Warning: Permanently added '[localhost]:5323' (ECDSA) to the list of known hosts.
2025/08/31 14:07:37 fuzzer started
2025/08/31 14:07:37 dialing manager at localhost:43077
syzkaller login: [   52.253775] cgroup: Unknown subsys name 'net'
[   52.320461] cgroup: Unknown subsys name 'cpuset'
[   52.342351] cgroup: Unknown subsys name 'rlimit'
2025/08/31 14:07:48 syscalls: 2214
2025/08/31 14:07:48 code coverage: enabled
2025/08/31 14:07:48 comparison tracing: enabled
2025/08/31 14:07:48 extra coverage: enabled
2025/08/31 14:07:48 setuid sandbox: enabled
2025/08/31 14:07:48 namespace sandbox: enabled
2025/08/31 14:07:48 Android sandbox: enabled
2025/08/31 14:07:48 fault injection: enabled
2025/08/31 14:07:48 leak checking: enabled
2025/08/31 14:07:48 net packet injection: enabled
2025/08/31 14:07:48 net device setup: enabled
2025/08/31 14:07:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/31 14:07:48 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/31 14:07:48 USB emulation: enabled
2025/08/31 14:07:48 hci packet injection: enabled
2025/08/31 14:07:48 wifi device emulation: enabled
2025/08/31 14:07:48 802.15.4 emulation: enabled
2025/08/31 14:07:49 fetching corpus: 50, signal 17728/19571 (executing program)
2025/08/31 14:07:49 fetching corpus: 100, signal 30183/33640 (executing program)
2025/08/31 14:07:49 fetching corpus: 150, signal 39066/44016 (executing program)
2025/08/31 14:07:49 fetching corpus: 200, signal 44691/51068 (executing program)
2025/08/31 14:07:49 fetching corpus: 250, signal 50557/58291 (executing program)
2025/08/31 14:07:49 fetching corpus: 300, signal 54665/63720 (executing program)
2025/08/31 14:07:49 fetching corpus: 350, signal 57290/67675 (executing program)
2025/08/31 14:07:49 fetching corpus: 400, signal 63198/74684 (executing program)
2025/08/31 14:07:49 fetching corpus: 450, signal 67256/79843 (executing program)
2025/08/31 14:07:49 fetching corpus: 500, signal 70076/83804 (executing program)
2025/08/31 14:07:49 fetching corpus: 550, signal 72009/86866 (executing program)
2025/08/31 14:07:50 fetching corpus: 600, signal 74211/90202 (executing program)
2025/08/31 14:07:50 fetching corpus: 650, signal 78902/95672 (executing program)
2025/08/31 14:07:50 fetching corpus: 700, signal 81345/99096 (executing program)
2025/08/31 14:07:50 fetching corpus: 750, signal 83957/102630 (executing program)
2025/08/31 14:07:50 fetching corpus: 800, signal 86673/106188 (executing program)
2025/08/31 14:07:50 fetching corpus: 850, signal 88284/108774 (executing program)
2025/08/31 14:07:50 fetching corpus: 900, signal 91720/112879 (executing program)
2025/08/31 14:07:50 fetching corpus: 950, signal 93236/115373 (executing program)
2025/08/31 14:07:50 fetching corpus: 1000, signal 94888/117893 (executing program)
2025/08/31 14:07:50 fetching corpus: 1050, signal 96946/120723 (executing program)
2025/08/31 14:07:51 fetching corpus: 1100, signal 99291/123811 (executing program)
2025/08/31 14:07:51 fetching corpus: 1150, signal 101269/126483 (executing program)
2025/08/31 14:07:51 fetching corpus: 1200, signal 102652/128657 (executing program)
2025/08/31 14:07:51 fetching corpus: 1250, signal 103769/130595 (executing program)
2025/08/31 14:07:51 fetching corpus: 1300, signal 105142/132696 (executing program)
2025/08/31 14:07:51 fetching corpus: 1350, signal 106894/135092 (executing program)
2025/08/31 14:07:51 fetching corpus: 1400, signal 108992/137716 (executing program)
2025/08/31 14:07:51 fetching corpus: 1450, signal 110074/139564 (executing program)
2025/08/31 14:07:51 fetching corpus: 1500, signal 111061/141263 (executing program)
2025/08/31 14:07:51 fetching corpus: 1550, signal 112549/143348 (executing program)
2025/08/31 14:07:51 fetching corpus: 1600, signal 114274/145664 (executing program)
2025/08/31 14:07:51 fetching corpus: 1650, signal 115234/147270 (executing program)
2025/08/31 14:07:51 fetching corpus: 1700, signal 116085/148844 (executing program)
2025/08/31 14:07:52 fetching corpus: 1750, signal 116861/150411 (executing program)
2025/08/31 14:07:52 fetching corpus: 1800, signal 118209/152278 (executing program)
2025/08/31 14:07:52 fetching corpus: 1850, signal 119763/154256 (executing program)
2025/08/31 14:07:52 fetching corpus: 1900, signal 120651/155839 (executing program)
2025/08/31 14:07:52 fetching corpus: 1950, signal 122014/157639 (executing program)
2025/08/31 14:07:52 fetching corpus: 2000, signal 123062/159280 (executing program)
2025/08/31 14:07:52 fetching corpus: 2050, signal 123700/160617 (executing program)
2025/08/31 14:07:52 fetching corpus: 2100, signal 124483/162003 (executing program)
2025/08/31 14:07:52 fetching corpus: 2150, signal 126092/163864 (executing program)
2025/08/31 14:07:52 fetching corpus: 2200, signal 127273/165462 (executing program)
2025/08/31 14:07:52 fetching corpus: 2250, signal 128026/166800 (executing program)
2025/08/31 14:07:53 fetching corpus: 2300, signal 128688/168050 (executing program)
2025/08/31 14:07:53 fetching corpus: 2350, signal 129965/169643 (executing program)
2025/08/31 14:07:53 fetching corpus: 2400, signal 131018/171047 (executing program)
2025/08/31 14:07:53 fetching corpus: 2450, signal 131495/172160 (executing program)
2025/08/31 14:07:53 fetching corpus: 2500, signal 132183/173432 (executing program)
2025/08/31 14:07:53 fetching corpus: 2550, signal 132948/174636 (executing program)
2025/08/31 14:07:53 fetching corpus: 2600, signal 134005/176001 (executing program)
2025/08/31 14:07:53 fetching corpus: 2650, signal 134541/177119 (executing program)
2025/08/31 14:07:53 fetching corpus: 2700, signal 135363/178373 (executing program)
2025/08/31 14:07:53 fetching corpus: 2750, signal 136772/179918 (executing program)
2025/08/31 14:07:53 fetching corpus: 2800, signal 137657/181129 (executing program)
2025/08/31 14:07:53 fetching corpus: 2850, signal 138149/182183 (executing program)
2025/08/31 14:07:54 fetching corpus: 2900, signal 138620/183176 (executing program)
2025/08/31 14:07:54 fetching corpus: 2950, signal 139486/184374 (executing program)
2025/08/31 14:07:54 fetching corpus: 3000, signal 140136/185400 (executing program)
2025/08/31 14:07:54 fetching corpus: 3050, signal 140603/186383 (executing program)
2025/08/31 14:07:54 fetching corpus: 3100, signal 141400/187554 (executing program)
2025/08/31 14:07:54 fetching corpus: 3150, signal 141897/188512 (executing program)
2025/08/31 14:07:54 fetching corpus: 3200, signal 142512/189519 (executing program)
2025/08/31 14:07:54 fetching corpus: 3250, signal 143265/190627 (executing program)
2025/08/31 14:07:54 fetching corpus: 3300, signal 144332/191824 (executing program)
2025/08/31 14:07:54 fetching corpus: 3350, signal 145060/192850 (executing program)
2025/08/31 14:07:54 fetching corpus: 3400, signal 145586/193804 (executing program)
2025/08/31 14:07:55 fetching corpus: 3450, signal 146244/194751 (executing program)
2025/08/31 14:07:55 fetching corpus: 3500, signal 147167/195804 (executing program)
2025/08/31 14:07:55 fetching corpus: 3550, signal 147723/196727 (executing program)
2025/08/31 14:07:55 fetching corpus: 3600, signal 148555/197686 (executing program)
2025/08/31 14:07:55 fetching corpus: 3650, signal 149045/198566 (executing program)
2025/08/31 14:07:55 fetching corpus: 3700, signal 149678/199482 (executing program)
2025/08/31 14:07:55 fetching corpus: 3750, signal 150307/200405 (executing program)
2025/08/31 14:07:55 fetching corpus: 3800, signal 150779/201240 (executing program)
2025/08/31 14:07:55 fetching corpus: 3850, signal 151219/202022 (executing program)
2025/08/31 14:07:55 fetching corpus: 3900, signal 151814/202944 (executing program)
2025/08/31 14:07:55 fetching corpus: 3950, signal 152185/203695 (executing program)
2025/08/31 14:07:56 fetching corpus: 4000, signal 152814/204579 (executing program)
2025/08/31 14:07:56 fetching corpus: 4050, signal 153293/205335 (executing program)
2025/08/31 14:07:56 fetching corpus: 4100, signal 153825/206117 (executing program)
2025/08/31 14:07:56 fetching corpus: 4150, signal 154466/207046 (executing program)
2025/08/31 14:07:56 fetching corpus: 4200, signal 154854/207756 (executing program)
2025/08/31 14:07:56 fetching corpus: 4250, signal 155505/208510 (executing program)
2025/08/31 14:07:56 fetching corpus: 4300, signal 155911/209210 (executing program)
2025/08/31 14:07:56 fetching corpus: 4350, signal 156563/210012 (executing program)
2025/08/31 14:07:56 fetching corpus: 4400, signal 156919/210702 (executing program)
2025/08/31 14:07:56 fetching corpus: 4450, signal 157520/211461 (executing program)
2025/08/31 14:07:56 fetching corpus: 4500, signal 157895/212159 (executing program)
2025/08/31 14:07:57 fetching corpus: 4550, signal 158374/212880 (executing program)
2025/08/31 14:07:57 fetching corpus: 4600, signal 158862/213523 (executing program)
2025/08/31 14:07:57 fetching corpus: 4650, signal 159387/214220 (executing program)
2025/08/31 14:07:57 fetching corpus: 4700, signal 159773/214898 (executing program)
2025/08/31 14:07:57 fetching corpus: 4750, signal 160109/215511 (executing program)
2025/08/31 14:07:57 fetching corpus: 4800, signal 160669/216183 (executing program)
2025/08/31 14:07:57 fetching corpus: 4850, signal 161216/216892 (executing program)
2025/08/31 14:07:57 fetching corpus: 4900, signal 161586/217507 (executing program)
2025/08/31 14:07:57 fetching corpus: 4950, signal 162343/218176 (executing program)
2025/08/31 14:07:57 fetching corpus: 5000, signal 162752/218779 (executing program)
2025/08/31 14:07:58 fetching corpus: 5050, signal 163395/219400 (executing program)
2025/08/31 14:07:58 fetching corpus: 5100, signal 163855/220003 (executing program)
2025/08/31 14:07:58 fetching corpus: 5150, signal 164210/220603 (executing program)
2025/08/31 14:07:58 fetching corpus: 5200, signal 164949/221300 (executing program)
2025/08/31 14:07:58 fetching corpus: 5250, signal 165477/221911 (executing program)
2025/08/31 14:07:58 fetching corpus: 5300, signal 166142/222434 (executing program)
2025/08/31 14:07:58 fetching corpus: 5350, signal 166435/223035 (executing program)
2025/08/31 14:07:58 fetching corpus: 5400, signal 166739/223606 (executing program)
2025/08/31 14:07:58 fetching corpus: 5450, signal 167068/224185 (executing program)
2025/08/31 14:07:58 fetching corpus: 5500, signal 167413/224710 (executing program)
2025/08/31 14:07:58 fetching corpus: 5550, signal 167700/225233 (executing program)
2025/08/31 14:07:59 fetching corpus: 5600, signal 168172/225285 (executing program)
2025/08/31 14:07:59 fetching corpus: 5650, signal 168473/225293 (executing program)
2025/08/31 14:07:59 fetching corpus: 5700, signal 168846/225295 (executing program)
2025/08/31 14:07:59 fetching corpus: 5750, signal 169128/225295 (executing program)
2025/08/31 14:07:59 fetching corpus: 5800, signal 169441/225306 (executing program)
2025/08/31 14:07:59 fetching corpus: 5850, signal 169732/225307 (executing program)
2025/08/31 14:07:59 fetching corpus: 5900, signal 170002/225311 (executing program)
2025/08/31 14:07:59 fetching corpus: 5950, signal 170313/225316 (executing program)
2025/08/31 14:07:59 fetching corpus: 6000, signal 170832/225326 (executing program)
2025/08/31 14:07:59 fetching corpus: 6050, signal 171061/225330 (executing program)
2025/08/31 14:07:59 fetching corpus: 6100, signal 171370/225332 (executing program)
2025/08/31 14:08:00 fetching corpus: 6150, signal 171859/225345 (executing program)
2025/08/31 14:08:00 fetching corpus: 6200, signal 172293/225412 (executing program)
2025/08/31 14:08:00 fetching corpus: 6250, signal 172654/225443 (executing program)
2025/08/31 14:08:00 fetching corpus: 6300, signal 173202/225447 (executing program)
2025/08/31 14:08:00 fetching corpus: 6350, signal 173593/225458 (executing program)
2025/08/31 14:08:00 fetching corpus: 6400, signal 173976/225560 (executing program)
2025/08/31 14:08:00 fetching corpus: 6450, signal 174362/225569 (executing program)
2025/08/31 14:08:00 fetching corpus: 6500, signal 174805/225645 (executing program)
2025/08/31 14:08:00 fetching corpus: 6550, signal 175075/225653 (executing program)
2025/08/31 14:08:00 fetching corpus: 6600, signal 175438/225660 (executing program)
2025/08/31 14:08:00 fetching corpus: 6650, signal 175766/225667 (executing program)
2025/08/31 14:08:01 fetching corpus: 6700, signal 176198/225688 (executing program)
2025/08/31 14:08:01 fetching corpus: 6750, signal 176409/225705 (executing program)
2025/08/31 14:08:01 fetching corpus: 6800, signal 176676/225709 (executing program)
2025/08/31 14:08:01 fetching corpus: 6850, signal 177055/225720 (executing program)
2025/08/31 14:08:01 fetching corpus: 6900, signal 177313/225726 (executing program)
2025/08/31 14:08:01 fetching corpus: 6950, signal 177606/225734 (executing program)
2025/08/31 14:08:01 fetching corpus: 7000, signal 177866/225746 (executing program)
2025/08/31 14:08:01 fetching corpus: 7050, signal 178251/225746 (executing program)
2025/08/31 14:08:01 fetching corpus: 7100, signal 178624/225759 (executing program)
2025/08/31 14:08:01 fetching corpus: 7150, signal 178878/225766 (executing program)
2025/08/31 14:08:01 fetching corpus: 7200, signal 179124/225767 (executing program)
2025/08/31 14:08:01 fetching corpus: 7250, signal 179435/225782 (executing program)
2025/08/31 14:08:02 fetching corpus: 7300, signal 179761/225784 (executing program)
2025/08/31 14:08:02 fetching corpus: 7350, signal 180070/225789 (executing program)
2025/08/31 14:08:02 fetching corpus: 7400, signal 180347/225797 (executing program)
2025/08/31 14:08:02 fetching corpus: 7450, signal 180630/225823 (executing program)
2025/08/31 14:08:02 fetching corpus: 7500, signal 180984/225835 (executing program)
2025/08/31 14:08:02 fetching corpus: 7550, signal 181195/225835 (executing program)
2025/08/31 14:08:02 fetching corpus: 7600, signal 181413/225838 (executing program)
2025/08/31 14:08:02 fetching corpus: 7650, signal 181711/225847 (executing program)
2025/08/31 14:08:02 fetching corpus: 7700, signal 181948/225847 (executing program)
2025/08/31 14:08:02 fetching corpus: 7750, signal 182167/225847 (executing program)
2025/08/31 14:08:02 fetching corpus: 7800, signal 182462/225848 (executing program)
2025/08/31 14:08:03 fetching corpus: 7850, signal 182622/225850 (executing program)
2025/08/31 14:08:03 fetching corpus: 7900, signal 183097/225862 (executing program)
2025/08/31 14:08:03 fetching corpus: 7950, signal 183403/225883 (executing program)
2025/08/31 14:08:03 fetching corpus: 8000, signal 183822/225925 (executing program)
2025/08/31 14:08:03 fetching corpus: 8050, signal 184047/225945 (executing program)
2025/08/31 14:08:03 fetching corpus: 8100, signal 184427/225994 (executing program)
2025/08/31 14:08:03 fetching corpus: 8150, signal 184591/226006 (executing program)
2025/08/31 14:08:03 fetching corpus: 8200, signal 184881/226013 (executing program)
2025/08/31 14:08:03 fetching corpus: 8250, signal 185217/226047 (executing program)
2025/08/31 14:08:03 fetching corpus: 8300, signal 185525/226055 (executing program)
2025/08/31 14:08:03 fetching corpus: 8350, signal 185865/226059 (executing program)
2025/08/31 14:08:04 fetching corpus: 8400, signal 186188/226069 (executing program)
2025/08/31 14:08:04 fetching corpus: 8450, signal 186474/226071 (executing program)
2025/08/31 14:08:04 fetching corpus: 8500, signal 186783/226071 (executing program)
2025/08/31 14:08:04 fetching corpus: 8550, signal 187074/226076 (executing program)
2025/08/31 14:08:04 fetching corpus: 8600, signal 187313/226078 (executing program)
2025/08/31 14:08:04 fetching corpus: 8650, signal 187538/226087 (executing program)
2025/08/31 14:08:04 fetching corpus: 8700, signal 187753/226095 (executing program)
2025/08/31 14:08:04 fetching corpus: 8750, signal 188012/226100 (executing program)
2025/08/31 14:08:04 fetching corpus: 8800, signal 188304/226103 (executing program)
2025/08/31 14:08:04 fetching corpus: 8850, signal 188521/226108 (executing program)
2025/08/31 14:08:04 fetching corpus: 8900, signal 188764/226108 (executing program)
2025/08/31 14:08:04 fetching corpus: 8950, signal 188956/226122 (executing program)
2025/08/31 14:08:05 fetching corpus: 9000, signal 189209/226125 (executing program)
2025/08/31 14:08:05 fetching corpus: 9050, signal 189532/226129 (executing program)
2025/08/31 14:08:05 fetching corpus: 9100, signal 189768/226133 (executing program)
2025/08/31 14:08:05 fetching corpus: 9150, signal 189932/226145 (executing program)
2025/08/31 14:08:05 fetching corpus: 9200, signal 190187/226149 (executing program)
2025/08/31 14:08:05 fetching corpus: 9250, signal 190375/226150 (executing program)
2025/08/31 14:08:05 fetching corpus: 9300, signal 190527/226158 (executing program)
2025/08/31 14:08:05 fetching corpus: 9350, signal 190660/226160 (executing program)
2025/08/31 14:08:05 fetching corpus: 9400, signal 191034/226160 (executing program)
2025/08/31 14:08:05 fetching corpus: 9450, signal 191311/226168 (executing program)
2025/08/31 14:08:05 fetching corpus: 9500, signal 191558/226171 (executing program)
2025/08/31 14:08:06 fetching corpus: 9550, signal 191862/226190 (executing program)
2025/08/31 14:08:06 fetching corpus: 9600, signal 192118/226192 (executing program)
2025/08/31 14:08:06 fetching corpus: 9650, signal 192402/226229 (executing program)
2025/08/31 14:08:06 fetching corpus: 9700, signal 192629/226229 (executing program)
2025/08/31 14:08:06 fetching corpus: 9750, signal 192889/226229 (executing program)
2025/08/31 14:08:06 fetching corpus: 9800, signal 193261/226230 (executing program)
2025/08/31 14:08:06 fetching corpus: 9850, signal 193556/226230 (executing program)
2025/08/31 14:08:06 fetching corpus: 9900, signal 193792/226246 (executing program)
2025/08/31 14:08:06 fetching corpus: 9950, signal 194048/226252 (executing program)
2025/08/31 14:08:06 fetching corpus: 10000, signal 194230/226262 (executing program)
2025/08/31 14:08:06 fetching corpus: 10050, signal 194528/226268 (executing program)
2025/08/31 14:08:06 fetching corpus: 10100, signal 194811/226269 (executing program)
2025/08/31 14:08:07 fetching corpus: 10150, signal 195047/226276 (executing program)
2025/08/31 14:08:07 fetching corpus: 10200, signal 195381/226283 (executing program)
2025/08/31 14:08:07 fetching corpus: 10250, signal 195563/226284 (executing program)
2025/08/31 14:08:07 fetching corpus: 10300, signal 195743/226286 (executing program)
2025/08/31 14:08:07 fetching corpus: 10350, signal 195911/226292 (executing program)
2025/08/31 14:08:07 fetching corpus: 10400, signal 196246/226292 (executing program)
2025/08/31 14:08:07 fetching corpus: 10450, signal 196446/226307 (executing program)
2025/08/31 14:08:07 fetching corpus: 10500, signal 196835/226316 (executing program)
2025/08/31 14:08:07 fetching corpus: 10550, signal 197068/226316 (executing program)
2025/08/31 14:08:07 fetching corpus: 10600, signal 197192/226324 (executing program)
2025/08/31 14:08:07 fetching corpus: 10650, signal 197670/226329 (executing program)
2025/08/31 14:08:07 fetching corpus: 10700, signal 197878/226332 (executing program)
2025/08/31 14:08:08 fetching corpus: 10750, signal 198072/226332 (executing program)
2025/08/31 14:08:08 fetching corpus: 10800, signal 198243/226332 (executing program)
2025/08/31 14:08:08 fetching corpus: 10850, signal 198417/226347 (executing program)
2025/08/31 14:08:08 fetching corpus: 10900, signal 198562/226347 (executing program)
2025/08/31 14:08:08 fetching corpus: 10950, signal 198732/226351 (executing program)
2025/08/31 14:08:08 fetching corpus: 11000, signal 198985/226351 (executing program)
2025/08/31 14:08:08 fetching corpus: 11050, signal 199166/226353 (executing program)
2025/08/31 14:08:08 fetching corpus: 11100, signal 199393/226354 (executing program)
2025/08/31 14:08:08 fetching corpus: 11150, signal 199653/226360 (executing program)
2025/08/31 14:08:08 fetching corpus: 11200, signal 199872/226360 (executing program)
2025/08/31 14:08:08 fetching corpus: 11250, signal 200139/226370 (executing program)
2025/08/31 14:08:08 fetching corpus: 11300, signal 200358/226371 (executing program)
2025/08/31 14:08:09 fetching corpus: 11350, signal 200695/226372 (executing program)
2025/08/31 14:08:09 fetching corpus: 11400, signal 200849/226373 (executing program)
2025/08/31 14:08:09 fetching corpus: 11450, signal 200979/226378 (executing program)
2025/08/31 14:08:09 fetching corpus: 11500, signal 201239/226380 (executing program)
2025/08/31 14:08:09 fetching corpus: 11550, signal 201465/226388 (executing program)
2025/08/31 14:08:09 fetching corpus: 11600, signal 201702/226391 (executing program)
2025/08/31 14:08:09 fetching corpus: 11650, signal 201910/226416 (executing program)
2025/08/31 14:08:09 fetching corpus: 11700, signal 202053/226416 (executing program)
2025/08/31 14:08:09 fetching corpus: 11750, signal 202233/226416 (executing program)
2025/08/31 14:08:09 fetching corpus: 11800, signal 202458/226416 (executing program)
2025/08/31 14:08:09 fetching corpus: 11850, signal 202624/226423 (executing program)
2025/08/31 14:08:09 fetching corpus: 11900, signal 202869/226428 (executing program)
2025/08/31 14:08:09 fetching corpus: 11950, signal 203019/226432 (executing program)
2025/08/31 14:08:10 fetching corpus: 12000, signal 203276/226432 (executing program)
2025/08/31 14:08:10 fetching corpus: 12050, signal 203462/226432 (executing program)
2025/08/31 14:08:10 fetching corpus: 12100, signal 203714/226445 (executing program)
2025/08/31 14:08:10 fetching corpus: 12150, signal 204027/226450 (executing program)
2025/08/31 14:08:10 fetching corpus: 12200, signal 204245/226453 (executing program)
2025/08/31 14:08:10 fetching corpus: 12250, signal 204442/226455 (executing program)
2025/08/31 14:08:10 fetching corpus: 12300, signal 204640/226456 (executing program)
2025/08/31 14:08:10 fetching corpus: 12350, signal 204851/226462 (executing program)
2025/08/31 14:08:10 fetching corpus: 12395, signal 205022/226466 (executing program)
2025/08/31 14:08:10 fetching corpus: 12395, signal 205022/226466 (executing program)
2025/08/31 14:08:12 starting 8 fuzzer processes
14:08:12 executing program 3:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x81, 0x16c)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, 0x2, 0x8, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x1000}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x7fffffff}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000002)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000001480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2200000}, 0xc, &(0x7f0000001440)={&(0x7f0000000200)={0x120c, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3b8c65a3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfe5b}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3f}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7fff}]}, @TIPC_NLA_MEDIA={0x74, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x64a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xed08}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_NODE={0x109c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ID={0x1004, 0x3, "39980a4195c4504235bc79d1bbe20f7811a0c4574d7d1d46f89abfd587b3f412a8e64db279b9a9e1ffae4480b52cc8c076863b230b6eed323d2d4b1fc60d13b62de00c2b8f8503a057c34febc67734f49a1666b78c0d87d6f87daf07bde303d8254fb35a8ba66531637eab601921a7e7cc83efb7a38538adeb744424aa46e9dc9b7ed36452eb49d75762844915c1008ef68daae9e0a5cf7a54fe07122af3663f8b2213b60366ea6856733343cdfd60be49dc205ef1d3ef6a666a84f7342b90bbdbee0da169776f2d993d4149bafd78216f0d351ade742b2e839eb3fb3268e06bdb6a55bcfb6dd1147e2b2ae5d750e9baf50187c7a9393c9349d49c6f55706c1c6a318714eda659be7b5e047386e486953275b90b3d75f6448a3b1ece33c3e3af5caaaea824a2e2aac4523a9e28ebe36589c9ee8bf50723a1346ab3f2225545ecf5bbffd36b83db972ad0076b9e8321050e623003d5f6a44385d50ad91d1702f04358c00766084caa768f39c72501f9007a53c14c5fa43d241d185f715b11856616fd88d40903a8f96b6792fea62ed51f8a62ea541a0b28fc9963b80e2f1bce23b15d044a5d821cb2c377b30518fef3b629b5a0094393f161a04fc7ef26babe414a3a6a852df8fa1cef83633fa64e6cdf77b70150f12b47f8cba3e6f8ec99464488f2b6dac38c1c5f42edc99bf213a12199bad0af599dcdc27b6a20a1557cd954ce829bd51f375a0586b4547e7f43d6469822e9699c36f5801945fd86b8139f941116095594492ea0b4e3b357924494c9c5a0ac0039ae7b069b53b92ae41f8559057816b681ca95dade61f972b429c0eb59f48f652f3ed133a63672cd621b5b5a9e19a4c5c72538d900fea6c5bb2d8f149008b00e85834f45453565c17a1a13a1e6c8063b0609863dd36198159d24d1fbed52219343f736e626b786590bb9e40300978e7ad91eac80c0e84f7e86630f693918149158e4581530737e70e81cd61905dd0f2cb0a8c554df4cb0e011cda28bc539f10d0b66a5e59034a80e868f2b085d4b1b533b3b029f5b4fedfbbaed273cd133dc97809307715e4a00f38f59532d43ad70d31643052336aeaeee9fb63b2231eee18ca90ea1c16f0aac89a910feb134a5c353e00c638ebe5a8fb88330340fa24631e8c9bf77b23e67dee5c072af70341b5ca76e0ac3fa31c639917aceda7b5b8c3fc0efbd5ddfaf7ad14ee221452a1ce1097c0c89fd4c92aba9f8b1e9b18dcf5724e23abe6ac2151eccda899fdcebbe3fb0d4b0672e13987fd48dad5e809d6ad554fb4229aabba78653bb6be210c7b7ed258c171e8e60b72e2325dc2cbff366309a64707d623155cac26c95885452c2fa207b9aa58fcfa4693ba371e11c516dc6296fd1edcde26d3fbd0cf19634b9894e0efb11b360114d23324e3c5bafb56a479f355f64389c03135e1c168810d999d67e391a9c45cae8114f18f2830f7ce2e4b6b46707a4a672fd9ed4a85ef8855d9b730e85a42a9145d34a52d716ef766835f5b57e28052f31a4527c52ca74bd015920f575e61ebaa00702d0f96193492a04cbb6443bcd3e6552678e0d5423a8fef6615ff84ac3e49303f85092b967de4c064aa5b3010916928f31610c517ec2a4d9acb82b695e1ea5c9765e1f1d69a28c6b3fe9832c6dca6752a9b9ad33b78515818bd5c5d704881ca0f808e42bce6abc465255cae852349729fc864037875d0c0af66189a857622ffc8f7e9a259de55b7208a5fee9ead404092ab6be8583031a73013078572aa04405545b30c392210baae151f2479a87c8d37d3e08205eb04cf9c179540be5f8855291e48025f24af2ae68d71d72b2763e66813834c99d1559f210675d2c5c84f223ddafa24be9bdbf4fa97e752b89bbc5ede1d0e2031e4cc2848931f081c7607e1e9f0c6a790746f1ddf0a1887c577d04a0fb922a4c8ed6f69bd7e1f94a5e04ec1340074549765496df830a6d990b33ee408da261916a9b8410592bb2178fc7702248b49241602009d6c17677a21c9c8683af36d1ce8e9dbde812adf446269f90a0e3248887ae131255427b9323b6b303edefdb292955ea4bc5c35edec735e4e04021ad6ff2c557b530ed311ff36b6c81fcd7191d76115c250c47b90d2dfd8253d997d7143e22eed86e6f44592312d12698c0c03e418b490e3036f97081a851b5ecf95a6bc814c4e1e65d31f7b63c3ac247be276dd478b4451229027cac4156df790af31a511b0adc8361e2542a0ecac4b02fcf45d604730bcd4bba32d53cd6def73c1d2c92b8889462b9e996281dca73dd3bb6957a53a11c70160a3dce463f8e54b8ed153ac971bbad4f3fe99ef0d1018ae8e9653dced4f009ee08ae982b5006399364b85007d3d17ac5d853b746c16cc29e9a7f07fe627929cb375c965cbca48954a8976417b9a1899f57e8c2858bf1f82ff178ab2fac0973b53ac557074ab7fc3e82949007a2f1956b775fe8dec87411a12effedb46a3162e8189b7e121135f75bf63686199dc764f6cbe57bf764d5fd92450accc438706444341c5dab2f721ea0a5eb0cab4890618501e1c2b63f7ab1723992f22620cfd748e6da4f196c3752c5594c0abad3274eb828ec668146600a2fc8789e54357edeb3da397fca52cf180b5f93d7f80f1ded1f3d01cc5c05aa5c35443e8b43048256db0ef47b20a21c05c1bbdb87c5454f8547347df04485a60f8cedb7b24f2263cb14ac6b4623e3f4df398a344efb8e23998864333854f03ee70a7667d69dc9575aabb6591b17c5e00bcf0814864df0406aca53b3b413615c9f1b7ff5263b0d54796b98a147c6729f31ff743aef00c68c8c7e22d4d18af58b449f9f13ff2c8cb24bc01e8eeeb04eebbdc6346f600ebd40f3d960bbb71b9894e52e2dc4c523d786da12ea120b1a8805b8211accb9dfd68eb2e0d758d311af1c62facace41f7f70d53bf64c917a7967f9c5fe22c584adc51bc0968da45bc9a690e6be3cf5d67dfe06f07c555eae9d41ff8e244069b8c2da3ed220dfd4c51f0eb90d949a11f21074054e690bfaa1e12f1a4b6a00d535024ebdf88d3c531b6e3eadb2c2f90543c0a587987c3e1bf4624feb002a63ed2bc2ba6c5ae68d67910e79324af7f6139c1075c6e53bb396f0f32e77a053608205f322c114342de77e68ba21bc2648367276a6057750822faf3a2b5158d30b9be98f6bba3b854379218c7fc871b64b209c3f0cf7a942dbbff22902f1fa957f01ad3fd06782314d5d4b01c118a57453b6ec288e70c2a36f71873bf21e98dc691dc7ec4602531fbac97970c8135a99ac5fc66e84943eca62f5f1ec8ac5be48e5bd6e4e88c79ca1f4da7e01ca721ca5ecfe0c27b3f3ad5a4e6ed56f292c505a269e9fb2e44d63aec404d4ebed2b13ded10cad4fc92e7223e6ba97bc30f8c35c5564c67b168c655c85375e998c464de4893337420fc33c66222de9ded36b034783a4a27645910a1742a6206a72e2e797b4493073b095a9fe8e8a0cce0009f8443575a48dff47bac55889675ba8f1dbf44c24b25e288082038beff19029064d69dec49ac77efa88bf2f8677f99b1410344e309e1fcc2cf50239b5a750ca736124fb3ad97e68958dec8660fef61783995102e8ee42b58b22e7d2fed999028e0936bcb885f02f2b25fddea0b79d05f3c6883edcdead23ecbbed2427309363e80a9e489c5c2f275c866c177b955a90c4bfaf78d876297344d97590dfdf5cbd96d553abede9e036e189b905c0186ebd7c0f2ca688dc0810856c14df85ad65477f4cc0aa6efa063ae72bf7a117c599826095604074d447404272a1fdffa0b693424460aa0de10c5dc059ca1a8df7907fca29304d6a12a08d360d5f75e143725a011728017d1c1ab282c689d343991b870d9e9256278618934db0c6bffa6a9665e45becd97127010c110dbe56974e304debc9367f1295404f0776c6cb23f8b7e4ab4e842179f3588c17038279dac41083057b6748975b4f354dd1418387542d7db7d709e318ec0103c9cf40df415783cabea4516d3f3f3c05967bb82d8dead2ee5ec6d224285c4a576f620f5655a3a06be59e55ced4cb5926d0af522c0994984c8b5a3eb126185680f58626d2ebe1a075531b390a88166860f994e93a8cfc0a7d5658784a6e65221a739526ee590675789218e91070dd8eaa69b18eed92f4505f30a97b2daeb35d0eecf4677c6c017b38bff8316ea63594fffb1aa828effd10bcc0145fdeed1cf6ede0e4d1544add309d7defe824bebce53934a6bd347b0fca144a69e3f72c929c94f8aa35fe0e93e6dca3c8e51000c326c448773fec307621ab41335ceb1198dad1491eb97cfb8e7baacc3302dd51eda3fe2615920c86a8c41a8b59b0dced155a96f00329cafad30d1f59bc232ea567049185dd4b20c0e1808a0828832607f6ae268e55ab4e958775f70e831502b24818674c719bc4fda67e23dd1a9990a85333feb4cd25c31b0fbc1be5ec6d179f68cdd1a3ed5925ac74e42e8e89d7f19088358386f77399e219f20e43ee8745291b990ec650c94e1eec6a5d833051757caff4db30d5d8fa72ed95150ee02253a3d826a1e85295475bc8bf121e13942f48967c8679b42068314eba8ccbfcbad8aae53d8c5a05b46701a014bfda3e9a571ec4f7dc552c47c50a14922aa9baaa58cb63e2ef179a9835aec53739211462f2f11d10f71e0291cdd3d0e5fbc48180c6fdc21610eea8849ac06de88cb1e4347fe96ca036b4aff8d595922fd1a91dafd862f5b89847b6c324258148f17b3685a445a67325af4423d27f012f7c434e97a5bb4845b5ad5520df474d6c214582a49f060ac43f7adeeb76890e2983af445320ebe79881cff650ad17388d63f2efdf7603a07c9790f4bc9a8d204f92d2eff70720cc8ddc0f4f14f174c50850c52602afa163730860d5a71ee1cf585febd8ff3640d5c6d58a92f1e29f1b3a207f3d91486bfa692c280f357128fc3e123d472e2c35a0f7662b62eead544bcc10d53437293dccffa11170e40d6d7718b6c8c35f0b24ad6f518de419eac95a63d2d424d8591c2872dfe38f17043719fde73152731938960d1c11c63b71caf48da60024506de3f4a006f5b00cdf77f10b666caa08e33ccea5d4dd61e473e55fa66a3b9d04cc7aff9aa1327db4c1c81c6dfcba605696677c7abb9cdf30644890ac70bfa029b93e96199ed456c21c6dc2f828544850067cb9f8fa450cdb621f4d28a4dd50214046368e8894e9b14b802457d720260e74dd08420264dc258d8c1dba47cb5605ff0ddef30c21ba8daa78eacc06d3ea28c4e7b9dacf7a0c9a94b56ff3357a8569979984c47b92b0560cf25b27100cec5530b129cc0d197124d1f61d1accac0538bea47b348e5d9efcc0c7564a1fff6c895044d6dbc5f1eabf02f9d7d49bf72a48dbab2988903766ee9cd86e7f72b2f6887c3132ca5b3278d662ccf63c0bfac571bbbfa52c86c0322e6cc075815992cafd0b531170fa0cba270e7f9ca0e5a4f70127a8249b0af12536ee88878a5014e5e5d0306deea24bdab35396ff558f012d5357a3886398ce3ead14353e8c71023067277b54a7083758f1828a464fba1c98c849731ce0adaa4de261044f1ed1c27d388445feded64f581de6dcc915c30db5ca542b502de15698be948ebb8a0d9662fbc137438490614289d4f7e51c018988793ecfbbf9559e558313a2eee39279cda6558f22068471f36d7d457fbf2a0fec5258e13db16d01c61ba20235bffdac930c698b224733cd72906195cfa71f36020c2ac3b7df4c9b9909a0c25237b074f66099a171ff0"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ID={0x6d, 0x3, "a6ef26a67e9ff6f0b18695318f1b75ca70b47e9aedf82b89c86569dd9f43ac842c2927ae0c78485984379a8f40225c5178628ef1b000048ec5a6e74fd4ef1f8a33dc23152deea7d84e686e174468bedb094755ef9b06808c2d49c9552ae4b2c2b5bacc83438698395b"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}]}, @TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x42d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb5}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf96a}]}]}]}, 0x120c}, 0x1, 0x0, 0x0, 0x40010}, 0x80)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000001580)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0xccc2837a2943a3ca}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x14, 0x7, 0x6, 0x1602, 0x0, 0x0, {0xc, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000016c0)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001680)={&(0x7f0000001600)={0x68, 0x0, 0x10, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x54, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gre0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x400}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x81}]}]}, 0x68}}, 0x0)
sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000001800)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000017c0)={&(0x7f0000001740)={0x4c, 0xc, 0x6, 0x201, 0x0, 0x0, {0xc, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008010}, 0x40040)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000001880), r0)
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f00000019c0)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001980)={&(0x7f00000018c0)={0x84, r2, 0x400, 0x70bd28, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8000}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}]}, 0x84}, 0x1, 0x0, 0x0, 0x24008810}, 0x20000001)
r3 = openat2(r0, &(0x7f0000001a00)='./file0\x00', &(0x7f0000001a40)={0x40000, 0x12d, 0x16}, 0x18)
syz_io_uring_setup(0x3189, &(0x7f0000001a80)={0x0, 0x1867, 0x1, 0x0, 0x1c9, 0x0, r3}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000001b00), &(0x7f0000001b40))
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001bc0), r3)
sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000001c80)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001c40)={&(0x7f0000001c00)={0x20, r4, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfe9}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x54}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001cc0)='memory.current\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001d40)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FLUSH_PMKSA(r5, &(0x7f0000001e00)={&(0x7f0000001d00)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001dc0)={&(0x7f0000001d80)={0x28, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x80, 0x79}}}}, ["", "", ""]}, 0x28}}, 0x8800)
pipe2(&(0x7f0000001e40)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r8, &(0x7f0000001fc0)={&(0x7f0000001e80)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001f80)={&(0x7f0000001ec0)={0xb8, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80000001}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1000}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x32}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010100}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010102}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4000000}, 0x8004)
sendmsg$IPSET_CMD_HEADER(r3, &(0x7f00000020c0)={&(0x7f0000002000)={0x10, 0x0, 0x0, 0x2000080}, 0xc, &(0x7f0000002080)={&(0x7f0000002040)={0x28, 0xc, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000080)
sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000003940)={&(0x7f0000002100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000003900)={&(0x7f0000003840)={0x8c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r7}, {0x8, 0x1, r7}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x800}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8, 0x1, r7}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}]}, 0x8c}, 0x1, 0x0, 0x0, 0x44840}, 0x4008080)

