Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:49972' (ECDSA) to the list of known hosts. 2025/08/29 08:40:46 fuzzer started 2025/08/29 08:40:47 dialing manager at localhost:43077 syzkaller login: [ 44.961266] cgroup: Unknown subsys name 'net' [ 45.018396] cgroup: Unknown subsys name 'cpuset' [ 45.033812] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:40:56 syscalls: 2214 2025/08/29 08:40:56 code coverage: enabled 2025/08/29 08:40:56 comparison tracing: enabled 2025/08/29 08:40:56 extra coverage: enabled 2025/08/29 08:40:56 setuid sandbox: enabled 2025/08/29 08:40:56 namespace sandbox: enabled 2025/08/29 08:40:56 Android sandbox: enabled 2025/08/29 08:40:56 fault injection: enabled 2025/08/29 08:40:56 leak checking: enabled 2025/08/29 08:40:56 net packet injection: enabled 2025/08/29 08:40:56 net device setup: enabled 2025/08/29 08:40:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:40:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:40:56 USB emulation: enabled 2025/08/29 08:40:56 hci packet injection: enabled 2025/08/29 08:40:56 wifi device emulation: enabled 2025/08/29 08:40:56 802.15.4 emulation: enabled 2025/08/29 08:40:56 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:40:56 fetching corpus: 49, signal 27430/30415 (executing program) 2025/08/29 08:40:56 fetching corpus: 99, signal 38901/42802 (executing program) 2025/08/29 08:40:56 fetching corpus: 149, signal 44310/49153 (executing program) 2025/08/29 08:40:56 fetching corpus: 199, signal 48592/54245 (executing program) 2025/08/29 08:40:56 fetching corpus: 249, signal 54586/60734 (executing program) 2025/08/29 08:40:57 fetching corpus: 299, signal 58730/65460 (executing program) 2025/08/29 08:40:57 fetching corpus: 349, signal 62450/69686 (executing program) 2025/08/29 08:40:57 fetching corpus: 399, signal 66865/74339 (executing program) 2025/08/29 08:40:57 fetching corpus: 449, signal 71041/78559 (executing program) 2025/08/29 08:40:57 fetching corpus: 499, signal 73371/81179 (executing program) 2025/08/29 08:40:57 fetching corpus: 549, signal 76277/84171 (executing program) 2025/08/29 08:40:57 fetching corpus: 599, signal 78931/86925 (executing program) 2025/08/29 08:40:57 fetching corpus: 649, signal 81022/89066 (executing program) 2025/08/29 08:40:58 fetching corpus: 699, signal 83794/91705 (executing program) 2025/08/29 08:40:58 fetching corpus: 749, signal 85502/93468 (executing program) 2025/08/29 08:40:58 fetching corpus: 799, signal 87842/95614 (executing program) 2025/08/29 08:40:58 fetching corpus: 849, signal 89128/96943 (executing program) 2025/08/29 08:40:58 fetching corpus: 899, signal 90830/98514 (executing program) 2025/08/29 08:40:58 fetching corpus: 949, signal 92823/100321 (executing program) 2025/08/29 08:40:58 fetching corpus: 999, signal 94655/101834 (executing program) 2025/08/29 08:40:59 fetching corpus: 1049, signal 97829/104122 (executing program) 2025/08/29 08:40:59 fetching corpus: 1099, signal 99320/105386 (executing program) 2025/08/29 08:40:59 fetching corpus: 1149, signal 101356/106889 (executing program) 2025/08/29 08:40:59 fetching corpus: 1199, signal 103030/108140 (executing program) 2025/08/29 08:40:59 fetching corpus: 1249, signal 104790/109292 (executing program) 2025/08/29 08:40:59 fetching corpus: 1299, signal 105873/110102 (executing program) 2025/08/29 08:41:00 fetching corpus: 1349, signal 107214/110967 (executing program) 2025/08/29 08:41:00 fetching corpus: 1399, signal 108357/111642 (executing program) 2025/08/29 08:41:00 fetching corpus: 1449, signal 109841/112532 (executing program) 2025/08/29 08:41:00 fetching corpus: 1499, signal 112130/114028 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114652 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114684 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114720 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114759 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114800 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114832 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114866 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114919 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/114967 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115000 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115042 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115081 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115118 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115154 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115199 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115229 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115272 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115308 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115342 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115399 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115439 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115477 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115511 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115568 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115608 (executing program) 2025/08/29 08:41:00 fetching corpus: 1542, signal 113371/115608 (executing program) 2025/08/29 08:41:03 starting 8 fuzzer processes 08:41:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:03 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x14, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:41:03 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000040)={[{@init_itable}]}) 08:41:03 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:03 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) [ 61.223318] audit: type=1400 audit(1756456863.450:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:41:03 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 08:41:03 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:03 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x15, 0x0, &(0x7f0000000280)) [ 62.385273] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.389214] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.392571] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.398200] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.402246] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.563175] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.568658] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.570786] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.572362] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.574857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.577153] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.580724] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.583514] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.585316] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.589389] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.606222] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.611016] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.616194] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.625007] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.638532] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.646442] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.658981] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.659317] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 