffbfff0f0ec08 R15=ffff88804203f568 RIP=ffffffff84bdeda0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555765b9400 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd9266daf64 CR3=000000001ee5d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f01589c37c000007f01589c37c8 XMM02=00007f01589c37e000007f01589c37c0 XMM03=00007f01589c37c800007f01589c37c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000