14:08:12 executing program 0:
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r0=>0x0, 0x4, 0x9, 0x20, 0xffffffc1, 0x1e, @mcast2, @local, 0x10, 0x8000, 0x2, 0x7}})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x81}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80000000}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8001}]}, 0x3c}}, 0x40000)
write(0xffffffffffffffff, &(0x7f00000001c0)="012430f90183e41acdd937e68a74b168fef751618e34d8adf9cd12834a233ab39afad4025d3dd58c63d9420a58f1183992872e1004ae2bcb8ad73aab950cc56c7bbf6205f981b1c763c66b18eb5fa8922a43f3a0ca402ca2c3bc4b95f7e94389fd8407d2c16ca7b8ceab", 0x6a)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000280)=0x14)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000002c0)={r1, @multicast2, @dev={0xac, 0x14, 0x14, 0x43}}, 0xc)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0xa0a00, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x4c, 0x0, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7b}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8001}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x662d}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9000000}]}, 0x4c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x8000)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'syztnl0\x00', &(0x7f0000000480)={'ip6_vti0\x00', <r3=>r1, 0x6, 0x20, 0x9, 0x3f, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, 0x7, 0x87, 0x6, 0x1}})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000540)={r3, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}}, 0x10)
recvfrom(r2, &(0x7f0000000580)=""/121, 0x79, 0x0, 0x0, 0x0)
r4 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000600), 0x14800, 0x0)
clock_gettime(0x0, &(0x7f0000000680)={<r5=>0x0, <r6=>0x0})
ppoll(&(0x7f0000000640)=[{r4, 0xe004}], 0x1, &(0x7f00000006c0)={r5, r6+60000000}, &(0x7f0000000700)={[0x7721]}, 0x8)
r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000c00)={[0x2]}, 0x8, 0x400)
r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000c40), 0x10002, 0x0)
r9 = fsopen(&(0x7f0000000c80)='cpuset\x00', 0x0)
r10 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000cc0)={{0x1, 0x1, 0x18, <r11=>r2}, './file0\x00'})
r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000d00)='ns/mnt\x00')
sendmmsg$unix(r2, &(0x7f0000001fc0)=[{{&(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f00000007c0)="fb92797989ca27c947aa960cdf206cf3847461d266961e58388b01e525e14d3a008ae68cf0494771bdbf52b50633c04ca4e8c4e0c56fc662fb166220eea0bd87a8d32d543246160bfe2f982827e1d87cf42992829f1f31bb37d2ae477a587a95fe2a03ccf09a58c53ded814afa9d88314e0619eecfed27852bdcdf19a6806c76f7fb41a07cf7cc2a7ee263b167b0b019bfad8993d5f529dfb9693f9efeaa784e41eafdbe2e0c59c76370fbe3376bd6da2a517040118db7d812b67a436c274103ede83178b1f2", 0xc6}, {&(0x7f00000008c0)="add500a0e84d5145dd50bae9890e925537e9f6de77602eca543efbb9932925151ee9", 0x22}, {&(0x7f0000000900)="330bece85e3ecd9c89813e1d77dfefaee19e146238b7675227c7530e97762736e9a09c94a94063eaba5f1d16b292d2aa3a180502d6c26854f973f032ae91b670fbe7baff36d76ee997660db462cf29d34b892cc342d55e1402e117bce1187d8510a5bfaa1c7c21887ac52f595a03dc423d07216b9dcfb6cf62b368af649f1fb8bebe7a94437392ce8d451c61f4195bc7149778b297f3f472b11ee7de36aa118763dabbaee609abd4b6bc9238ddfc12019b4d3b3ce4cc1c1a697deddd8a1ac125f678d0cd8a84a0c99ddc", 0xca}, {&(0x7f0000000a00)="9f6ae5d5c3263ee977dd22072ab9340c9921ae468f4bc052a6fab835d028d93f83537cd26e77ff703c8bd72a3e406c0783697e8e7fa1b148a0bf", 0x3a}, {&(0x7f0000000a40)="a53af34fe68144be18668ed30a4505add13e96fe56b26f270bd0c79560dc324b9ecea7ad020cd40f22acd63d", 0x2c}, {&(0x7f0000000a80)="4ec29187d40fd0248a364f6d774d6a2c5a6e87a61456eb574f808045164c53a3077de4e697a1cfeb086dda2c8565b834e65d0f8277bd7f4b0c383824a5474952c170c56539234835c17b833e0465d5279a3e6a948a806df2be48612034bcd9404b056f16fb4d1c13b87f3c925d62bbd5ac3549fe254acf0f0caee9031950c1e0b5eb2a6004ddeb7d8f77cdbe84eb4ed6a14f9b2404733cbaf5a3d3997a1ef98fdac9c9d3353c", 0xa6}, {&(0x7f0000000b40)="c93f2db96504a83307984db2198d243d8b8d61ce9ec7e3b3b38c8aa6330496921b019346", 0x24}], 0x7, &(0x7f0000000d40)=[@rights={{0x34, 0x1, 0x1, [r4, r7, r8, r9, r4, r4, r4, r4, r10]}}, @rights={{0x20, 0x1, 0x1, [r4, 0xffffffffffffffff, 0xffffffffffffffff, r11]}}, @rights={{0x30, 0x1, 0x1, [r12, r4, r2, r4, r4, r4, r4, r2]}}], 0x88, 0x20048004}}, {{&(0x7f0000000e00)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001040)=[{&(0x7f0000000e80)="3bbee32ffc518a8fd66133212c162390123e425f397d68e0ec72970ca3548375eb91889da8ce52d1cf00cdb0609b32a4c1319acc2a245a9d9df32411404af5831ed740890f8f7f82adfa0083c268ecd64b70e4a3b26c27021c62e34230bcd2642e38f722c569bed5195daff397f078a6678c2ff1e5dbefa1a127150a9b3ca4357d6ca7764f24480eaac5b1c857b883a520bbf31a89b5a979cf323cf3700ad91e569da288b681b74294771fa5", 0xac}, {&(0x7f0000000f40)="6a0060f7680908e8978a31c9931085b8b79f7202523652cbd52d039586e1c15bbd32e6ffdf0fbaa1141aa74777a9a64bfafcec8e20fcf667ad07da6fad6ff48df7d5747f51847cdd6e233919014a7be83f", 0x51}, {&(0x7f0000000fc0)="bcb1afef4396aa1b040588f7441c51b9304b100909cb69be96dd01c359d911638d2e498916c9f08be8cd83096e9f4c956689255dc99e8d84b9fe363c81", 0x3d}, {&(0x7f0000001000)="0e08e419fd71366d420ad025bf4cf10d7d7c26b449c2dbb365886a9cf36f9923fe30d6aab28f7e31810a137085f0b9df2a275bfcda", 0x35}], 0x4, &(0x7f0000001180)=[@cred={{0x1c}}], 0x20, 0x24008040}}, {{&(0x7f00000011c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001380)=[{&(0x7f0000001240)="b5fc37e6e0c032d61688c644d908f7c70cd559d40aa1c8320f2f41e2dd2d9602b3ec15495cb6a37fb2f5bc45627dba0cbaad3b1f05292d40ee82963bc71ddf07908061ffaf1764651a2dad63afe5b6a1c069df72609393b52da4303838065caec2cf38395845d6f7ac5a9289c9f15085cbdd5b30fb7aee2d703c8d0ee8a3173fe02f152eb3549318b4cc89dc817cc459de3a02d80700758d357c29f23f0319a3e4b962b6", 0xa4}, {&(0x7f0000001300)="617e2f200ace06b58baaf5fce07cacfaae31b1f85d7b99b79724278ad4d68d885c16795687f8792dcbdaa45d047cdbf29652c23ebc812e50484c6422df0d195aef181525a7f1b22e415397d5277b764c1c58d4457186d8412e1b9a5bdb80c6108e0b8847aaa197e9b50264efced659679a63457aab1fc8a998ef22e0f4", 0x7d}], 0x2, &(0x7f0000001540)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r2]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r4, r4]}}], 0xb8, 0x40418d1}}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000001600)="585e5e5c3ab95c337c88d046a19b2bc17fbaa72db032d9a7e12693a1cea5fcf11c07fd5d911869bbb67cd27648318ad1ac4d1b65eef04c0047eab36f069d71c062a646971dac798f0cf5a24e5eca22eaaa8ee504cce2f0ace13618d83d997fd3922d783ee3d2c84c65fac0c1850cc4ada2e9ba945889b1d9a8c3c9e36058231570b695067d67d798ee8c566fbf635e8a162c5f0791bf4b5b626911d49422069076c7a1b2d19e33b5fe9af29c1efd77c01768315a2e0487636daf3924a7e457e19f7c4f8c9c87a666963998cc", 0xcc}], 0x1, &(0x7f0000001f80)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r2]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x38, 0x48010}}], 0x4, 0x0)

14:08:12 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00', <r0=>0x0})
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x10000}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x61}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008010}, 0x20044051)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1400}, 0xc, &(0x7f0000000540)={&(0x7f00000002c0)={0x258, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVKEY={0x170, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc8, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xd528}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x60, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x34, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}]}, @NL802154_DEVKEY_ATTR_ID={0x38, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfffffffb}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x200}}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}, @NL802154_DEVKEY_ATTR_ID={0x3c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x28, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xc93a1152b19d948a}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}]}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_DEVKEY={0x98, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_DEVKEY_ATTR_ID={0x24, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7ff}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1b27}]}]}, 0x258}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r1)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x30, r2, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x2000045)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000740), 0x40, 0x0)
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x5c, r2, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private0}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xff}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0xf9}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xfffffffb}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000810}, 0x4)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r1)
sendmsg$IEEE802154_DISASSOCIATE_REQ(r4, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x38, r5, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x4040000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000a40), r3)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x48a}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x50, r7, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x20000)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000bc0), r6)
sendmsg$IEEE802154_ASSOCIATE_RESP(r4, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x40, r8, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_STATUS={0x5}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0x80}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000800)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r9, &(0x7f0000000d80)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)={0x20, r8, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy3\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8010)

14:08:12 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl(r0, 0x648dc6f5, &(0x7f0000000040)="c26496db5d9fcdb910708063a3")
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0xee01, 0xee00}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r2=>r0, {0x5}}, './file0\x00'})
fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x0, 0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000140)={'#! ', './file0', [{0x20, '/dev/sr0\x00'}, {0x20, '/dev/sr0\x00'}], 0xa, "e37139e0729b8a2804bceb411841bcfd4a871b9f4b89fc4755b661be32ac5affea07ee5a5fdec4486493715728b6c15896ef8baa7da87d180fb379e9920e23d6d836e08a358d73d2367076da494165f7ed8558f5d2f4c958040d13ffb78f48721ea0d0b40748d27393990ccb94951e1186dc8cfc6704919ff6fc609e0bbb3940e8"}, 0xa0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = syz_open_dev$vcsu(&(0x7f0000001440), 0x3, 0x50040)
clock_gettime(0x0, &(0x7f0000003e80)={<r5=>0x0, <r6=>0x0})
recvmmsg$unix(r2, &(0x7f0000003dc0)=[{{&(0x7f00000015c0), 0x6e, &(0x7f0000002940)=[{&(0x7f0000001640)=""/80, 0x50}, {&(0x7f00000016c0)=""/235, 0xeb}, {&(0x7f00000017c0)=""/17, 0x11}, {&(0x7f0000001800)=""/230, 0xe6}, {&(0x7f0000001900)=""/11, 0xb}, {&(0x7f0000001940)=""/4096, 0x1000}], 0x6, &(0x7f00000029c0)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000002a00)=@abs, 0x6e, &(0x7f0000002c40)=[{&(0x7f0000002a80)=""/53, 0x35}, {&(0x7f0000002ac0)=""/233, 0xe9}, {&(0x7f0000002bc0)=""/84, 0x54}], 0x3, &(0x7f0000002c80)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000002cc0)=@abs, 0x6e, &(0x7f0000003d40)=[{&(0x7f0000002d40)=""/4096, 0x1000}], 0x1, &(0x7f0000003d80)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}}], 0x3, 0x140, &(0x7f0000003ec0)={r5, r6+10000000})
r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000003fc0), 0xb4564c94ef0f15b5, 0x0)
io_submit(0x0, 0x6, &(0x7f0000004140)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f0000000200)="3cc52f6bb300eb69a94d468ce4af2b8b7d08434a79d233a87e89adde168ee4ac5839c1a160f77ed6b2bff916525be4072e40ab50d226580aa027a753d58fa7fc4e926af43e7705b92c09ee374e4dfb3ec7e6f43322d08743d6e73eaca10c65ca0f25e810257b9ce934b1338e3db522dfb2d5fbdf84bd437d8f4f8fb5032bc536ae6ed40cdc0afc871a46bca9cc0b1ef27f1022af82e1beae7a17cc9414d8d167801ee89fef66ecdc63239c7297d4e6b3b1f4dba627e8c35a5f6e20f84da1df19a41d7bd2c90d4af2090ce0fc177287283d64477724a1c571e775c68fd151d10e7360bc9a871bc9c01c6f33949fecd7b26f03a291", 0xf4, 0x1f, 0x0, 0x1, r2}, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x1, r3, &(0x7f0000000380)="34bcb2aa5cdeee0355f789bb11d33757187fd2957fab3406716416e857a03282ba17b6a0d0818b46db96f19286e20277ba625b8099e9e7b2e37d8fedaab24a816eb96470fba56cc5b5ca36ec1c4cd73ee5d4bccda238e8d9591284ee663325355d03437064726b0c0dd4782f5ef7ab6f92a6817ed1b5610b4ae15f2ee9e60d2dc0c298130fc3e45b9154c3d9e4ce4a1698b3e50eed359565158699834d82632a0b3a65e39c17eea49772149746395fc241ba4a1ee227276b36d2837f89b94b0837e6f90892670a4f474504c347d92c22ad7d32fafb88473a821b55a8e2da69de400209440544380c0e6ae54092f5133102da596833f6ef542c74c431909c910472f5441a15bd709d60edbb5da7fa469e46d2c76de39cc686b0df8aaca8bb67668bdd4bf36d5f91bacbe1e296287e4b559a7027aadd95b0f6f9db815a3bd3298e5b6a8ee7fda22d322bb6b0376b34602998fd9e10c935660e26ad480c9edc46ed9041b9c3fce2e439ac7f6a8f8e8eda780becaa40bff7dc5f4b85da325b68e6e3bee0a2c045b7a9942d1b69a305d125bacfcc27622235abf5810df0ac0e9501d9544ed5c5c0c23074ead3ca17129c11192e37009b910aebfb80a16e9bb18df6088f4dd93c9df24ad7ee179032faa185e01d10b86088b14fa93fad32e1276a759eb98164e6abef64ee616adfaf0750fb612be2e123e922c00bd51bb4d74a9ed50f48756281a6973d6778ce393519056221d5c4c6528e757a0b257bb77c7a162edb3e33aa7adce73f58a6cb4e92df16858e268e7d993df41406ce17aa7ea54c6d26f6735bab7b91f270b2e399aa58a639543ee0603ad1be761e8684cb0b880d1a94e64aa7fbefb738bc05af6959e0d5335e6d63d7386f31e9569ec268c12fc110958fc18d7bc24a3db7f63d1760155edfa14619603ca92d6a8c11bc08145650529373333d23078ffa61bfb8f90df9e5d4e7ad111c78fea89b8a876ec1314b38d26f1c72a8640dfc17f9d0f9d0cd935dfc89af11cbabf2fffe95b94e457a1907ce45a2b524c8246d0de1fd028716b071810e529f8f511b41557975fbee2c316b7b069c91c57e3ad8c7577de9b3fb11a96117ca929345a9ce037339fc4dc3ee650e9a08cecc59b998c5c1502a3ffe55a639db58712da5022421c174fb73306d48f5c6902fd383de76012371b3573c73b87d70014fdc8ea16be51fe577152947eaaaab4983fb76f7425cd70b41e27206cfac6167aeb88b97b63ee89b905c1215473cbf3bb856449700ecb437805890407a16ab05b76b6b1072413793789853343eed3a0bd4015dded6609542c2f47348b679eb91124406586e9d210f08c598ea3fd3642967d5195be2e2480af1fd4fbf26b1dd5bc7b3675be95c627eaa2b2c367941ba6951d110639c932bb023f14b4b3ec19e12ca1847fdcf628eeeeeaf95acb24ad65d276550144cb63f4d3f1201c94385a93d9d2c578826d447f9ec85658908b2f165a3cf3137f4a6f18bca2e476573452babc12f550b0941056f820c6769cb45f35cbd57d9946712832c53aa7a8168aa21a87252bca69e81d63e258aa2db49c8c6e664d18326dfd25ded1fac2e2faa0b7f7010d589ec714d8153c2be5c8934abea9511289573d60ee4b4ea223b299bd6624eb9519339ac07bacce2fffddcaea10d1f6062e7fc02e3f41b2d22f1f96d922c1b6c0ed21c55f5e61a0ecd7d81634a6036390d33be912aa3d17862a56d1e9e40c8009f444b4439810a72b32d11d0bc409ee94275b299a153a0960b408b161b87d4ca8d7b3ecd29a5e8b937479b9ed235d14fed1fd6f7302246e8fca97b8099f8e77aa063f9b0d63dad0e715d399bb2a11ce5013954a01fa440c9ba18c286916102304ec23136895f3fd144474f33b9e8e1cf8953c218eb3f07f698bcd8ebda9793ec0f721ae9e0877e1a80dce6fd6f46b26ef18c946df6ffc0f2219c4b3d61925979a97b5129520c593ae39b943e45144d3c6a8f21b1339eab93c11302c20f045cc2b62bba959882df271a90831e616791213c2f093acf786d241e72b65a1fa25dfbef0452e221c86b30566adba319dcaf16e20614782c0028fc81d44d2dc4b20eeec5a5e9fc7ac6332d8b77ecaadedaf81e44374537f971016303f3a8277bc2f80a5453e7f4d134cb38e93f7e7850265cd5276c529e626c67dc2d7ffe148963481655468e73193f2b0b80e6e94ee4c35fbc93fb46dbf8e02eab5e3184ea780e68cf4d5d23b1039e4f6bf6f0920440fbb3d441b15ec4613a82311c8f8511d1cbb2f916862325a7da2eb78c446e22c237bff83c23bed0282dc7911b491f6ba7ade3dfc679b268b5efeb4657aaa4fd2ec63629abe16ff81bded68882480fda69f0d57d92769963b6a220b7fa2bdf48b56cc1b39c4b92cc18c5d58aa29cf92d400adae4dee3ce8b110e9ef8c6fabc7f2105072e7f16e325400fe8185f8615e72289ed859fce7862f980c3e6580a08f81859c33784387bf7e12eb05668b412c30c2c934ab27ee44df1c6530061e0a249349b235bf25156cbe8ec61ee29e3ac11a56b926aa843c147847c7a355aafe24974bf9d554914d7b917eab88db0ee04878facc3ff01de40805c0353e2d96f01402b17f7ab4400f7c504a3355aac8106ad8b15c5414f7f7f876a4af4b979b72d5847a31ba018ec7e5448edc22a6008c4081ba9b15f5c36d4950ed63c38ef55e4d20dc393e5181a1ad20df5b8a65f1a30355f31f685ecdd17f8575baf1acfd27cc8c24abf5fd1558e84a3be99b974d217b9df4959d026b635735497e0556788996974f279cb707350c48ad201bf9412371e127b7fb0a9d14036319a4acbb3f3c45afb70c65714c180ab00a41385fa5bcd18fc741c7a623ece147ac155cbe7ecd3742a9e4ed07abcb8b4c55fea7173183bc1ec9197125f44337793541db8580486c5ed54827571bdbbee48ad78fc09a7dca7fb83ae62fa3311517f4a1843059d98e36188cb0837461639f15e6756d581977d0223214bfe2cf4c9f9cfdb1f992bf957d4e7ebedada11de1f4d227213977ccb7bc8fb970e6a760989473f942104956a9cb7a66455aa311cd763d829a6973405de07693e0433ccc1d715c61af96f11e7131120538374aa17833da8cccaa55e44e947543d5e5f47a355fd17626fee2f5d9f09e4196f4e5875da11b28fc9f86f4411658d13f4523dc05b376185869380f66e448a42b9118c95b150822cc13c2cd2e4bd1ee58cdae25374e215c0db1d9a38384bd28b8c5f50be7d9504cf767e01a137e04822cb34947c9c26458b16c30975cc6f3c01629436973877c6c7c3f6eeca94fdad92144e91fb56e0b93d107119ff501bfba329b762bf27f30a180f81761a50ff5d27d861b9308ff445ec83678cbcc18257e139c54f7dcb55bbd0402453c9ec3675294306fe8a25e6e0781d01bc0417659e50385be6077824c00aa3015d1e6568f7a67249b236ed0c91f5b0a6ab36b75d721d7e13b01d1c0a6b60e309d9fa987f65354b7b6d20cc327940683d8ae2cf1af165cc26448c22321fcd62ec2eb1082a2fd9eccc97a9634de53175184590104a93eea5a5ff6e9fb6c1c77739a6e6e97dbce9008a81121b7c523f29f908b90790b30bfad5c33c8f6e7dad0e0c89282ccde8e4e6ffa695f7ebaa6b380014a8f06f8d0f3a0040dd19bc323ecc3a44ea9d745a36ae7697a9b0dd1471f6f04c9e81a1532eee3c594205981918d2cd42a9b6a1d3a1d71698aa5b4d5fb886dcb8c8b435dc64d393fcf5967eab6d2e07139b75eaf38de58cfcc8b31d2141609890b29f345dcc351ec5d304fd76a1128adc2bcc425bcdf36960fdfc29b900548c9f9336e2197b1ae3bd414cd3720f5dca2e8b68f97221f04d504fba09bc54f392af5739172e300f6d598c6deea48cd7d508f6abbab20fc0423fcdc351c640d20856cb68be9e85841de96f1d3b779bc8a92e23977978a8127277c67455d1bb369910b9f819c1305dbaa2145fb4391cd4884de1f06bde116b42892929a6c0dd8b2d6a183210e748334f7580a7aa7b6453a744260e7d73815177c0ac147b41c8d25d20a33f27c713582b1c58fa3309e5be23d3214b9086e009d08fce241b68f4266cf58ae5993d600137d5064f500cd636987df0b90c58a7996800892bdbf9b220278ceffab1ec56121c24353079d4f5385f6325b04cd6721ad71a1cb3ce3a87123c8a3c37b7f58575561898f0f631b881da96e0828419e1ecc4143d4582c00576da76e00db0eabbf73fbb2b9575ea0c89575c9b8dae307146fdf77f635e66b19e83d9106c4a0aea5bb649a7f2936c69523f16bc34505500df4654d67baf31283273efe5710986f6bbc28f83c0efc6b4b51083b9296d4f1cbbbaeb6e46c8f4a15a6f6b0d0ce1c1aa37afcebb5b396433c9b9ee624261fac404caf8d8de8cebe08c99376470a25c292740d66052d642c8f279441a20ec00d79dd94d27c54c6223deb6dceab20e9c71c5dd0d1f2ca1b86700af952248ce8e245fb7cdccf1e9bb34d64b316e50360b92b7da452a455e1ac5ec65022a6454f89adcb9c5e51244fbdbf584ede4c7037bc4be64191fb4dcd70d5464d640de1b69dc9c1e0063d640beb8954aa34b166ee8ed85d9c9babbf0ffee1c9a65fcdb014ec038f4087e38c6b75aa51a19fbcfeb7a75801cd10c7cea0f794c6abfa562c8080e53bca445d1ab93c0e5e1c25d9e4ddb6fe48c9791a9fdbe8ef2610f48dee33b77341c12499d8d44ca576467bcd057ad5e7a0547595cfb55dc76536606c7bef191ec676d921d217a463c10754720d0e78ee1ee3a06044618b499aabcceddf95a7e9baf075ab63491795213333c23f22c6e923ffdacec0e5946ac1c98dd46801ff7b45ef626b5ed8f43946ab7c7432016c163d54865776d5e1eec2a713febd3b75d0a787659a59726fd231d1841422b6840c5f902b0181c2aa9ffc8a639754df375953e224d2b2dd0fd7a59efcbda0b7b6b0471145fc3d316e541033b5c577f1682559662e596b5a31015997a60aec76760ec6d3938f81dcbffaa083fca38a66d854caa3984caa77121a5d696e75d684d7d646c55a54c036425ab8cc244d1b83fc83408b9dd2469f3256979510d09b99f32b6ff47a7bf7789ce11a3fff56b10c8f45c7174baa7b3bce4505f73d240c2a94d48261f5025799adc7552dca9a775e1b6c536c4a5a5357e5b3879803dd854e006412b22c84a8cf95689e5dc5ca9730ed8297d9e4465e0afb3a6172995bf182a57a7830a51602a1148fd72dd0a293df41b9c5cae16f2534ddab8138ef1e247fceeadd0d8d93fe85029666737392d5303062a0310c80c8a400960dcb3583811cfb942925d4efee384e1ad1f8c389a683fdb12c23e06498f17fd3082718b826301ce6c9ab0a843a17b8f8527b3eec59752341aa2424b8de3e9b17497ed06dda46b1be965b9fe61a1b4c5868c177502b734e99b64d02bf5facbf9604ed7e8b3caa5b591fdb375de14580fcfdf762c1e4889d826bf6d707e76c22ed83b9fcfe0d58659012d7df194a72d095f0ff4e69a48d10d09fc7be10bc94a80be37a07af782e5c6435cc86e9363c470bc37c25f1113dc14225364b0558f4740baf1a2acb446c188dd60c6fb3fcbbd16170c1de154b0ba06bf05251782da605d6972ca0ddb10bcd609c652b26d1b07e77574d25ceb3cb6988da53b9f1dc161b23ca9a36b2b59b1953617affcc665d0fc25f9aa09e84809840848b9033c8e27295c64d6cf68a12993a05b37a573979df427a1b25d5f49c00c46e2f4664f6a9eaeac9d69060a3de", 0x1000, 0x6, 0x0, 0x3, r1}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, &(0x7f00000013c0)="f0ce01d0c9b9b2f67ca5cfb5c04e34a2b71346da93a3024e375a966355ff8658e3a767c271805d8664e6ad2f34ab2489905d8d2dff5f7524ed7c635695fa1b7f", 0x40, 0x9, 0x0, 0x1, r1}, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x7, 0x40, r4, &(0x7f0000001480)="e654a911db6d5b0362c6173ccd7820cde7c07e7db663060f5a2bab1cb42f7b3a07d761c0717eba819064cde2a21eb12d46c15dd761987035f9f6912029fb10712aa193d5dc7149c396f0ffd5cccb5e04e622a08b1725617b693a4a55c286ded1fcc345eaf940505d3d696691d34022b4de56ee4a7b1feb63d730964148a7c92a76ab1d8a1244c3eabaed259b05934fb88c61e23270a109f7e272d926998b9961cbd26fba700c9856d2905bc45b9b41877ab765977ebfb04141ed38cd15a5448bd3923fa4ddb6f5ee77afa1973b", 0xcd, 0x2, 0x0, 0x2, r0}, &(0x7f0000003f80)={0x0, 0x0, 0x0, 0x0, 0x7fff, r7, &(0x7f0000003f00)="6374a20ba22d68c4300df4500a8e7cafa038ed15be4b60328bed9f5b061d0aea93ef1e02aa26a29cb4abbd4c593e7f860376b417d9892c55baa973fffca70b1156b077373540990333e39b5c12b21c251db86675275df9c9a72fc918a45ad66ee733343a45de6d17ad2032ee7517615c56663a4b6d1a", 0x76, 0x2, 0x0, 0x2, r1}, &(0x7f0000004100)={0x0, 0x0, 0x0, 0x5, 0xff80, r8, &(0x7f0000004000)="52cc8be08bddd4ae668b41176353d9a6ce1164e26c986fdb0ecb5feaec60504cca0408dba74679070a3d0f2c1abf599e2d45b3f73621818c205a5f4da363facef7d640520f2cf465c98a242bc4c8dc4587337cebdbd5167586e88919801bb618fe4f217ce563d2b76cb4aaa735b76b3d7bb06f83c3fa4f84ae8aabb4109ed6da4c54a1443a866809ecae11dac09e9a4f60d2c0205c54e85e12821fe4c973797c9597de12eafa56f74e7e5071466aa1025686430393458026d36fb281732d865f670d29fc062ff68ced19c259f5b813d74dc4077a67924c6e", 0xd8, 0x40, 0x0, 0x3}])
setxattr$security_evm(&(0x7f0000004180)='./file0\x00', &(0x7f00000041c0), &(0x7f0000004200)=@v2={0x3, 0x1, 0x10, 0xfff, 0xde, "9b260926f76b011ab2a915e0dbd800ed623f1ef64bde32823642a51f6716eda4f9d482c8af48b10e3265c3dd796690ff41fec827383a9cff792a07850c0f89c3bc70e0af935a5178e4a8ea0a56c1cea377a0d1fcd0eec9c9aa6e91f80bc27d7cc149a131b04d207a6a4f6dda92d3211635339799ed0c743942e38e08944af6f79acef1141af0e21c2b2be1edfb8788be325874fe4dbcf8c68859037bbccd15a46128706b58758d1a247940fd22cebe4c7dcc755c38bae32c481fdf63df4b02f64f6f2e1c0446f72be9c4ec8ee67daf4105810c1e8bff671ed7ab0fb96d11"}, 0xe7, 0x3)
r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000004300), 0x40, 0x0)
accept4(r9, &(0x7f0000004340)=@ax25={{0x3, @netrom}, [@rose, @remote, @default, @rose, @remote, @netrom, @rose, @netrom]}, &(0x7f00000043c0)=0x80, 0x80000)
ioctl$TIOCCBRK(r9, 0x5428)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000004400)=0xc0000000)
r10 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000004440), 0x200000, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000004480)=@IORING_OP_SPLICE={0x1e, 0x4, 0x0, @fd=r9, 0x2, {0x0, r10}, 0x6, 0x0, 0x1}, 0x3f)

14:08:12 executing program 4:
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x9}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x8010)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x54, r1, 0x200, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x4)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000600)={&(0x7f0000000340)={0x294, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8001, 0x45}}}}, [@NL80211_ATTR_FRAME={0x26a, 0x33, @assoc_req={@wo_ht={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x17be}, @device_a, @broadcast, @random="1395ffbb5d92", {0x8, 0x56b}}, 0x2350, 0x400, {0x0, 0xd, @random="311b701308fcf856621f854454"}, @val={0x1, 0x6, [{0x9}, {0x4, 0x1}, {0x24}, {0x4}, {0x4, 0x1}, {0x1b}]}, @val={0x2d, 0x1a, {0x80, 0x0, 0x4, 0x0, {0x9, 0xff, 0x0, 0x304, 0x0, 0x1, 0x0, 0x2}, 0x301, 0xffff585d, 0x5}}, [{0xdd, 0xa8, "0d8c031d5a46120e2e2a0e1a1a620d57484d161ba95c59d7a3be19a836feb0ce9078a6aeb0e245efe4997dd0d0328e3fda34726751c85f312e4314dc8f421c762803d53fcb0280827999024fbddc230bb718aa35bef4dec02bcf803316169c73b8a40c1a1268cbfa9779395f75f628dc8c6d3722b407b5b1a3b0ab71ccddcc3c0b5c8a96cc3c3dde96937745ff8956f7a975a734188963ab7f9502c4a02ed027c2106f4d54f72326"}, {0xdd, 0x78, "123dd2d94a54980bb8b3fb2ea08e71051475158cb9e037ab0c9a963111484ed284b02aeeba87ed3b64144e87c14840449360498a9c6c3eafb17a2fcdb165badac6b73ca3eb4abfcba4dee0e91b389fbfcb1937a0901d491974bf97fef7e303eccdc25a3bc200995a04876f8abd01753e31456afa18233684"}, {0xdd, 0x3e, "38878e32127938deccab2bc1d4b2d86b3909225698b1067d5242a631d1e88940717ad469f6fc17ae3b15069fa3e9b58de3867219a09e1dc686923bdb07ba"}, {0xdd, 0xa4, "ce828d5ea4e48bac78eb07eaea5bf4754ce27ee2d4b1ab7eb9b341e6c4195d41c074f4683b0c52568631367e2c37e0d23c99f3264d70adc51b70b416d6b54701591567c41c29cf139a425a48020c9ad0dc5364ed832a62db9700c2ead0c8ce39fad1aae1191c720ee31c00bdf061efcc5d38e85eac509705e29167694a08f5763aba4f806cfb5db85a3f591115924ac136efa419af48f5c383a405709973786556af4598"}, {0xdd, 0xb, "2e94d88593832dd2dd4606"}]}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x294}, 0x1, 0x0, 0x0, 0x20000084}, 0x24040800)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x11003000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000700)={0x198, r2, 0x800, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_KEY={0x88, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "eb58ed26a8378c798f700388d0f77d29"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "b8634cd59c43e32993b97d331be9d4ca93072c28969bda33c642cc3e4f755b6a"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8000}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "2d9ecd62f0b02d5e35a68eae58399b81"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "209acc857a6aafa7650cb570d3afceb656822140181cb0bd2395a119f4c8b459"}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0xf4, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x58, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7ff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}]}, @NL802154_KEY_ATTR_ID={0x74, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "0cfbc2fe636f1050c9d6c5b65d93da3ef0ae66c8d5b3b1b4ffdc91c3389c52e1"}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x400c010}, 0x20000001)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000c80), 0x80000, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000f00)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000d40)={0x158, r4, 0x100, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x800}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa68e}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x46}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10001}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7fff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7908}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x34c0}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
sendmsg$NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x34, r2, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x2}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x34}}, 0x80)
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000001100)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x3c, r1, 0x100, 0x70bd29, 0x7fff, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x3c}}, 0x44008804)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000001200)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000011c0)={&(0x7f0000001180)={0x34, r0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4840}, 0x4000000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000001300)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x2c, r2, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000001)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000001380)={'wpan4\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_CHANNEL(r5, &(0x7f0000001440)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x1c, r2, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x1c5)
sendmsg$IPSET_CMD_GET_BYNAME(r3, &(0x7f0000001540)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001500)={&(0x7f00000014c0)={0x1c, 0xe, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x20008810)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000015c0), r5)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r5, &(0x7f0000001680)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x40, r7, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x800}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000050}, 0x8000)