62.665926] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.671443] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 62.678445] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 62.679858] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 62.681345] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 62.682952] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 62.684211] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 62.685744] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 62.686996] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 62.689340] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 62.691452] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 62.693279] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 62.694653] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 62.705160] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.710660] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.738719] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 62.743627] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.475453] Bluetooth: hci0: command tx timeout [ 64.603909] Bluetooth: hci1: command tx timeout [ 64.666931] Bluetooth: hci2: command tx timeout [ 64.730926] Bluetooth: hci3: command tx timeout [ 64.794990] Bluetooth: hci7: command tx timeout [ 64.795559] Bluetooth: hci6: command tx timeout [ 64.796739] Bluetooth: hci4: command tx timeout [ 64.797233] Bluetooth: hci5: command tx timeout [ 66.522048] Bluetooth: hci0: command tx timeout [ 66.650000] Bluetooth: hci1: command tx timeout [ 66.715978] Bluetooth: hci2: command tx timeout [ 66.779032] Bluetooth: hci3: command tx timeout [ 66.843458] Bluetooth: hci4: command tx timeout [ 66.843907] Bluetooth: hci5: command tx timeout [ 66.844297] Bluetooth: hci6: command tx timeout [ 66.844677] Bluetooth: hci7: command tx timeout [ 68.570960] Bluetooth: hci0: command tx timeout [ 68.697950] Bluetooth: hci1: command tx timeout [ 68.762919] Bluetooth: hci2: command tx timeout [ 68.827106] Bluetooth: hci3: command tx timeout [ 68.891046] Bluetooth: hci4: command tx timeout [ 68.891479] Bluetooth: hci7: command tx timeout [ 68.892237] Bluetooth: hci6: command tx timeout [ 68.892630] Bluetooth: hci5: command tx timeout [ 70.618080] Bluetooth: hci0: command tx timeout [ 70.746005] Bluetooth: hci1: command tx timeout [ 70.810433] Bluetooth: hci2: command tx timeout [ 70.874924] Bluetooth: hci3: command tx timeout [ 70.937950] Bluetooth: hci4: command tx timeout [ 70.938387] Bluetooth: hci5: command tx timeout [ 70.938757] Bluetooth: hci6: command tx timeout [ 70.939189] Bluetooth: hci7: command tx timeout [ 102.861423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.862353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.123363] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.124472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.484254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.485353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.667913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.668523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.702066] audit: type=1400 audit(1756456905.929:8): avc: denied { open } for pid=3769 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 103.713624] audit: type=1400 audit(1756456905.929:9): avc: denied { kernel } for pid=3769 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 103.730024] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 08:41:46 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) [ 103.896532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.897163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:41:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x15, 0x0, &(0x7f0000000280)) [ 104.052947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.053831] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:41:46 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x15, 0x0, &(0x7f0000000280)) 08:41:46 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x15, 0x0, &(0x7f0000000280)) [ 104.471352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.471989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:41:46 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:46 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) [ 104.664471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.665106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.846966] loop7: detected capacity change from 0 to 4 [ 104.874930] EXT4-fs (loop7): bad geometry: block count 64 exceeds size of device (2 blocks) [ 104.886705] loop7: detected capacity change from 0 to 4 [ 104.889962] EXT4-fs (loop7): bad geometry: block count 64 exceeds size of device (2 blocks) [ 105.435733] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.436397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.558220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.558834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.606950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.607546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.710188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.710801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.911444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.912626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.991674] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.992833] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.142702] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.143366] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.195149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.195708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:41:49 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:49 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) 08:41:49 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:49 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000040)={[{@init_itable}]}) 08:41:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x14, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:41:49 