14:08:12 executing program 7:
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x28bd, 0x74, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x84, 0x70, 0x6, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x2, {0x9, 0x21, 0x6, 0x20, 0x1, {0x22, 0x7a}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x0, 0x7f}}}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x4, 0xff, 0x3f, 0x40, 0x3}, 0xf, &(0x7f0000000080)={0x5, 0xf, 0xf, 0x2, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x3, 0x8, 0x40}]}, 0x4, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x804}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x412}}, {0xd6, &(0x7f0000000140)=@string={0xd6, 0x3, "0a02f81322ac6349b7ef2c4bda4785a52094248451175d7fd6f1e5a85e3c6160311a6577f190ba99ff4958f1cca2e68a494801828fbe1400a4c16b877ceb8960dcfc3cdd84eb5ba9ff49b32e139b3a2bd591ab95444e0a5dec1d8555ada900b899649639b22012235327a9a2261a863e892acda8067f9dcbf18b1dcfeadb59f0e021b9854bedf9b4609ce88d9576a27275e9434469d7b8415338a17551f7f12e7a6a778ec9a06e451c38db070a42b07c0bdadf209c52b2f8cf9065016d79ba200b4b253333ae6c34b10db41b297f57d0240884bc"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xb}}]})
r0 = syz_usb_connect(0x1, 0x410, &(0x7f0000000300)={{0x12, 0x1, 0x201, 0x50, 0x85, 0x1, 0x40, 0x12d1, 0xde2e, 0xb692, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3fe, 0x2, 0x87, 0xff, 0x0, 0x4, [{{0x9, 0x4, 0x7f, 0x4, 0x9, 0xff, 0x4, 0x6b, 0x9, [@uac_as={[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xff, 0x1, 0x3, 0x5}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x1, 0x2, 0x1, 0xd7, "fc"}, @as_header={0x7, 0x24, 0x1, 0x0, 0x7, 0x1}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0x9, 0x4, "1b58473e"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x4, 0x1, 0x5c, 0x0, "c811"}]}], [{{0x9, 0x5, 0xf, 0x0, 0x10, 0x20, 0x7, 0xff, [@generic={0x4a, 0x21, "05e11e8fea5294ff780d06323f580c831ed46c97034a6961a60337f4b196252510eeb92e45eb15aa118d422183157632cc2246628562c3da746e8499701ff803ba2261fa676c9558"}]}}, {{0x9, 0x5, 0x1, 0x4, 0x10, 0x1, 0x7, 0x1, [@generic={0x65, 0x21, "f1a39514cc2390c91818ea001556780a8266701f763f5a3e05b550b8a1387b0fc300be9f29861b85357fe90da35822eeff00dc9199b9b7978b227f04671d61a798ccd29b5b4f4cc0dcbfa41ae32dddd1102e75ae96fdaec361415527bd830000a57b70"}, @generic={0x12, 0x23, "2d7a5793df497afd41561d3071f1186e"}]}}, {{0x9, 0x5, 0x7, 0x10, 0x40, 0x80, 0x80, 0x7, [@generic={0x3e, 0x24, "afcdb54a34579c1bd1b0fc76e82622af2c4cc59696aeec7c7316a0155becc3d321cf0a860546ca73041b3e9f7547fa1ad8972687ec1b1066af3a3da3"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x3}]}}, {{0x9, 0x5, 0x3, 0x10, 0x3bf, 0x5b, 0xff, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x85, 0x101}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x0, 0x8}]}}, {{0x9, 0x5, 0xb, 0x5ccdd0cd81a67d54, 0x40, 0x3, 0x20, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x8, 0x4}]}}, {{0x9, 0x5, 0x9, 0x0, 0x3ff, 0x1, 0xff, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x2}]}}, {{0x9, 0x5, 0x5, 0x8, 0x10, 0x3, 0x9, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x8}]}}, {{0x9, 0x5, 0x9, 0xc, 0x8, 0x40, 0xfb, 0x9}}, {{0x9, 0x5, 0x4, 0xb, 0x200, 0x80, 0x4, 0x3f, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x1f}]}}]}}, {{0x9, 0x4, 0x43, 0x80, 0x7, 0xff, 0xff, 0xff, 0x1, [], [{{0x9, 0x5, 0x4, 0x0, 0x8, 0x4, 0x5, 0x8}}, {{0x9, 0x5, 0xb, 0x10, 0x3ff, 0xfd, 0x79, 0x81}}, {{0x9, 0x5, 0x6, 0x4, 0x400, 0x2, 0x4, 0x8, [@generic={0xed, 0x6, "daccb00e12f27ae28648c96e41c593212adc9834ab542ddbf99e14b364d5c2bacc940038f69775983c37a9103a92a56145b5ec74c325b1b7f4f7015f456ccb5b13052d72d68da97580df77e88291249729d06da1ca2cf8d76c84e3fda4b4c54719b1c6074fb260aaef705e7297f317fa4d6fc4bed8cd4ba2057ae65c487d51cbc112c505957b0b428d4ca115f1651390d195060b8564d44742c1cb4510e987d1357ae42fdd37bed78e1728e0dd4318e2e473ee7aa5fa1066b28c6cd531f0d60610ef11f0225b10712c53964b265f05a40f68ee9cdc467b2d230feebac5325d1fddbfa13c194ac7bec0d9f8"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x81, 0x69, 0x1f}}, {{0x9, 0x5, 0x7, 0x8, 0x200, 0xff, 0x3, 0x2}}, {{0x9, 0x5, 0xb, 0x10, 0x3ff, 0x6, 0x0, 0x2b, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0x4}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x3, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x40, 0xf8fa}, @generic={0xf9, 0x23, "d6fbe65cbe1a67a26cd4d7608fdff11a98b537709e6051eb7369bb89422521c2cecf4484c0e76f134c5b318b136451b2a510b16ed77a5686252f9a120edaf935d4cb10ee15aa467905f71d1ee90f25065ce86f3680d283c7cb840879d6482de2342a8352f42d7b3b8a8783a62ebc05e188b4cbb6edc35973e851474f7e03a55e772b2d6ce4c56226e7cbaefaaad43e039310e869acd57ffdf822f2e6e5c6e5336c36869eb439712abd7f00566c96d145f3500861ea7d3b3203cada0efe39246da1b70c39c305209d958cdf27baf66d7999a0475cbfbd236258760a4b4e7a2b9dbee92b98090bb763b068658471719d93f867c4954defa2"}]}}]}}]}}]}}, &(0x7f00000008c0)={0xa, &(0x7f0000000740)={0xa, 0x6, 0x310, 0x3, 0x81, 0x4, 0x8, 0xaa}, 0x7b, &(0x7f0000000780)={0x5, 0xf, 0x7b, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0x8, 0x7, 0x7fff}, @generic={0x21, 0x10, 0x1, "bc463e155ff37b3c1889c1557e521ddbb0286f4b0e800260ac36b13bf7c2"}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0x4, 0x0, 0x100}, @generic={0x47, 0x10, 0x4, "ccae9a61b2d319e261ae010b6f7a8f6702337dd4d6534843db2027fe6a8a29f2168c7814c41cd93f9d1f09f4b49ff99e94a57c73dbad440847be16468e20bf069ebde827"}]}, 0x3, [{0x4, &(0x7f0000000800)=@lang_id={0x4, 0x3, 0x1401}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x41c}}]})
semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000900)=""/247)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000a00)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x1000}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000a80), 0xffffffffffffffff)
sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000e80)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000e40)={&(0x7f0000000ac0)={0x364, r2, 0x100, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa17}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xbfe9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x81}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x9a65}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xd0fe}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7e}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1eb0}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6b}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb67}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'eth', 0x3a, 'team_slave_1\x00'}}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x89c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x22b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8e5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fff}]}, @TIPC_NLA_SOCK={0x40, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xb57}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}]}, @TIPC_NLA_BEARER={0xdc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff781e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_BEARER_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'bond0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0x86}}}}]}, @TIPC_NLA_BEARER={0x54, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x3f, @mcast1, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x9, @local}}}}]}]}, 0x364}, 0x1, 0x0, 0x0, 0x10}, 0x84)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000ec0)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f40), r1)
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f00000011c0)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001180)={&(0x7f0000000f80)={0x1f0, r4, 0x800, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xfc, 0x3, 0x0, 0x1, [{0x7c, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x78, 0x2, "1631c7511cd6955633c2dfebecdc34b4533c8ffbe9f3db3ae02d9d25fb864d93d0d0b4b184e1e6c73a45f3951531ec19d47473398830eeda78aede1e5d4640fda0db9adeea4060856c31fe02d8f261183eed94fea106a7b39ad171a8efb1517c8e5069654825c42281cf0a004dc15c07edfe959c"}}, {0x7c, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x77, 0x1, "4b5198ba9de08135c870cc270ae718dfc8f21d4b505940362639431f874fa3ae06adf668a78c103030280ba25701bfb6c8bfb779211fef325b47c4b54b6e9a77a0abc8e4dd5fcdba284e280e3bb5101c1d3117ce0f050f16e517fd8a17c7265b92ba8725498abb69729a1a54cdd1ac11391a19"}}]}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xa0, 0x3, 0x0, 0x1, [{0x90, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x8c, 0x2, "36285f34a497c08d102274277147ba292b31bb418d78c79e2643578b5c7e3935b35b7a718cae528217dada2743ecb8e299a7c3bde262c916b565865feab1a6f55266281c075e44d3113f5d5a2a7b2b8c15d8d97138d06e87e95076f9b4ac8a53dbebfc9a6c1b3572961dda9483bf9e0fe48bfd33bcb627cd38943fff83d3f088ad95b5c99f4ae296"}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x2}}]}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0xffffffff}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0xfffffc01}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x200}}]}]}, 0x1f0}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000012c0)={{0x1, 0x1, 0x18, <r5=>r3, {<r6=>r3}}, './file0\x00'})
sendmsg$NL80211_CMD_START_SCHED_SCAN(r5, &(0x7f00000013c0)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x30, r4, 0x11, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x5}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x814}, 0x80c0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001440)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r7, &(0x7f0000001500)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x104282}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)={0x1c, r4, 0x200, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c020}, 0x4044805)
bind(0xffffffffffffffff, &(0x7f0000001540)=@sco, 0x80)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r6, &(0x7f0000001680)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x2c, r4, 0x400, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1590}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x21}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000000)
syz_usb_connect$cdc_ncm(0x0, 0x86, &(0x7f00000016c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0x1, 0x4d, 0x0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "3bc09fe2"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x4, 0xfff, 0xb314, 0x9}, {0x6, 0x24, 0x1a, 0x1ff, 0x3a}, [@obex={0x5}, @network_terminal={0x7, 0x24, 0xa, 0x0, 0x0, 0x80, 0x6}, @acm={0x4, 0x24, 0x2, 0x1}, @acm={0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x63, 0x88, 0x7f}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x1, 0x20, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x6, 0x9, 0x9}}}}}}}]}}, &(0x7f0000001880)={0xa, &(0x7f0000001780)={0xa, 0x6, 0x300, 0x1, 0x0, 0x1, 0x40, 0x2}, 0x57, &(0x7f00000017c0)={0x5, 0xf, 0x57, 0x5, [@ssp_cap={0x10, 0x10, 0xa, 0x1, 0x1, 0x8, 0x0, 0x8, [0xffc0c0]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x2, 0x4, 0xc0}, @ptm_cap={0x3}, @generic={0x2b, 0x10, 0xb, "a07e68b41ff34f4bbc5a99bde3b930fd4bfc912d7efba8eef06b6ed5f8ec89058fa17e536269ad75"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x7, 0xfc, 0x3, 0xd}]}, 0x1, [{0x4, &(0x7f0000001840)=@lang_id={0x4, 0x3, 0x413}}]})
syz_usb_connect$uac1(0x1, 0xdc, &(0x7f00000018c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xca, 0x3, 0x1, 0x6, 0x90, 0xf9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x4}, [@extension_unit={0x7, 0x24, 0x8, 0x4, 0x1ff}, @selector_unit={0xb, 0x24, 0x5, 0x2, 0xff, "24aee3c7680a"}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x302, 0x3, 0x20, 0x8}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x205, 0x3, 0x4, 0x5, 0x1f, 0x36}, @selector_unit={0x7, 0x24, 0x5, 0x1, 0x0, "7f08"}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x5, 0x1f}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x75, 0x1, 0x80, 0xe2, "2e85c7", "bc"}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x7ff, 0x8, 0x6a, "6e792730307607ce5a"}, @as_header={0x7, 0x24, 0x1, 0x0, 0xf7}, @as_header={0x7, 0x24, 0x1, 0x5, 0xfa}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xff, 0x40, 0x7f, {0x7, 0x25, 0x1, 0x3, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x80, 0x4, 0x20, 0x6e, "c326"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x40, 0x6, 0x6, {0x7, 0x25, 0x1, 0x0, 0xff, 0xf001}}}}}}}]}}, &(0x7f0000001bc0)={0xa, &(0x7f00000019c0)={0xa, 0x6, 0x200, 0x4, 0xdc, 0x0, 0xdf, 0x40}, 0x5, &(0x7f0000001a00)={0x5, 0xf, 0x5}, 0x5, [{0x4, &(0x7f0000001a40)=@lang_id={0x4, 0x3, 0x82c}}, {0x1f, &(0x7f0000001a80)=@string={0x1f, 0x3, "b903b8bc9a5baea7b055ad5fbfb345caff73ac865b6f7ff69f484092cc"}}, {0x4, &(0x7f0000001ac0)=@lang_id={0x4, 0x3, 0x4ff}}, {0x6e, &(0x7f0000001b00)=@string={0x6e, 0x3, "543cc01d16819dc8657c5c254ec9ac5ae56246b4011fc9610a3c1f41fd8bc3ea0056b8e2ffd62cacfc4150bd8cc381abce92411a1d45d72f506e5ae1b0ad97a5428474f644293961ae47f111d8f56e757e11cace0d306f1e320c046ac16aeef36605805a96d7caef10e0715b"}}, {0x4, &(0x7f0000001b80)=@lang_id={0x4, 0x3, 0x411}}]})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001cc0)={0x14, &(0x7f0000001c40)={0x40, 0x23, 0x12, {0x12, 0x23, "d44a8db72e67208af0772f2e51696ac5"}}, &(0x7f0000001c80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001fc0)={0x44, &(0x7f0000001d00)={0x0, 0xf, 0xf7, "c7ce1b582c9cb7b1abd85cd97e05a0c0ad57522110e58bd25d5b5981bdd917e9628d50c18e59f4a2a8d5cd20d898fc424555374e7e8391926fdef997a0b0db39be7d3f1fd5b5dcad2541b2ac4142415a949b7570cea6313cd8a8b30f8710ef1f2eb78ee242308efe3ba50dc462c60ce1ecee0781a502d90c89815d6c3cbd0bea0a1c4c63843da9cf2db169182eea4496d9c45cbee03ad2f47cadf3805162fe1e26bed572fa7cc59f650a158ce40e3d03249cdc00d0537308f777e1012da6e699105d32f76a14568dfe295bd800ee97c0e510b3e37745578a612cc85202029be45f3a79122d55ba5c763b8a86fa7c3381e71c96158d053a"}, &(0x7f0000001e00)={0x0, 0xa, 0x1, 0x54}, &(0x7f0000001e40)={0x0, 0x8, 0x1, 0x93}, &(0x7f0000001e80)={0x20, 0x80, 0x1c, {0x9, 0x1, 0x400, 0x8000, 0xffe1, 0x4, 0x1, 0x1, 0xfff, 0x401, 0xe8f7, 0x8bb5}}, &(0x7f0000001ec0)={0x20, 0x85, 0x4, 0x8}, &(0x7f0000001f00)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000001f40)={0x20, 0x87, 0x2, 0x6}, &(0x7f0000001f80)={0x20, 0x89, 0x2}})
recvfrom(r5, &(0x7f0000002040)=""/14, 0xe, 0x10122, 0x0, 0x0)

14:08:12 executing program 5:
semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000000)=""/216)
semctl$SETALL(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)=[0x7, 0x2])
r0 = semget$private(0x0, 0x4, 0xb2)
semctl$IPC_RMID(r0, 0x0, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000140)=[0x2, 0x3ff, 0x8000])
r1 = semget$private(0x0, 0x4, 0x8)
semctl$IPC_RMID(r1, 0x0, 0x0)
r2 = semget$private(0x0, 0x3, 0x8)
semctl$GETPID(r2, 0x2, 0xb, &(0x7f0000000180)=""/83)
r3 = semget(0x3, 0x1, 0x40)
semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000200)=[0x410b, 0x7, 0x7, 0x8001, 0xb1ba, 0xc0a9, 0x1, 0x2, 0x383f])
r4 = semget$private(0x0, 0x0, 0x400)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f0000000240)=[0x4, 0x6, 0x8])
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in=@private, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@local}, 0x0, @in=@multicast2}}, &(0x7f0000000380)=0xe8)
getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)=<r6=>0x0)
semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000480)={{0x1, 0xffffffffffffffff, 0xee01, r5, r6, 0x6, 0x2}, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffe})
semtimedop(r0, &(0x7f0000000500)=[{0x1, 0x75b0}, {0x0, 0x7ff, 0x1800}, {0x3, 0x6, 0x800}, {0x1, 0x1, 0x800}, {0x2, 0x3, 0x1000}, {0x0, 0x0, 0x1800}, {0x1, 0x81, 0x1000}, {0x3, 0x63, 0x1800}], 0x8, &(0x7f0000000540))
semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000580)=""/232)
semctl$IPC_RMID(r4, 0x0, 0x0)
semctl$SEM_STAT_ANY(0x0, 0x1, 0x14, &(0x7f0000000680)=""/126)

14:08:12 executing program 6:
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000000)='*\x00', &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
accept4(r0, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff}}, &(0x7f0000000100)=0x80, 0x800)
r2 = syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x101, 0x2, &(0x7f0000000280)=[{&(0x7f00000001c0)="f8eab811316fef9d9cd741495e1ba13efff0cfcd210c82856c3a5fb5c6b56e9a54bb3352e1cb2be73f9dd958909c50f627b0185f9141996e6b76b0ee4d8c57bafd1637d6cb61b39a790f0bebb4f4d528e269743102079ec6414b42d3e0", 0x5d, 0x524}, {&(0x7f0000000240)="0b72af1187811e4730ab49044d34a98030638e", 0x13, 0x8}], 0x880848, &(0x7f00000002c0)={[{@utf8no}, {@nonumtail}, {@shortname_winnt}, {@uni_xlateno}, {@uni_xlateno}, {@shortname_win95}, {@shortname_win95}, {@uni_xlateno}, {@shortname_mixed}], [{@dont_appraise}]})
fspick(r2, &(0x7f0000000380)='./file0\x00', 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = accept4(r1, &(0x7f00000003c0)=@xdp, &(0x7f0000000440)=0x80, 0x80800)
r5 = syz_open_dev$mouse(&(0x7f00000007c0), 0x2, 0x200400)
name_to_handle_at(r5, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840)=@shmem={0xc, 0x1, {0x9c, 0x2}}, &(0x7f0000000880), 0x400)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$bt_sco(0xffffffffffffffff, &(0x7f00000008c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
setxattr(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)=@random={'system.', '{:#&\')\x00'}, &(0x7f0000000980)='{)-\x00', 0x4, 0x2)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f00000009c0), 0x440d00, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r6, 0xc0189374, &(0x7f0000000a00)={{0x1, 0x1, 0x18, r3, {0xc45c}}, './file0\x00'})
r7 = dup(r3)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, &(0x7f0000000b00)=0x11, 0x4)
ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, &(0x7f0000000c40)={0x1, &(0x7f0000000c00)=[{0x2, 0xbd, &(0x7f0000000b40)="8b7a42537680c25f4b1a678582f2087b849cbafc11562c17de9cadebb073f951ae6124239e94bb20a52e542655f230081a831a6115f7d4b9661fe735c050b4b42fe4591a5b86550c8fe039518c93042a3be1c37d2e2417502dce9549e38751e084bc92d78377bc3887be432041ee7a07a4682040aa73dfd8c9e06f1b200d0f60241ffeb290527f9076d48bb671274b0f4f9d6496d674fa2bea8a3604b7794403fe7c7b04f8e474cdbb1ba5950710a3791a8ee667b4da241fb96d1e3eb0", 0x1}]})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000c80)=0x1c, 0x4)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r6, 0xc018937b, &(0x7f0000000cc0)={{0x1, 0x1, 0x18, <r8=>r0, {0xee00}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_READY(r8, 0xc0189376, &(0x7f0000001040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'})

[   86.844338] audit: type=1400 audit(1756649292.746:7): avc:  denied  { execmem } for  pid=276 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   88.043369] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.048295] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.050278] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.055539] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.059450] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.105272] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.110642] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.113018] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.125638] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.139630] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.153910] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.159030] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.166141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.178400] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.181411] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.182799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.184765] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   88.186489] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   88.190089] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   88.192538] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.199276] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   88.205461] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   88.207079] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   88.208985] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   88.212998] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   88.214401] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   88.218235] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   88.219534] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   88.219638] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   88.223156] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   88.225270] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   88.236179] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   88.238562] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   88.244966] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   88.248192] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   88.249669] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   88.272088] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   88.281092] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   88.284283] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   88.290632] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   90.071447] Bluetooth: hci0: command tx timeout
[   90.200779] Bluetooth: hci1: command tx timeout
[   90.263360] Bluetooth: hci3: command tx timeout
[   90.264489] Bluetooth: hci2: command tx timeout
[   90.327009] Bluetooth: hci7: command tx timeout
[   90.328582] Bluetooth: hci5: command tx timeout
[   90.329541] Bluetooth: hci6: command tx timeout
[   90.329850] Bluetooth: hci4: command tx timeout
[   92.119914] Bluetooth: hci0: command tx timeout
[   92.247775] Bluetooth: hci1: command tx timeout
[   92.310788] Bluetooth: hci2: command tx timeout
[   92.310813] Bluetooth: hci3: command tx timeout
[   92.374949] Bluetooth: hci5: command tx timeout
[   92.375337] Bluetooth: hci4: command tx timeout
[   92.375917] Bluetooth: hci6: command tx timeout
[   92.376273] Bluetooth: hci7: command tx timeout
[   94.166788] Bluetooth: hci0: command tx timeout
[   94.296740] Bluetooth: hci1: command tx timeout
[   94.358767] Bluetooth: hci3: command tx timeout
[   94.359259] Bluetooth: hci2: command tx timeout
[   94.422806] Bluetooth: hci4: command tx timeout
[   94.423198] Bluetooth: hci6: command tx timeout
[   94.423577] Bluetooth: hci5: command tx timeout
[   94.424398] Bluetooth: hci7: command tx timeout
[   96.215760] Bluetooth: hci0: command tx timeout
[   96.343788] Bluetooth: hci1: command tx timeout
[   96.407765] Bluetooth: hci2: command tx timeout
[   96.408161] Bluetooth: hci3: command tx timeout
[   96.470787] Bluetooth: hci5: command tx timeout
[   96.471188] Bluetooth: hci7: command tx timeout
[   96.471572] Bluetooth: hci6: command tx timeout
[   96.472003] Bluetooth: hci4: command tx timeout
[  123.770577] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.771330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.943741] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.944432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.033694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.034340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.114350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.116145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.188246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.189183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.221136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.221819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.224075] loop6: detected capacity change from 0 to 5
[  124.225634] =======================================================
[  124.225634] WARNING: The mand mount option has been deprecated and
[  124.225634]          and is ignored by this kernel. Remove the mand
[  124.225634]          option from the mount to silence this warning.
[  124.225634] =======================================================
14:08:50 executing program 6:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
syz_io_uring_setup(0x33a7, &(0x7f0000000000)={0x0, 0x223c, 0x10, 0x0, 0x246, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0))
openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0xf4515f513ee89b1, 0x60)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r2=>r0, @ANYBLOB="01000080000004002e2f666910c090a54244b73464003ffb671104000005"])
io_uring_register$IORING_UNREGISTER_BUFFERS(r2, 0x1, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, &(0x7f0000000100), 0x0, 0x4)

[  124.269324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.269974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.278884] audit: type=1400 audit(1756649330.180:8): avc:  denied  { open } for  pid=3877 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  124.280652] audit: type=1400 audit(1756649330.181:9): avc:  denied  { kernel } for  pid=3877 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  124.330768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.331453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.406284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.406964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
14:08:50 executing program 6:
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000))
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r1, &(0x7f0000000280)=[{&(0x7f0000000080)="8c", 0x1}], 0x1, 0x2400000, 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
close_range(r2, r1, 0x0)
getpeername(r0, &(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000000040)=0x80)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r4, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
signalfd(r3, &(0x7f0000000180)={[0x6]}, 0x8)
truncate(&(0x7f00000000c0)='./file0\x00', 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x650000, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, 0x2, 0x3, 0x5, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0x81, 0x2}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x4}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x80000000}, @NFQA_CFG_CMD={0x8, 0x1, {0x3, 0x0, 0x15}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000014}, 0x40010)
ioctl$TIOCSPTLCK(r6, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r6, 0x5441, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r6, 0xc020662a, &(0x7f00000002c0)={0x0, 0xcd0, 0x8, 0x3a, 0x3, [{0x1, 0x3, 0x9, '\x00', 0x4}, {0x2, 0x5, 0x4, '\x00', 0xc}, {0x5, 0x5, 0x0, '\x00', 0xe06}]})

[  124.463586] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.464357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.468186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  124.471898] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  124.475337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  124.479559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  124.499401] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.500097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.549500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.550156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.600251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.600893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.604540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  124.605601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  124.609470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  124.611482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
14:08:50 executing program 5:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7f}, 0x4048, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd607437b800140400fe800000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)

[  124.703223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.703918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.734156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.734853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
14:08:50 executing program 5:
perf_event_open(&(0x7f0000000340)={0x5, 0x80, 0x7a, 0x0, 0xfe, 0xfc, 0x0, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, @perf_config_ext={0x2, 0x6}, 0x42180, 0x0, 0x2, 0x6, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
close(0xffffffffffffffff)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
syncfs(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x4000)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2000000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)={0x40000000})
epoll_create1(0x0)
r3 = fork()
ptrace(0x10, r3)
ptrace$setregs(0xe, r3, 0x0, &(0x7f00000009c0))

14:08:50 executing program 6:
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x8000, 0x0)
mount$9p_rdma(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x401, &(0x7f0000000580)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x6}}], [{@dont_hash}]}})
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x0, 0x0)
r0 = syz_io_uring_complete(0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='numa_maps\x00')
mkdirat(r1, &(0x7f0000000480)='./file1\x00', 0x102)
symlinkat(&(0x7f0000000240)='./file1\x00', r0, &(0x7f00000002c0)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0x0, 0x75, 0x4}, 0x18)
r2 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0xa40024, &(0x7f0000000040)=ANY=[])
symlinkat(&(0x7f0000000280)='./file1\x00', r2, &(0x7f0000000200)='./file0\x00')
creat(&(0x7f0000000040)='./file0/file0\x00', 0x112)
statfs(&(0x7f0000000340)='./file0/file0\x00', &(0x7f0000000380)=""/214)

[  124.836958] 9pnet: Could not find request transport: rdma
14:08:50 executing program 5:
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r1, 0x5441, 0x0)
ppoll(&(0x7f0000000100)=[{r0, 0x402}, {r1, 0x1100}, {0xffffffffffffffff, 0x1000}], 0x3, &(0x7f0000000140), &(0x7f0000000180)={[0x8]}, 0x8)
openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1000, 0x2, &(0x7f0000000080))
ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428)

14:08:50 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x2, 0x71, 0xc4, 0x9, 0x0, 0xbf, 0x10008, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x80, 0x4, @perf_config_ext={0x5, 0x9}, 0x0, 0x5, 0x200, 0x9de62f50799f512b, 0x662, 0x1000, 0x0, 0x0, 0xfa0, 0x0, 0x1}, 0x0, 0x10, r0, 0x0)
socket$unix(0x1, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x28, &(0x7f0000000100)=0x3ff, 0x4)
close_range(r0, r1, 0x0)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000002c0)={0x5, &(0x7f0000000280)=[{0x40, 0x1, 0x0, 0x10001}, {0x5, 0x1e, 0x96, 0x80000000}, {0x7, 0xf2, 0x8, 0xfffffffb}, {0xfff, 0x8, 0xd4, 0x7}, {0xc0, 0x0, 0x1, 0x4}]}, 0x10)
clone3(&(0x7f0000005880)={0x61020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
fcntl$getown(r1, 0x9)
write$binfmt_elf64(r4, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000400)=ANY=[@ANYBLOB="0e00400000000000000008000014bd0607ae6eda932d314e3a44066f2516a7712467c0bcec4b5e5bd2c4ca6b622e0c3bd6117fad261e5614c4d64398fb66d056146b3138e869a458e289066d246d9708807e46a2bae6a3a65113d7d7f53353a42ae3fa1ad4fe0b15af57bea87212f3508ac3f35a3abfddc2da68b3d0d2b3bd9d1f101a96440a1ec2e7f3b485955ff56f171be90fb34179aaa86e14408ae9c10c7332a0686da9d6f11c49610739db4a954faae160b5ed8e354f3aff5378ec505514ab9d1ebb1b8a9197e088ffbc00a2979f"])
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x4, 0x4, 0x2b, 0x4, 0x0, 0x7, 0x10000, 0x8, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, @perf_config_ext={0x5}, 0x400, 0x3, 0x10000, 0x2, 0x6, 0x4, 0x1, 0x0, 0xffffffff, 0x0, 0x4}, 0xffffffffffffffff, 0x9, r4, 0xa)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

[  124.909390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.910500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
14:08:50 executing program 5:
ioctl$HIDIOCGVERSION(0xffffffffffffffff, 0x80044801, &(0x7f0000000040))
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20601, 0x0)

[  125.394007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  125.396403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  125.397656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  125.401396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
14:09:03 executing program 3:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
pwritev2(r0, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xc9})
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x2284, &(0x7f0000000000)=ANY=[@ANYBLOB="0101"])
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000040))

14:09:03 executing program 0:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000000)=0x4000)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x2000000)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x8)
dup3(r1, r0, 0x0)

14:09:03 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x26dff9b1, &(0x7f0000000840)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002100000005002000000000000c00050051000000aaaaaaaa09001f0070687930"], 0x34}}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYRES16, @ANYRES32=0x0, @ANYBLOB="0800061005"], 0x30}}, 0x0)
sendmsg$NL802154_CMD_GET_SEC_DEV(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r4, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x24004840)

14:09:03 executing program 6:
fcntl$addseals(0xffffffffffffffff, 0x409, 0x2)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_ttl={{0x14}}], 0xf}, 0x0)

14:09:03 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
dup2(r0, r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r1, 0x5441, 0x0)
io_cancel(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4, 0x3ff, r1, &(0x7f0000000080)="edd406722408dcb04003fd4640d5bb939b3a2e4bdf9edb94bf60eca7d05d2556ea1b87be0906624b71ec604b6fb88cbf3281c5626b963ba5b95faa6f92a0be10d7937ce504b4444901b87678392ea14bb0037f6832c10a1eedf23abdd98c28b870c960e1b095024af2aecc392db1e70c8c28f6566aaec487ec645bee6a21f145aa78457d27f14c6def59c26e240d1d4e", 0x90, 0x4}, &(0x7f0000000180))
r2 = fork()
ptrace(0x10, r2)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff})
fcntl$setown(r3, 0x8, r2)
ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0))
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001a00)=[{{&(0x7f00000002c0)=@abs, 0x6e, &(0x7f0000001900)=[{&(0x7f00000003c0)=""/87, 0x57}, {&(0x7f0000000440)=""/216, 0xd8}, {&(0x7f0000001a80)=""/267, 0x10b}, {&(0x7f0000000640)=""/32, 0x20}, {&(0x7f0000000680)=""/4096, 0xffffffffffffff49}, {&(0x7f00000001c0)=""/88, 0x54}, {&(0x7f0000001700)=""/109, 0x75}, {&(0x7f0000001780)=""/140, 0x8c}, {&(0x7f0000000540)=""/162, 0xa2}], 0x9, &(0x7f00000019c0)=[@cred={{0x1c, 0x1, 0x2, {<r4=>0x0, 0x0, <r5=>0x0}}}], 0x20}}], 0x1, 0x40002001, &(0x7f0000001a40)={0x77359400})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r7=>0x0, <r8=>0x0}, &(0x7f0000008600)=0xc)
setgroups(0x1, &(0x7f0000000340)=[r8])
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000001c00)={{0x1, r7, 0x0, r7, r5, 0x1}, 0x0, 0x0, 0x5, 0xfff, 0x5f, 0x0, 0x1, 0x100, 0x8, 0x6, r4, r4})
r9 = getpid()
pidfd_open(r9, 0x0)
ptrace(0x4208, r9)

14:09:03 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x40a800, 0x0)
r1 = memfd_secret(0x0)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x0, &(0x7f0000000100), 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_CLOSE={0x13, 0x1, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}}, 0x1fcb)
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x5322, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r4, 0x5441, 0x0)
lseek(r4, 0x8000, 0x4)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000000))
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381)

14:09:03 executing program 1:
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5008, 0xffffffffffffff01, 0x6, 0x5, 0xffffffffffffffff}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x8)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
dup(r1)
fsetxattr$security_selinux(r0, &(0x7f0000000480), &(0x7f0000000500)='system_u:object_r:dpkg_lock_t:s0\x00', 0x21, 0x0)

14:09:03 executing program 7:
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xc)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x155842, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x8100)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x401, 0x0)
ioctl$CDROM_SELECT_DISK(0xffffffffffffffff, 0x5322, 0xfffffffc)
mq_open(&(0x7f0000000180)='\x01\x01\x00\x00h\xf3\xc6\x8c\xba\xd3f\xf2\xd3q\xa1\xf7f.a\xe3\x9b6\xa9k\r6\xa8\xa8\x01\xb6\x9e\xaaT\x86\x9f\x1bu\xf4', 0x2, 0x142, &(0x7f0000000340)={0x20, 0x3, 0x2, 0xe5b6})
r2 = accept$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000200)=0x14)
ioctl$AUTOFS_IOC_EXPIRE(r2, 0x810c9365, &(0x7f0000000580)={{0x80, 0x3}, 0x100, './file0\x00'})
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x559e82, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000000)=0x4000)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r4, 0x40047211, &(0x7f0000000140)=0x20)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x2000000)
ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x1)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0)

[  137.214348] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[  137.215248] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.215941] CPU: 1 UID: 0 PID: 3975 Comm: syz-executor.0 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.216888] Tainted: [W]=WARN
[  137.217139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.218951] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.219875] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.223715] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.224706] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.226057] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.227773] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.228381] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.228941] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.229499] FS:  00007f67e503a700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.230129] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.230594] CR2: 0000001b2d622000 CR3: 000000000dc09000 CR4: 0000000000350ef0
[  137.231157] Call Trace:
[  137.231371]  <TASK>
[  137.231556]  ? __pfx_perf_tp_event+0x10/0x10
[  137.231912]  ? lock_acquire+0x15e/0x2f0
[  137.232241]  ? __is_insn_slot_addr+0x2e/0x290
[  137.232610]  ? find_held_lock+0x2b/0x80
[  137.232932]  ? __is_insn_slot_addr+0x136/0x290
[  137.233302]  ? lock_release+0xc8/0x290
[  137.233613]  ? __is_insn_slot_addr+0x140/0x290
[  137.233985]  ? kernel_text_address+0x5b/0xc0
[  137.234341]  ? __kernel_text_address+0xd/0x40
[  137.234702]  ? unwind_get_return_address+0x59/0xa0
[  137.235099]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  137.235530]  ? arch_stack_walk+0x9c/0xf0
[  137.235858]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.236263]  ? stack_depot_save_flags+0x2c/0xa20
[  137.236639]  perf_trace_run_bpf_submit+0xef/0x180
[  137.237031]  perf_trace_contention_begin+0x235/0x3e0
[  137.237433]  ? find_get_context+0xcb/0x680
[  137.237775]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.238215]  ? lock_acquire+0x15e/0x2f0
[  137.238533]  ? find_get_context+0x177/0x680
[  137.238883]  trace_contention_begin+0xae/0x110
[  137.239251]  __mutex_lock+0x14b/0x1020
[  137.239571]  ? find_get_context+0x177/0x680
[  137.239918]  ? find_get_context+0x177/0x680
[  137.240275]  ? __pfx___mutex_lock+0x10/0x10
[  137.240622]  ? __create_object+0x59/0x80
[  137.240952]  ? lockdep_init_map_type+0x4b/0x240
[  137.241326]  ? lockdep_init_map_type+0x4b/0x240
[  137.241701]  ? debug_mutex_init+0x37/0x70
[  137.242036]  find_get_context+0x177/0x680
[  137.242371]  ? __pfx_find_get_context+0x10/0x10
[  137.242746]  ? security_capable+0x2f/0x90
[  137.243080]  __do_sys_perf_event_open+0xa16/0x2c20
[  137.243476]  ? __pfx___do_sys_perf_event_open+0x10/0x10
[  137.243899]  ? find_held_lock+0x2b/0x80
[  137.244233]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.244648]  do_syscall_64+0xbf/0x360
[  137.244953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.245364] RIP: 0033:0x7f67e7ac4b19
[  137.245663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  137.247084] RSP: 002b:00007f67e503a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  137.247675] RAX: ffffffffffffffda RBX: 00007f67e7bd7f60 RCX: 00007f67e7ac4b19
[  137.248243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000340
[  137.248803] RBP: 00007f67e7b1ef6d R08: 0000000000000000 R09: 0000000000000000
[  137.249369] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  137.249926] R13: 00007ffe9f61784f R14: 00007f67e503a300 R15: 0000000000022000
[  137.250484]  </TASK>
[  137.250672] Modules linked in:
[  137.251078] ---[ end trace 0000000000000000 ]---
[  137.251455] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.251864] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.253311] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.253749] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.254312] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.254889] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.255452] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.256027] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.256605] FS:  00007f67e503a700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.257254] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.257730] CR2: 0000001b2d622000 CR3: 000000000dc09000 CR4: 0000000000350ef0
[  137.258308] note: syz-executor.0[3975] exited with preempt_count 2
[  137.258992] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[  137.259868] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.260553] CPU: 1 UID: 0 PID: 3976 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.261481] Tainted: [D]=DIE, [W]=WARN
[  137.261782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.262421] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.262797] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.264223] RSP: 0018:ffff88804813f380 EFLAGS: 00010212
[  137.264640] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900058b6000
[  137.265198] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.265755] RBP: ffff88804813f5f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.266312] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.266873] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.267431] FS:  00007f1cd7ef5700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.268062] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.268526] CR2: 00007f1cd7ef4108 CR3: 000000000cb02000 CR4: 0000000000350ef0
[  137.269087] Call Trace:
[  137.269293]  <TASK>
[  137.269476]  ? unwind_get_return_address+0x59/0xa0
[  137.269873]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  137.270304]  ? __pfx_perf_tp_event+0x10/0x10
[  137.270663]  ? __lock_acquire+0x694/0x1b70
[  137.271007]  ? lock_is_held_type+0x9e/0x120
[  137.271361]  ? lock_acquire+0x18c/0x2f0
[  137.271683]  ? lock_release+0x1c7/0x290
[  137.272007]  ? lock_acquire+0x18c/0x2f0
[  137.272341]  ? lock_acquire+0x18c/0x2f0
[  137.272667]  ? lock_release+0x1c7/0x290
[  137.272991]  ? __is_insn_slot_addr+0x140/0x290
[  137.273369]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.273774]  ? unwind_get_return_address+0x59/0xa0
[  137.274176]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  137.274614]  ? arch_stack_walk+0x9c/0xf0
[  137.274944]  perf_trace_run_bpf_submit+0xef/0x180
[  137.275336]  perf_trace_contention_begin+0x235/0x3e0
[  137.275750]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.276205]  ? lock_acquire+0x18c/0x2f0
[  137.276531]  trace_contention_begin+0xae/0x110
[  137.276909]  __mutex_lock+0x14b/0x1020
[  137.277229]  ? genl_rcv_msg+0x54e/0x7e0
[  137.277549]  ? genl_rcv_msg+0x54e/0x7e0
[  137.277873]  ? __pfx___mutex_lock+0x10/0x10
[  137.278227]  ? __kernel_text_address+0xd/0x40
[  137.278593]  ? unwind_get_return_address+0x59/0xa0
[  137.278994]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  137.279428]  ? arch_stack_walk+0x9c/0xf0
[  137.279759]  ? __radix_tree_lookup+0x1f7/0x290
[  137.280149]  genl_rcv_msg+0x54e/0x7e0
[  137.280460]  ? stack_trace_save+0x8e/0xc0
[  137.280798]  ? __pfx_genl_rcv_msg+0x10/0x10
[  137.281145]  ? stack_depot_save_flags+0x2c/0xa20
[  137.281529]  ? stack_trace_save+0x8e/0xc0
[  137.281869]  ? do_raw_spin_lock+0x123/0x260
[  137.282221]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  137.282637]  netlink_rcv_skb+0x147/0x430
[  137.282870] audit: type=1400 audit(1756649343.167:10): avc:  denied  { relabelto } for  pid=3977 comm="syz-executor.1" name="SCO" dev="sockfs" ino=4913 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:dpkg_lock_t:s0 tclass=bluetooth_socket permissive=1
[  137.282974]  ? __pfx_genl_rcv_msg+0x10/0x10
[  137.282987]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  137.287694]  ? netlink_deliver_tap+0x1ae/0xce0
[  137.288068]  ? selinux_netlink_send+0x507/0x880
[  137.288457]  ? is_vmalloc_addr+0x86/0xa0
[  137.288792]  genl_rcv+0x28/0x40
[  137.289070]  netlink_unicast+0x5a7/0x870
[  137.289406]  ? __pfx_netlink_unicast+0x10/0x10
[  137.289785]  netlink_sendmsg+0x8ac/0xd80
[  137.290122]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.290500]  __sys_sendto+0x506/0x570
[  137.290815]  ? __pfx___sys_sendto+0x10/0x10
[  137.291164]  ? css_rstat_updated+0x1b8/0x4d0
[  137.291529]  ? lock_release+0x1c7/0x290
[  137.291858]  ? handle_mm_fault+0x302/0x9b0
[  137.292215]  ? lock_release+0x1c7/0x290
[  137.292536]  ? access_error+0x17d/0x380
[  137.292862]  __x64_sys_sendto+0xe1/0x1c0
[  137.293193]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.293612]  do_syscall_64+0xbf/0x360
[  137.293923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.294333] RIP: 0033:0x7f1cda9328ac
[  137.294635] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b
[  137.296073] RSP: 002b:00007f1cd7ef4020 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  137.296691] RAX: ffffffffffffffda RBX: 00007f1cd7ef4110 RCX: 00007f1cda9328ac
[  137.297263] RDX: 0000000000000028 RSI: 00007f1cd7ef4160 RDI: 0000000000000004
[  137.297834] RBP: 0000000000000000 R08: 00007f1cd7ef4074 R09: 000000000000000c
[  137.298404] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f1cd7ef40c8
[  137.298972] R13: 00007f1cd7ef4160 R14: 0000000000000004 R15: 0000000000000000
[  137.299544]  </TASK>
[  137.299736] Modules linked in:
[  137.300670] ---[ end trace 0000000000000000 ]---
[  137.301565] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.302081] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.303571] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.304016] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.304597] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.305183] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.305767] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.306338] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.306924] FS:  00007f1cd7ef5700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.307569] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.308050] CR2: 00007f1cd7ef4108 CR3: 000000000cb02000 CR4: 0000000000350ef0
[  137.308628] note: syz-executor.5[3976] exited with preempt_count 2
[  137.309451] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
[  137.310343] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.311032] CPU: 1 UID: 0 PID: 3969 Comm: syz-executor.3 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.311978] Tainted: [D]=DIE, [W]=WARN
[  137.312297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.312950] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.313328] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.314772] RSP: 0018:ffff8880490e7540 EFLAGS: 00010212
[  137.315195] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.315763] RDX: ffff888016f38000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.316336] RBP: ffff8880490e77b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.316904] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.317475] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.318038] FS:  0000555579177400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.318681] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.319145] CR2: 00007f6f3e8cb718 CR3: 0000000045f34000 CR4: 0000000000350ef0
[  137.319717] Call Trace:
[  137.319929]  <TASK>
[  137.320124]  ? __pfx_perf_tp_event+0x10/0x10
[  137.320486]  ? __kernel_text_address+0xd/0x40
[  137.320857]  ? arch_stack_walk+0x9c/0xf0
[  137.321186]  ? stack_trace_save+0x8e/0xc0
[  137.321526]  ? stack_depot_save_flags+0x2c/0xa20
[  137.321910]  ? lock_acquire+0x18c/0x2f0
[  137.322237]  ? lock_release+0x1c7/0x290
[  137.322559]  ? lock_acquire+0x18c/0x2f0
[  137.322882]  ? lock_acquire+0x18c/0x2f0
[  137.323208]  ? lock_release+0x1c7/0x290
[  137.323534]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.323941]  perf_trace_run_bpf_submit+0xef/0x180
[  137.324345]  perf_trace_contention_begin+0x235/0x3e0
[  137.324757]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.325205]  ? lock_acquire+0x18c/0x2f0
[  137.325528]  trace_contention_begin+0xae/0x110
[  137.325906]  __mutex_lock+0x14b/0x1020
[  137.326227]  ? freezer_fork+0xc1/0x500
[  137.326546]  ? freezer_fork+0xc1/0x500
[  137.326862]  ? delete_node+0x20e/0x730
[  137.327179]  ? __pfx___mutex_lock+0x10/0x10
[  137.327532]  ? __radix_tree_replace+0x117/0x300
[  137.327915]  ? lock_acquire+0x18c/0x2f0
[  137.328251]  ? do_raw_spin_lock+0x123/0x260
[  137.328605]  ? lock_release+0x1c7/0x290
[  137.328930]  freezer_fork+0xc1/0x500
[  137.329234]  cgroup_post_fork+0x31f/0x9a0
[  137.329572]  ? __pfx_cgroup_post_fork+0x10/0x10
[  137.329955]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.330337]  ? lock_release+0x1c7/0x290
[  137.330663]  copy_process+0x5e31/0x73c0
[  137.330989]  ? __pfx_copy_process+0x10/0x10
[  137.331334]  ? lock_acquire+0x18c/0x2f0
[  137.331657]  ? lock_release+0x1c7/0x290
[  137.331982]  ? __pfx_lru_add+0x10/0x10
[  137.332313]  kernel_clone+0xea/0x7f0
[  137.332619]  ? __pfx_kernel_clone+0x10/0x10
[  137.332971]  ? vma_start_read+0x304/0x8e0
[  137.333309]  ? __pfx___handle_mm_fault+0x10/0x10
[  137.333698]  ? css_rstat_updated+0x1b8/0x4d0
[  137.334062]  ? __pfx_css_rstat_updated+0x10/0x10
[  137.334451]  __do_sys_clone+0xce/0x120
[  137.334769]  ? __pfx___do_sys_clone+0x10/0x10
[  137.335133]  ? count_memcg_events+0x32b/0x420
[  137.335508]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.335931]  do_syscall_64+0xbf/0x360
[  137.336248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.336664] RIP: 0033:0x7f6f41377f41
[  137.336966] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[  137.338412] RSP: 002b:00007fffb8641988 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  137.339018] RAX: ffffffffffffffda RBX: 00007f6f3e8cb700 RCX: 00007f6f41377f41
[  137.339589] RDX: 00007f6f3e8cb9d0 RSI: 00007f6f3e8cb2f0 RDI: 00000000003d0f00
[  137.340166] RBP: 00007fffb8641bc0 R08: 00007f6f3e8cb700 R09: 00007f6f3e8cb700
[  137.340735] R10: 00007f6f3e8cb9d0 R11: 0000000000000206 R12: 00007fffb8641a3e
[  137.341306] R13: 00007fffb8641a3f R14: 00007f6f3e8cb300 R15: 0000000000022000
[  137.341878]  </TASK>
[  137.342067] Modules linked in:
[  137.342374] ---[ end trace 0000000000000000 ]---
[  137.342773] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.343155] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.344804] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.345239] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.345879] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.346451] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.347049] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.347620] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.348215] FS:  0000555579177400(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.348875] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.349345] CR2: 00007f6f3e8cb718 CR3: 0000000045f34000 CR4: 0000000000350ef0
[  137.349934] note: syz-executor.3[3969] exited with preempt_count 2
[  137.350502] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[  137.351395] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.352095] CPU: 1 UID: 0 PID: 3985 Comm: syz-executor.2 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.353047] Tainted: [D]=DIE, [W]=WARN
[  137.353357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.354016] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.354399] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.355842] RSP: 0018:ffff88801691f640 EFLAGS: 00010212
[  137.356279] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.356844] RDX: ffff88800e888000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.357415] RBP: ffff88801691f8b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.357987] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.358558] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.359133] FS:  00007f0dc7b11700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.359776] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.360250] CR2: 00007f6f3e8cb718 CR3: 0000000009d09000 CR4: 0000000000350ef0
[  137.360822] Call Trace:
[  137.361031]  <TASK>
[  137.361220]  ? __pfx_perf_tp_event+0x10/0x10
[  137.361593]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.362002]  perf_trace_run_bpf_submit+0xef/0x180
[  137.362398]  perf_trace_contention_begin+0x235/0x3e0
[  137.362816]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.363266]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  137.363688]  ? lock_acquire+0x18c/0x2f0
[  137.364016]  trace_contention_begin+0xae/0x110
[  137.364402]  __mutex_lock+0x14b/0x1020
[  137.364725]  ? perf_event_exit_task+0x46/0x510
[  137.365101]  ? perf_event_exit_task+0x46/0x510
[  137.365477]  ? do_raw_spin_lock+0x123/0x260
[  137.365831]  ? lock_acquire+0x18c/0x2f0
[  137.366158]  ? __pfx___mutex_lock+0x10/0x10
[  137.366513]  ? _raw_spin_unlock_irq+0x23/0x40
[  137.366882]  ? lock_release+0x1c7/0x290
[  137.367209]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.367633]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  137.368047]  ? taskstats_exit+0x8c/0xba0
[  137.368392]  perf_event_exit_task+0x46/0x510
[  137.368760]  do_exit+0x626/0x2970
[  137.369051]  ? __pfx_do_exit+0x10/0x10
[  137.369372]  ? do_raw_spin_lock+0x123/0x260
[  137.369726]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.370110]  do_group_exit+0xd3/0x2a0
[  137.370425]  get_signal+0x2315/0x2340
[  137.370752]  ? __pfx_get_signal+0x10/0x10
[  137.371095]  ? lock_release+0x1c7/0x290
[  137.371420]  arch_do_signal_or_restart+0x80/0x790
[  137.371819]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  137.372267]  ? lock_acquire+0x18c/0x2f0
[  137.372594]  ? do_raw_spin_lock+0x123/0x260
[  137.372949]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.373331]  ? finish_task_switch.isra.0+0x294/0x840
[  137.373756]  exit_to_user_mode_loop+0x8b/0x110
[  137.374132]  ret_from_fork+0x3ac/0x430
[  137.374461]  ret_from_fork_asm+0x1a/0x30
[  137.374799]  </TASK>
[  137.374992] Modules linked in:
[  137.375328] ---[ end trace 0000000000000000 ]---
[  137.375779] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.376175] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.377675] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.378123] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.378693] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.379278] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.379870] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.381264] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.382289] FS:  00007f0dc7b11700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.382963] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.383435] CR2: 00007f6f3e8cb718 CR3: 0000000009d09000 CR4: 0000000000350ef0
[  137.384034] note: syz-executor.2[3985] exited with preempt_count 2
[  137.384543] Fixing recursive fault but reboot is needed!
[  137.384986] BUG: scheduling while atomic: syz-executor.2/3985/0x00000000
[  137.385524] INFO: lockdep is turned off.
[  137.385862] Modules linked in:
[  137.386132] CPU: 1 UID: 0 PID: 3985 Comm: syz-executor.2 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.386150] Tainted: [D]=DIE, [W]=WARN
[  137.386153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.386159] Call Trace:
[  137.386163]  <TASK>
[  137.386167]  dump_stack_lvl+0xfa/0x120
[  137.386185]  __schedule_bug+0xb9/0x100
[  137.386197]  __schedule+0x24f3/0x3590
[  137.386210]  ? __pfx_vprintk_emit+0x10/0x10
[  137.386228]  ? arch_do_signal_or_restart+0x80/0x790
[  137.386243]  ? __pfx___schedule+0x10/0x10
[  137.386257]  ? do_raw_spin_lock+0x123/0x260
[  137.386271]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.386285]  ? lock_acquire+0x18c/0x2f0
[  137.386298]  ? lock_release+0x1c7/0x290
[  137.386310]  ? do_task_dead+0x3e/0x110
[  137.386323]  do_task_dead+0xdc/0x110
[  137.386336]  make_task_dead+0x373/0x3b0
[  137.386348]  ? ret_from_fork+0x3ac/0x430
[  137.386365]  rewind_stack_and_make_dead+0x16/0x20
[  137.386380] RIP: 0033:0x7f0dca5def41
[  137.386389] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[  137.386399] RSP: 002b:00007f0dc7b112f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  137.386409] RAX: 0000000000000000 RBX: 00007f0dc7b11700 RCX: 00007f0dca5def41
[  137.386416] RDX: 00007f0dc7b119d0 RSI: 00007f0dc7b112f0 RDI: 00000000003d0f00
[  137.386424] RBP: 00007ffce6c46450 R08: 00007f0dc7b11700 R09: 00007f0dc7b11700
[  137.386431] R10: 00007f0dc7b119d0 R11: 0000000000000206 R12: 00007ffce6c462ce
[  137.386438] R13: 00007ffce6c462cf R14: 00007f0dc7b11300 R15: 0000000000022000
[  137.386448]  </TASK>
[  137.399205] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#5] SMP KASAN NOPTI
[  137.400115] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.400808] CPU: 1 UID: 0 PID: 2187 Comm: kworker/u10:7 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.401752] Tainted: [D]=DIE, [W]=WARN
[  137.402060] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.402720] Workqueue: events_unbound cfg80211_wiphy_work
[  137.403164] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.403548] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.405003] RSP: 0018:ffff888047457700 EFLAGS: 00010212
[  137.405431] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.406010] RDX: ffff888047039b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.406581] RBP: ffff888047457970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.407151] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.407720] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.408305] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.408955] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.409424] CR2: 00007f6f3e8cb718 CR3: 00000000185cc000 CR4: 0000000000350ef0
[  137.409994] Call Trace:
[  137.410208]  <TASK>
[  137.410399]  ? __pfx_perf_tp_event+0x10/0x10
[  137.410765]  ? ret_from_fork_asm+0x1a/0x30
[  137.411110]  ? stack_trace_save+0x8e/0xc0
[  137.411449]  ? do_raw_spin_lock+0x123/0x260
[  137.411803]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.412190]  ? lock_acquire+0x18c/0x2f0
[  137.412518]  ? do_raw_spin_lock+0x123/0x260
[  137.412869]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.413248]  ? _raw_spin_lock_irqsave+0x42/0x60
[  137.413630]  ? lock_release+0x1c7/0x290
[  137.413955]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.414361]  perf_trace_run_bpf_submit+0xef/0x180
[  137.414759]  perf_trace_contention_begin+0x235/0x3e0
[  137.415170]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.415621]  ? ieee80211_sta_last_active+0x123/0x240
[  137.416041]  ? lock_acquire+0x18c/0x2f0
[  137.416372]  ? ieee80211_ibss_work+0xb6/0x1360
[  137.416747]  trace_contention_begin+0xae/0x110
[  137.417124]  __mutex_lock+0x14b/0x1020
[  137.417448]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.417813]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.418183]  ? lock_release+0x1c7/0x290
[  137.418507]  ? __pfx___mutex_lock+0x10/0x10
[  137.418863]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.419277]  ? xfd_validate_state+0x55/0x180
[  137.419642]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.420016]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.420450]  cfg80211_wiphy_work+0x7e/0x480
[  137.420801]  process_one_work+0x8e1/0x19c0
[  137.421151]  ? __pfx_process_one_work+0x10/0x10
[  137.421531]  ? move_linked_works+0x172/0x270
[  137.421899]  ? assign_work+0x196/0x240
[  137.422218]  worker_thread+0x67e/0xe90
[  137.422537]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.422965]  ? __pfx_worker_thread+0x10/0x10
[  137.423326]  kthread+0x3c8/0x740
[  137.423607]  ? __pfx_kthread+0x10/0x10
[  137.423924]  ? ret_from_fork+0x23/0x430
[  137.424260]  ? lock_release+0xc8/0x290
[  137.424578]  ? __pfx_kthread+0x10/0x10
[  137.424897]  ret_from_fork+0x34b/0x430
[  137.425220]  ? __pfx_kthread+0x10/0x10
[  137.425539]  ret_from_fork_asm+0x1a/0x30
[  137.425880]  </TASK>
[  137.426071] Modules linked in:
[  137.426400] ---[ end trace 0000000000000000 ]---
[  137.426799] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.427185] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.428658] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.429103] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.429679] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.430262] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.430853] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.431429] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.432019] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.432673] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.433157] CR2: 00007f6f3e8cb718 CR3: 00000000185cc000 CR4: 0000000000350ef0
[  137.433749] note: kworker/u10:7[2187] exited with preempt_count 2
[  137.434280] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#6] SMP KASAN NOPTI
[  137.435176] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.435877] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.436822] Tainted: [D]=DIE, [W]=WARN
[  137.437134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.437793] Workqueue: events_unbound cfg80211_wiphy_work
[  137.438237] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.438622] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.440071] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.440513] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.441088] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.441661] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.442228] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.442800] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.443374] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.444013] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.444485] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  137.445056] Call Trace:
[  137.445268]  <TASK>
[  137.445455]  ? __pfx_perf_tp_event+0x10/0x10
[  137.445819]  ? __lock_acquire+0xc65/0x1b70
[  137.446163]  ? __switch_to_asm+0x60/0x70
[  137.446498]  ? do_raw_spin_lock+0x123/0x260
[  137.446851]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.447234]  ? mark_held_locks+0x49/0x80
[  137.447566]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.447977]  perf_trace_run_bpf_submit+0xef/0x180
[  137.448383]  perf_trace_contention_begin+0x235/0x3e0
[  137.448797]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.449245]  ? __pick_eevdf+0x326/0x570
[  137.449568]  ? update_curr+0x71/0x500
[  137.449881]  ? lock_acquire+0x18c/0x2f0
[  137.450207]  trace_contention_begin+0xae/0x110
[  137.450578]  __mutex_lock+0x14b/0x1020
[  137.450901]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.451266]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.451632]  ? lock_release+0x1c7/0x290
[  137.451958]  ? lock_release+0x1c7/0x290
[  137.452293]  ? __pfx___mutex_lock+0x10/0x10
[  137.452646]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.453059]  ? xfd_validate_state+0x55/0x180
[  137.453422]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.453794]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.454220]  cfg80211_wiphy_work+0x7e/0x480
[  137.454571]  process_one_work+0x8e1/0x19c0
[  137.454918]  ? __pfx_process_one_work+0x10/0x10
[  137.455297]  ? move_linked_works+0x172/0x270
[  137.455664]  ? assign_work+0x196/0x240
[  137.455982]  worker_thread+0x67e/0xe90
[  137.456311]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.456734]  ? __pfx_worker_thread+0x10/0x10
[  137.457095]  kthread+0x3c8/0x740
[  137.457376]  ? __pfx_kthread+0x10/0x10
[  137.457696]  ? ret_from_fork+0x23/0x430
[  137.458025]  ? lock_release+0xc8/0x290
[  137.458346]  ? __pfx_kthread+0x10/0x10
[  137.458663]  ret_from_fork+0x34b/0x430
[  137.458984]  ? __pfx_kthread+0x10/0x10
[  137.459300]  ret_from_fork_asm+0x1a/0x30
[  137.459636]  </TASK>
[  137.459828] Modules linked in:
[  137.460147] ---[ end trace 0000000000000000 ]---
[  137.460528] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.460997] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.462524] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.462975] BUG: Bad page state in process kworker/u10:0  pfn:16919
[  137.462990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16919
[  137.463003] flags: 0x100000000000000(node=0|zone=1)
[  137.463013] page_type: f9(unknown)
[  137.463025] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  137.463036] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.463043] page dumped because: nonzero mapcount
[  137.463048] Modules linked in:
[  137.463058] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G      D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.463077] Tainted: [D]=DIE, [W]=WARN
[  137.463081] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.463089] Workqueue: events_unbound cfg80211_wiphy_work
[  137.463102] Call Trace:
[  137.463105]  <IRQ>
[  137.463109]  dump_stack_lvl+0xfa/0x120
[  137.463128]  bad_page+0x8c/0x1c0
[  137.463141]  __free_frozen_pages+0xaf9/0xe10
[  137.463157]  ? rcu_core+0x7c3/0x1800
[  137.463172]  rcu_core+0x7c8/0x1800
[  137.463187]  ? __pfx_rcu_core+0x10/0x10
[  137.463201]  ? clockevents_program_event+0x135/0x360
[  137.463218]  ? tick_program_event+0xac/0x140
[  137.463229]  ? hrtimer_interrupt+0x652/0x830
[  137.463241]  handle_softirqs+0x1b1/0x770
[  137.463261]  __irq_exit_rcu+0xc4/0x100
[  137.463278]  irq_exit_rcu+0x9/0x20
[  137.463288]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.463304]  </IRQ>
[  137.463308]  <TASK>
[  137.463312]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.463325] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.463343] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.463354] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.463363] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.463371] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  137.463378] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.463385] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.463393] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
14:09:03 executing program 6:
fcntl$addseals(0xffffffffffffffff, 0x409, 0x2)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_ttl={{0x14}}], 0xf}, 0x0)

14:09:03 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
dup2(r0, r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r1, 0x5441, 0x0)
io_cancel(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4, 0x3ff, r1, &(0x7f0000000080)="edd406722408dcb04003fd4640d5bb939b3a2e4bdf9edb94bf60eca7d05d2556ea1b87be0906624b71ec604b6fb88cbf3281c5626b963ba5b95faa6f92a0be10d7937ce504b4444901b87678392ea14bb0037f6832c10a1eedf23abdd98c28b870c960e1b095024af2aecc392db1e70c8c28f6566aaec487ec645bee6a21f145aa78457d27f14c6def59c26e240d1d4e", 0x90, 0x4}, &(0x7f0000000180))
r2 = fork()
ptrace(0x10, r2)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff})
fcntl$setown(r3, 0x8, r2)
ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0))
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001a00)=[{{&(0x7f00000002c0)=@abs, 0x6e, &(0x7f0000001900)=[{&(0x7f00000003c0)=""/87, 0x57}, {&(0x7f0000000440)=""/216, 0xd8}, {&(0x7f0000001a80)=""/267, 0x10b}, {&(0x7f0000000640)=""/32, 0x20}, {&(0x7f0000000680)=""/4096, 0xffffffffffffff49}, {&(0x7f00000001c0)=""/88, 0x54}, {&(0x7f0000001700)=""/109, 0x75}, {&(0x7f0000001780)=""/140, 0x8c}, {&(0x7f0000000540)=""/162, 0xa2}], 0x9, &(0x7f00000019c0)=[@cred={{0x1c, 0x1, 0x2, {<r4=>0x0, 0x0, <r5=>0x0}}}], 0x20}}], 0x1, 0x40002001, &(0x7f0000001a40)={0x77359400})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r7=>0x0, <r8=>0x0}, &(0x7f0000008600)=0xc)
setgroups(0x1, &(0x7f0000000340)=[r8])
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000001c00)={{0x1, r7, 0x0, r7, r5, 0x1}, 0x0, 0x0, 0x5, 0xfff, 0x5f, 0x0, 0x1, 0x100, 0x8, 0x6, r4, r4})
r9 = getpid()
pidfd_open(r9, 0x0)
ptrace(0x4208, r9)

[  137.463403]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.463415]  ? console_flush_all+0x8bd/0xb70
[  137.463434]  ? __pfx_console_flush_all+0x10/0x10
[  137.463452]  ? __pfx_vprintk_store+0x10/0x10
[  137.463470]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.463483]  console_unlock+0xc2/0x1f0
[  137.463499]  ? __pfx_console_unlock+0x10/0x10
[  137.463516]  ? do_raw_spin_unlock+0x53/0x220
[  137.463532]  ? _printk+0xbe/0xf0
[  137.463545]  vprintk_emit+0x3f6/0x630
[  137.463563]  ? __pfx_vprintk_emit+0x10/0x10
[  137.463581]  ? __pfx__printk+0x10/0x10
[  137.463596]  _printk+0xbe/0xf0
[  137.463608]  ? __pfx__printk+0x10/0x10
[  137.463621]  ? perf_tp_event+0x14b/0xe70
[  137.463636]  ? show_opcodes+0xb3/0xd0
[  137.463655]  ? __show_regs+0x528/0x750
[  137.463669]  ? __show_regs+0x5c/0x750
[  137.463683]  __show_regs+0x534/0x750
[  137.463698]  ? printk_percpu_data_ready+0x9/0x20
[  137.463717]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.463732]  oops_end+0x7d/0xe0
[  137.463749]  exc_general_protection+0x1a2/0x330
[  137.463764]  asm_exc_general_protection+0x26/0x30
[  137.463776] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.463791] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.463802] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.463811] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.463818] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.463826] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.463834] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.463841] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.463851]  ? perf_tp_event+0x167/0xe70
[  137.463869]  ? __pfx_perf_tp_event+0x10/0x10
[  137.463886]  ? __lock_acquire+0xc65/0x1b70
[  137.463899]  ? __switch_to_asm+0x60/0x70
[  137.463917]  ? do_raw_spin_lock+0x123/0x260
[  137.463932]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.463951]  ? mark_held_locks+0x49/0x80
[  137.463965]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.463981]  perf_trace_run_bpf_submit+0xef/0x180
[  137.463998]  perf_trace_contention_begin+0x235/0x3e0
[  137.464013]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.464028]  ? __pick_eevdf+0x326/0x570
[  137.464039]  ? update_curr+0x71/0x500
[  137.464051]  ? lock_acquire+0x18c/0x2f0
[  137.464065]  trace_contention_begin+0xae/0x110
[  137.464089]  __mutex_lock+0x14b/0x1020
[  137.464105]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.464117]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.464129]  ? lock_release+0x1c7/0x290
[  137.464141]  ? lock_release+0x1c7/0x290
[  137.464154]  ? __pfx___mutex_lock+0x10/0x10
[  137.464172]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.464188]  ? xfd_validate_state+0x55/0x180
[  137.464204]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.464222]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.464234]  cfg80211_wiphy_work+0x7e/0x480
[  137.464247]  process_one_work+0x8e1/0x19c0
[  137.464264]  ? __pfx_process_one_work+0x10/0x10
[  137.464278]  ? move_linked_works+0x172/0x270
[  137.464296]  ? assign_work+0x196/0x240
[  137.464309]  worker_thread+0x67e/0xe90
[  137.464323]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.464336]  ? __pfx_worker_thread+0x10/0x10
[  137.464351]  kthread+0x3c8/0x740
[  137.464362]  ? __pfx_kthread+0x10/0x10
[  137.464374]  ? ret_from_fork+0x23/0x430
[  137.464392]  ? lock_release+0xc8/0x290
[  137.464405]  ? __pfx_kthread+0x10/0x10
[  137.464418]  ret_from_fork+0x34b/0x430
[  137.464435]  ? __pfx_kthread+0x10/0x10
[  137.464448]  ret_from_fork_asm+0x1a/0x30
[  137.464466]  </TASK>
[  137.464487] BUG: Bad page state in process kworker/u10:0  pfn:1691a
[  137.464495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1691a
[  137.464506] flags: 0x100000000000000(node=0|zone=1)
[  137.464514] page_type: f9(unknown)
[  137.464524] raw: 0100000000000000 0000000000000000 ffffea00005a4690 0000000000000000
[  137.464535] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.464542] page dumped because: nonzero mapcount
[  137.464547] Modules linked in:
[  137.464556] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.464575] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.464580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.464587] Workqueue: events_unbound cfg80211_wiphy_work
[  137.464599] Call Trace:
[  137.464602]  <IRQ>
[  137.464606]  dump_stack_lvl+0xfa/0x120
[  137.464623]  bad_page+0x8c/0x1c0
[  137.464634]  __free_frozen_pages+0xaf9/0xe10
[  137.464650]  ? rcu_core+0x7c3/0x1800
[  137.464664]  rcu_core+0x7c8/0x1800
[  137.464679]  ? __pfx_rcu_core+0x10/0x10
[  137.464693]  ? clockevents_program_event+0x135/0x360
[  137.464712]  ? tick_program_event+0xac/0x140
[  137.464723]  ? hrtimer_interrupt+0x652/0x830
[  137.464735]  handle_softirqs+0x1b1/0x770
[  137.464754]  __irq_exit_rcu+0xc4/0x100
[  137.464772]  irq_exit_rcu+0x9/0x20
[  137.464782]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.464798]  </IRQ>
[  137.464801]  <TASK>
[  137.464805]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.464818] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.464836] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.464847] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.464856] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.464863] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  137.464871] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.464878] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.464885] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  137.464895]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.464907]  ? console_flush_all+0x8bd/0xb70
[  137.464926]  ? __pfx_console_flush_all+0x10/0x10
[  137.464944]  ? __pfx_vprintk_store+0x10/0x10
[  137.464962]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.464974]  console_unlock+0xc2/0x1f0
[  137.464990]  ? __pfx_console_unlock+0x10/0x10
[  137.465007]  ? do_raw_spin_unlock+0x53/0x220
[  137.465023]  ? _printk+0xbe/0xf0
[  137.465037]  vprintk_emit+0x3f6/0x630
[  137.465054]  ? __pfx_vprintk_emit+0x10/0x10
[  137.465072]  ? __pfx__printk+0x10/0x10
[  137.465087]  _printk+0xbe/0xf0
[  137.465099]  ? __pfx__printk+0x10/0x10
[  137.465112]  ? perf_tp_event+0x14b/0xe70
[  137.465127]  ? show_opcodes+0xb3/0xd0
[  137.465145]  ? __show_regs+0x528/0x750
[  137.465159]  ? __show_regs+0x5c/0x750
[  137.465173]  __show_regs+0x534/0x750
[  137.465188]  ? printk_percpu_data_ready+0x9/0x20
[  137.465203]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.465218]  oops_end+0x7d/0xe0
[  137.465234]  exc_general_protection+0x1a2/0x330
[  137.465250]  asm_exc_general_protection+0x26/0x30
[  137.465261] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.465277] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.465288] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.465297] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.465304] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.465312] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.465319] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.465327] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.465336]  ? perf_tp_event+0x167/0xe70
[  137.465355]  ? __pfx_perf_tp_event+0x10/0x10
[  137.465372]  ? __lock_acquire+0xc65/0x1b70
[  137.465385]  ? __switch_to_asm+0x60/0x70
[  137.465402]  ? do_raw_spin_lock+0x123/0x260
[  137.465418]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.465436]  ? mark_held_locks+0x49/0x80
[  137.465450]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.465466]  perf_trace_run_bpf_submit+0xef/0x180
[  137.465483]  perf_trace_contention_begin+0x235/0x3e0
[  137.465498]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.465513]  ? __pick_eevdf+0x326/0x570
[  137.465524]  ? update_curr+0x71/0x500
[  137.465535]  ? lock_acquire+0x18c/0x2f0
[  137.465549]  trace_contention_begin+0xae/0x110
[  137.465564]  __mutex_lock+0x14b/0x1020
[  137.465581]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.465592]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.465604]  ? lock_release+0x1c7/0x290
[  137.465617]  ? lock_release+0x1c7/0x290
[  137.465630]  ? __pfx___mutex_lock+0x10/0x10
[  137.465647]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.465663]  ? xfd_validate_state+0x55/0x180
[  137.465680]  ? __pfx_try_to_wake_up+0x10/0x10
14:09:03 executing program 6:
fcntl$addseals(0xffffffffffffffff, 0x409, 0x2)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_ttl={{0x14}}], 0xf}, 0x0)

[  137.465697]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.465710]  cfg80211_wiphy_work+0x7e/0x480
[  137.465722]  process_one_work+0x8e1/0x19c0
[  137.465739]  ? __pfx_process_one_work+0x10/0x10
[  137.465753]  ? move_linked_works+0x172/0x270
[  137.465771]  ? assign_work+0x196/0x240
[  137.465786]  worker_thread+0x67e/0xe90
[  137.465801]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.465817]  ? __pfx_worker_thread+0x10/0x10
[  137.465831]  kthread+0x3c8/0x740
[  137.465843]  ? __pfx_kthread+0x10/0x10
[  137.465854]  ? ret_from_fork+0x23/0x430
[  137.465872]  ? lock_release+0xc8/0x290
[  137.465885]  ? __pfx_kthread+0x10/0x10
[  137.465898]  ret_from_fork+0x34b/0x430
[  137.465916]  ? __pfx_kthread+0x10/0x10
[  137.465928]  ret_from_fork_asm+0x1a/0x30
[  137.465946]  </TASK>
[  137.465965] BUG: Bad page state in process kworker/u10:0  pfn:1691b
[  137.465973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1691b
[  137.465983] flags: 0x100000000000000(node=0|zone=1)
[  137.465991] page_type: f9(unknown)
[  137.466001] raw: 0100000000000000 0000000000000000 ffffea00005a46c8 0000000000000000
[  137.466012] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.466019] page dumped because: nonzero mapcount
[  137.466024] Modules linked in:
[  137.466033] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.466052] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.466057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.466064] Workqueue: events_unbound cfg80211_wiphy_work
[  137.466075] Call Trace:
[  137.466079]  <IRQ>
[  137.466082]  dump_stack_lvl+0xfa/0x120
[  137.466099]  bad_page+0x8c/0x1c0
[  137.466110]  __free_frozen_pages+0xaf9/0xe10
[  137.466126]  ? rcu_core+0x7c3/0x1800
[  137.466140]  rcu_core+0x7c8/0x1800
[  137.466155]  ? __pfx_rcu_core+0x10/0x10
[  137.466169]  ? clockevents_program_event+0x135/0x360
[  137.466185]  ? tick_program_event+0xac/0x140
[  137.466196]  ? hrtimer_interrupt+0x652/0x830
[  137.466207]  handle_softirqs+0x1b1/0x770
[  137.466227]  __irq_exit_rcu+0xc4/0x100
[  137.466245]  irq_exit_rcu+0x9/0x20
[  137.466254]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.466270]  </IRQ>
[  137.466274]  <TASK>
[  137.466278]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.466290] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.466308] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.466319] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.466328] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.466335] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  137.466343] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.466350] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.466357] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  137.466367]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.466379]  ? console_flush_all+0x8bd/0xb70
[  137.466398]  ? __pfx_console_flush_all+0x10/0x10
[  137.466416]  ? __pfx_vprintk_store+0x10/0x10
[  137.466434]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.466446]  console_unlock+0xc2/0x1f0
[  137.466462]  ? __pfx_console_unlock+0x10/0x10
[  137.466479]  ? do_raw_spin_unlock+0x53/0x220
[  137.466495]  ? _printk+0xbe/0xf0
[  137.466509]  vprintk_emit+0x3f6/0x630
[  137.466527]  ? __pfx_vprintk_emit+0x10/0x10
[  137.466545]  ? __pfx__printk+0x10/0x10
[  137.466559]  _printk+0xbe/0xf0
[  137.466572]  ? __pfx__printk+0x10/0x10
[  137.466585]  ? perf_tp_event+0x14b/0xe70
[  137.466600]  ? show_opcodes+0xb3/0xd0
[  137.466618]  ? __show_regs+0x528/0x750
[  137.466632]  ? __show_regs+0x5c/0x750
[  137.466646]  __show_regs+0x534/0x750
[  137.466660]  ? printk_percpu_data_ready+0x9/0x20
[  137.466676]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.466691]  oops_end+0x7d/0xe0
[  137.466711]  exc_general_protection+0x1a2/0x330
[  137.466726]  asm_exc_general_protection+0x26/0x30
[  137.466738] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.466754] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.466765] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.466773] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.466781] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.466789] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.466796] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.466803] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.466813]  ? perf_tp_event+0x167/0xe70
[  137.466832]  ? __pfx_perf_tp_event+0x10/0x10
[  137.466848]  ? __lock_acquire+0xc65/0x1b70
[  137.466861]  ? __switch_to_asm+0x60/0x70
[  137.466879]  ? do_raw_spin_lock+0x123/0x260
[  137.466894]  ? __pfx_do_raw_spin_lock+0x10/0x10
14:09:03 executing program 1:
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5008, 0xffffffffffffff01, 0x6, 0x5, 0xffffffffffffffff}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x8)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
dup(r1)
fsetxattr$security_selinux(r0, &(0x7f0000000480), &(0x7f0000000500)='system_u:object_r:dpkg_lock_t:s0\x00', 0x21, 0x0)

[  137.466913]  ? mark_held_locks+0x49/0x80
[  137.466927]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.466943]  perf_trace_run_bpf_submit+0xef/0x180
[  137.466960]  perf_trace_contention_begin+0x235/0x3e0
[  137.466975]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.466989]  ? __pick_eevdf+0x326/0x570
[  137.467000]  ? update_curr+0x71/0x500
[  137.467012]  ? lock_acquire+0x18c/0x2f0
[  137.467026]  trace_contention_begin+0xae/0x110
[  137.467041]  __mutex_lock+0x14b/0x1020
[  137.467057]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.467069]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.467080]  ? lock_release+0x1c7/0x290
[  137.467093]  ? lock_release+0x1c7/0x290
[  137.467106]  ? __pfx___mutex_lock+0x10/0x10
[  137.467123]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.467139]  ? xfd_validate_state+0x55/0x180
[  137.467156]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.467173]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.467186]  cfg80211_wiphy_work+0x7e/0x480
[  137.467198]  process_one_work+0x8e1/0x19c0
[  137.467215]  ? __pfx_process_one_work+0x10/0x10
[  137.467229]  ? move_linked_works+0x172/0x270
[  137.467247]  ? assign_work+0x196/0x240
[  137.467260]  worker_thread+0x67e/0xe90
[  137.467274]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.467287]  ? __pfx_worker_thread+0x10/0x10
[  137.467302]  kthread+0x3c8/0x740
[  137.467313]  ? __pfx_kthread+0x10/0x10
[  137.467325]  ? ret_from_fork+0x23/0x430
[  137.467343]  ? lock_release+0xc8/0x290
[  137.467356]  ? __pfx_kthread+0x10/0x10
[  137.467368]  ret_from_fork+0x34b/0x430
[  137.467386]  ? __pfx_kthread+0x10/0x10
[  137.467398]  ret_from_fork_asm+0x1a/0x30
[  137.467417]  </TASK>
[  137.467434] BUG: Bad page state in process kworker/u10:0  pfn:1691c
[  137.467442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1691c
[  137.467453] flags: 0x100000000000000(node=0|zone=1)
[  137.467461] page_type: f9(unknown)
[  137.467470] raw: 0100000000000000 0000000000000000 ffffea00005a4708 0000000000000000
[  137.467481] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.467488] page dumped because: nonzero mapcount
[  137.467493] Modules linked in:
[  137.467502] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.467521] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.467526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.467533] Workqueue: events_unbound cfg80211_wiphy_work
[  137.467544] Call Trace:
[  137.467548]  <IRQ>
[  137.467551]  dump_stack_lvl+0xfa/0x120
[  137.467568]  bad_page+0x8c/0x1c0
[  137.467579]  __free_frozen_pages+0xaf9/0xe10
[  137.467595]  ? rcu_core+0x7c3/0x1800
[  137.467609]  rcu_core+0x7c8/0x1800
[  137.467624]  ? __pfx_rcu_core+0x10/0x10
[  137.467638]  ? clockevents_program_event+0x135/0x360
[  137.467654]  ? tick_program_event+0xac/0x140
[  137.467665]  ? hrtimer_interrupt+0x652/0x830
[  137.467676]  handle_softirqs+0x1b1/0x770
[  137.467696]  __irq_exit_rcu+0xc4/0x100
[  137.467717]  irq_exit_rcu+0x9/0x20
[  137.467727]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.467743]  </IRQ>
[  137.467746]  <TASK>
[  137.467750]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.467763] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.467780] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.467792] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.467800] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.467808] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  137.467816] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.467823] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.467831] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  137.467841]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.467853]  ? console_flush_all+0x8bd/0xb70
[  137.467872]  ? __pfx_console_flush_all+0x10/0x10
[  137.467890]  ? __pfx_vprintk_store+0x10/0x10
[  137.467911]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.467923]  console_unlock+0xc2/0x1f0
[  137.467939]  ? __pfx_console_unlock+0x10/0x10
[  137.467956]  ? do_raw_spin_unlock+0x53/0x220
[  137.467972]  ? _printk+0xbe/0xf0
[  137.467986]  vprintk_emit+0x3f6/0x630
[  137.468003]  ? __pfx_vprintk_emit+0x10/0x10
[  137.468021]  ? __pfx__printk+0x10/0x10
[  137.468036]  _printk+0xbe/0xf0
[  137.468048]  ? __pfx__printk+0x10/0x10
[  137.468062]  ? perf_tp_event+0x14b/0xe70
[  137.468077]  ? show_opcodes+0xb3/0xd0
[  137.468104]  ? __show_regs+0x528/0x750
[  137.468118]  ? __show_regs+0x5c/0x750
[  137.468133]  __show_regs+0x534/0x750
[  137.468148]  ? printk_percpu_data_ready+0x9/0x20
[  137.468165]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.468180]  oops_end+0x7d/0xe0
[  137.468197]  exc_general_protection+0x1a2/0x330
[  137.468213]  asm_exc_general_protection+0x26/0x30
[  137.468225] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.468242] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.468253] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.468263] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.468270] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.468279] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.468287] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.468294] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.468305]  ? perf_tp_event+0x167/0xe70
[  137.468323]  ? __pfx_perf_tp_event+0x10/0x10
[  137.468341]  ? __lock_acquire+0xc65/0x1b70
[  137.468355]  ? __switch_to_asm+0x60/0x70
[  137.468373]  ? do_raw_spin_lock+0x123/0x260
[  137.468389]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.468408]  ? mark_held_locks+0x49/0x80
[  137.468423]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.468440]  perf_trace_run_bpf_submit+0xef/0x180
[  137.468457]  perf_trace_contention_begin+0x235/0x3e0
[  137.468472]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.468486]  ? __pick_eevdf+0x326/0x570
[  137.468497]  ? update_curr+0x71/0x500
[  137.468509]  ? lock_acquire+0x18c/0x2f0
[  137.468523]  trace_contention_begin+0xae/0x110
[  137.468538]  __mutex_lock+0x14b/0x1020
[  137.468555]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.468567]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.468579]  ? lock_release+0x1c7/0x290
[  137.468592]  ? lock_release+0x1c7/0x290
[  137.468606]  ? __pfx___mutex_lock+0x10/0x10
[  137.468624]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.468641]  ? xfd_validate_state+0x55/0x180
[  137.468658]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.468676]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.468690]  cfg80211_wiphy_work+0x7e/0x480
[  137.468704]  process_one_work+0x8e1/0x19c0
[  137.468720]  ? __pfx_process_one_work+0x10/0x10
[  137.468734]  ? move_linked_works+0x172/0x270
[  137.468753]  ? assign_work+0x196/0x240
[  137.468767]  worker_thread+0x67e/0xe90
[  137.468782]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.468796]  ? __pfx_worker_thread+0x10/0x10
[  137.468811]  kthread+0x3c8/0x740
[  137.468824]  ? __pfx_kthread+0x10/0x10
[  137.468836]  ? ret_from_fork+0x23/0x430
[  137.468855]  ? lock_release+0xc8/0x290
[  137.468868]  ? __pfx_kthread+0x10/0x10
[  137.468882]  ret_from_fork+0x34b/0x430
[  137.468900]  ? __pfx_kthread+0x10/0x10
[  137.468913]  ret_from_fork_asm+0x1a/0x30
[  137.468932]  </TASK>
[  137.468960] BUG: Bad page state in process kworker/u10:0  pfn:1691d
[  137.468969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1691d
[  137.468980] flags: 0x100000000000000(node=0|zone=1)
[  137.468988] page_type: f9(unknown)
[  137.468998] raw: 0100000000000000 0000000000000000 ffffea00005a4748 0000000000000000
[  137.469009] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.469017] page dumped because: nonzero mapcount
[  137.469022] Modules linked in:
[  137.469031] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.469052] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.469056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.469064] Workqueue: events_unbound cfg80211_wiphy_work
[  137.469076] Call Trace:
[  137.469080]  <IRQ>
[  137.469084]  dump_stack_lvl+0xfa/0x120
[  137.469101]  bad_page+0x8c/0x1c0
[  137.469113]  __free_frozen_pages+0xaf9/0xe10
[  137.469130]  ? rcu_core+0x7c3/0x1800
[  137.469144]  rcu_core+0x7c8/0x1800
[  137.469160]  ? __pfx_rcu_core+0x10/0x10
[  137.469175]  ? clockevents_program_event+0x135/0x360
[  137.469191]  ? tick_program_event+0xac/0x140
[  137.469202]  ? hrtimer_interrupt+0x652/0x830
[  137.469214]  handle_softirqs+0x1b1/0x770
[  137.469233]  __irq_exit_rcu+0xc4/0x100
[  137.469251]  irq_exit_rcu+0x9/0x20
[  137.469261]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.469277]  </IRQ>
[  137.469280]  <TASK>
[  137.469284]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.469297] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.469315] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.469326] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.469334] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.469342] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  137.469349] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.469357] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.469365] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  137.469375]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.469388]  ? console_flush_all+0x8bd/0xb70
[  137.469408]  ? __pfx_console_flush_all+0x10/0x10
[  137.469426]  ? __pfx_vprintk_store+0x10/0x10
[  137.469445]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.469457]  console_unlock+0xc2/0x1f0
[  137.469474]  ? __pfx_console_unlock+0x10/0x10
[  137.469492]  ? do_raw_spin_unlock+0x53/0x220
[  137.469508]  ? _printk+0xbe/0xf0
[  137.469523]  vprintk_emit+0x3f6/0x630
[  137.469541]  ? __pfx_vprintk_emit+0x10/0x10
[  137.469559]  ? __pfx__printk+0x10/0x10
[  137.469573]  _printk+0xbe/0xf0
[  137.469586]  ? __pfx__printk+0x10/0x10
[  137.469599]  ? perf_tp_event+0x14b/0xe70
[  137.469614]  ? show_opcodes+0xb3/0xd0
[  137.469632]  ? __show_regs+0x528/0x750
[  137.469646]  ? __show_regs+0x5c/0x750
[  137.469661]  __show_regs+0x534/0x750
[  137.469676]  ? printk_percpu_data_ready+0x9/0x20
[  137.469692]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.469711]  oops_end+0x7d/0xe0
[  137.469728]  exc_general_protection+0x1a2/0x330
[  137.469744]  asm_exc_general_protection+0x26/0x30
[  137.469756] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.469773] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.469784] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.469794] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.469801] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.469809] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.469818] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.469825] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.469836]  ? perf_tp_event+0x167/0xe70
[  137.469855]  ? __pfx_perf_tp_event+0x10/0x10
[  137.469872]  ? __lock_acquire+0xc65/0x1b70
[  137.469886]  ? __switch_to_asm+0x60/0x70
[  137.469904]  ? do_raw_spin_lock+0x123/0x260
[  137.469920]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.469939]  ? mark_held_locks+0x49/0x80
[  137.469954]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.469971]  perf_trace_run_bpf_submit+0xef/0x180
[  137.469989]  perf_trace_contention_begin+0x235/0x3e0
[  137.470005]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.470020]  ? __pick_eevdf+0x326/0x570
[  137.470031]  ? update_curr+0x71/0x500
[  137.470044]  ? lock_acquire+0x18c/0x2f0
[  137.470058]  trace_contention_begin+0xae/0x110
[  137.470074]  __mutex_lock+0x14b/0x1020
[  137.470091]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.470103]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.470116]  ? lock_release+0x1c7/0x290
[  137.470129]  ? lock_release+0x1c7/0x290
[  137.470143]  ? __pfx___mutex_lock+0x10/0x10
[  137.470161]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.470177]  ? xfd_validate_state+0x55/0x180
[  137.470195]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.470213]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.470226]  cfg80211_wiphy_work+0x7e/0x480
[  137.470240]  process_one_work+0x8e1/0x19c0
[  137.470257]  ? __pfx_process_one_work+0x10/0x10
[  137.470271]  ? move_linked_works+0x172/0x270
[  137.470290]  ? assign_work+0x196/0x240
[  137.470304]  worker_thread+0x67e/0xe90
[  137.470319]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.470333]  ? __pfx_worker_thread+0x10/0x10
[  137.470348]  kthread+0x3c8/0x740
[  137.470360]  ? __pfx_kthread+0x10/0x10
[  137.470372]  ? ret_from_fork+0x23/0x430
[  137.470390]  ? lock_release+0xc8/0x290
[  137.470403]  ? __pfx_kthread+0x10/0x10
[  137.470415]  ret_from_fork+0x34b/0x430
[  137.470433]  ? __pfx_kthread+0x10/0x10
[  137.470445]  ret_from_fork_asm+0x1a/0x30
[  137.470463]  </TASK>
[  137.470480] BUG: Bad page state in process kworker/u10:0  pfn:1691e
[  137.470488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1691e
[  137.470498] flags: 0x100000000000000(node=0|zone=1)
[  137.470506] page_type: f9(unknown)
[  137.470516] raw: 0100000000000000 0000000000000000 ffffea00005a4788 0000000000000000
14:09:03 executing program 6:
fcntl$addseals(0xffffffffffffffff, 0x409, 0x2)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_ttl={{0x14}}], 0xf}, 0x0)

[  137.470527] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.470534] page dumped because: nonzero mapcount
[  137.470539] Modules linked in:
[  137.470547] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.470567] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.470571] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.470578] Workqueue: events_unbound cfg80211_wiphy_work
[  137.470590] Call Trace:
[  137.470593]  <IRQ>
[  137.470597]  dump_stack_lvl+0xfa/0x120
[  137.470614]  bad_page+0x8c/0x1c0
[  137.470625]  __free_frozen_pages+0xaf9/0xe10
[  137.470641]  ? rcu_core+0x7c3/0x1800
[  137.470654]  rcu_core+0x7c8/0x1800
[  137.470670]  ? __pfx_rcu_core+0x10/0x10
[  137.470684]  ? clockevents_program_event+0x135/0x360
[  137.470700]  ? tick_program_event+0xac/0x140
[  137.470714]  ? hrtimer_interrupt+0x652/0x830
[  137.470726]  handle_softirqs+0x1b1/0x770
[  137.470745]  __irq_exit_rcu+0xc4/0x100
[  137.470763]  irq_exit_rcu+0x9/0x20
[  137.470773]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.470789]  </IRQ>
[  137.470792]  <TASK>
[  137.470796]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.470809] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.470826] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.470837] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.470846] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.470854] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  137.470861] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.470868] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.470876] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  137.470885]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.470897]  ? console_flush_all+0x8bd/0xb70
[  137.470917]  ? __pfx_console_flush_all+0x10/0x10
[  137.470934]  ? __pfx_vprintk_store+0x10/0x10
[  137.470952]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.470964]  console_unlock+0xc2/0x1f0
[  137.470980]  ? __pfx_console_unlock+0x10/0x10
[  137.470997]  ? do_raw_spin_unlock+0x53/0x220
[  137.471013]  ? _printk+0xbe/0xf0
[  137.471027]  vprintk_emit+0x3f6/0x630
[  137.471045]  ? __pfx_vprintk_emit+0x10/0x10
[  137.471062]  ? __pfx__printk+0x10/0x10
[  137.471077]  _printk+0xbe/0xf0
[  137.471089]  ? __pfx__printk+0x10/0x10
[  137.471103]  ? perf_tp_event+0x14b/0xe70
[  137.471117]  ? show_opcodes+0xb3/0xd0
[  137.471135]  ? __show_regs+0x528/0x750
[  137.471149]  ? __show_regs+0x5c/0x750
[  137.471163]  __show_regs+0x534/0x750
[  137.471178]  ? printk_percpu_data_ready+0x9/0x20
[  137.471193]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.471208]  oops_end+0x7d/0xe0
[  137.471225]  exc_general_protection+0x1a2/0x330
[  137.471240]  asm_exc_general_protection+0x26/0x30
[  137.471251] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.471267] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.471278] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.471287] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.471294] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.471302] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.471310] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.471317] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.471327]  ? perf_tp_event+0x167/0xe70
[  137.471345]  ? __pfx_perf_tp_event+0x10/0x10
[  137.471362]  ? __lock_acquire+0xc65/0x1b70
[  137.471375]  ? __switch_to_asm+0x60/0x70
[  137.471392]  ? do_raw_spin_lock+0x123/0x260
[  137.471408]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.471426]  ? mark_held_locks+0x49/0x80
[  137.471440]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.471456]  perf_trace_run_bpf_submit+0xef/0x180
[  137.471473]  perf_trace_contention_begin+0x235/0x3e0
[  137.471488]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.471503]  ? __pick_eevdf+0x326/0x570
[  137.471514]  ? update_curr+0x71/0x500
[  137.471525]  ? lock_acquire+0x18c/0x2f0
[  137.471540]  trace_contention_begin+0xae/0x110
[  137.471557]  __mutex_lock+0x14b/0x1020
[  137.471574]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.471586]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.471597]  ? lock_release+0x1c7/0x290
[  137.471610]  ? lock_release+0x1c7/0x290
[  137.471623]  ? __pfx___mutex_lock+0x10/0x10
[  137.471640]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.471656]  ? xfd_validate_state+0x55/0x180
[  137.471673]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.471690]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.471703]  cfg80211_wiphy_work+0x7e/0x480
[  137.471716]  process_one_work+0x8e1/0x19c0
[  137.471732]  ? __pfx_process_one_work+0x10/0x10
[  137.471746]  ? move_linked_works+0x172/0x270
[  137.471764]  ? assign_work+0x196/0x240
[  137.471778]  worker_thread+0x67e/0xe90
[  137.471792]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.471805]  ? __pfx_worker_thread+0x10/0x10
[  137.471820]  kthread+0x3c8/0x740
[  137.471831]  ? __pfx_kthread+0x10/0x10
[  137.471843]  ? ret_from_fork+0x23/0x430
[  137.471861]  ? lock_release+0xc8/0x290
[  137.471874]  ? __pfx_kthread+0x10/0x10
[  137.471887]  ret_from_fork+0x34b/0x430
[  137.471904]  ? __pfx_kthread+0x10/0x10
[  137.471916]  ret_from_fork_asm+0x1a/0x30
[  137.471935]  </TASK>
[  137.471960] BUG: Bad page state in process kworker/u10:0  pfn:1691f
[  137.471968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1691f
14:09:03 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
dup2(r0, r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000))
ioctl$TIOCGPTPEER(r1, 0x5441, 0x0)
io_cancel(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4, 0x3ff, r1, &(0x7f0000000080)="edd406722408dcb04003fd4640d5bb939b3a2e4bdf9edb94bf60eca7d05d2556ea1b87be0906624b71ec604b6fb88cbf3281c5626b963ba5b95faa6f92a0be10d7937ce504b4444901b87678392ea14bb0037f6832c10a1eedf23abdd98c28b870c960e1b095024af2aecc392db1e70c8c28f6566aaec487ec645bee6a21f145aa78457d27f14c6def59c26e240d1d4e", 0x90, 0x4}, &(0x7f0000000180))
r2 = fork()
ptrace(0x10, r2)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff})
fcntl$setown(r3, 0x8, r2)
ptrace$setregs(0xe, r2, 0x0, &(0x7f00000009c0))
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001a00)=[{{&(0x7f00000002c0)=@abs, 0x6e, &(0x7f0000001900)=[{&(0x7f00000003c0)=""/87, 0x57}, {&(0x7f0000000440)=""/216, 0xd8}, {&(0x7f0000001a80)=""/267, 0x10b}, {&(0x7f0000000640)=""/32, 0x20}, {&(0x7f0000000680)=""/4096, 0xffffffffffffff49}, {&(0x7f00000001c0)=""/88, 0x54}, {&(0x7f0000001700)=""/109, 0x75}, {&(0x7f0000001780)=""/140, 0x8c}, {&(0x7f0000000540)=""/162, 0xa2}], 0x9, &(0x7f00000019c0)=[@cred={{0x1c, 0x1, 0x2, {<r4=>0x0, 0x0, <r5=>0x0}}}], 0x20}}], 0x1, 0x40002001, &(0x7f0000001a40)={0x77359400})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r7=>0x0, <r8=>0x0}, &(0x7f0000008600)=0xc)
setgroups(0x1, &(0x7f0000000340)=[r8])
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000001c00)={{0x1, r7, 0x0, r7, r5, 0x1}, 0x0, 0x0, 0x5, 0xfff, 0x5f, 0x0, 0x1, 0x100, 0x8, 0x6, r4, r4})
r9 = getpid()
pidfd_open(r9, 0x0)
ptrace(0x4208, r9)

[  137.471979] flags: 0x100000000000000(node=0|zone=1)
[  137.471987] page_type: f9(unknown)
[  137.471997] raw: 0100000000000000 0000000000000000 ffffea00005a47c8 0000000000000000
[  137.472007] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  137.472014] page dumped because: nonzero mapcount
[  137.472019] Modules linked in:
[  137.472028] CPU: 1 UID: 0 PID: 26 Comm: kworker/u10:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.472047] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.472052] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.472059] Workqueue: events_unbound cfg80211_wiphy_work
[  137.472070] Call Trace:
[  137.472074]  <IRQ>
[  137.472086]  dump_stack_lvl+0xfa/0x120
[  137.472103]  bad_page+0x8c/0x1c0
[  137.472114]  __free_frozen_pages+0xaf9/0xe10
[  137.472130]  ? rcu_core+0x7c3/0x1800
[  137.472143]  rcu_core+0x7c8/0x1800
[  137.472159]  ? __pfx_rcu_core+0x10/0x10
[  137.472172]  ? clockevents_program_event+0x135/0x360
[  137.472188]  ? tick_program_event+0xac/0x140
[  137.472199]  ? hrtimer_interrupt+0x652/0x830
[  137.472210]  handle_softirqs+0x1b1/0x770
[  137.472230]  __irq_exit_rcu+0xc4/0x100
[  137.472248]  irq_exit_rcu+0x9/0x20
[  137.472257]  sysvec_apic_timer_interrupt+0x70/0x80
[  137.472273]  </IRQ>
[  137.472277]  <TASK>
[  137.472281]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  137.472293] RIP: 0010:console_flush_all+0x8c1/0xb70
[  137.472311] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  137.472322] RSP: 0018:ffff8880097771d0 EFLAGS: 00000246
[  137.472331] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  137.472339] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
14:09:03 executing program 1:
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5008, 0xffffffffffffff01, 0x6, 0x5, 0xffffffffffffffff}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x8)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
dup(r1)
fsetxattr$security_selinux(r0, &(0x7f0000000480), &(0x7f0000000500)='system_u:object_r:dpkg_lock_t:s0\x00', 0x21, 0x0)

[  137.472346] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  137.472353] R10: ffffffff8643ac57 R11: 313030203a505352 R12: 0000000000000000
[  137.472360] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  137.472370]  ? trace_irq_enable.constprop.0+0x26/0x100
[  137.472382]  ? console_flush_all+0x8bd/0xb70
[  137.472401]  ? __pfx_console_flush_all+0x10/0x10
[  137.472419]  ? __pfx_vprintk_store+0x10/0x10
[  137.472437]  ? is_printk_cpu_sync_owner+0x32/0x40
[  137.472449]  console_unlock+0xc2/0x1f0
[  137.472465]  ? __pfx_console_unlock+0x10/0x10
[  137.472482]  ? do_raw_spin_unlock+0x53/0x220
[  137.472498]  ? _printk+0xbe/0xf0
[  137.472512]  vprintk_emit+0x3f6/0x630
[  137.472529]  ? __pfx_vprintk_emit+0x10/0x10
[  137.472547]  ? __pfx__printk+0x10/0x10
[  137.472562]  _printk+0xbe/0xf0
[  137.472574]  ? __pfx__printk+0x10/0x10
[  137.472587]  ? perf_tp_event+0x14b/0xe70
[  137.472602]  ? show_opcodes+0xb3/0xd0
[  137.472620]  ? __show_regs+0x528/0x750
[  137.472634]  ? __show_regs+0x5c/0x750
[  137.472648]  __show_regs+0x534/0x750
[  137.472663]  ? printk_percpu_data_ready+0x9/0x20
[  137.472678]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  137.472693]  oops_end+0x7d/0xe0
[  137.472713]  exc_general_protection+0x1a2/0x330
[  137.472728]  asm_exc_general_protection+0x26/0x30
[  137.472740] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.472755] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.472767] RSP: 0018:ffff888009777700 EFLAGS: 00010212
[  137.472775] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.472783] RDX: ffff888009753700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.472791] RBP: ffff888009777970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.472798] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.472805] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.472815]  ? perf_tp_event+0x167/0xe70
[  137.472834]  ? __pfx_perf_tp_event+0x10/0x10
[  137.472850]  ? __lock_acquire+0xc65/0x1b70
[  137.472864]  ? __switch_to_asm+0x60/0x70
[  137.472881]  ? do_raw_spin_lock+0x123/0x260
[  137.472896]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.472915]  ? mark_held_locks+0x49/0x80
[  137.472929]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.472945]  perf_trace_run_bpf_submit+0xef/0x180
[  137.472962]  perf_trace_contention_begin+0x235/0x3e0
[  137.472977]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.472991]  ? __pick_eevdf+0x326/0x570
[  137.473002]  ? update_curr+0x71/0x500
[  137.473014]  ? lock_acquire+0x18c/0x2f0
[  137.473028]  trace_contention_begin+0xae/0x110
[  137.473043]  __mutex_lock+0x14b/0x1020
[  137.473059]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.473071]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.473083]  ? lock_release+0x1c7/0x290
[  137.473095]  ? lock_release+0x1c7/0x290
[  137.473108]  ? __pfx___mutex_lock+0x10/0x10
[  137.473125]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.473141]  ? xfd_validate_state+0x55/0x180
[  137.473158]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.473175]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.473188]  cfg80211_wiphy_work+0x7e/0x480
[  137.473201]  process_one_work+0x8e1/0x19c0
[  137.473217]  ? __pfx_process_one_work+0x10/0x10
[  137.473231]  ? move_linked_works+0x172/0x270
[  137.473249]  ? assign_work+0x196/0x240
[  137.473263]  worker_thread+0x67e/0xe90
[  137.473276]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.473290]  ? __pfx_worker_thread+0x10/0x10
[  137.473304]  kthread+0x3c8/0x740
[  137.473316]  ? __pfx_kthread+0x10/0x10
[  137.473328]  ? ret_from_fork+0x23/0x430
[  137.473345]  ? lock_release+0xc8/0x290
[  137.473358]  ? __pfx_kthread+0x10/0x10
[  137.473371]  ret_from_fork+0x34b/0x430
[  137.473388]  ? __pfx_kthread+0x10/0x10
[  137.473401]  ret_from_fork_asm+0x1a/0x30
[  137.473419]  </TASK>
[  137.788175] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.788765] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.789324] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.790668] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.791648] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.792243] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.792892] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.793354] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  137.793929] note: kworker/u10:0[26] exited with preempt_count 2
[  137.794451] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#7] SMP KASAN NOPTI
[  137.795323] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.795999] CPU: 1 UID: 0 PID: 49 Comm: kworker/u10:1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.796926] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.797318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.797957] Workqueue: events_unbound cfg80211_wiphy_work
[  137.798397] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.798774] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.800199] RSP: 0018:ffff88800afff700 EFLAGS: 00010212
[  137.800619] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.801180] RDX: ffff88800afc9b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.801739] RBP: ffff88800afff970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.802299] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.802857] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.803416] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.804050] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.804519] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  137.805081] Call Trace:
[  137.805290]  <TASK>
[  137.805476]  ? __pfx_perf_tp_event+0x10/0x10
[  137.805834]  ? ret_from_fork_asm+0x1a/0x30
[  137.806173]  ? stack_trace_save+0x8e/0xc0
[  137.806505]  ? stack_depot_save_flags+0x2c/0xa20
[  137.806886]  ? kasan_save_stack+0x34/0x50
[  137.807217]  ? kasan_save_stack+0x24/0x50
[  137.807547]  ? kasan_save_track+0x14/0x30
[  137.807876]  ? __kasan_save_free_info+0x3a/0x60
[  137.808258]  ? __kasan_slab_free+0x3f/0x50
[  137.808600]  ? kmem_cache_free+0x2a1/0x540
[  137.808936]  ? kfree_skbmem+0x18a/0x1f0
[  137.809254]  ? sk_skb_reason_drop+0x10e/0x1b0
[  137.809618]  ? ieee80211_iface_work+0x43c/0x1220
[  137.809999]  ? cfg80211_wiphy_work+0x245/0x480
[  137.810362]  ? process_one_work+0x8e1/0x19c0
[  137.810715]  ? worker_thread+0x67e/0xe90
[  137.811038]  ? kthread+0x3c8/0x740
[  137.811322]  ? ret_from_fork+0x34b/0x430
[  137.811655]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.812053]  perf_trace_run_bpf_submit+0xef/0x180
[  137.812444]  perf_trace_contention_begin+0x235/0x3e0
[  137.812847]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.813287]  ? lock_acquire+0x18c/0x2f0
[  137.813605]  trace_contention_begin+0xae/0x110
[  137.813971]  __mutex_lock+0x14b/0x1020
[  137.814290]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.814646]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.815001]  ? lock_release+0x1c7/0x290
[  137.815319]  ? __pfx___mutex_lock+0x10/0x10
[  137.815664]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.816068]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.816444]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.816861]  cfg80211_wiphy_work+0x7e/0x480
[  137.817204]  process_one_work+0x8e1/0x19c0
[  137.817542]  ? __pfx_process_one_work+0x10/0x10
[  137.817910]  ? move_linked_works+0x172/0x270
[  137.818266]  ? assign_work+0x196/0x240
[  137.818579]  worker_thread+0x67e/0xe90
[  137.818893]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.819305]  ? __pfx_worker_thread+0x10/0x10
[  137.819661]  kthread+0x3c8/0x740
[  137.819936]  ? __pfx_kthread+0x10/0x10
[  137.820252]  ? ret_from_fork+0x23/0x430
[  137.820573]  ? lock_release+0xc8/0x290
[  137.820885]  ? __pfx_kthread+0x10/0x10
[  137.821194]  ret_from_fork+0x34b/0x430
[  137.821511]  ? __pfx_kthread+0x10/0x10
[  137.821820]  ret_from_fork_asm+0x1a/0x30
[  137.822148]  </TASK>
[  137.822336] Modules linked in:
[  137.822632] ---[ end trace 0000000000000000 ]---
[  137.823026] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.823402] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.824834] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.825256] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.825830] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.826391] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.826969] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.827529] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.828117] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.828770] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.829229] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  137.829810] note: kworker/u10:1[49] exited with preempt_count 2
[  137.830677] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#8] SMP KASAN NOPTI
[  137.831560] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.832250] CPU: 1 UID: 0 PID: 3257 Comm: kworker/u10:8 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.833181] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.833574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.834219] Workqueue: events_unbound cfg80211_wiphy_work
[  137.834657] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.835032] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.836450] RSP: 0018:ffff88801b537700 EFLAGS: 00010212
[  137.836869] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.837575] RDX: ffff888016c85280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.838299] RBP: ffff88801b537970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.838857] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.839414] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.839970] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.840606] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.841066] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  137.841630] Call Trace:
[  137.841836]  <TASK>
[  137.842018]  ? __pfx_perf_tp_event+0x10/0x10
[  137.842374]  ? ret_from_fork_asm+0x1a/0x30
[  137.842712]  ? stack_trace_save+0x8e/0xc0
[  137.843044]  ? stack_depot_save_flags+0x2c/0xa20
[  137.843419]  ? kasan_save_stack+0x34/0x50
[  137.843778]  ? kasan_save_stack+0x24/0x50
[  137.844231]  ? kasan_save_track+0x14/0x30
[  137.844611]  ? __kasan_save_free_info+0x3a/0x60
[  137.845103]  ? __kasan_slab_free+0x3f/0x50
[  137.845460]  ? kmem_cache_free+0x2a1/0x540
[  137.845794]  ? kfree_skbmem+0x18a/0x1f0
[  137.846112]  ? sk_skb_reason_drop+0x10e/0x1b0
[  137.846472]  ? ieee80211_iface_work+0x43c/0x1220
[  137.846853]  ? cfg80211_wiphy_work+0x245/0x480
[  137.847213]  ? process_one_work+0x8e1/0x19c0
[  137.847563]  ? worker_thread+0x67e/0xe90
[  137.847886]  ? kthread+0x3c8/0x740
[  137.848178]  ? ret_from_fork+0x34b/0x430
[  137.848509]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.848905]  perf_trace_run_bpf_submit+0xef/0x180
[  137.849295]  perf_trace_contention_begin+0x235/0x3e0
[  137.849697]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.850135]  ? __pick_eevdf+0x326/0x570
[  137.850451]  ? update_curr+0x71/0x500
[  137.850756]  ? lock_acquire+0x18c/0x2f0
[  137.851075]  trace_contention_begin+0xae/0x110
[  137.851442]  __mutex_lock+0x14b/0x1020
[  137.851754]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.852114]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.852470]  ? lock_release+0x1c7/0x290
[  137.852789]  ? lock_release+0x1c7/0x290
[  137.853107]  ? __pfx___mutex_lock+0x10/0x10
[  137.853453]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.853861]  ? xfd_validate_state+0x55/0x180
[  137.854215]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.854576]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.854991]  cfg80211_wiphy_work+0x7e/0x480
[  137.855331]  process_one_work+0x8e1/0x19c0
[  137.855667]  ? __pfx_process_one_work+0x10/0x10
[  137.856037]  ? move_linked_works+0x172/0x270
[  137.856402]  ? assign_work+0x196/0x240
[  137.856712]  worker_thread+0x67e/0xe90
[  137.857027]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.857440]  ? __pfx_worker_thread+0x10/0x10
[  137.857793]  kthread+0x3c8/0x740
[  137.858064]  ? __pfx_kthread+0x10/0x10
[  137.858375]  ? ret_from_fork+0x23/0x430
[  137.858699]  ? lock_release+0xc8/0x290
[  137.859008]  ? __pfx_kthread+0x10/0x10
[  137.859321]  ret_from_fork+0x34b/0x430
[  137.859633]  ? __pfx_kthread+0x10/0x10
[  137.859946]  ret_from_fork_asm+0x1a/0x30
[  137.860285]  </TASK>
[  137.860473] Modules linked in:
[  137.860769] ---[ end trace 0000000000000000 ]---
[  137.861141] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.861515] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.863011] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.863433] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.864116] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.864698] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.865399] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.866032] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.866605] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.867307] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.867836] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  137.868415] note: kworker/u10:8[3257] exited with preempt_count 2
[  137.869332] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#9] SMP KASAN NOPTI
[  137.870229] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.870919] CPU: 1 UID: 0 PID: 113 Comm: kworker/u10:2 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.871854] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.872265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.872925] Workqueue: events_unbound cfg80211_wiphy_work
[  137.873372] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.873758] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.875213] RSP: 0018:ffff8880157d7700 EFLAGS: 00010212
[  137.875640] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.876219] RDX: ffff8880158c5280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.876796] RBP: ffff8880157d7970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.877373] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.877939] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.878511] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.879151] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.879621] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  137.880200] Call Trace:
[  137.880410]  <TASK>
[  137.880601]  ? __pfx_perf_tp_event+0x10/0x10
[  137.880965]  ? lock_acquire+0x18c/0x2f0
[  137.881292]  ? lock_release+0x1c7/0x290
[  137.881618]  ? unwind_next_frame+0x3bc/0x2540
[  137.881995]  ? ret_from_fork_asm+0x1a/0x30
[  137.882344]  ? ret_from_fork_asm+0x1a/0x30
[  137.882693]  ? kernel_text_address+0x11/0xc0
[  137.883059]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  137.883498]  ? arch_stack_walk+0x86/0xf0
[  137.883830]  ? ret_from_fork_asm+0x1a/0x30
[  137.884185]  ? stack_trace_save+0x8e/0xc0
[  137.884527]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.884936]  ? do_raw_spin_lock+0x123/0x260
[  137.885291]  perf_trace_run_bpf_submit+0xef/0x180
[  137.885691]  perf_trace_contention_begin+0x235/0x3e0
[  137.886105]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.886560]  ? __pick_eevdf+0x326/0x570
[  137.886883]  ? update_curr+0x71/0x500
[  137.887202]  ? lock_acquire+0x18c/0x2f0
[  137.887531]  trace_contention_begin+0xae/0x110
[  137.887908]  __mutex_lock+0x14b/0x1020
[  137.888236]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.888599]  ? cfg80211_wiphy_work+0x7e/0x480
[  137.888966]  ? lock_release+0x1c7/0x290
[  137.889291]  ? lock_release+0x1c7/0x290
[  137.889617]  ? __pfx___mutex_lock+0x10/0x10
[  137.889973]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  137.890386]  ? __virt_addr_valid+0x100/0x5d0
[  137.890750]  ? __pfx_try_to_wake_up+0x10/0x10
[  137.891121]  ? __call_rcu_common.constprop.0+0x4c1/0x960
[  137.891565]  cfg80211_wiphy_work+0x7e/0x480
[  137.891919]  process_one_work+0x8e1/0x19c0
[  137.892277]  ? __pfx_process_one_work+0x10/0x10
[  137.892657]  ? move_linked_works+0x172/0x270
[  137.893023]  ? assign_work+0x196/0x240
[  137.893344]  worker_thread+0x67e/0xe90
[  137.893667]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.894089]  ? __pfx_worker_thread+0x10/0x10
[  137.894455]  kthread+0x3c8/0x740
[  137.894737]  ? __pfx_kthread+0x10/0x10
[  137.895058]  ? ret_from_fork+0x23/0x430
[  137.895389]  ? lock_release+0xc8/0x290
[  137.895709]  ? __pfx_kthread+0x10/0x10
[  137.896027]  ret_from_fork+0x34b/0x430
[  137.896363]  ? __pfx_kthread+0x10/0x10
[  137.896686]  ret_from_fork_asm+0x1a/0x30
[  137.897029]  </TASK>
[  137.897223] Modules linked in:
[  137.898228] ---[ end trace 0000000000000000 ]---
[  137.898615] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.899427] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.900916] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  137.901347] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  137.901935] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.902511] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.903095] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  137.903671] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.904273] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.904935] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.905404] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  137.905992] note: kworker/u10:2[113] exited with preempt_count 2
[  137.906543] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#10] SMP KASAN NOPTI
[  137.907436] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  137.907604] kmemleak: Found object by alias at 0x607f1a6399d4
[  137.907636] CPU: 0 UID: 0 PID: 4019 Comm: syz-executor.1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.907678] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.907688] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.907701] Call Trace:
[  137.907717]  <TASK>
[  137.907726]  dump_stack_lvl+0xca/0x120
[  137.907771]  __lookup_object+0x94/0xb0
[  137.907803]  delete_object_full+0x27/0x70
[  137.907834]  free_percpu+0x30/0x1160
[  137.907866]  ? arch_uprobe_clear_state+0x16/0x140
[  137.907901]  futex_hash_free+0x38/0xc0
[  137.907928]  mmput+0x2d3/0x390
[  137.907964]  do_exit+0x79d/0x2970
[  137.907990]  ? signal_wake_up_state+0x85/0x120
[  137.908020]  ? zap_other_threads+0x2b9/0x3a0
[  137.908050]  ? __pfx_do_exit+0x10/0x10
[  137.908075]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.908119]  ? lock_release+0x1c7/0x290
[  137.908147]  do_group_exit+0xd3/0x2a0
[  137.908175]  __x64_sys_exit_group+0x3e/0x50
[  137.908202]  x64_sys_call+0x18c5/0x18d0
[  137.908233]  do_syscall_64+0xbf/0x360
[  137.908255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.908279] RIP: 0033:0x7fd3278bbb19
[  137.908296] Code: Unable to access opcode bytes at 0x7fd3278bbaef.
14:09:03 executing program 1:
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x5008, 0xffffffffffffff01, 0x6, 0x5, 0xffffffffffffffff}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x8)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
dup(r1)
fsetxattr$security_selinux(r0, &(0x7f0000000480), &(0x7f0000000500)='system_u:object_r:dpkg_lock_t:s0\x00', 0x21, 0x0)

[  137.908306] RSP: 002b:00007ffe4d7a4308 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  137.908329] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd3278bbb19
[  137.908345] RDX: 00007fd32786e72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  137.908360] RBP: 0000000000000000 R08: 0000001b2d024fe0 R09: 0000000000000000
[  137.908374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.908388] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe4d7a43f0
[  137.908409]  </TASK>
[  137.908417] kmemleak: Object (percpu) 0x607f1a6399d0 (size 8):
[  137.908430] kmemleak:   comm "syz-executor.7", pid 3999, jiffies 4294804772
[  137.908444] kmemleak:   min_count = 1
[  137.908452] kmemleak:   count = 0
[  137.908460] kmemleak:   flags = 0x21
[  137.908467] kmemleak:   checksum = 0
[  137.908475] kmemleak:   backtrace:
[  137.908481]  pcpu_alloc_noprof+0x87a/0x1170
[  137.908511]  percpu_ref_init+0x37/0x400
[  137.908546]  blk_alloc_queue+0x571/0x750
[  137.908579]  blk_mq_alloc_queue+0x170/0x280
[  137.908602]  __blk_mq_alloc_disk+0x2a/0x120
[  137.908625]  loop_add+0x494/0xb60
[  137.908649]  loop_control_ioctl+0x13b/0x640
[  137.908674]  __x64_sys_ioctl+0x18f/0x210
[  137.908703]  do_syscall_64+0xbf/0x360
[  137.908720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.942441] CPU: 1 UID: 0 PID: 4017 Comm: syz-executor.6 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  137.944197] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  137.944923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  137.946118] RIP: 0010:perf_tp_event+0x175/0xe70
[  137.946822] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  137.949474] RSP: 0018:ffff888047e1f640 EFLAGS: 00010212
[  137.950258] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  137.951292] RDX: ffff8880156e1b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  137.952342] RBP: ffff888047e1f8b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  137.953386] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  137.954426] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  137.955473] FS:  00007f81802fc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  137.956652] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  137.957507] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  137.958557] Call Trace:
[  137.958948]  <TASK>
[  137.959291]  ? __pfx_perf_tp_event+0x10/0x10
[  137.959962]  ? css_rstat_updated+0x1b8/0x4d0
[  137.960639]  ? __pfx_css_rstat_updated+0x10/0x10
[  137.961352]  ? do_raw_spin_lock+0x123/0x260
[  137.962003]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.962698]  ? lock_acquire+0x18c/0x2f0
[  137.963296]  ? __update_load_avg_se+0x428/0xa40
[  137.964000]  ? lock_release+0x1c7/0x290
[  137.964603]  ? __perf_event_task_sched_in+0x235/0x5e0
[  137.965370]  ? perf_trace_run_bpf_submit+0xef/0x180
[  137.966107]  ? lock_release+0x1c7/0x290
[  137.966700]  perf_trace_run_bpf_submit+0xef/0x180
[  137.967428]  perf_trace_contention_begin+0x235/0x3e0
[  137.968190]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  137.969018]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  137.969788]  ? lock_acquire+0x18c/0x2f0
[  137.970389]  trace_contention_begin+0xae/0x110
[  137.971083]  __mutex_lock+0x14b/0x1020
[  137.971677]  ? perf_event_exit_task+0x46/0x510
[  137.972374]  ? perf_event_exit_task+0x46/0x510
[  137.973060]  ? do_raw_spin_lock+0x123/0x260
[  137.973704]  ? lock_acquire+0x18c/0x2f0
[  137.974298]  ? __pfx___mutex_lock+0x10/0x10
[  137.974946]  ? _raw_spin_unlock_irq+0x23/0x40
[  137.975622]  ? lock_release+0x1c7/0x290
[  137.976224]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  137.976999]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  137.977751]  ? taskstats_exit+0x8c/0xba0
[  137.978368]  perf_event_exit_task+0x46/0x510
[  137.979039]  do_exit+0x626/0x2970
[  137.979568]  ? lock_release+0x1c7/0x290
[  137.980171]  ? __pfx_do_exit+0x10/0x10
[  137.980753]  ? do_raw_spin_lock+0x123/0x260
[  137.981400]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  137.982098]  ? __call_rcu_common.constprop.0+0x70/0x960
[  137.982885]  do_group_exit+0xd3/0x2a0
[  137.983457]  get_signal+0x2315/0x2340
[  137.984047]  ? do_vfs_ioctl+0x125/0x1470
[  137.984671]  ? __pfx_get_signal+0x10/0x10
[  137.985298]  ? do_futex+0x135/0x370
[  137.985849]  ? __pfx_do_futex+0x10/0x10
[  137.986442]  arch_do_signal_or_restart+0x80/0x790
[  137.987166]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  137.987971]  ? __x64_sys_futex+0x1c9/0x4d0
[  137.988608]  ? __x64_sys_futex+0x1d2/0x4d0
[  137.989235]  ? __fget_files+0x20d/0x3b0
[  137.989826]  ? __pfx___x64_sys_futex+0x10/0x10
[  137.990510]  ? fdget_raw+0x154/0x1d0
[  137.991070]  exit_to_user_mode_loop+0x8b/0x110
[  137.991749]  do_syscall_64+0x2f7/0x360
[  137.992339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.993110] RIP: 0033:0x7f8182d86b19
[  137.993666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  137.996337] RSP: 002b:00007f81802fc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  137.997455] RAX: fffffffffffffe00 RBX: 00007f8182e99f68 RCX: 00007f8182d86b19
[  137.998493] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8182e99f68
[  137.999532] RBP: 00007f8182e99f60 R08: 0000000000000000 R09: 0000000000000000
[  138.000586] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8182e99f6c
[  138.001631] R13: 00007ffe82d7ff2f R14: 00007f81802fc300 R15: 0000000000022000
[  138.002683]  </TASK>
[  138.003037] Modules linked in:
[  138.004822] ---[ end trace 0000000000000000 ]---
[  138.005533] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.007182] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.009927] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  138.010745] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  138.011814] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.012896] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.013971] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  138.015041] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.016126] FS:  00007f81802fc700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.017339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.017459] kmemleak: Found object by alias at 0x607f1a6399d4
[  138.017496] CPU: 0 UID: 0 PID: 4023 Comm: syz-executor.1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.017537] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.017547] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.017560] Call Trace:
[  138.017567]  <TASK>
[  138.017575]  dump_stack_lvl+0xca/0x120
[  138.017620]  __lookup_object+0x94/0xb0
[  138.017651]  delete_object_full+0x27/0x70
[  138.017682]  free_percpu+0x30/0x1160
[  138.017712]  ? arch_uprobe_clear_state+0x16/0x140
[  138.017748]  futex_hash_free+0x38/0xc0
[  138.017773]  mmput+0x2d3/0x390
[  138.017809]  do_exit+0x79d/0x2970
[  138.017834]  ? signal_wake_up_state+0x85/0x120
[  138.017864]  ? zap_other_threads+0x2b9/0x3a0
[  138.017894]  ? __pfx_do_exit+0x10/0x10
[  138.017919]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.017951]  ? lock_release+0x1c7/0x290
[  138.017979]  do_group_exit+0xd3/0x2a0
[  138.018006]  __x64_sys_exit_group+0x3e/0x50
[  138.018033]  x64_sys_call+0x18c5/0x18d0
[  138.018063]  do_syscall_64+0xbf/0x360
[  138.018084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.018108] RIP: 0033:0x7fd3278bbb19
[  138.018124] Code: Unable to access opcode bytes at 0x7fd3278bbaef.
[  138.018134] RSP: 002b:00007ffe4d7a4308 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  138.018156] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fd3278bbb19
[  138.018172] RDX: 00007fd32786e72b RSI: ffffffffffffffbc RDI: 0000000000000000
[  138.018187] RBP: 0000000000000000 R08: 0000001b2d024f30 R09: 0000000000000000
[  138.018201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.018214] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe4d7a43f0
[  138.018236]  </TASK>
[  138.018244] kmemleak: Object (percpu) 0x607f1a6399d0 (size 8):
[  138.018257] kmemleak:   comm "syz-executor.7", pid 3999, jiffies 4294804772
[  138.018271] kmemleak:   min_count = 1
[  138.018279] kmemleak:   count = 0
[  138.018286] kmemleak:   flags = 0x21
[  138.018294] kmemleak:   checksum = 0
[  138.018301] kmemleak:   backtrace:
[  138.018307]  pcpu_alloc_noprof+0x87a/0x1170
[  138.018338]  percpu_ref_init+0x37/0x400
[  138.018372]  blk_alloc_queue+0x571/0x750
[  138.018406]  blk_mq_alloc_queue+0x170/0x280
[  138.018428]  __blk_mq_alloc_disk+0x2a/0x120
[  138.018451]  loop_add+0x494/0xb60
[  138.018475]  loop_control_ioctl+0x13b/0x640
[  138.018499]  __x64_sys_ioctl+0x18f/0x210
[  138.018529]  do_syscall_64+0xbf/0x360
[  138.018546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.053262] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  138.054353] note: syz-executor.6[4017] exited with preempt_count 2
[  138.055303] Fixing recursive fault but reboot is needed!
[  138.056124] BUG: scheduling while atomic: syz-executor.6/4017/0x00000000
[  138.057133] INFO: lockdep is turned off.
[  138.057747] Modules linked in:
[  138.058240] CPU: 1 UID: 0 PID: 4017 Comm: syz-executor.6 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.058277] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.058285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.058296] Call Trace:
[  138.058303]  <TASK>
[  138.058311]  dump_stack_lvl+0xfa/0x120
[  138.058345]  __schedule_bug+0xb9/0x100
[  138.058368]  __schedule+0x24f3/0x3590
[  138.058394]  ? __pfx_vprintk_emit+0x10/0x10
[  138.058427]  ? arch_do_signal_or_restart+0x80/0x790
[  138.058455]  ? __pfx___schedule+0x10/0x10
[  138.058481]  ? do_raw_spin_lock+0x123/0x260
[  138.058509]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.058535]  ? lock_acquire+0x18c/0x2f0
[  138.058558]  ? lock_release+0x1c7/0x290
[  138.058581]  ? do_task_dead+0x3e/0x110
[  138.058606]  do_task_dead+0xdc/0x110
[  138.058629]  make_task_dead+0x373/0x3b0
[  138.058653]  ? do_syscall_64+0x2f7/0x360
[  138.058671]  rewind_stack_and_make_dead+0x16/0x20
[  138.058706] RIP: 0033:0x7f8182d86b19
[  138.058722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  138.058742] RSP: 002b:00007f81802fc218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  138.058762] RAX: fffffffffffffe00 RBX: 00007f8182e99f68 RCX: 00007f8182d86b19
[  138.058776] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8182e99f68
[  138.058789] RBP: 00007f8182e99f60 R08: 0000000000000000 R09: 0000000000000000
[  138.058802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8182e99f6c
[  138.058815] R13: 00007ffe82d7ff2f R14: 00007f81802fc300 R15: 0000000000022000
[  138.058835]  </TASK>
[  138.085648] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#11] SMP KASAN NOPTI
[  138.087301] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  138.088574] CPU: 1 UID: 0 PID: 128 Comm: kworker/u10:3 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.090281] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.091016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.092228] Workqueue: events_unbound cfg80211_wiphy_work
[  138.093039] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.093847] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.096713] RSP: 0018:ffff8880171b7700 EFLAGS: 00010212
[  138.097499] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.098543] RDX: ffff8880155c8000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.099587] RBP: ffff8880171b7970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.100640] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.101670] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.102714] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.103885] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.104752] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  138.105797] Call Trace:
[  138.106188]  <TASK>
[  138.106533]  ? __pfx_perf_tp_event+0x10/0x10
[  138.107204]  ? ret_from_fork_asm+0x1a/0x30
[  138.107842]  ? stack_trace_save+0x8e/0xc0
[  138.108470]  ? stack_depot_save_flags+0x2c/0xa20
[  138.109177]  ? kasan_save_stack+0x34/0x50
[  138.109794]  ? kasan_save_stack+0x24/0x50
[  138.110409]  ? kasan_save_track+0x14/0x30
[  138.111027]  ? __kasan_save_free_info+0x3a/0x60
[  138.111717]  ? __kasan_slab_free+0x3f/0x50
[  138.112362]  ? kmem_cache_free+0x2a1/0x540
[  138.112985]  ? kfree_skbmem+0x18a/0x1f0
[  138.113579]  ? sk_skb_reason_drop+0x10e/0x1b0
[  138.114259]  ? ieee80211_iface_work+0x43c/0x1220
[  138.114970]  ? cfg80211_wiphy_work+0x245/0x480
[  138.115648]  ? process_one_work+0x8e1/0x19c0
[  138.116322]  ? worker_thread+0x67e/0xe90
[  138.116926]  ? kthread+0x3c8/0x740
[  138.117459]  ? ret_from_fork+0x34b/0x430
[  138.118075]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.118816]  perf_trace_run_bpf_submit+0xef/0x180
[  138.119538]  perf_trace_contention_begin+0x235/0x3e0
[  138.120302]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.121127]  ? lock_acquire+0x18c/0x2f0
[  138.121721]  ? trace_pelt_se_tp+0xdf/0x130
[  138.122344]  trace_contention_begin+0xae/0x110
[  138.123030]  __mutex_lock+0x14b/0x1020
[  138.123620]  ? cfg80211_wiphy_work+0x7e/0x480
[  138.124298]  ? cfg80211_wiphy_work+0x7e/0x480
[  138.124969]  ? __pfx___mutex_lock+0x10/0x10
[  138.125613]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  138.126538]  ? lock_acquire+0x18c/0x2f0
[  138.127204]  ? lock_release+0x1c7/0x290
[  138.127912]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.128778]  cfg80211_wiphy_work+0x7e/0x480
[  138.129425]  process_one_work+0x8e1/0x19c0
[  138.130063]  ? __pfx_process_one_work+0x10/0x10
[  138.130763]  ? move_linked_works+0x172/0x270
[  138.131432]  ? assign_work+0x196/0x240
[  138.132017]  worker_thread+0x67e/0xe90
[  138.132613]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.133390]  ? __pfx_worker_thread+0x10/0x10
[  138.134051]  kthread+0x3c8/0x740
[  138.134627]  ? __pfx_kthread+0x10/0x10
[  138.135307]  ? ret_from_fork+0x23/0x430
[  138.136058]  ? lock_release+0xc8/0x290
[  138.136676]  ? __pfx_kthread+0x10/0x10
[  138.137294]  ret_from_fork+0x34b/0x430
[  138.137990]  ? __pfx_kthread+0x10/0x10
[  138.138730]  ret_from_fork_asm+0x1a/0x30
[  138.139351]  </TASK>
[  138.139703] Modules linked in:
[  138.141402] ---[ end trace 0000000000000000 ]---
[  138.142867] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.143584] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.146280] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  138.147100] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  138.148194] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.149276] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.150354] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  138.151429] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.152514] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.153832] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.154911] CR2: 00007f6f3e8cb718 CR3: 00000000159cb000 CR4: 0000000000350ef0
[  138.156140] note: kworker/u10:3[128] exited with preempt_count 2
[  138.157276] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#12] SMP KASAN NOPTI
[  138.159100] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  138.160596] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.162614] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.163422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.164849] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.165660] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.168753] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.169623] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.170886] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.172164] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.173348] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.174626] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.175797] FS:  00007f1cd7e71700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.177211] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.178153] CR2: 00007f6f3e8cb718 CR3: 000000000cb02000 CR4: 0000000000350ef0
[  138.179389] Call Trace:
[  138.179892]  <TASK>
[  138.180263]  ? __pfx_perf_tp_event+0x10/0x10
[  138.181099]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.181993]  perf_trace_run_bpf_submit+0xef/0x180
[  138.182880]  perf_trace_contention_begin+0x235/0x3e0
[  138.183638]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.184506]  ? lock_acquire+0x18c/0x2f0
[  138.185300]  trace_contention_begin+0xae/0x110
[  138.186107]  __mutex_lock+0x14b/0x1020
[  138.186832]  ? perf_event_exit_task+0x46/0x510
[  138.187619]  ? perf_event_exit_task+0x46/0x510
[  138.188379]  ? do_raw_spin_lock+0x123/0x260
[  138.189024]  ? lock_acquire+0x18c/0x2f0
[  138.189731]  ? __pfx___mutex_lock+0x10/0x10
[  138.190570]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.191265]  ? lock_release+0x1c7/0x290
[  138.191970]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.192780]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.193506]  ? taskstats_exit+0x8c/0xba0
[  138.194101]  ? lock_acquire+0x18c/0x2f0
[  138.194676]  perf_event_exit_task+0x46/0x510
[  138.195318]  do_exit+0x626/0x2970
[  138.195918]  ? __pfx_do_exit+0x10/0x10
[  138.196750]  ? do_raw_spin_lock+0x123/0x260
[  138.197374]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.198052]  do_group_exit+0xd3/0x2a0
[  138.198604]  get_signal+0x2315/0x2340
[  138.199231]  ? __pfx_get_signal+0x10/0x10
[  138.199944]  ? lock_release+0x1c7/0x290
[  138.200529]  arch_do_signal_or_restart+0x80/0x790
[  138.201231]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.202005]  ? lock_acquire+0x18c/0x2f0
[  138.202577]  ? do_raw_spin_lock+0x123/0x260
[  138.203200]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.203982]  ? finish_task_switch.isra.0+0x294/0x840
[  138.204968]  exit_to_user_mode_loop+0x8b/0x110
[  138.205623]  ret_from_fork+0x3ac/0x430
[  138.206212]  ret_from_fork_asm+0x1a/0x30
[  138.206827]  </TASK>
[  138.207178] Modules linked in:
[  138.208770] ---[ end trace 0000000000000000 ]---
[  138.209486] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.210933] BUG: Bad page state in process syz-executor.5  pfn:47e19
[  138.210957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47e19
[  138.210981] flags: 0x100000000000000(node=0|zone=1)
[  138.210999] page_type: f9(unknown)
[  138.211021] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  138.211043] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.211057] page dumped because: nonzero mapcount
[  138.211066] Modules linked in:
[  138.211086] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.211126] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.211135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.211148] Call Trace:
[  138.211154]  <IRQ>
[  138.211163]  dump_stack_lvl+0xfa/0x120
[  138.211199]  bad_page+0x8c/0x1c0
[  138.211222]  __free_frozen_pages+0xaf9/0xe10
[  138.211255]  ? rcu_core+0x7c3/0x1800
[  138.211282]  rcu_core+0x7c8/0x1800
[  138.211313]  ? __pfx_rcu_core+0x10/0x10
[  138.211343]  ? tasklet_action_common+0x274/0x3b0
[  138.211370]  handle_softirqs+0x1b1/0x770
[  138.211409]  __irq_exit_rcu+0xc4/0x100
[  138.211445]  irq_exit_rcu+0x9/0x20
[  138.211464]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.211497]  </IRQ>
[  138.211504]  <TASK>
[  138.211511]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.211537] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.211573] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.211596] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.211614] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.211630] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.211645] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.211659] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.211674] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.211693]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.211725]  ? console_flush_all+0x8bd/0xb70
[  138.211760]  ? console_flush_all+0x8bd/0xb70
[  138.211797]  ? __pfx_console_flush_all+0x10/0x10
[  138.211832]  ? __pfx_vprintk_store+0x10/0x10
[  138.211868]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.211892]  console_unlock+0xc2/0x1f0
[  138.211925]  ? __pfx_console_unlock+0x10/0x10
[  138.211959]  ? do_raw_spin_unlock+0x53/0x220
[  138.211991]  ? _printk+0xbe/0xf0
[  138.212019]  vprintk_emit+0x3f6/0x630
[  138.212054]  ? __pfx_vprintk_emit+0x10/0x10
[  138.212102]  ? irq_work_queue+0x9c/0x100
[  138.212132]  _printk+0xbe/0xf0
[  138.212157]  ? __pfx__printk+0x10/0x10
[  138.212184]  ? lock_acquire+0x18c/0x2f0
[  138.212213]  ? perf_tp_event+0x175/0xe70
[  138.212244]  show_iret_regs+0x26/0x60
[  138.212280]  __show_regs+0x2a/0x750
[  138.212309]  ? printk_percpu_data_ready+0x9/0x20
[  138.212340]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.212369]  oops_end+0x7d/0xe0
[  138.212403]  exc_general_protection+0x1a2/0x330
[  138.212433]  asm_exc_general_protection+0x26/0x30
[  138.212456] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.212488] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.212510] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.212527] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.212542] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.212557] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.212573] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.212587] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.212607]  ? perf_tp_event+0x167/0xe70
[  138.212643]  ? __pfx_perf_tp_event+0x10/0x10
[  138.212693]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.212727]  perf_trace_run_bpf_submit+0xef/0x180
[  138.212762]  perf_trace_contention_begin+0x235/0x3e0
[  138.212792]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.212823]  ? lock_acquire+0x18c/0x2f0
[  138.212851]  trace_contention_begin+0xae/0x110
[  138.212881]  __mutex_lock+0x14b/0x1020
[  138.212915]  ? perf_event_exit_task+0x46/0x510
[  138.212947]  ? perf_event_exit_task+0x46/0x510
[  138.212979]  ? do_raw_spin_lock+0x123/0x260
[  138.213011]  ? lock_acquire+0x18c/0x2f0
[  138.213037]  ? __pfx___mutex_lock+0x10/0x10
[  138.213071]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.213100]  ? lock_release+0x1c7/0x290
[  138.213126]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.213150]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.213181]  ? taskstats_exit+0x8c/0xba0
[  138.213217]  ? lock_acquire+0x18c/0x2f0
[  138.213246]  perf_event_exit_task+0x46/0x510
[  138.213280]  do_exit+0x626/0x2970
[  138.213310]  ? __pfx_do_exit+0x10/0x10
[  138.213337]  ? do_raw_spin_lock+0x123/0x260
[  138.213368]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.213402]  do_group_exit+0xd3/0x2a0
[  138.213431]  get_signal+0x2315/0x2340
[  138.213470]  ? __pfx_get_signal+0x10/0x10
[  138.213507]  ? lock_release+0x1c7/0x290
[  138.213535]  arch_do_signal_or_restart+0x80/0x790
[  138.213568]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.213602]  ? lock_acquire+0x18c/0x2f0
[  138.213629]  ? do_raw_spin_lock+0x123/0x260
[  138.213661]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.213693]  ? finish_task_switch.isra.0+0x294/0x840
[  138.213733]  exit_to_user_mode_loop+0x8b/0x110
[  138.213756]  ret_from_fork+0x3ac/0x430
[  138.213793]  ret_from_fork_asm+0x1a/0x30
[  138.213830]  </TASK>
[  138.213868] BUG: Bad page state in process syz-executor.5  pfn:47e1a
[  138.213884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888047e1a540 pfn:0x47e1a
[  138.213906] flags: 0x100000000000000(node=0|zone=1)
[  138.213922] page_type: f9(unknown)
[  138.213942] raw: 0100000000000000 dead000000000100 dead000000000122 0000000000000000
[  138.213964] raw: ffff888047e1a540 0000000000000000 00000000f9000000 0000000000000000
[  138.213978] page dumped because: nonzero mapcount
[  138.213987] Modules linked in:
[  138.214004] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.214044] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.214053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.214065] Call Trace:
[  138.214071]  <IRQ>
[  138.214079]  dump_stack_lvl+0xfa/0x120
[  138.214114]  bad_page+0x8c/0x1c0
[  138.214135]  __free_frozen_pages+0xaf9/0xe10
[  138.214167]  ? rcu_core+0x7c3/0x1800
[  138.214195]  rcu_core+0x7c8/0x1800
[  138.214225]  ? __pfx_rcu_core+0x10/0x10
[  138.214255]  ? tasklet_action_common+0x274/0x3b0
[  138.214281]  handle_softirqs+0x1b1/0x770
[  138.214320]  __irq_exit_rcu+0xc4/0x100
[  138.214356]  irq_exit_rcu+0x9/0x20
[  138.214376]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.214408]  </IRQ>
[  138.214415]  <TASK>
[  138.214422]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.214448] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.214483] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.214505] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.214523] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.214538] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.214553] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.214567] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.214582] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.214601]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.214625]  ? console_flush_all+0x8bd/0xb70
[  138.214660]  ? console_flush_all+0x8bd/0xb70
[  138.214697]  ? __pfx_console_flush_all+0x10/0x10
[  138.214739]  ? __pfx_vprintk_store+0x10/0x10
[  138.214775]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.214799]  console_unlock+0xc2/0x1f0
[  138.214832]  ? __pfx_console_unlock+0x10/0x10
[  138.214866]  ? do_raw_spin_unlock+0x53/0x220
[  138.214899]  ? _printk+0xbe/0xf0
[  138.214926]  vprintk_emit+0x3f6/0x630
[  138.214962]  ? __pfx_vprintk_emit+0x10/0x10
[  138.214998]  ? irq_work_queue+0x9c/0x100
[  138.215027]  _printk+0xbe/0xf0
[  138.215052]  ? __pfx__printk+0x10/0x10
[  138.215080]  ? lock_acquire+0x18c/0x2f0
[  138.215108]  ? perf_tp_event+0x175/0xe70
[  138.215139]  show_iret_regs+0x26/0x60
[  138.215175]  __show_regs+0x2a/0x750
[  138.215204]  ? printk_percpu_data_ready+0x9/0x20
[  138.215235]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.215264]  oops_end+0x7d/0xe0
[  138.215298]  exc_general_protection+0x1a2/0x330
[  138.215328]  asm_exc_general_protection+0x26/0x30
[  138.215351] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.215382] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.215405] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.215422] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.215437] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.215452] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.215468] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.215482] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.215502]  ? perf_tp_event+0x167/0xe70
[  138.215538]  ? __pfx_perf_tp_event+0x10/0x10
[  138.215588]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.215622]  perf_trace_run_bpf_submit+0xef/0x180
[  138.215657]  perf_trace_contention_begin+0x235/0x3e0
[  138.215687]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.215718]  ? lock_acquire+0x18c/0x2f0
[  138.215746]  trace_contention_begin+0xae/0x110
[  138.215776]  __mutex_lock+0x14b/0x1020
[  138.215810]  ? perf_event_exit_task+0x46/0x510
[  138.215842]  ? perf_event_exit_task+0x46/0x510
[  138.215875]  ? do_raw_spin_lock+0x123/0x260
[  138.215907]  ? lock_acquire+0x18c/0x2f0
[  138.215933]  ? __pfx___mutex_lock+0x10/0x10
[  138.215967]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.215996]  ? lock_release+0x1c7/0x290
[  138.216022]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.216046]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.216077]  ? taskstats_exit+0x8c/0xba0
[  138.216123]  ? lock_acquire+0x18c/0x2f0
[  138.216151]  perf_event_exit_task+0x46/0x510
[  138.216186]  do_exit+0x626/0x2970
[  138.216216]  ? __pfx_do_exit+0x10/0x10
[  138.216242]  ? do_raw_spin_lock+0x123/0x260
[  138.216274]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.216308]  do_group_exit+0xd3/0x2a0
[  138.216337]  get_signal+0x2315/0x2340
[  138.216376]  ? __pfx_get_signal+0x10/0x10
[  138.216413]  ? lock_release+0x1c7/0x290
[  138.216441]  arch_do_signal_or_restart+0x80/0x790
[  138.216474]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.216508]  ? lock_acquire+0x18c/0x2f0
[  138.216535]  ? do_raw_spin_lock+0x123/0x260
[  138.216567]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.216600]  ? finish_task_switch.isra.0+0x294/0x840
[  138.216639]  exit_to_user_mode_loop+0x8b/0x110
[  138.216662]  ret_from_fork+0x3ac/0x430
[  138.216699]  ret_from_fork_asm+0x1a/0x30
[  138.216736]  </TASK>
[  138.216770] BUG: Bad page state in process syz-executor.5  pfn:47e1b
[  138.216785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47e1b
[  138.216805] flags: 0x100000000000000(node=0|zone=1)
[  138.216821] page_type: f9(unknown)
[  138.216840] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  138.216862] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.216876] page dumped because: nonzero mapcount
[  138.216885] Modules linked in:
[  138.216902] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.216941] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.216950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.216963] Call Trace:
[  138.216969]  <IRQ>
[  138.216977]  dump_stack_lvl+0xfa/0x120
[  138.217011]  bad_page+0x8c/0x1c0
[  138.217033]  __free_frozen_pages+0xaf9/0xe10
[  138.217065]  ? rcu_core+0x7c3/0x1800
[  138.217092]  rcu_core+0x7c8/0x1800
[  138.217123]  ? __pfx_rcu_core+0x10/0x10
[  138.217153]  ? tasklet_action_common+0x274/0x3b0
[  138.217178]  handle_softirqs+0x1b1/0x770
[  138.217218]  __irq_exit_rcu+0xc4/0x100
[  138.217254]  irq_exit_rcu+0x9/0x20
[  138.217273]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.217305]  </IRQ>
[  138.217312]  <TASK>
[  138.217320]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.217345] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.217380] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.217403] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.217420] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.217435] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.217450] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.217464] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.217479] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.217498]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.217522]  ? console_flush_all+0x8bd/0xb70
[  138.217557]  ? console_flush_all+0x8bd/0xb70
[  138.217594]  ? __pfx_console_flush_all+0x10/0x10
[  138.217629]  ? __pfx_vprintk_store+0x10/0x10
[  138.217666]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.217690]  console_unlock+0xc2/0x1f0
[  138.217729]  ? __pfx_console_unlock+0x10/0x10
[  138.217763]  ? do_raw_spin_unlock+0x53/0x220
[  138.217796]  ? _printk+0xbe/0xf0
[  138.217823]  vprintk_emit+0x3f6/0x630
[  138.217858]  ? __pfx_vprintk_emit+0x10/0x10
[  138.217895]  ? irq_work_queue+0x9c/0x100
[  138.217924]  _printk+0xbe/0xf0
[  138.217949]  ? __pfx__printk+0x10/0x10
[  138.217976]  ? lock_acquire+0x18c/0x2f0
[  138.218005]  ? perf_tp_event+0x175/0xe70
[  138.218036]  show_iret_regs+0x26/0x60
[  138.218072]  __show_regs+0x2a/0x750
[  138.218100]  ? printk_percpu_data_ready+0x9/0x20
[  138.218132]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.218160]  oops_end+0x7d/0xe0
[  138.218195]  exc_general_protection+0x1a2/0x330
[  138.218224]  asm_exc_general_protection+0x26/0x30
[  138.218248] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.218279] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.218301] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.218318] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.218333] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.218349] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.218364] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.218378] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.218398]  ? perf_tp_event+0x167/0xe70
[  138.218434]  ? __pfx_perf_tp_event+0x10/0x10
[  138.218484]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.218518]  perf_trace_run_bpf_submit+0xef/0x180
[  138.218553]  perf_trace_contention_begin+0x235/0x3e0
[  138.218583]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.218614]  ? lock_acquire+0x18c/0x2f0
[  138.218643]  trace_contention_begin+0xae/0x110
[  138.218672]  __mutex_lock+0x14b/0x1020
[  138.218706]  ? perf_event_exit_task+0x46/0x510
[  138.218738]  ? perf_event_exit_task+0x46/0x510
[  138.218771]  ? do_raw_spin_lock+0x123/0x260
[  138.218803]  ? lock_acquire+0x18c/0x2f0
[  138.218829]  ? __pfx___mutex_lock+0x10/0x10
[  138.218863]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.218892]  ? lock_release+0x1c7/0x290
[  138.218918]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.218942]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.218973]  ? taskstats_exit+0x8c/0xba0
[  138.219009]  ? lock_acquire+0x18c/0x2f0
[  138.219037]  perf_event_exit_task+0x46/0x510
[  138.219072]  do_exit+0x626/0x2970
[  138.219102]  ? __pfx_do_exit+0x10/0x10
[  138.219129]  ? do_raw_spin_lock+0x123/0x260
[  138.219160]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.219194]  do_group_exit+0xd3/0x2a0
[  138.219223]  get_signal+0x2315/0x2340
[  138.219262]  ? __pfx_get_signal+0x10/0x10
[  138.219299]  ? lock_release+0x1c7/0x290
[  138.219327]  arch_do_signal_or_restart+0x80/0x790
[  138.219360]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.219394]  ? lock_acquire+0x18c/0x2f0
[  138.219422]  ? do_raw_spin_lock+0x123/0x260
[  138.219453]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.219486]  ? finish_task_switch.isra.0+0x294/0x840
[  138.219525]  exit_to_user_mode_loop+0x8b/0x110
[  138.219549]  ret_from_fork+0x3ac/0x430
[  138.219585]  ret_from_fork_asm+0x1a/0x30
[  138.219622]  </TASK>
[  138.219655] BUG: Bad page state in process syz-executor.5  pfn:47e1c
[  138.219670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888047e1ca00 pfn:0x47e1c
[  138.219692] flags: 0x100000000000000(node=0|zone=1)
[  138.219730] page_type: f9(unknown)
[  138.219751] raw: 0100000000000000 dead000000000100 dead000000000122 0000000000000000
[  138.219773] raw: ffff888047e1ca00 0000000000000000 00000000f9000000 0000000000000000
[  138.219787] page dumped because: nonzero mapcount
[  138.219796] Modules linked in:
[  138.219813] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.219852] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.219861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.219874] Call Trace:
[  138.219880]  <IRQ>
[  138.219888]  dump_stack_lvl+0xfa/0x120
[  138.219923]  bad_page+0x8c/0x1c0
[  138.219944]  __free_frozen_pages+0xaf9/0xe10
[  138.219976]  ? rcu_core+0x7c3/0x1800
[  138.220003]  rcu_core+0x7c8/0x1800
[  138.220034]  ? __pfx_rcu_core+0x10/0x10
[  138.220064]  ? tasklet_action_common+0x274/0x3b0
[  138.220099]  handle_softirqs+0x1b1/0x770
[  138.220139]  __irq_exit_rcu+0xc4/0x100
[  138.220175]  irq_exit_rcu+0x9/0x20
[  138.220194]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.220226]  </IRQ>
[  138.220233]  <TASK>
[  138.220241]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.220266] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.220302] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.220324] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.220342] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.220357] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.220371] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.220385] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.220400] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.220420]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.220444]  ? console_flush_all+0x8bd/0xb70
[  138.220479]  ? console_flush_all+0x8bd/0xb70
[  138.220516]  ? __pfx_console_flush_all+0x10/0x10
[  138.220551]  ? __pfx_vprintk_store+0x10/0x10
[  138.220587]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.220611]  console_unlock+0xc2/0x1f0
[  138.220644]  ? __pfx_console_unlock+0x10/0x10
[  138.220678]  ? do_raw_spin_unlock+0x53/0x220
[  138.220716]  ? _printk+0xbe/0xf0
[  138.220743]  vprintk_emit+0x3f6/0x630
[  138.220779]  ? __pfx_vprintk_emit+0x10/0x10
[  138.220816]  ? irq_work_queue+0x9c/0x100
[  138.220845]  _printk+0xbe/0xf0
[  138.220870]  ? __pfx__printk+0x10/0x10
[  138.220897]  ? lock_acquire+0x18c/0x2f0
[  138.220925]  ? perf_tp_event+0x175/0xe70
[  138.220956]  show_iret_regs+0x26/0x60
[  138.220992]  __show_regs+0x2a/0x750
[  138.221021]  ? printk_percpu_data_ready+0x9/0x20
[  138.221052]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.221081]  oops_end+0x7d/0xe0
[  138.221115]  exc_general_protection+0x1a2/0x330
[  138.221145]  asm_exc_general_protection+0x26/0x30
[  138.221168] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.221200] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.221226] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.221243] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.221258] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.221274] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.221289] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.221303] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.221323]  ? perf_tp_event+0x167/0xe70
[  138.221359]  ? __pfx_perf_tp_event+0x10/0x10
[  138.221409]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.221443]  perf_trace_run_bpf_submit+0xef/0x180
[  138.221478]  perf_trace_contention_begin+0x235/0x3e0
[  138.221508]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.221539]  ? lock_acquire+0x18c/0x2f0
[  138.221568]  trace_contention_begin+0xae/0x110
[  138.221597]  __mutex_lock+0x14b/0x1020
[  138.221631]  ? perf_event_exit_task+0x46/0x510
[  138.221663]  ? perf_event_exit_task+0x46/0x510
[  138.221696]  ? do_raw_spin_lock+0x123/0x260
[  138.221727]  ? lock_acquire+0x18c/0x2f0
[  138.221753]  ? __pfx___mutex_lock+0x10/0x10
[  138.221788]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.221816]  ? lock_release+0x1c7/0x290
[  138.221843]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.221867]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.221897]  ? taskstats_exit+0x8c/0xba0
[  138.221933]  ? lock_acquire+0x18c/0x2f0
[  138.221962]  perf_event_exit_task+0x46/0x510
[  138.221997]  do_exit+0x626/0x2970
[  138.222026]  ? __pfx_do_exit+0x10/0x10
[  138.222053]  ? do_raw_spin_lock+0x123/0x260
[  138.222085]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.222118]  do_group_exit+0xd3/0x2a0
[  138.222147]  get_signal+0x2315/0x2340
[  138.222187]  ? __pfx_get_signal+0x10/0x10
[  138.222223]  ? lock_release+0x1c7/0x290
[  138.222251]  arch_do_signal_or_restart+0x80/0x790
[  138.222285]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.222319]  ? lock_acquire+0x18c/0x2f0
[  138.222346]  ? do_raw_spin_lock+0x123/0x260
[  138.222378]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.222410]  ? finish_task_switch.isra.0+0x294/0x840
[  138.222450]  exit_to_user_mode_loop+0x8b/0x110
[  138.222473]  ret_from_fork+0x3ac/0x430
[  138.222510]  ret_from_fork_asm+0x1a/0x30
[  138.222547]  </TASK>
[  138.222580] BUG: Bad page state in process syz-executor.5  pfn:47e1d
[  138.222595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47e1d
[  138.222615] flags: 0x100000000000000(node=0|zone=1)
[  138.222631] page_type: f9(unknown)
[  138.222650] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  138.222672] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.222686] page dumped because: nonzero mapcount
[  138.222695] Modules linked in:
[  138.222735] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.222775] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.222784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.222796] Call Trace:
[  138.222802]  <IRQ>
[  138.222810]  dump_stack_lvl+0xfa/0x120
[  138.222845]  bad_page+0x8c/0x1c0
[  138.222866]  __free_frozen_pages+0xaf9/0xe10
[  138.222898]  ? rcu_core+0x7c3/0x1800
[  138.222926]  rcu_core+0x7c8/0x1800
[  138.222956]  ? __pfx_rcu_core+0x10/0x10
[  138.222986]  ? tasklet_action_common+0x274/0x3b0
[  138.223012]  handle_softirqs+0x1b1/0x770
[  138.223051]  __irq_exit_rcu+0xc4/0x100
[  138.223087]  irq_exit_rcu+0x9/0x20
[  138.223106]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.223138]  </IRQ>
[  138.223145]  <TASK>
[  138.223153]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.223178] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.223214] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.223236] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.223254] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.223269] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.223283] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.223297] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.223312] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.223332]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.223356]  ? console_flush_all+0x8bd/0xb70
[  138.223391]  ? console_flush_all+0x8bd/0xb70
[  138.223428]  ? __pfx_console_flush_all+0x10/0x10
[  138.223463]  ? __pfx_vprintk_store+0x10/0x10
[  138.223499]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.223523]  console_unlock+0xc2/0x1f0
[  138.223556]  ? __pfx_console_unlock+0x10/0x10
[  138.223590]  ? do_raw_spin_unlock+0x53/0x220
[  138.223622]  ? _printk+0xbe/0xf0
[  138.223649]  vprintk_emit+0x3f6/0x630
[  138.223685]  ? __pfx_vprintk_emit+0x10/0x10
[  138.223728]  ? irq_work_queue+0x9c/0x100
[  138.223757]  _printk+0xbe/0xf0
[  138.223782]  ? __pfx__printk+0x10/0x10
[  138.223809]  ? lock_acquire+0x18c/0x2f0
[  138.223837]  ? perf_tp_event+0x175/0xe70
[  138.223868]  show_iret_regs+0x26/0x60
[  138.223904]  __show_regs+0x2a/0x750
[  138.223933]  ? printk_percpu_data_ready+0x9/0x20
[  138.223964]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.223993]  oops_end+0x7d/0xe0
[  138.224027]  exc_general_protection+0x1a2/0x330
[  138.224057]  asm_exc_general_protection+0x26/0x30
[  138.224080] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.224120] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.224142] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.224160] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.224175] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.224190] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.224206] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.224220] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.224242]  ? perf_tp_event+0x167/0xe70
[  138.224280]  ? __pfx_perf_tp_event+0x10/0x10
[  138.224330]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.224364]  perf_trace_run_bpf_submit+0xef/0x180
[  138.224399]  perf_trace_contention_begin+0x235/0x3e0
[  138.224429]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.224460]  ? lock_acquire+0x18c/0x2f0
[  138.224488]  trace_contention_begin+0xae/0x110
[  138.224518]  __mutex_lock+0x14b/0x1020
[  138.224551]  ? perf_event_exit_task+0x46/0x510
[  138.224584]  ? perf_event_exit_task+0x46/0x510
[  138.224616]  ? do_raw_spin_lock+0x123/0x260
[  138.224648]  ? lock_acquire+0x18c/0x2f0
[  138.224674]  ? __pfx___mutex_lock+0x10/0x10
[  138.224708]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.224737]  ? lock_release+0x1c7/0x290
[  138.224763]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.224787]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.224818]  ? taskstats_exit+0x8c/0xba0
[  138.224854]  ? lock_acquire+0x18c/0x2f0
[  138.224882]  perf_event_exit_task+0x46/0x510
[  138.224917]  do_exit+0x626/0x2970
[  138.224946]  ? __pfx_do_exit+0x10/0x10
[  138.224973]  ? do_raw_spin_lock+0x123/0x260
[  138.225004]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.225038]  do_group_exit+0xd3/0x2a0
[  138.225067]  get_signal+0x2315/0x2340
[  138.225106]  ? __pfx_get_signal+0x10/0x10
[  138.225143]  ? lock_release+0x1c7/0x290
[  138.225171]  arch_do_signal_or_restart+0x80/0x790
[  138.225204]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.225238]  ? lock_acquire+0x18c/0x2f0
[  138.225265]  ? do_raw_spin_lock+0x123/0x260
[  138.225297]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.225329]  ? finish_task_switch.isra.0+0x294/0x840
[  138.225369]  exit_to_user_mode_loop+0x8b/0x110
[  138.225392]  ret_from_fork+0x3ac/0x430
[  138.225429]  ret_from_fork_asm+0x1a/0x30
[  138.225466]  </TASK>
[  138.225498] BUG: Bad page state in process syz-executor.5  pfn:47e1e
[  138.225513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888047e1f600 pfn:0x47e1e
[  138.225534] flags: 0x100000000000000(node=0|zone=1)
[  138.225550] page_type: f9(unknown)
[  138.225570] raw: 0100000000000000 dead000000000100 dead000000000122 0000000000000000
[  138.225592] raw: ffff888047e1f600 0000000000100000 00000000f9000000 0000000000000000
[  138.225606] page dumped because: nonzero mapcount
[  138.225615] Modules linked in:
[  138.225632] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.225671] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.225680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.225692] Call Trace:
[  138.225699]  <IRQ>
[  138.225712]  dump_stack_lvl+0xfa/0x120
[  138.225747]  bad_page+0x8c/0x1c0
[  138.225768]  __free_frozen_pages+0xaf9/0xe10
[  138.225800]  ? rcu_core+0x7c3/0x1800
[  138.225828]  rcu_core+0x7c8/0x1800
[  138.225859]  ? __pfx_rcu_core+0x10/0x10
[  138.225889]  ? tasklet_action_common+0x274/0x3b0
[  138.225914]  handle_softirqs+0x1b1/0x770
[  138.225953]  __irq_exit_rcu+0xc4/0x100
[  138.225989]  irq_exit_rcu+0x9/0x20
[  138.226009]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.226041]  </IRQ>
[  138.226048]  <TASK>
[  138.226055]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.226080] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.226116] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.226138] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.226156] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.226171] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.226185] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.226199] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.226214] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.226234]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.226258]  ? console_flush_all+0x8bd/0xb70
[  138.226293]  ? console_flush_all+0x8bd/0xb70
[  138.226330]  ? __pfx_console_flush_all+0x10/0x10
[  138.226365]  ? __pfx_vprintk_store+0x10/0x10
[  138.226401]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.226425]  console_unlock+0xc2/0x1f0
[  138.226458]  ? __pfx_console_unlock+0x10/0x10
[  138.226492]  ? do_raw_spin_unlock+0x53/0x220
[  138.226524]  ? _printk+0xbe/0xf0
[  138.226551]  vprintk_emit+0x3f6/0x630
[  138.226587]  ? __pfx_vprintk_emit+0x10/0x10
[  138.226624]  ? irq_work_queue+0x9c/0x100
[  138.226653]  _printk+0xbe/0xf0
[  138.226678]  ? __pfx__printk+0x10/0x10
[  138.226705]  ? lock_acquire+0x18c/0x2f0
[  138.226734]  ? perf_tp_event+0x175/0xe70
[  138.226765]  show_iret_regs+0x26/0x60
[  138.226801]  __show_regs+0x2a/0x750
[  138.226829]  ? printk_percpu_data_ready+0x9/0x20
[  138.226861]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.226889]  oops_end+0x7d/0xe0
[  138.226923]  exc_general_protection+0x1a2/0x330
[  138.226953]  asm_exc_general_protection+0x26/0x30
[  138.226976] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.227008] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.227030] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.227047] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.227062] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.227077] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.227093] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.227107] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.227127]  ? perf_tp_event+0x167/0xe70
[  138.227163]  ? __pfx_perf_tp_event+0x10/0x10
[  138.227213]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.227247]  perf_trace_run_bpf_submit+0xef/0x180
[  138.227282]  perf_trace_contention_begin+0x235/0x3e0
[  138.227312]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.227343]  ? lock_acquire+0x18c/0x2f0
[  138.227371]  trace_contention_begin+0xae/0x110
[  138.227401]  __mutex_lock+0x14b/0x1020
[  138.227435]  ? perf_event_exit_task+0x46/0x510
[  138.227467]  ? perf_event_exit_task+0x46/0x510
[  138.227500]  ? do_raw_spin_lock+0x123/0x260
[  138.227532]  ? lock_acquire+0x18c/0x2f0
[  138.227558]  ? __pfx___mutex_lock+0x10/0x10
[  138.227592]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.227621]  ? lock_release+0x1c7/0x290
[  138.227647]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.227671]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.227702]  ? taskstats_exit+0x8c/0xba0
[  138.227738]  ? lock_acquire+0x18c/0x2f0
[  138.227767]  perf_event_exit_task+0x46/0x510
[  138.227802]  do_exit+0x626/0x2970
[  138.227831]  ? __pfx_do_exit+0x10/0x10
[  138.227858]  ? do_raw_spin_lock+0x123/0x260
[  138.227890]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.227923]  do_group_exit+0xd3/0x2a0
[  138.227952]  get_signal+0x2315/0x2340
[  138.227992]  ? __pfx_get_signal+0x10/0x10
[  138.228028]  ? lock_release+0x1c7/0x290
[  138.228056]  arch_do_signal_or_restart+0x80/0x790
[  138.228100]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.228134]  ? lock_acquire+0x18c/0x2f0
[  138.228161]  ? do_raw_spin_lock+0x123/0x260
[  138.228193]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.228225]  ? finish_task_switch.isra.0+0x294/0x840
[  138.228265]  exit_to_user_mode_loop+0x8b/0x110
[  138.228288]  ret_from_fork+0x3ac/0x430
[  138.228325]  ret_from_fork_asm+0x1a/0x30
[  138.228362]  </TASK>
[  138.228395] BUG: Bad page state in process syz-executor.5  pfn:47e1f
[  138.228410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47e1f
[  138.228430] flags: 0x100000000000000(node=0|zone=1)
[  138.228446] page_type: f9(unknown)
[  138.228466] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  138.228487] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.228501] page dumped because: nonzero mapcount
[  138.228510] Modules linked in:
[  138.228527] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.228566] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.228575] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.228588] Call Trace:
[  138.228594]  <IRQ>
[  138.228602]  dump_stack_lvl+0xfa/0x120
[  138.228636]  bad_page+0x8c/0x1c0
[  138.228658]  __free_frozen_pages+0xaf9/0xe10
[  138.228690]  ? rcu_core+0x7c3/0x1800
[  138.228723]  rcu_core+0x7c8/0x1800
[  138.228754]  ? __pfx_rcu_core+0x10/0x10
[  138.228784]  ? tasklet_action_common+0x274/0x3b0
[  138.228809]  handle_softirqs+0x1b1/0x770
[  138.228849]  __irq_exit_rcu+0xc4/0x100
[  138.228885]  irq_exit_rcu+0x9/0x20
[  138.228904]  sysvec_apic_timer_interrupt+0x70/0x80
[  138.228936]  </IRQ>
[  138.228943]  <TASK>
[  138.228951]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.228976] RIP: 0010:console_flush_all+0x8c1/0xb70
[  138.229012] Code: 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 6c 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 98 6e 1f 00 e8 83 b3 27 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 19 ff ff ff 4c 89 ef e8 18 7e 5b
[  138.229034] RSP: 0018:ffff88800f4670f8 EFLAGS: 00000246
[  138.229052] RAX: ffffffff85f37a58 RBX: 0000000000000001 RCX: ffffffff817c2b86
[  138.229067] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff815478ed
[  138.229081] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
[  138.229095] R10: ffffffff8643ac57 R11: 30376578302f4952 R12: 0000000000000000
[  138.229110] R13: ffffffff85f37a58 R14: dffffc0000000000 R15: ffffffff85f37a00
[  138.229129]  ? trace_irq_enable.constprop.0+0x26/0x100
[  138.229153]  ? console_flush_all+0x8bd/0xb70
[  138.229189]  ? console_flush_all+0x8bd/0xb70
[  138.229225]  ? __pfx_console_flush_all+0x10/0x10
[  138.229261]  ? __pfx_vprintk_store+0x10/0x10
[  138.229297]  ? is_printk_cpu_sync_owner+0x32/0x40
[  138.229321]  console_unlock+0xc2/0x1f0
[  138.229354]  ? __pfx_console_unlock+0x10/0x10
[  138.229388]  ? do_raw_spin_unlock+0x53/0x220
[  138.229420]  ? _printk+0xbe/0xf0
[  138.229447]  vprintk_emit+0x3f6/0x630
[  138.229483]  ? __pfx_vprintk_emit+0x10/0x10
[  138.229520]  ? irq_work_queue+0x9c/0x100
[  138.229549]  _printk+0xbe/0xf0
[  138.229574]  ? __pfx__printk+0x10/0x10
[  138.229601]  ? lock_acquire+0x18c/0x2f0
[  138.229629]  ? perf_tp_event+0x175/0xe70
[  138.229660]  show_iret_regs+0x26/0x60
[  138.229696]  __show_regs+0x2a/0x750
[  138.229725]  ? printk_percpu_data_ready+0x9/0x20
[  138.229757]  ? nbcon_get_cpu_emergency_nesting+0x3c/0x50
[  138.229785]  oops_end+0x7d/0xe0
[  138.229819]  exc_general_protection+0x1a2/0x330
[  138.229849]  asm_exc_general_protection+0x26/0x30
[  138.229872] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.229904] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.229926] RSP: 0018:ffff88800f467640 EFLAGS: 00010212
[  138.229943] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  138.229958] RDX: ffff888017475280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.229974] RBP: ffff88800f4678b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.229989] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.230004] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.230023]  ? perf_tp_event+0x167/0xe70
[  138.230059]  ? __pfx_perf_tp_event+0x10/0x10
[  138.230109]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.230143]  perf_trace_run_bpf_submit+0xef/0x180
[  138.230178]  perf_trace_contention_begin+0x235/0x3e0
[  138.230209]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.230244]  ? lock_acquire+0x18c/0x2f0
[  138.230273]  trace_contention_begin+0xae/0x110
[  138.230302]  __mutex_lock+0x14b/0x1020
[  138.230336]  ? perf_event_exit_task+0x46/0x510
[  138.230369]  ? perf_event_exit_task+0x46/0x510
[  138.230401]  ? do_raw_spin_lock+0x123/0x260
[  138.230433]  ? lock_acquire+0x18c/0x2f0
[  138.230459]  ? __pfx___mutex_lock+0x10/0x10
[  138.230493]  ? _raw_spin_unlock_irq+0x23/0x40
[  138.230522]  ? lock_release+0x1c7/0x290
[  138.230548]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.230572]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.230603]  ? taskstats_exit+0x8c/0xba0
[  138.230639]  ? lock_acquire+0x18c/0x2f0
[  138.230667]  perf_event_exit_task+0x46/0x510
[  138.230702]  do_exit+0x626/0x2970
[  138.230732]  ? __pfx_do_exit+0x10/0x10
[  138.230759]  ? do_raw_spin_lock+0x123/0x260
[  138.230790]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.230824]  do_group_exit+0xd3/0x2a0
[  138.230853]  get_signal+0x2315/0x2340
[  138.230893]  ? __pfx_get_signal+0x10/0x10
[  138.230929]  ? lock_release+0x1c7/0x290
[  138.230957]  arch_do_signal_or_restart+0x80/0x790
[  138.230990]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  138.231025]  ? lock_acquire+0x18c/0x2f0
[  138.231052]  ? do_raw_spin_lock+0x123/0x260
[  138.231083]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.231116]  ? finish_task_switch.isra.0+0x294/0x840
[  138.231155]  exit_to_user_mode_loop+0x8b/0x110
[  138.231179]  ret_from_fork+0x3ac/0x430
[  138.231216]  ret_from_fork_asm+0x1a/0x30
[  138.231253]  </TASK>
[  138.478871] kworker/u10:3 (128) used greatest stack depth: 23824 bytes left
[  138.479111] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.479138] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  138.752526] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  138.753404] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.754538] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.755626] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  138.756497] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.757582] FS:  00007f1cd7e71700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.758725] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.759420] CR2: 00007f6f3e8cb718 CR3: 000000000cb02000 CR4: 0000000000350ef0
[  138.760537] note: syz-executor.5[4027] exited with preempt_count 2
[  138.761321] Fixing recursive fault but reboot is needed!
[  138.762130] BUG: scheduling while atomic: syz-executor.5/4027/0x00000000
[  138.763186] INFO: lockdep is turned off.
[  138.763663] Modules linked in:
[  138.764084] CPU: 1 UID: 0 PID: 4027 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.764124] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.764131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.764140] Call Trace:
[  138.764146]  <TASK>
[  138.764153]  dump_stack_lvl+0xfa/0x120
[  138.764184]  __schedule_bug+0xb9/0x100
[  138.764204]  __schedule+0x24f3/0x3590
[  138.764225]  ? __pfx_vprintk_emit+0x10/0x10
[  138.764252]  ? arch_do_signal_or_restart+0x80/0x790
[  138.764276]  ? __pfx___schedule+0x10/0x10
[  138.764297]  ? do_raw_spin_lock+0x123/0x260
[  138.764321]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.764342]  ? lock_acquire+0x18c/0x2f0
[  138.764361]  ? lock_release+0x1c7/0x290
[  138.764380]  ? do_task_dead+0x3e/0x110
[  138.764400]  do_task_dead+0xdc/0x110
[  138.764419]  make_task_dead+0x373/0x3b0
[  138.764440]  ? ret_from_fork+0x3ac/0x430
[  138.764466]  rewind_stack_and_make_dead+0x16/0x20
[  138.764490] RIP: 0033:0x7f1cda980f41
[  138.764505] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[  138.764522] RSP: 002b:00007f1cd7e712f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  138.764538] RAX: 0000000000000000 RBX: 00007f1cd7e71700 RCX: 00007f1cda980f41
[  138.764549] RDX: 00007f1cd7e719d0 RSI: 00007f1cd7e712f0 RDI: 00000000003d0f00
[  138.764561] RBP: 00007ffee3503700 R08: 00007f1cd7e71700 R09: 00007f1cd7e71700
[  138.764572] R10: 00007f1cd7e719d0 R11: 0000000000000206 R12: 00007ffee350357e
[  138.764584] R13: 00007ffee350357f R14: 00007f1cd7e71300 R15: 0000000000022000
[  138.764600]  </TASK>
[  138.786071] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#13] SMP KASAN NOPTI
[  138.787498] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  138.788508] CPU: 1 UID: 0 PID: 4003 Comm: syz-executor.5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.789884] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.790463] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.791411] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.791969] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.794067] RSP: 0018:ffff88800f296ac0 EFLAGS: 00010212
[  138.794683] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900066bd000
[  138.795509] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.796327] RBP: ffff88800f296d30 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.797140] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  138.797955] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.798778] FS:  00007f1cd7eb3700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.799693] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.800366] CR2: 00007f6f3e8cb718 CR3: 000000000cb02000 CR4: 0000000000350ef0
[  138.801184] Call Trace:
[  138.801492]  <TASK>
[  138.801768]  ? lock_acquire+0x18c/0x2f0
[  138.802234]  ? __pfx_perf_tp_event+0x10/0x10
[  138.802753]  ? lock_release+0x1c7/0x290
[  138.803219]  ? __is_insn_slot_addr+0x140/0x290
[  138.803773]  ? lock_acquire+0x18c/0x2f0
[  138.804244]  ? kernel_text_address+0x5b/0xc0
[  138.804764]  ? lock_acquire+0x18c/0x2f0
[  138.805229]  ? lock_acquire+0x18c/0x2f0
[  138.805692]  ? lock_acquire+0x18c/0x2f0
[  138.806156]  ? lock_release+0x1c7/0x290
[  138.806621]  ? lock_acquire+0x18c/0x2f0
[  138.807086]  ? lock_acquire+0x18c/0x2f0
[  138.807551]  ? lock_release+0x1c7/0x290
[  138.808015]  ? __is_insn_slot_addr+0x140/0x290
[  138.808568]  ? perf_trace_run_bpf_submit+0xef/0x180
[  138.809149]  perf_trace_run_bpf_submit+0xef/0x180
[  138.809715]  perf_trace_contention_begin+0x235/0x3e0
[  138.810298]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  138.810889]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  138.811528]  ? lock_acquire+0x18c/0x2f0
[  138.811990]  ? kasan_save_stack+0x24/0x50
[  138.812480]  trace_contention_begin+0xae/0x110
[  138.813009]  __mutex_lock+0x14b/0x1020
[  138.813468]  ? __neigh_ifdown.isra.0+0x114/0x810
[  138.814013]  ? __neigh_ifdown.isra.0+0x114/0x810
[  138.814566]  ? ____sys_sendmsg+0xa67/0xc20
[  138.815052]  ? ___sys_sendmsg+0x10f/0x1b0
[  138.815534]  ? __sys_sendmsg+0x150/0x200
[  138.816006]  ? do_syscall_64+0xbf/0x360
[  138.816488]  ? lock_release+0x1c7/0x290
[  138.816950]  ? __pfx___mutex_lock+0x10/0x10
[  138.817453]  ? do_raw_write_lock+0x11c/0x3a0
[  138.817969]  ? __pfx_do_raw_write_lock+0x10/0x10
[  138.818519]  ? lock_release+0x1c7/0x290
[  138.818980]  ? __neigh_ifdown.isra.0+0xe6/0x810
[  138.819518]  __neigh_ifdown.isra.0+0x114/0x810
[  138.820049]  ? __pfx___neigh_ifdown.isra.0+0x10/0x10
[  138.820634]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.821237]  ? __call_rcu_common.constprop.0+0x4c1/0x960
[  138.821859]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.822458]  neigh_ifdown+0x1f/0x30
[  138.822880]  inetdev_event+0xff7/0x1860
[  138.823341]  ? __pfx_inetdev_event+0x10/0x10
[  138.823852]  ? rcu_gp_is_expedited+0x53/0x80
[  138.824374]  ? synchronize_rcu+0x1ff/0x260
[  138.824872]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  138.825468]  notifier_call_chain+0xc0/0x360
[  138.825962]  ? shutdown_scheduler_queue+0xa5/0x160
[  138.826522]  ? qdisc_put+0x4e/0xe0
[  138.826934]  call_netdevice_notifiers_info+0xbe/0x140
[  138.827521]  unregister_netdevice_many_notify+0xad2/0x1e10
[  138.828171]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  138.828860]  ? __pfx___mutex_lock+0x10/0x10
[  138.829359]  unregister_netdevice_queue+0x222/0x2e0
[  138.829930]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  138.830559]  ieee802154_if_remove+0x18c/0x260
[  138.831073]  ieee802154_add_iface+0x7fb/0x970
[  138.831588]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  138.832164]  ? trace_kmalloc+0x1f/0xb0
[  138.832622]  ? __nla_parse+0x42/0x60
[  138.833059]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bc/0x290
[  138.833799]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290
[  138.834530]  genl_family_rcv_msg_doit+0x1fe/0x2f0
[  138.835077]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  138.835681]  ? security_capable+0x2f/0x90
[  138.836169]  genl_rcv_msg+0x532/0x7e0
[  138.836612]  ? __pfx_genl_rcv_msg+0x10/0x10
[  138.837104]  ? __schedule+0xe91/0x3590
[  138.837557]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  138.838130]  ? __pfx___schedule+0x10/0x10
[  138.838610]  netlink_rcv_skb+0x147/0x430
[  138.839083]  ? __pfx_genl_rcv_msg+0x10/0x10
[  138.839573]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  138.840117]  ? netlink_deliver_tap+0x1ae/0xce0
[  138.840649]  ? selinux_netlink_send+0x507/0x880
[  138.841180]  ? is_vmalloc_addr+0x86/0xa0
[  138.841650]  genl_rcv+0x28/0x40
[  138.842029]  netlink_unicast+0x5a7/0x870
[  138.842505]  ? __pfx_netlink_unicast+0x10/0x10
[  138.843032]  netlink_sendmsg+0x8ac/0xd80
[  138.843500]  ? __pfx_netlink_sendmsg+0x10/0x10
[  138.844034]  ____sys_sendmsg+0xa67/0xc20
[  138.844504]  ? copy_msghdr_from_user+0xfb/0x150
[  138.845038]  ? __pfx_____sys_sendmsg+0x10/0x10
[  138.845561]  ? lock_acquire+0x18c/0x2f0
[  138.846017]  ? plist_del+0x122/0x270
[  138.846451]  ___sys_sendmsg+0x10f/0x1b0
[  138.846911]  ? __pfx____sys_sendmsg+0x10/0x10
[  138.847431]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  138.848046]  ? update_load_avg+0x17d/0x1ef0
[  138.848542]  ? lock_acquire+0x18c/0x2f0
[  138.848998]  ? xfd_validate_state+0x55/0x180
[  138.849506]  ? lock_release+0x1c7/0x290
[  138.849959]  ? lock_acquire+0x18c/0x2f0
[  138.850412]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  138.850999]  ? lock_release+0x1c7/0x290
[  138.851458]  ? __fget_files+0x20d/0x3b0
[  138.851912]  __sys_sendmsg+0x150/0x200
[  138.852372]  ? __pfx___sys_sendmsg+0x10/0x10
[  138.852888]  ? __x64_sys_futex+0x1c9/0x4d0
[  138.853376]  do_syscall_64+0xbf/0x360
[  138.853812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.854391] RIP: 0033:0x7f1cda97fb19
[  138.854813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  138.856833] RSP: 002b:00007f1cd7eb3188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  138.857669] RAX: ffffffffffffffda RBX: 00007f1cdaa930e0 RCX: 00007f1cda97fb19
[  138.858454] RDX: 0000000000000000 RSI: 0000000020000880 RDI: 0000000000000005
[  138.859242] RBP: 00007f1cda9d9f6d R08: 0000000000000000 R09: 0000000000000000
[  138.860023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  138.860822] R13: 00007ffee350357f R14: 00007f1cd7eb3300 R15: 0000000000022000
[  138.861612]  </TASK>
[  138.861880] Modules linked in:
[  138.862481] ---[ end trace 0000000000000000 ]---
[  138.864314] RIP: 0010:perf_tp_event+0x175/0xe70
[  138.865668] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  138.868236] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  138.869067] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  138.870043] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  138.871086] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  138.871998] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  138.872980] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  138.873998] FS:  00007f1cd7eb3700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  138.875022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.875857] CR2: 00007f6f3e8cb718 CR3: 000000000cb02000 CR4: 0000000000350ef0
[  138.876819] note: syz-executor.5[4003] exited with preempt_count 2
[  138.878194] BUG: Bad page state in process ksoftirqd/1  pfn:0f461
[  138.879050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf461
[  138.880070] flags: 0x100000000000000(node=0|zone=1)
[  138.880639] page_type: f9(unknown)
[  138.881135] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  138.882204] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.883214] page dumped because: nonzero mapcount
[  138.883773] Modules linked in:
[  138.884263] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.884295] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.884302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.884312] Call Trace:
[  138.884317]  <TASK>
[  138.884323]  dump_stack_lvl+0xfa/0x120
[  138.884351]  bad_page+0x8c/0x1c0
[  138.884369]  __free_frozen_pages+0xaf9/0xe10
[  138.884394]  ? rcu_core+0x7c3/0x1800
[  138.884414]  rcu_core+0x7c8/0x1800
[  138.884438]  ? __pfx_rcu_core+0x10/0x10
[  138.884462]  ? __pfx___schedule+0x10/0x10
[  138.884488]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.884519]  handle_softirqs+0x1b1/0x770
[  138.884549]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.884577]  ? smpboot_thread_fn+0x371/0x9d0
[  138.884605]  run_ksoftirqd+0x2e/0x60
[  138.884632]  smpboot_thread_fn+0x41d/0x9d0
[  138.884660]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.884689]  kthread+0x3c8/0x740
[  138.884714]  ? __pfx_kthread+0x10/0x10
[  138.884732]  ? ret_from_fork+0x23/0x430
[  138.884759]  ? lock_release+0xc8/0x290
[  138.884779]  ? __pfx_kthread+0x10/0x10
[  138.884798]  ret_from_fork+0x34b/0x430
[  138.884826]  ? __pfx_kthread+0x10/0x10
[  138.884845]  ret_from_fork_asm+0x1a/0x30
[  138.884874]  </TASK>
[  138.900143] BUG: Bad page state in process ksoftirqd/1  pfn:0f462
[  138.900968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf462
[  138.902000] flags: 0x100000000000000(node=0|zone=1)
[  138.902636] page_type: f9(unknown)
[  138.903172] raw: 0100000000000000 0000000000000000 ffffea00003d1890 0000000000000000
[  138.904172] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.905158] page dumped because: nonzero mapcount
[  138.905758] Modules linked in:
[  138.906216] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.906247] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.906255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.906265] Call Trace:
[  138.906270]  <TASK>
[  138.906277]  dump_stack_lvl+0xfa/0x120
[  138.906304]  bad_page+0x8c/0x1c0
[  138.906320]  __free_frozen_pages+0xaf9/0xe10
[  138.906344]  ? rcu_core+0x7c3/0x1800
[  138.906365]  rcu_core+0x7c8/0x1800
[  138.906388]  ? __pfx_rcu_core+0x10/0x10
[  138.906408]  ? __pfx___schedule+0x10/0x10
[  138.906432]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.906462]  handle_softirqs+0x1b1/0x770
[  138.906490]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.906518]  ? smpboot_thread_fn+0x371/0x9d0
[  138.906544]  run_ksoftirqd+0x2e/0x60
[  138.906571]  smpboot_thread_fn+0x41d/0x9d0
[  138.906598]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.906627]  kthread+0x3c8/0x740
[  138.906644]  ? __pfx_kthread+0x10/0x10
[  138.906662]  ? ret_from_fork+0x23/0x430
[  138.906689]  ? lock_release+0xc8/0x290
[  138.906716]  ? __pfx_kthread+0x10/0x10
[  138.906734]  ret_from_fork+0x34b/0x430
[  138.906761]  ? __pfx_kthread+0x10/0x10
[  138.906779]  ret_from_fork_asm+0x1a/0x30
[  138.906806]  </TASK>
[  138.920518] BUG: Bad page state in process ksoftirqd/1  pfn:0f463
[  138.921193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf463
[  138.922050] flags: 0x100000000000000(node=0|zone=1)
[  138.922584] page_type: f9(unknown)
[  138.922991] raw: 0100000000000000 0000000000000000 ffffea00003d18c8 0000000000000000
[  138.923831] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.924667] page dumped because: nonzero mapcount
[  138.925194] Modules linked in:
[  138.925553] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.925582] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.925589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.925599] Call Trace:
[  138.925604]  <TASK>
[  138.925610]  dump_stack_lvl+0xfa/0x120
[  138.925636]  bad_page+0x8c/0x1c0
[  138.925652]  __free_frozen_pages+0xaf9/0xe10
[  138.925676]  ? rcu_core+0x7c3/0x1800
[  138.925696]  rcu_core+0x7c8/0x1800
[  138.925724]  ? __pfx_rcu_core+0x10/0x10
[  138.925744]  ? __pfx___schedule+0x10/0x10
[  138.925767]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.925796]  handle_softirqs+0x1b1/0x770
[  138.925825]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.925852]  ? smpboot_thread_fn+0x371/0x9d0
[  138.925878]  run_ksoftirqd+0x2e/0x60
[  138.925904]  smpboot_thread_fn+0x41d/0x9d0
[  138.925932]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.925960]  kthread+0x3c8/0x740
[  138.925977]  ? __pfx_kthread+0x10/0x10
[  138.925995]  ? ret_from_fork+0x23/0x430
[  138.926021]  ? lock_release+0xc8/0x290
[  138.926041]  ? __pfx_kthread+0x10/0x10
[  138.926059]  ret_from_fork+0x34b/0x430
[  138.926085]  ? __pfx_kthread+0x10/0x10
[  138.926103]  ret_from_fork_asm+0x1a/0x30
[  138.926130]  </TASK>
[  138.938607] BUG: Bad page state in process ksoftirqd/1  pfn:0f464
[  138.939280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88800f467740 pfn:0xf464
[  138.940263] flags: 0x100000000000000(node=0|zone=1)
[  138.940813] page_type: f9(unknown)
[  138.941197] raw: 0100000000000000 dead000000000100 dead000000000122 0000000000000000
[  138.942045] raw: ffff88800f467740 0000000000130000 00000000f9000000 0000000000000000
[  138.942874] page dumped because: nonzero mapcount
[  138.943380] Modules linked in:
[  138.943744] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.943773] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.943779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.943788] Call Trace:
[  138.943793]  <TASK>
[  138.943799]  dump_stack_lvl+0xfa/0x120
[  138.943824]  bad_page+0x8c/0x1c0
[  138.943840]  __free_frozen_pages+0xaf9/0xe10
[  138.943863]  ? rcu_core+0x7c3/0x1800
[  138.943883]  rcu_core+0x7c8/0x1800
[  138.943905]  ? __pfx_rcu_core+0x10/0x10
[  138.943925]  ? __pfx___schedule+0x10/0x10
[  138.943948]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.943976]  handle_softirqs+0x1b1/0x770
[  138.944004]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.944031]  ? smpboot_thread_fn+0x371/0x9d0
[  138.944057]  run_ksoftirqd+0x2e/0x60
[  138.944082]  smpboot_thread_fn+0x41d/0x9d0
[  138.944119]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.944147]  kthread+0x3c8/0x740
[  138.944164]  ? __pfx_kthread+0x10/0x10
[  138.944181]  ? ret_from_fork+0x23/0x430
[  138.944207]  ? lock_release+0xc8/0x290
[  138.944226]  ? __pfx_kthread+0x10/0x10
[  138.944244]  ret_from_fork+0x34b/0x430
[  138.944270]  ? __pfx_kthread+0x10/0x10
[  138.944288]  ret_from_fork_asm+0x1a/0x30
[  138.944314]  </TASK>
[  138.944320] BUG: Bad page state in process ksoftirqd/1  pfn:0f465
[  138.957472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf465
[  138.958299] flags: 0x100000000000000(node=0|zone=1)
[  138.958843] page_type: f9(unknown)
[  138.959222] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  138.960033] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.960855] page dumped because: nonzero mapcount
[  138.961356] Modules linked in:
[  138.961698] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.961731] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.961737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.961746] Call Trace:
[  138.961751]  <TASK>
[  138.961757]  dump_stack_lvl+0xfa/0x120
[  138.961782]  bad_page+0x8c/0x1c0
[  138.961797]  __free_frozen_pages+0xaf9/0xe10
[  138.961820]  ? rcu_core+0x7c3/0x1800
[  138.961840]  rcu_core+0x7c8/0x1800
[  138.961862]  ? __pfx_rcu_core+0x10/0x10
[  138.961881]  ? __pfx___schedule+0x10/0x10
[  138.961904]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.961933]  handle_softirqs+0x1b1/0x770
[  138.961960]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.961987]  ? smpboot_thread_fn+0x371/0x9d0
[  138.962012]  run_ksoftirqd+0x2e/0x60
[  138.962038]  smpboot_thread_fn+0x41d/0x9d0
[  138.962064]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.962091]  kthread+0x3c8/0x740
[  138.962108]  ? __pfx_kthread+0x10/0x10
[  138.962125]  ? ret_from_fork+0x23/0x430
[  138.962151]  ? lock_release+0xc8/0x290
[  138.962170]  ? __pfx_kthread+0x10/0x10
[  138.962187]  ret_from_fork+0x34b/0x430
[  138.962213]  ? __pfx_kthread+0x10/0x10
[  138.962230]  ret_from_fork_asm+0x1a/0x30
[  138.962257]  </TASK>
[  138.974354] BUG: Bad page state in process ksoftirqd/1  pfn:0f466
[  138.975002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf466
[  138.975818] flags: 0x100000000000000(node=0|zone=1)
[  138.976337] page_type: f9(unknown)
[  138.976727] raw: 0100000000000000 0000000000000000 ffffea00003d1990 0000000000000000
[  138.977519] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.978319] page dumped because: nonzero mapcount
[  138.978834] Modules linked in:
[  138.979175] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.979203] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.979210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.979218] Call Trace:
[  138.979223]  <TASK>
[  138.979229]  dump_stack_lvl+0xfa/0x120
[  138.979254]  bad_page+0x8c/0x1c0
[  138.979269]  __free_frozen_pages+0xaf9/0xe10
[  138.979292]  ? rcu_core+0x7c3/0x1800
[  138.979311]  rcu_core+0x7c8/0x1800
[  138.979333]  ? __pfx_rcu_core+0x10/0x10
[  138.979353]  ? __pfx___schedule+0x10/0x10
[  138.979375]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.979403]  handle_softirqs+0x1b1/0x770
[  138.979431]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.979457]  ? smpboot_thread_fn+0x371/0x9d0
[  138.979482]  run_ksoftirqd+0x2e/0x60
[  138.979507]  smpboot_thread_fn+0x41d/0x9d0
[  138.979533]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.979560]  kthread+0x3c8/0x740
[  138.979577]  ? __pfx_kthread+0x10/0x10
[  138.979594]  ? ret_from_fork+0x23/0x430
[  138.979619]  ? lock_release+0xc8/0x290
[  138.979638]  ? __pfx_kthread+0x10/0x10
[  138.979655]  ret_from_fork+0x34b/0x430
[  138.979681]  ? __pfx_kthread+0x10/0x10
[  138.979698]  ret_from_fork_asm+0x1a/0x30
[  138.979729]  </TASK>
[  138.991684] BUG: Bad page state in process ksoftirqd/1  pfn:0f467
[  138.992335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf467
[  138.993140] flags: 0x100000000000000(node=0|zone=1)
[  138.993648] page_type: f9(unknown)
[  138.994036] raw: 0100000000000000 0000000000000000 ffffea00003d19c8 0000000000000000
[  138.994837] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  138.995610] page dumped because: nonzero mapcount
[  138.996120] Modules linked in:
[  138.996460] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  138.996488] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  138.996494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  138.996503] Call Trace:
[  138.996508]  <TASK>
[  138.996513]  dump_stack_lvl+0xfa/0x120
[  138.996538]  bad_page+0x8c/0x1c0
[  138.996553]  __free_frozen_pages+0xaf9/0xe10
[  138.996575]  ? rcu_core+0x7c3/0x1800
[  138.996595]  rcu_core+0x7c8/0x1800
[  138.996616]  ? __pfx_rcu_core+0x10/0x10
[  138.996635]  ? __pfx___schedule+0x10/0x10
[  138.996658]  ? trace_rcu_grace_period+0x2a/0x1a0
[  138.996688]  handle_softirqs+0x1b1/0x770
[  138.996719]  ? __pfx_run_ksoftirqd+0x10/0x10
[  138.996745]  ? smpboot_thread_fn+0x371/0x9d0
[  138.996770]  run_ksoftirqd+0x2e/0x60
[  138.996795]  smpboot_thread_fn+0x41d/0x9d0
[  138.996820]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  138.996847]  kthread+0x3c8/0x740
[  138.996863]  ? __pfx_kthread+0x10/0x10
[  138.996880]  ? ret_from_fork+0x23/0x430
[  138.996905]  ? lock_release+0xc8/0x290
[  138.996923]  ? __pfx_kthread+0x10/0x10
[  138.996940]  ret_from_fork+0x34b/0x430
[  138.996965]  ? __pfx_kthread+0x10/0x10
[  138.996981]  ret_from_fork_asm+0x1a/0x30
[  138.997007]  </TASK>
[  139.010490] syz-executor.5 (4003) used greatest stack depth: 23232 bytes left
[  139.012042] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#14] SMP KASAN NOPTI
[  139.013425] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.014446] CPU: 1 UID: 0 PID: 175 Comm: in:imklog Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.015748] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.016372] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.017234] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.017837] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.019773] RSP: 0018:ffff888013e3f440 EFLAGS: 00010212
[  139.020315] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.021023] RDX: ffff8880154e9b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.021727] RBP: ffff888013e3f6b0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.022508] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.023375] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.024207] FS:  00007fe1f56e4700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.025005] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.025584] CR2: 00007f6f3e8cb718 CR3: 000000000e62a000 CR4: 0000000000350ef0
[  139.026286] Call Trace:
[  139.026549]  <TASK>
[  139.026786]  ? unwind_get_return_address+0x59/0xa0
[  139.027310]  ? __pfx_perf_tp_event+0x10/0x10
[  139.027768]  ? lock_release+0x1c7/0x290
[  139.028178]  ? css_rstat_updated+0x1b8/0x4d0
[  139.028632]  ? __pfx_css_rstat_updated+0x10/0x10
[  139.029115]  ? lock_acquire+0x18c/0x2f0
[  139.029516]  ? __rb_erase_color+0x46f/0xe80
[  139.029949]  ? __pfx_min_vruntime_cb_rotate+0x10/0x10
[  139.030476]  ? lock_release+0x1c7/0x290
[  139.030878]  ? __perf_event_task_sched_in+0x235/0x5e0
[  139.031394]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  139.031939]  ? update_load_avg+0x17d/0x1ef0
[  139.032373]  ? lock_acquire+0x18c/0x2f0
[  139.032773]  ? xfd_validate_state+0x55/0x180
[  139.033219]  ? lock_release+0x1c7/0x290
[  139.033621]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.034139]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.034647]  ? trace_sched_exit_tp+0xbf/0x100
[  139.035105]  perf_trace_run_bpf_submit+0xef/0x180
[  139.035590]  perf_trace_contention_begin+0x235/0x3e0
[  139.036102]  ? __pfx___schedule+0x10/0x10
[  139.036519]  ? syslog_print+0xc5/0x5c0
[  139.036914]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.037467]  ? do_syscall_64+0xbf/0x360
[  139.037861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.038386]  ? lock_acquire+0x18c/0x2f0
[  139.038784]  trace_contention_begin+0xae/0x110
[  139.039241]  __mutex_lock+0x14b/0x1020
[  139.039635]  ? syslog_print+0x103/0x5c0
[  139.040033]  ? syslog_print+0x103/0x5c0
[  139.040433]  ? __pfx___mutex_lock+0x10/0x10
[  139.040866]  ? __create_object+0x59/0x80
[  139.041272]  ? trace_kmalloc+0x1f/0xb0
[  139.041662]  ? __kmalloc_cache_noprof+0x26f/0x690
[  139.042144]  ? kfree+0x281/0x550
[  139.042490]  syslog_print+0x103/0x5c0
[  139.042872]  ? __pfx_syslog_print+0x10/0x10
[  139.043298]  ? __cgroup_account_cputime+0x88/0xc0
[  139.043803]  ? trace_sched_set_need_resched_tp+0xd4/0x110
[  139.044503]  ? __resched_curr+0x2a2/0x330
[  139.044991]  ? __pfx___resched_curr+0x10/0x10
[  139.045560]  ? check_preempt_wakeup_fair+0x406/0x950
[  139.046116]  ? lock_acquire+0x18c/0x2f0
[  139.046618]  do_syslog.part.0+0x20b/0x5b0
[  139.047076]  ? __pfx_do_syslog.part.0+0x10/0x10
[  139.047660]  ? avc_has_perm+0x12b/0x1d0
[  139.048109]  ? __pfx_avc_has_perm+0x10/0x10
[  139.048622]  ? plist_del+0x122/0x270
[  139.049094]  ? lock_acquire+0x18c/0x2f0
[  139.049545]  ? lock_release+0x1c7/0x290
[  139.050056]  do_syslog+0xcd/0x110
[  139.050410]  kmsg_read+0x8e/0xc0
[  139.050803]  ? __pfx_kmsg_read+0x10/0x10
[  139.051281]  proc_reg_read+0x120/0x310
[  139.051745]  ? __pfx_proc_reg_read+0x10/0x10
[  139.052307]  vfs_read+0x1eb/0xc70
[  139.052658]  ? __pfx_vfs_read+0x10/0x10
[  139.053057]  ? lock_release+0x1c7/0x290
[  139.053459]  ? __fget_files+0x20d/0x3b0
[  139.053857]  ksys_read+0x121/0x240
[  139.054215]  ? __pfx_ksys_read+0x10/0x10
[  139.054620]  do_syscall_64+0xbf/0x360
[  139.055000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.055506] RIP: 0033:0x7fe1f612708c
[  139.055874] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 89 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf fc ff ff 48
[  139.057651] RSP: 002b:00007fe1f56c34d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  139.058397] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe1f612708c
[  139.059091] RDX: 0000000000001fa0 RSI: 00007fe1f56c3d00 RDI: 0000000000000005
[  139.059784] RBP: 000055b695bac4c0 R08: 0000000000000000 R09: 0000000000000000
[  139.060474] R10: a3d70a3d70a3d70b R11: 0000000000000246 R12: 00007fe1f56c3d00
[  139.061167] R13: 0000000000001fa0 R14: 00007fe1f56c3d00 R15: 00007fe1f56c4c1e
[  139.061859]  </TASK>
[  139.062093] Modules linked in:
[  139.062973] ---[ end trace 0000000000000000 ]---
[  139.063539] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.064987] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.067261] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.067814] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.068573] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.069468] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.070317] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.071142] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.071999] FS:  00007fe1f56e4700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.073032] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.073663] CR2: 00007f6f3e8cb718 CR3: 000000000e62a000 CR4: 0000000000350ef0
[  139.074541] note: in:imklog[175] exited with preempt_count 2
[  139.102039] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#15] SMP KASAN NOPTI
[  139.103127] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.103957] CPU: 1 UID: 0 PID: 4038 Comm: journal-offline Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.105120] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.105602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.106382] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.106836] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.108562] RSP: 0018:ffff8880489ff880 EFLAGS: 00010212
[  139.109070] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.109748] RDX: ffff888016218000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.110421] RBP: ffff8880489ffaf0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.111093] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.111768] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.112456] FS:  00007fa715cb0700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.113226] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.113786] CR2: 00007f6f3e8cb718 CR3: 000000000e049000 CR4: 0000000000350ef0
[  139.114510] Call Trace:
[  139.114762]  <TASK>
[  139.115015]  ? __pfx_perf_tp_event+0x10/0x10
[  139.115476]  ? zap_page_range_single_batched+0x384/0x5a0
[  139.116001]  ? __pfx_zap_page_range_single_batched+0x10/0x10
[  139.116569]  ? finish_task_switch.isra.0+0x294/0x840
[  139.117067]  ? mtree_range_walk+0x74a/0xb90
[  139.117492]  ? madvise_vma_behavior+0x738/0x25d0
[  139.117971]  ? blk_mq_flush_plug_list+0x13e/0x5b0
[  139.118460]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  139.118957]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  139.119491]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.119966]  perf_trace_run_bpf_submit+0xef/0x180
[  139.120435]  perf_trace_contention_begin+0x235/0x3e0
[  139.120919]  ? __pfx_find_vma+0x10/0x10
[  139.121297]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.121819]  ? lock_acquire+0x18c/0x2f0
[  139.122243]  trace_contention_begin+0xae/0x110
[  139.122675]  __mutex_lock+0x14b/0x1020
[  139.123093]  ? perf_event_exit_task+0x46/0x510
[  139.123546]  ? perf_event_exit_task+0x46/0x510
[  139.123982]  ? do_raw_spin_lock+0x123/0x260
[  139.124403]  ? lock_acquire+0x18c/0x2f0
[  139.124780]  ? __pfx___mutex_lock+0x10/0x10
[  139.125191]  ? _raw_spin_unlock_irq+0x23/0x40
[  139.125623]  ? lock_release+0x1c7/0x290
[  139.126030]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.126542]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  139.127058]  ? taskstats_exit+0x8c/0xba0
[  139.127476]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  139.127925]  perf_event_exit_task+0x46/0x510
[  139.128357]  do_exit+0x626/0x2970
[  139.128691]  ? __pfx_do_exit+0x10/0x10
[  139.129061]  ? __secure_computing+0x18d/0x290
[  139.129490]  __x64_sys_exit+0x42/0x50
[  139.129850]  x64_sys_call+0x18ca/0x18d0
[  139.130277]  do_syscall_64+0xbf/0x360
[  139.130634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.131161] RIP: 0033:0x7fa716cb6f56
[  139.131523] Code: 00 00 0f 84 3d 01 00 00 48 8b 44 24 08 f6 80 08 03 00 00 40 0f 85 41 01 00 00 ba 3c 00 00 00 0f 1f 44 00 00 31 ff 89 d0 0f 05 <eb> f8 ff d0 48 98 e9 46 ff ff ff 48 8b 44 24 08 45 31 d2 ba 01 00
[  139.133189] RSP: 002b:00007fa715cafd40 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  139.133892] RAX: ffffffffffffffda RBX: 00007fa715cb0700 RCX: 00007fa716cb6f56
[  139.134544] RDX: 000000000000003c RSI: 00000000007fb000 RDI: 0000000000000000
[  139.135204] RBP: 00007fa7154b0000 R08: 0000000000000000 R09: 00007fa715cb0700
[  139.135857] R10: 0000000000000014 R11: 0000000000000246 R12: 00007ffd1502644e
[  139.136523] R13: 00007ffd1502644f R14: 00007fa715cafe00 R15: 0000563516703660
[  139.137186]  </TASK>
[  139.137408] Modules linked in:
[  139.138516] ---[ end trace 0000000000000000 ]---
[  139.139530] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.140008] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.141714] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.142256] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.142932] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.143643] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.144327] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.144993] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.145655] FS:  00007fa715cb0700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.146457] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.147031] CR2: 00007f6f3e8cb718 CR3: 000000000e049000 CR4: 0000000000350ef0
[  139.147736] note: journal-offline[4038] exited with preempt_count 2
[  139.148320] Fixing recursive fault but reboot is needed!
[  139.148828] BUG: scheduling while atomic: journal-offline/4038/0x00000000
[  139.149446] INFO: lockdep is turned off.
[  139.149830] Modules linked in:
[  139.150191] CPU: 1 UID: 0 PID: 4038 Comm: journal-offline Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.150213] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.150218] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.150225] Call Trace:
[  139.150229]  <TASK>
[  139.150234]  dump_stack_lvl+0xfa/0x120
[  139.150254]  __schedule_bug+0xb9/0x100
[  139.150267]  __schedule+0x24f3/0x3590
[  139.150284]  ? __pfx_vprintk_emit+0x10/0x10
[  139.150303]  ? perf_event_exit_task+0x46/0x510
[  139.150321]  ? __pfx___schedule+0x10/0x10
[  139.150337]  ? do_raw_spin_lock+0x123/0x260
[  139.150354]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  139.150370]  ? lock_acquire+0x18c/0x2f0
[  139.150384]  ? __pfx_do_exit+0x10/0x10
[  139.150398]  ? lock_release+0x1c7/0x290
[  139.150413]  ? do_task_dead+0x3e/0x110
[  139.150427]  do_task_dead+0xdc/0x110
[  139.150442]  make_task_dead+0x373/0x3b0
[  139.150456]  ? do_syscall_64+0xbf/0x360
[  139.150468]  rewind_stack_and_make_dead+0x16/0x20
[  139.150485] RIP: 0033:0x7fa716cb6f56
[  139.150494] Code: 00 00 0f 84 3d 01 00 00 48 8b 44 24 08 f6 80 08 03 00 00 40 0f 85 41 01 00 00 ba 3c 00 00 00 0f 1f 44 00 00 31 ff 89 d0 0f 05 <eb> f8 ff d0 48 98 e9 46 ff ff ff 48 8b 44 24 08 45 31 d2 ba 01 00
[  139.150506] RSP: 002b:00007fa715cafd40 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  139.150518] RAX: ffffffffffffffda RBX: 00007fa715cb0700 RCX: 00007fa716cb6f56
[  139.150526] RDX: 000000000000003c RSI: 00000000007fb000 RDI: 0000000000000000
[  139.150534] RBP: 00007fa7154b0000 R08: 0000000000000000 R09: 00007fa715cb0700
[  139.150542] R10: 0000000000000014 R11: 0000000000000246 R12: 00007ffd1502644e
[  139.150550] R13: 00007ffd1502644f R14: 00007fa715cafe00 R15: 0000563516703660
[  139.150562]  </TASK>
[  139.170751] BUG: Bad page state in process swapper/1  pfn:489f9
[  139.171360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489f9
[  139.172132] flags: 0x100000000000000(node=0|zone=1)
[  139.172615] page_type: f9(unknown)
[  139.172962] raw: 0100000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  139.173664] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.174377] page dumped because: nonzero mapcount
[  139.174824] Modules linked in:
[  139.175132] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.175157] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.175163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.175171] Call Trace:
[  139.175176]  <IRQ>
[  139.175181]  dump_stack_lvl+0xfa/0x120
[  139.175203]  bad_page+0x8c/0x1c0
[  139.175218]  __free_frozen_pages+0xaf9/0xe10
[  139.175239]  ? rcu_core+0x7c3/0x1800
[  139.175261]  rcu_core+0x7c8/0x1800
[  139.175280]  ? __pfx_rcu_core+0x10/0x10
[  139.175297]  ? clockevents_program_event+0x135/0x360
[  139.175318]  ? tick_program_event+0xac/0x140
[  139.175332]  ? hrtimer_interrupt+0x652/0x830
[  139.175347]  handle_softirqs+0x1b1/0x770
[  139.175372]  __irq_exit_rcu+0xc4/0x100
[  139.175394]  irq_exit_rcu+0x9/0x20
[  139.175407]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.175427]  </IRQ>
[  139.175432]  <TASK>
[  139.175436]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.175452] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.175474] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.175488] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.175499] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.175509] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.175519] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.175528] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.175538] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.175549]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.175572]  ? do_idle+0x344/0x490
[  139.175591]  default_idle+0xe/0x20
[  139.175603]  default_idle_call+0x6d/0xb0
[  139.175616]  do_idle+0x344/0x490
[  139.175633]  ? __pfx_do_idle+0x10/0x10
[  139.175650]  ? trace_sched_exit_tp+0x26/0x100
[  139.175673]  cpu_startup_entry+0x4f/0x60
[  139.175691]  start_secondary+0x1bd/0x210
[  139.175711]  common_startup_64+0x13e/0x148
[  139.175733]  </TASK>
[  139.193472] BUG: Bad page state in process swapper/1  pfn:489fa
[  139.194019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489fa
[  139.194734] flags: 0x100000000000000(node=0|zone=1)
[  139.195176] page_type: f9(unknown)
[  139.195500] raw: 0100000000000000 0000000000000000 ffffea0001227e90 0000000000000000
[  139.196210] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.196903] page dumped because: nonzero mapcount
[  139.197327] Modules linked in:
[  139.197623] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.197647] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.197652] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.197661] Call Trace:
[  139.197665]  <IRQ>
[  139.197670]  dump_stack_lvl+0xfa/0x120
[  139.197692]  bad_page+0x8c/0x1c0
[  139.197709]  __free_frozen_pages+0xaf9/0xe10
[  139.197729]  ? rcu_core+0x7c3/0x1800
[  139.197745]  rcu_core+0x7c8/0x1800
[  139.197764]  ? __pfx_rcu_core+0x10/0x10
[  139.197781]  ? clockevents_program_event+0x135/0x360
[  139.197801]  ? tick_program_event+0xac/0x140
[  139.197814]  ? hrtimer_interrupt+0x652/0x830
[  139.197828]  handle_softirqs+0x1b1/0x770
[  139.197852]  __irq_exit_rcu+0xc4/0x100
[  139.197875]  irq_exit_rcu+0x9/0x20
[  139.197886]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.197906]  </IRQ>
[  139.197910]  <TASK>
[  139.197915]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.197931] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.197951] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.197965] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.197976] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.197986] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.197995] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.198004] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.198013] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.198025]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.198047]  ? do_idle+0x344/0x490
[  139.198065]  default_idle+0xe/0x20
[  139.198078]  default_idle_call+0x6d/0xb0
[  139.198091]  do_idle+0x344/0x490
[  139.198108]  ? __pfx_do_idle+0x10/0x10
[  139.198125]  ? trace_sched_exit_tp+0x26/0x100
[  139.198148]  cpu_startup_entry+0x4f/0x60
[  139.198166]  start_secondary+0x1bd/0x210
[  139.198179]  common_startup_64+0x13e/0x148
[  139.198200]  </TASK>
[  139.215450] BUG: Bad page state in process swapper/1  pfn:489fb
[  139.215990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489fb
[  139.216697] flags: 0x100000000000000(node=0|zone=1)
[  139.217151] page_type: f9(unknown)
[  139.217476] raw: 0100000000000000 0000000000000000 ffffea0001227ec8 0000000000000000
[  139.218170] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.218864] page dumped because: nonzero mapcount
[  139.219287] Modules linked in:
[  139.219580] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.219603] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.219609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.219617] Call Trace:
[  139.219621]  <IRQ>
[  139.219626]  dump_stack_lvl+0xfa/0x120
[  139.219647]  bad_page+0x8c/0x1c0
[  139.219660]  __free_frozen_pages+0xaf9/0xe10
[  139.219679]  ? rcu_core+0x7c3/0x1800
[  139.219696]  rcu_core+0x7c8/0x1800
[  139.219719]  ? __pfx_rcu_core+0x10/0x10
[  139.219735]  ? clockevents_program_event+0x135/0x360
[  139.219755]  ? tick_program_event+0xac/0x140
[  139.219768]  ? hrtimer_interrupt+0x652/0x830
[  139.219782]  handle_softirqs+0x1b1/0x770
[  139.219805]  __irq_exit_rcu+0xc4/0x100
[  139.219827]  irq_exit_rcu+0x9/0x20
[  139.219839]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.219858]  </IRQ>
[  139.219863]  <TASK>
[  139.219867]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.219883] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.219903] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.219917] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.219927] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.219937] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.219946] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.219955] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.219964] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.219975]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.219998]  ? do_idle+0x344/0x490
[  139.220015]  default_idle+0xe/0x20
[  139.220026]  default_idle_call+0x6d/0xb0
[  139.220039]  do_idle+0x344/0x490
[  139.220056]  ? __pfx_do_idle+0x10/0x10
[  139.220072]  ? trace_sched_exit_tp+0x26/0x100
[  139.220095]  cpu_startup_entry+0x4f/0x60
[  139.220120]  start_secondary+0x1bd/0x210
[  139.220133]  common_startup_64+0x13e/0x148
[  139.220154]  </TASK>
[  139.237095] BUG: Bad page state in process swapper/1  pfn:489fc
[  139.237611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489fc
[  139.238306] flags: 0x100000000000000(node=0|zone=1)
[  139.238751] page_type: f9(unknown)
[  139.239065] raw: 0100000000000000 0000000000000000 ffffea0001227f08 0000000000000000
[  139.239744] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.240411] page dumped because: nonzero mapcount
[  139.240838] Modules linked in:
[  139.241131] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.241154] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.241159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.241167] Call Trace:
[  139.241171]  <IRQ>
[  139.241176]  dump_stack_lvl+0xfa/0x120
[  139.241197]  bad_page+0x8c/0x1c0
[  139.241209]  __free_frozen_pages+0xaf9/0xe10
[  139.241229]  ? rcu_core+0x7c3/0x1800
[  139.241245]  rcu_core+0x7c8/0x1800
[  139.241263]  ? __pfx_rcu_core+0x10/0x10
[  139.241280]  ? clockevents_program_event+0x135/0x360
[  139.241299]  ? tick_program_event+0xac/0x140
[  139.241312]  ? hrtimer_interrupt+0x652/0x830
[  139.241325]  handle_softirqs+0x1b1/0x770
[  139.241349]  __irq_exit_rcu+0xc4/0x100
[  139.241370]  irq_exit_rcu+0x9/0x20
[  139.241382]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.241401]  </IRQ>
[  139.241405]  <TASK>
[  139.241409]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.241425] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.241444] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.241458] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.241469] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.241478] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.241487] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.241496] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.241505] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.241516]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.241538]  ? do_idle+0x344/0x490
[  139.241556]  default_idle+0xe/0x20
[  139.241567]  default_idle_call+0x6d/0xb0
[  139.241579]  do_idle+0x344/0x490
[  139.241595]  ? __pfx_do_idle+0x10/0x10
[  139.241612]  ? trace_sched_exit_tp+0x26/0x100
[  139.241634]  cpu_startup_entry+0x4f/0x60
[  139.241651]  start_secondary+0x1bd/0x210
[  139.241665]  common_startup_64+0x13e/0x148
[  139.241685]  </TASK>
[  139.241690] BUG: Bad page state in process swapper/1  pfn:489fd
[  139.259261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489fd
[  139.259943] flags: 0x100000000000000(node=0|zone=1)
[  139.260376] page_type: f9(unknown)
[  139.260687] raw: 0100000000000000 0000000000000000 ffffea0001227f48 0000000000000000
[  139.261368] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.262034] page dumped because: nonzero mapcount
[  139.262450] Modules linked in:
[  139.262749] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.262772] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.262777] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.262784] Call Trace:
[  139.262788]  <IRQ>
[  139.262793]  dump_stack_lvl+0xfa/0x120
[  139.262814]  bad_page+0x8c/0x1c0
[  139.262826]  __free_frozen_pages+0xaf9/0xe10
[  139.262845]  ? rcu_core+0x7c3/0x1800
[  139.262861]  rcu_core+0x7c8/0x1800
[  139.262879]  ? __pfx_rcu_core+0x10/0x10
[  139.262896]  ? clockevents_program_event+0x135/0x360
[  139.262914]  ? tick_program_event+0xac/0x140
[  139.262927]  ? hrtimer_interrupt+0x652/0x830
[  139.262940]  handle_softirqs+0x1b1/0x770
[  139.262964]  __irq_exit_rcu+0xc4/0x100
[  139.262985]  irq_exit_rcu+0x9/0x20
[  139.262996]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.263015]  </IRQ>
[  139.263019]  <TASK>
[  139.263024]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.263038] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.263058] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.263071] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.263082] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.263091] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.263100] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.263108] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.263117] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.263128]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.263150]  ? do_idle+0x344/0x490
[  139.263166]  default_idle+0xe/0x20
[  139.263177]  default_idle_call+0x6d/0xb0
[  139.263189]  do_idle+0x344/0x490
[  139.263205]  ? __pfx_do_idle+0x10/0x10
[  139.263221]  ? trace_sched_exit_tp+0x26/0x100
[  139.263243]  cpu_startup_entry+0x4f/0x60
[  139.263260]  start_secondary+0x1bd/0x210
[  139.263273]  common_startup_64+0x13e/0x148
[  139.263293]  </TASK>
[  139.263298] BUG: Bad page state in process swapper/1  pfn:489fe
[  139.280943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489fe
[  139.281601] flags: 0x100000000000000(node=0|zone=1)
[  139.282033] page_type: f9(unknown)
[  139.282344] raw: 0100000000000000 0000000000000000 ffffea0001227f88 0000000000000000
[  139.283011] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.283696] page dumped because: nonzero mapcount
[  139.284116] Modules linked in:
[  139.284400] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.284422] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.284428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.284435] Call Trace:
[  139.284439]  <IRQ>
[  139.284443]  dump_stack_lvl+0xfa/0x120
[  139.284464]  bad_page+0x8c/0x1c0
[  139.284476]  __free_frozen_pages+0xaf9/0xe10
[  139.284495]  ? rcu_core+0x7c3/0x1800
[  139.284510]  rcu_core+0x7c8/0x1800
[  139.284528]  ? __pfx_rcu_core+0x10/0x10
[  139.284544]  ? clockevents_program_event+0x135/0x360
[  139.284563]  ? tick_program_event+0xac/0x140
[  139.284575]  ? hrtimer_interrupt+0x652/0x830
[  139.284588]  handle_softirqs+0x1b1/0x770
[  139.284611]  __irq_exit_rcu+0xc4/0x100
[  139.284631]  irq_exit_rcu+0x9/0x20
[  139.284642]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.284661]  </IRQ>
[  139.284665]  <TASK>
[  139.284670]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.284684] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.284707] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.284720] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.284730] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.284739] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.284748] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.284757] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.284766] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.284776]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.284798]  ? do_idle+0x344/0x490
[  139.284814]  default_idle+0xe/0x20
[  139.284825]  default_idle_call+0x6d/0xb0
[  139.284836]  do_idle+0x344/0x490
[  139.284853]  ? __pfx_do_idle+0x10/0x10
[  139.284869]  ? trace_sched_exit_tp+0x26/0x100
[  139.284890]  cpu_startup_entry+0x4f/0x60
[  139.284907]  start_secondary+0x1bd/0x210
[  139.284920]  common_startup_64+0x13e/0x148
[  139.284940]  </TASK>
[  139.301233] BUG: Bad page state in process swapper/1  pfn:489ff
[  139.301745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x489ff
[  139.302398] flags: 0x100000000000000(node=0|zone=1)
[  139.302826] page_type: f9(unknown)
[  139.303128] raw: 0100000000000000 0000000000000000 ffffea0001227fc8 0000000000000000
[  139.303783] raw: 0000000000000000 0000000000000000 00000000f9000000 0000000000000000
[  139.304423] page dumped because: nonzero mapcount
[  139.304831] Modules linked in:
[  139.305108] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.305130] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.305136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.305143] Call Trace:
[  139.305147]  <IRQ>
[  139.305151]  dump_stack_lvl+0xfa/0x120
[  139.305171]  bad_page+0x8c/0x1c0
[  139.305183]  __free_frozen_pages+0xaf9/0xe10
[  139.305202]  ? rcu_core+0x7c3/0x1800
[  139.305217]  rcu_core+0x7c8/0x1800
[  139.305235]  ? __pfx_rcu_core+0x10/0x10
[  139.305250]  ? clockevents_program_event+0x135/0x360
[  139.305269]  ? tick_program_event+0xac/0x140
[  139.305281]  ? hrtimer_interrupt+0x652/0x830
[  139.305294]  handle_softirqs+0x1b1/0x770
[  139.305316]  __irq_exit_rcu+0xc4/0x100
[  139.305336]  irq_exit_rcu+0x9/0x20
[  139.305347]  sysvec_apic_timer_interrupt+0x70/0x80
[  139.305366]  </IRQ>
[  139.305370]  <TASK>
[  139.305374]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.305389] RIP: 0010:pv_native_safe_halt+0x1e/0x30
[  139.305408] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d 69 f7 09 00 0f 1f 44 00 00 fb f4 <e9> dd 83 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
[  139.305421] RSP: 0018:ffff888009717e58 EFLAGS: 00000246
[  139.305431] RAX: ffff8880e56dd000 RBX: 0000000000000001 RCX: ffffffff84bb95f7
[  139.305440] RDX: ffffed100d9e630b RSI: 0000000000000004 RDI: ffffffff814c8304
[  139.305448] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100d9e630a
[  139.305457] R10: ffff88806cf31853 R11: 1ffff1100d9e6f7b R12: ffffffff8643ac50
[  139.305466] R13: 1ffff110012e2fd2 R14: 0000000000000000 R15: 0000000000000000
[  139.305476]  ? ct_kernel_exit.constprop.0+0x127/0x150
[  139.305497]  ? do_idle+0x344/0x490
[  139.305513]  default_idle+0xe/0x20
[  139.305524]  default_idle_call+0x6d/0xb0
[  139.305536]  do_idle+0x344/0x490
[  139.305552]  ? __pfx_do_idle+0x10/0x10
[  139.305568]  ? trace_sched_exit_tp+0x26/0x100
[  139.305589]  cpu_startup_entry+0x4f/0x60
[  139.305605]  start_secondary+0x1bd/0x210
[  139.305618]  common_startup_64+0x13e/0x148
[  139.305637]  </TASK>
[  139.327778] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#16] SMP KASAN NOPTI
[  139.328704] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.329415] CPU: 1 UID: 0 PID: 48 Comm: kworker/u9:3 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.330355] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.330762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.331427] Workqueue: events_unbound cfg80211_wiphy_work
[  139.331885] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.332283] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.333753] RSP: 0018:ffff88800afd7700 EFLAGS: 00010212
[  139.334188] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.334769] RDX: ffff88800afc8000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.335347] RBP: ffff88800afd7970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.335925] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.336514] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.337098] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.337746] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.338222] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  139.338804] Call Trace:
[  139.339019]  <TASK>
[  139.339209]  ? __pfx_perf_tp_event+0x10/0x10
[  139.339582]  ? ret_from_fork_asm+0x1a/0x30
[  139.339934]  ? stack_trace_save+0x8e/0xc0
[  139.340286]  ? stack_depot_save_flags+0x2c/0xa20
[  139.340680]  ? kasan_save_stack+0x34/0x50
[  139.341023]  ? kasan_save_stack+0x24/0x50
[  139.341363]  ? kasan_save_track+0x14/0x30
[  139.341705]  ? __kasan_save_free_info+0x3a/0x60
[  139.342086]  ? __kasan_slab_free+0x3f/0x50
[  139.342432]  ? kmem_cache_free+0x2a1/0x540
[  139.342779]  ? kfree_skbmem+0x18a/0x1f0
[  139.343110]  ? sk_skb_reason_drop+0x10e/0x1b0
[  139.343486]  ? ieee80211_iface_work+0x43c/0x1220
[  139.343878]  ? cfg80211_wiphy_work+0x245/0x480
[  139.344257]  ? process_one_work+0x8e1/0x19c0
[  139.344621]  ? worker_thread+0x67e/0xe90
[  139.344956]  ? kthread+0x3c8/0x740
[  139.345253]  ? ret_from_fork+0x34b/0x430
[  139.345602]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.346013]  perf_trace_run_bpf_submit+0xef/0x180
[  139.346417]  perf_trace_contention_begin+0x235/0x3e0
[  139.346836]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.347289]  ? lock_acquire+0x18c/0x2f0
[  139.347619]  trace_contention_begin+0xae/0x110
[  139.347996]  __mutex_lock+0x14b/0x1020
[  139.348326]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.348694]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.349061]  ? lock_release+0x1c7/0x290
[  139.349399]  ? __pfx___mutex_lock+0x10/0x10
[  139.349756]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  139.350177]  ? __pfx_try_to_wake_up+0x10/0x10
[  139.350554]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.350982]  cfg80211_wiphy_work+0x7e/0x480
[  139.351339]  process_one_work+0x8e1/0x19c0
[  139.351691]  ? __pfx_process_one_work+0x10/0x10
[  139.352072]  ? move_linked_works+0x172/0x270
[  139.352449]  ? assign_work+0x196/0x240
[  139.352767]  worker_thread+0x67e/0xe90
[  139.353086]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.353515]  ? __pfx_worker_thread+0x10/0x10
[  139.353876]  kthread+0x3c8/0x740
[  139.354157]  ? __pfx_kthread+0x10/0x10
[  139.354476]  ? ret_from_fork+0x23/0x430
[  139.354806]  ? lock_release+0xc8/0x290
[  139.355125]  ? __pfx_kthread+0x10/0x10
[  139.355443]  ret_from_fork+0x34b/0x430
[  139.355769]  ? __pfx_kthread+0x10/0x10
[  139.356087]  ret_from_fork_asm+0x1a/0x30
[  139.356432]  </TASK>
[  139.356623] Modules linked in:
[  139.356965] ---[ end trace 0000000000000000 ]---
[  139.357348] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.357811] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.359328] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.359808] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.360393] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.360983] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.361554] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.362152] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.362747] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.363387] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.363867] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  139.364443] note: kworker/u9:3[48] exited with preempt_count 2
[  139.429974] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#17] SMP KASAN NOPTI
[  139.430899] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.431607] CPU: 1 UID: 0 PID: 42 Comm: kworker/u9:2 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.432546] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.432950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.433609] Workqueue: events_unbound cfg80211_wiphy_work
[  139.434055] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.434441] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.435919] RSP: 0018:ffff88800a4b7700 EFLAGS: 00010212
[  139.436362] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.436941] RDX: ffff88800a3fb700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.437519] RBP: ffff88800a4b7970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.438092] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.438661] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.439229] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.439870] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.440342] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  139.440922] Call Trace:
[  139.441134]  <TASK>
[  139.441322]  ? __pfx_perf_tp_event+0x10/0x10
[  139.441693]  ? sched_balance_rq+0x391/0x29a0
[  139.442060]  ? sched_clock+0x37/0x60
[  139.442370]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.442783]  perf_trace_run_bpf_submit+0xef/0x180
[  139.443183]  perf_trace_contention_begin+0x235/0x3e0
[  139.443597]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.444051]  ? sched_clock_cpu+0x6c/0x4e0
[  139.444402]  ? do_raw_spin_lock+0x123/0x260
[  139.444757]  ? lock_acquire+0x18c/0x2f0
[  139.445085]  trace_contention_begin+0xae/0x110
[  139.445463]  __mutex_lock+0x14b/0x1020
[  139.445787]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.446155]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.446523]  ? __pfx___mutex_lock+0x10/0x10
[  139.446883]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  139.447329]  ? lock_acquire+0x18c/0x2f0
[  139.447662]  ? xfd_validate_state+0x55/0x180
[  139.448026]  ? lock_release+0x1c7/0x290
[  139.448361]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.448784]  cfg80211_wiphy_work+0x7e/0x480
[  139.449139]  process_one_work+0x8e1/0x19c0
[  139.449489]  ? __pfx_process_one_work+0x10/0x10
[  139.449873]  ? move_linked_works+0x172/0x270
[  139.450237]  ? assign_work+0x196/0x240
[  139.450556]  worker_thread+0x67e/0xe90
[  139.450880]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.451308]  ? __pfx_worker_thread+0x10/0x10
[  139.451671]  kthread+0x3c8/0x740
[  139.451954]  ? __pfx_kthread+0x10/0x10
[  139.452278]  ? ret_from_fork+0x23/0x430
[  139.452610]  ? lock_release+0xc8/0x290
[  139.452929]  ? __pfx_kthread+0x10/0x10
[  139.453246]  ret_from_fork+0x34b/0x430
[  139.453573]  ? __pfx_kthread+0x10/0x10
[  139.453888]  ret_from_fork_asm+0x1a/0x30
[  139.454219]  </TASK>
[  139.454409] Modules linked in:
[  139.454720] ---[ end trace 0000000000000000 ]---
[  139.455100] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.455477] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.456980] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.457406] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.458024] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.458588] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.459165] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.459743] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.460323] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.460979] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.461450] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  139.462030] note: kworker/u9:2[42] exited with preempt_count 2
[  139.532226] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#18] SMP KASAN NOPTI
[  139.534396] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.536198] CPU: 1 UID: 0 PID: 415 Comm: kworker/u9:9 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.538458] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.539434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.541035] Workqueue: events_unbound cfg80211_wiphy_work
[  139.542103] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.543024] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.546528] RSP: 0018:ffff888047b8f700 EFLAGS: 00010212
[  139.547598] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.549027] RDX: ffff888047b48000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.550425] RBP: ffff888047b8f970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.551843] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.553267] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.554698] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.556286] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.557433] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  139.558831] Call Trace:
[  139.559343]  <TASK>
[  139.559826]  ? __pfx_perf_tp_event+0x10/0x10
[  139.560735]  ? place_entity+0x1c/0x410
[  139.561512]  ? enqueue_task_fair+0x6b5/0x1e00
[  139.562409]  ? check_preempt_wakeup_fair+0x6e/0x950
[  139.563393]  ? enqueue_task+0x70/0x200
[  139.564196]  ? lock_release+0x1c7/0x290
[  139.565002]  ? do_raw_spin_unlock+0x53/0x220
[  139.565883]  ? _raw_spin_unlock+0x1e/0x40
[  139.566707]  ? sched_balance_rq+0xf27/0x29a0
[  139.567576]  ? sched_clock+0x37/0x60
[  139.568371]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.569381]  perf_trace_run_bpf_submit+0xef/0x180
[  139.570350]  perf_trace_contention_begin+0x235/0x3e0
[  139.571357]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.572476]  ? sched_clock_cpu+0x6c/0x4e0
[  139.573313]  ? do_raw_spin_lock+0x123/0x260
[  139.574186]  ? lock_acquire+0x18c/0x2f0
[  139.574988]  trace_contention_begin+0xae/0x110
[  139.575901]  __mutex_lock+0x14b/0x1020
[  139.576722]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.577602]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.578506]  ? __pfx___mutex_lock+0x10/0x10
[  139.579364]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  139.580458]  ? lock_acquire+0x18c/0x2f0
[  139.581264]  ? lock_release+0x1c7/0x290
[  139.582047]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.583060]  cfg80211_wiphy_work+0x7e/0x480
[  139.583898]  process_one_work+0x8e1/0x19c0
[  139.584758]  ? __pfx_process_one_work+0x10/0x10
[  139.585658]  ? move_linked_works+0x172/0x270
[  139.586523]  ? assign_work+0x196/0x240
[  139.587288]  worker_thread+0x67e/0xe90
[  139.588043]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.589078]  ? __pfx_worker_thread+0x10/0x10
[  139.589938]  kthread+0x3c8/0x740
[  139.590602]  ? __pfx_kthread+0x10/0x10
[  139.591356]  ? ret_from_fork+0x23/0x430
[  139.592151]  ? lock_release+0xc8/0x290
[  139.592931]  ? __pfx_kthread+0x10/0x10
[  139.593683]  ret_from_fork+0x34b/0x430
[  139.594459]  ? __pfx_kthread+0x10/0x10
[  139.595221]  ret_from_fork_asm+0x1a/0x30
[  139.596016]  </TASK>
[  139.596489] Modules linked in:
[  139.597189] ---[ end trace 0000000000000000 ]---
[  139.598249] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.599285] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.602620] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.603560] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.604812] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.606067] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.607679] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.609168] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.610405] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.611767] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.612796] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  139.614039] note: kworker/u9:9[415] exited with preempt_count 2
[  139.635836] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#19] SMP KASAN NOPTI
[  139.637816] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.639274] CPU: 1 UID: 0 PID: 404 Comm: kworker/u9:7 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.641267] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.642118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.643495] Workqueue: events_unbound cfg80211_wiphy_work
[  139.644446] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.645285] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.648390] RSP: 0018:ffff8880479f7700 EFLAGS: 00010212
[  139.649313] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.650522] RDX: ffff8880479d9b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.651774] RBP: ffff8880479f7970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.653038] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.654249] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.655455] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.656839] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.657835] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  139.659061] Call Trace:
[  139.659507]  <TASK>
[  139.659917]  ? __pfx_perf_tp_event+0x10/0x10
[  139.660717]  ? ret_from_fork_asm+0x1a/0x30
[  139.661441]  ? stack_trace_save+0x8e/0xc0
[  139.662163]  ? stack_depot_save_flags+0x2c/0xa20
[  139.662993]  ? kasan_save_stack+0x34/0x50
[  139.663719]  ? kasan_save_stack+0x24/0x50
[  139.664451]  ? kasan_save_track+0x14/0x30
[  139.665168]  ? __kasan_save_free_info+0x3a/0x60
[  139.665971]  ? __kasan_slab_free+0x3f/0x50
[  139.666714]  ? kmem_cache_free+0x2a1/0x540
[  139.667429]  ? kfree_skbmem+0x18a/0x1f0
[  139.668142]  ? sk_skb_reason_drop+0x10e/0x1b0
[  139.668933]  ? ieee80211_iface_work+0x43c/0x1220
[  139.669751]  ? cfg80211_wiphy_work+0x245/0x480
[  139.670531]  ? process_one_work+0x8e1/0x19c0
[  139.671275]  ? worker_thread+0x67e/0xe90
[  139.671976]  ? kthread+0x3c8/0x740
[  139.672614]  ? ret_from_fork+0x34b/0x430
[  139.673333]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.674184]  perf_trace_run_bpf_submit+0xef/0x180
[  139.675023]  perf_trace_contention_begin+0x235/0x3e0
[  139.675903]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.676868]  ? lock_acquire+0x18c/0x2f0
[  139.677547]  trace_contention_begin+0xae/0x110
[  139.678339]  __mutex_lock+0x14b/0x1020
[  139.679027]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.679797]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.680573]  ? lock_release+0x1c7/0x290
[  139.681276]  ? __pfx___mutex_lock+0x10/0x10
[  139.682023]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  139.682879]  ? __pfx_try_to_wake_up+0x10/0x10
[  139.683653]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.684563]  cfg80211_wiphy_work+0x7e/0x480
[  139.685303]  process_one_work+0x8e1/0x19c0
[  139.686039]  ? __pfx_process_one_work+0x10/0x10
[  139.686835]  ? move_linked_works+0x172/0x270
[  139.687629]  ? assign_work+0x196/0x240
[  139.688299]  worker_thread+0x67e/0xe90
[  139.688997]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.689871]  ? __pfx_worker_thread+0x10/0x10
[  139.690640]  kthread+0x3c8/0x740
[  139.691216]  ? __pfx_kthread+0x10/0x10
[  139.691876]  ? ret_from_fork+0x23/0x430
[  139.692596]  ? lock_release+0xc8/0x290
[  139.693281]  ? __pfx_kthread+0x10/0x10
[  139.693945]  ret_from_fork+0x34b/0x430
[  139.694626]  ? __pfx_kthread+0x10/0x10
[  139.695292]  ret_from_fork_asm+0x1a/0x30
[  139.695996]  </TASK>
[  139.696403] Modules linked in:
[  139.697025] ---[ end trace 0000000000000000 ]---
[  139.697883] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.698694] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.701808] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.702754] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.703978] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.705220] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.706466] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.707691] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.708981] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.710343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.711375] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  139.712631] note: kworker/u9:7[404] exited with preempt_count 2
[  139.737814] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#20] SMP KASAN NOPTI
[  139.739740] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.741221] CPU: 1 UID: 0 PID: 406 Comm: kworker/u9:8 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.743165] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.744012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.745420] Workqueue: events_unbound cfg80211_wiphy_work
[  139.746279] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.747020] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.749809] RSP: 0018:ffff88804787f700 EFLAGS: 00010212
[  139.750625] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.751741] RDX: ffff8880479dd280 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.752879] RBP: ffff88804787f970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.753978] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.755062] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.756156] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.757384] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.758282] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  139.759381] Call Trace:
[  139.759789]  <TASK>
[  139.760166]  ? __pfx_perf_tp_event+0x10/0x10
[  139.760890]  ? ret_from_fork_asm+0x1a/0x30
[  139.761549]  ? stack_trace_save+0x8e/0xc0
[  139.762210]  ? stack_depot_save_flags+0x2c/0xa20
[  139.762962]  ? kasan_save_stack+0x34/0x50
[  139.763614]  ? kasan_save_stack+0x24/0x50
[  139.764308]  ? kasan_save_track+0x14/0x30
[  139.764960]  ? __kasan_save_free_info+0x3a/0x60
[  139.765691]  ? __kasan_slab_free+0x3f/0x50
[  139.766344]  ? kmem_cache_free+0x2a1/0x540
[  139.767012]  ? kfree_skbmem+0x18a/0x1f0
[  139.767647]  ? sk_skb_reason_drop+0x10e/0x1b0
[  139.768366]  ? ieee80211_iface_work+0x43c/0x1220
[  139.769114]  ? cfg80211_wiphy_work+0x245/0x480
[  139.769828]  ? process_one_work+0x8e1/0x19c0
[  139.770512]  ? worker_thread+0x67e/0xe90
[  139.771157]  ? kthread+0x3c8/0x740
[  139.771729]  ? ret_from_fork+0x34b/0x430
[  139.772386]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.773171]  perf_trace_run_bpf_submit+0xef/0x180
[  139.773954]  perf_trace_contention_begin+0x235/0x3e0
[  139.774763]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.775636]  ? lock_acquire+0x18c/0x2f0
[  139.776269]  trace_contention_begin+0xae/0x110
[  139.776989]  __mutex_lock+0x14b/0x1020
[  139.777604]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.778313]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.779023]  ? lock_release+0x1c7/0x290
[  139.779661]  ? __pfx___mutex_lock+0x10/0x10
[  139.780364]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  139.781160]  ? __pfx_try_to_wake_up+0x10/0x10
[  139.781890]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.782709]  cfg80211_wiphy_work+0x7e/0x480
[  139.783378]  process_one_work+0x8e1/0x19c0
[  139.784046]  ? __pfx_process_one_work+0x10/0x10
[  139.784788]  ? move_linked_works+0x172/0x270
[  139.785475]  ? assign_work+0x196/0x240
[  139.786091]  worker_thread+0x67e/0xe90
[  139.786713]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.787508]  ? __pfx_worker_thread+0x10/0x10
[  139.788221]  kthread+0x3c8/0x740
[  139.788777]  ? __pfx_kthread+0x10/0x10
[  139.789379]  ? ret_from_fork+0x23/0x430
[  139.790025]  ? lock_release+0xc8/0x290
[  139.790640]  ? __pfx_kthread+0x10/0x10
[  139.791246]  ret_from_fork+0x34b/0x430
[  139.791883]  ? __pfx_kthread+0x10/0x10
[  139.792520]  ret_from_fork_asm+0x1a/0x30
[  139.793171]  </TASK>
[  139.793534] Modules linked in:
[  139.794116] ---[ end trace 0000000000000000 ]---
[  139.794975] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.795852] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.798679] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.799511] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.800666] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.801803] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.802935] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.804065] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.805241] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.806506] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.807442] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  139.808603] note: kworker/u9:8[406] exited with preempt_count 2
[  139.839812] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#21] SMP KASAN NOPTI
[  139.841579] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.842916] CPU: 1 UID: 0 PID: 270 Comm: kworker/u9:5 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.844716] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.845476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.846743] Workqueue: events_unbound cfg80211_wiphy_work
[  139.847586] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.848359] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.851090] RSP: 0018:ffff88800f36f700 EFLAGS: 00010212
[  139.851914] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.853022] RDX: ffff8880184d3700 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.854106] RBP: ffff88800f36f970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.855194] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.856281] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.857378] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.858622] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.859525] CR2: 00007f6f3e8cb718 CR3: 000000003f169000 CR4: 0000000000350ef0
[  139.860647] Call Trace:
[  139.861087]  <TASK>
[  139.861445]  ? __pfx_perf_tp_event+0x10/0x10
[  139.862151]  ? ret_from_fork_asm+0x1a/0x30
[  139.862824]  ? stack_trace_save+0x8e/0xc0
[  139.863470]  ? stack_depot_save_flags+0x2c/0xa20
[  139.864227]  ? kasan_save_stack+0x34/0x50
[  139.864891]  ? kasan_save_stack+0x24/0x50
[  139.865549]  ? kasan_save_track+0x14/0x30
[  139.866215]  ? __kasan_save_free_info+0x3a/0x60
[  139.866954]  ? __kasan_slab_free+0x3f/0x50
[  139.867616]  ? kmem_cache_free+0x2a1/0x540
[  139.868281]  ? kfree_skbmem+0x18a/0x1f0
[  139.868915]  ? kvm_sched_clock_read+0x16/0x30
[  139.869628]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.870420]  perf_trace_run_bpf_submit+0xef/0x180
[  139.871196]  perf_trace_contention_begin+0x235/0x3e0
[  139.871990]  ? __perf_event_task_sched_in+0x235/0x5e0
[  139.872803]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.873670]  ? lock_release+0x1c7/0x290
[  139.874293]  ? lock_acquire+0x18c/0x2f0
[  139.874924]  trace_contention_begin+0xae/0x110
[  139.875652]  __mutex_lock+0x14b/0x1020
[  139.876269]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.876972]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.877694]  ? __pfx___mutex_lock+0x10/0x10
[  139.878363]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  139.879209]  ? lock_acquire+0x18c/0x2f0
[  139.879839]  ? lock_release+0x1c7/0x290
[  139.880471]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.881282]  cfg80211_wiphy_work+0x7e/0x480
[  139.881958]  process_one_work+0x8e1/0x19c0
[  139.882614]  ? __pfx_process_one_work+0x10/0x10
[  139.883365]  ? move_linked_works+0x172/0x270
[  139.884066]  ? assign_work+0x196/0x240
[  139.884696]  worker_thread+0x67e/0xe90
[  139.885296]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.886114]  ? __pfx_worker_thread+0x10/0x10
[  139.886819]  kthread+0x3c8/0x740
[  139.887356]  ? __pfx_kthread+0x10/0x10
[  139.887970]  ? ret_from_fork+0x23/0x430
[  139.888614]  ? lock_release+0xc8/0x290
[  139.889228]  ? __pfx_kthread+0x10/0x10
[  139.889851]  ret_from_fork+0x34b/0x430
[  139.890480]  ? __pfx_kthread+0x10/0x10
[  139.891098]  ret_from_fork_asm+0x1a/0x30
[  139.891745]  </TASK>
[  139.892124] Modules linked in:
[  139.892694] ---[ end trace 0000000000000000 ]---
[  139.893439] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.894205] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.897035] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.897910] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.899043] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.900184] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.901318] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  139.902446] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.903587] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.904886] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.905814] CR2: 00007f6f3e8cb718 CR3: 000000003f169000 CR4: 0000000000350ef0
[  139.906957] note: kworker/u9:5[270] exited with preempt_count 2
[  139.942207] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#22] SMP KASAN NOPTI
[  139.944000] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  139.945392] CPU: 1 UID: 0 PID: 25 Comm: kworker/u9:0 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  139.947177] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  139.947940] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  139.949222] Workqueue: events_unbound cfg80211_wiphy_work
[  139.950070] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.950818] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.953614] RSP: 0018:ffff88800976f700 EFLAGS: 00010212
[  139.954440] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  139.955538] RDX: ffff888009751b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.956658] RBP: ffff88800976f970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.957752] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  139.958851] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  139.959950] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  139.961191] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.962100] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  139.963203] Call Trace:
[  139.963607]  <TASK>
[  139.964005]  ? mark_held_locks+0x49/0x80
[  139.964655]  ? __pfx_perf_tp_event+0x10/0x10
[  139.965354]  ? put_task_struct_rcu_user+0x75/0xc0
[  139.966107]  ? release_task+0xcd4/0x1870
[  139.966763]  ? __lock_acquire+0xc65/0x1b70
[  139.967419]  ? perf_trace_run_bpf_submit+0xef/0x180
[  139.968216]  perf_trace_run_bpf_submit+0xef/0x180
[  139.968980]  perf_trace_contention_begin+0x235/0x3e0
[  139.969779]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  139.970648]  ? update_curr+0x71/0x500
[  139.971257]  ? lock_is_held_type+0x9e/0x120
[  139.971942]  ? lock_acquire+0x18c/0x2f0
[  139.972590]  trace_contention_begin+0xae/0x110
[  139.973314]  __mutex_lock+0x14b/0x1020
[  139.973940]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.974644]  ? cfg80211_wiphy_work+0x7e/0x480
[  139.975340]  ? __pfx___mutex_lock+0x10/0x10
[  139.976039]  ? __pfx___perf_event_task_sched_in+0x10/0x10
[  139.976912]  ? lock_acquire+0x18c/0x2f0
[  139.977536]  ? xfd_validate_state+0x55/0x180
[  139.978233]  ? lock_release+0x1c7/0x290
[  139.978865]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.979690]  cfg80211_wiphy_work+0x7e/0x480
[  139.980366]  process_one_work+0x8e1/0x19c0
[  139.981037]  ? __pfx_process_one_work+0x10/0x10
[  139.981784]  ? move_linked_works+0x172/0x270
[  139.982484]  ? assign_work+0x196/0x240
[  139.983120]  worker_thread+0x67e/0xe90
[  139.983745]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  139.984560]  ? __pfx_worker_thread+0x10/0x10
[  139.985252]  kthread+0x3c8/0x740
[  139.985806]  ? __pfx_kthread+0x10/0x10
[  139.986408]  ? ret_from_fork+0x23/0x430
[  139.987054]  ? lock_release+0xc8/0x290
[  139.987673]  ? __pfx_kthread+0x10/0x10
[  139.988296]  ret_from_fork+0x34b/0x430
[  139.988921]  ? __pfx_kthread+0x10/0x10
[  139.989532]  ret_from_fork_asm+0x1a/0x30
[  139.990178]  </TASK>
[  139.990543] Modules linked in:
[  139.991115] ---[ end trace 0000000000000000 ]---
[  139.991874] RIP: 0010:perf_tp_event+0x175/0xe70
[  139.992629] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  139.995448] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  139.996329] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  139.997458] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  139.998593] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  139.999729] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  140.000872] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  140.002018] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  140.003278] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  140.004217] CR2: 00007f6f3e8cb718 CR3: 000000003fe9b000 CR4: 0000000000350ef0
[  140.005360] note: kworker/u9:0[25] exited with preempt_count 2
[  140.044698] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#23] SMP KASAN NOPTI
[  140.046410] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[  140.047754] CPU: 1 UID: 0 PID: 269 Comm: kworker/u9:4 Tainted: G    B D W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
[  140.049575] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
[  140.050345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  140.051633] Workqueue: events_unbound cfg80211_wiphy_work
[  140.052522] RIP: 0010:perf_tp_event+0x175/0xe70
[  140.053249] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  140.056048] RSP: 0018:ffff8880161a7700 EFLAGS: 00010212
[  140.056900] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[  140.057999] RDX: ffff8880184d1b80 RSI: ffffffff818995b7 RDI: 0000000100000190
[  140.059080] RBP: ffff8880161a7970 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  140.060191] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  140.061299] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  140.062403] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  140.063650] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  140.064548] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  140.065660] Call Trace:
[  140.066064]  <TASK>
[  140.066415]  ? __pfx_perf_tp_event+0x10/0x10
[  140.067120]  ? ret_from_fork_asm+0x1a/0x30
[  140.067797]  ? stack_trace_save+0x8e/0xc0
[  140.068446]  ? stack_depot_save_flags+0x2c/0xa20
[  140.069200]  ? kasan_save_stack+0x34/0x50
[  140.069856]  ? kasan_save_stack+0x24/0x50
[  140.070502]  ? kasan_save_track+0x14/0x30
[  140.071147]  ? __kasan_save_free_info+0x3a/0x60
[  140.071888]  ? __kasan_slab_free+0x3f/0x50
[  140.072557]  ? kmem_cache_free+0x2a1/0x540
[  140.073221]  ? kfree_skbmem+0x18a/0x1f0
[  140.073855]  ? sk_skb_reason_drop+0x10e/0x1b0
[  140.074559]  ? ieee80211_iface_work+0x43c/0x1220
[  140.075298]  ? cfg80211_wiphy_work+0x245/0x480
[  140.076023]  ? process_one_work+0x8e1/0x19c0
[  140.076740]  ? worker_thread+0x67e/0xe90
[  140.077368]  ? kthread+0x3c8/0x740
[  140.077939]  ? ret_from_fork+0x34b/0x430
[  140.078578]  ? perf_trace_run_bpf_submit+0xef/0x180
[  140.079367]  perf_trace_run_bpf_submit+0xef/0x180
[  140.080152]  perf_trace_contention_begin+0x235/0x3e0
[  140.080941]  ? __pfx_perf_trace_contention_begin+0x10/0x10
[  140.081809]  ? lock_acquire+0x18c/0x2f0
[  140.082435]  trace_contention_begin+0xae/0x110
[  140.083177]  __mutex_lock+0x14b/0x1020
[  140.083801]  ? cfg80211_wiphy_work+0x7e/0x480
[  140.084503]  ? cfg80211_wiphy_work+0x7e/0x480
[  140.085204]  ? lock_release+0x1c7/0x290
[  140.085833]  ? __pfx___mutex_lock+0x10/0x10
[  140.086529]  ? _raw_spin_unlock_irqrestore+0x22/0x50
[  140.087340]  ? __pfx_try_to_wake_up+0x10/0x10
[  140.088052]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  140.088884]  cfg80211_wiphy_work+0x7e/0x480
[  140.089544]  process_one_work+0x8e1/0x19c0
[  140.090206]  ? __pfx_process_one_work+0x10/0x10
[  140.090951]  ? move_linked_works+0x172/0x270
[  140.091649]  ? assign_work+0x196/0x240
[  140.092279]  worker_thread+0x67e/0xe90
[  140.092909]  ? trace_irq_enable.constprop.0+0xc2/0x100
[  140.093721]  ? __pfx_worker_thread+0x10/0x10
[  140.094411]  kthread+0x3c8/0x740
[  140.094966]  ? __pfx_kthread+0x10/0x10
[  140.095586]  ? ret_from_fork+0x23/0x430
[  140.096265]  ? lock_release+0xc8/0x290
[  140.096884]  ? __pfx_kthread+0x10/0x10
[  140.097489]  ret_from_fork+0x34b/0x430
[  140.098123]  ? __pfx_kthread+0x10/0x10
[  140.098759]  ret_from_fork_asm+0x1a/0x30
[  140.099399]  </TASK>
[  140.099804] Modules linked in:
[  140.100390] ---[ end trace 0000000000000000 ]---
[  140.101214] RIP: 0010:perf_tp_event+0x175/0xe70
[  140.101986] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[  140.104823] RSP: 0018:ffff8880477bf780 EFLAGS: 00010212
[  140.105662] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90000e91000
[  140.106791] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[  140.107913] RBP: ffff8880477bf9f0 R08: ffff88806cf31340 R09: ffffe8ffffd165a8
[  140.109051] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[  140.110171] R13: 000000000000001c R14: ffff88806cf31340 R15: dffffc0000000000
[  140.111301] FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[  140.112585] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  140.113520] CR2: 00007f6f3e8cb718 CR3: 000000003f37e000 CR4: 0000000000350ef0
[  140.114655] note: kworker/u9:4[269] exited with preempt_count 2

VM DIAGNOSIS:
14:09:03  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff888015658000
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888017b2f6f8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1
R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555562f8e400 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0dca5e2f40 CR3=000000004432e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ff000000000001000000000000000000
XMM02=7463656a6e695f31313230385f7a7973 XMM03=00000000000000000000000000000000
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880477bf0f0
R8 =0000000000000000 R9 =ffffed10014ea046 R10=0000000000000030 R11=6666666666662052
R12=0000000000000030 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f67e503a700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe5a00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d622000 CR3=000000000dc09000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f1cdaa667c000007f1cdaa667c8
XMM02=00007f1cdaa667e000007f1cdaa667c0 XMM03=00007f1cdaa667c800007f1cdaa667c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000