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) [ 106.854001] loop7: detected capacity change from 0 to 4 08:41:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x14, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) [ 106.910183] EXT4-fs (loop7): bad geometry: block count 64 exceeds size of device (2 blocks) 08:41:49 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x14, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:41:49 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:49 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) 08:41:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:49 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000040)={[{@init_itable}]}) [ 107.031814] loop7: detected capacity change from 0 to 4 [ 107.036899] EXT4-fs (loop7): bad geometry: block count 64 exceeds size of device (2 blocks) 08:41:49 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) clone3(&(0x7f0000000480)={0x906400, &(0x7f0000000100), 0x0, &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x58) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0x40086607, &(0x7f0000000000)={0x80000}) 08:41:49 executing program 7: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000040)={[{@init_itable}]}) [ 107.167041] loop7: detected capacity change from 0 to 4 [ 107.216686] EXT4-fs (loop7): bad geometry: block count 64 exceeds size of device (2 blocks) 08:41:49 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:49 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 08:41:49 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) 08:41:49 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:49 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 08:41:49 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:50 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:50 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:50 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 08:41:50 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:50 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) 08:41:50 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 08:41:50 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:50 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:50 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) 08:41:51 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x12, 0x0, &(0x7f00000018c0)) 08:41:51 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x3c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x3c}}, 0x0) 08:41:51 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x63, 0x0, @wg=@response={0x2, 0x0, 0x0, "8d00a05de92cd2e174cbfb618b6904b473c3fe05ed91a72b627000", "a57dfcb460646196dff50ec71ded0b59", {"a979159a1b08243b764e33f13a6a2006", "a8e72dde502d5382c448b363b844c5e6"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 08:41:51 executing program 7: syz_emit_ethernet(0x8a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x54, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @fastopen={0x22, 0x4, "e1ea"}, @mss={0x2, 0x4}, @md5sig={0x13, 0x12, "ef1cbdb0f69905295e5431d540756bec"}, @md5sig={0x13, 0x12, "735093986a972b9cee6a771e74575c8f"}, @mss={0x2, 0x4}, @window={0x3, 0x3}]}}}}}}}}, 0x0) 08:41:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40001) r2 = dup2(r1, r0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x2e) 08:41:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='mnt', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x6) 08:41:51 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x14) 08:41:51 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) r1 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) dup2(r1, r0) openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 109.666859] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 109.668472] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 109.670278] CPU: 1 UID: 0 PID: 4000 Comm: syz-executor.1 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.673380] Tainted: [W]=WARN [ 109.674130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.676155] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.677555] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.681549] RSP: 0018:ffff8880189e7600 EFLAGS: 00010212 [ 109.682708] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002015000 [ 109.684122] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 109.685086] RBP: ffff8880189e7870 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 109.686049] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.687015] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 109.687987] FS: 00007fa1dd6aa700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 109.689060] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.689838] CR2: 0000001b2ce21000 CR3: 0000000043b79000 CR4: 0000000000350ef0 [ 109.690788] Call Trace: [ 109.691151] [ 109.691476] ? __pfx_perf_tp_event+0x10/0x10 [ 109.692140] ? perf_trace_run_bpf_submit+0xef/0x180 [ 109.692824] perf_trace_run_bpf_submit+0xef/0x180 [ 109.693498] perf_trace_lock+0x337/0x5d0 [ 109.694062] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.694692] ? lock_acquire+0x15e/0x2f0 [ 109.695249] ? futex_ref_get+0x48/0x300 [ 109.695793] ? futex_ref_get+0x114/0x300 [ 109.696351] ? futex_hash+0x15c/0x390 [ 109.696877] lock_release+0x1ab/0x290 [ 109.697401] ? futex_hash+0x15c/0x390 [ 109.697922] futex_ref_get+0x119/0x300 [ 109.698455] ? futex_hash+0x15c/0x390 [ 109.698973] futex_hash+0x70/0x390 [ 109.699479] futex_wait_setup+0xae/0x550 [ 109.700058] __futex_wait+0x151/0x300 [ 109.700589] ? __pfx___futex_wait+0x10/0x10 [ 109.701189] ? __pfx_futex_wake_mark+0x10/0x10 [ 109.701834] futex_wait+0xde/0x380 [ 109.702327] ? __pfx_futex_wait+0x10/0x10 [ 109.702891] ? perf_trace_lock+0xb5/0x5d0 [ 109.703471] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 109.704175] do_futex+0x2ee/0x370 [ 109.704659] ? __pfx_do_futex+0x10/0x10 [ 109.705201] ? do_raw_spin_lock+0x123/0x260 [ 109.705792] __x64_sys_futex+0x1c9/0x4d0 [ 109.706347] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 109.707056] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.707679] ? kcov_ioctl+0x386/0x6c0 [ 109.708198] ? fput+0x6a/0x100 [ 109.708653] do_syscall_64+0xbf/0x360 [ 109.709173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.709869] RIP: 0033:0x7fa1e0134b19 [ 109.710375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.712778] RSP: 002b:00007fa1dd6aa218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.713785] RAX: ffffffffffffffda RBX: 00007fa1e0247f68 RCX: 00007fa1e0134b19 [ 109.714727] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa1e0247f68 [ 109.715670] RBP: 00007fa1e0247f60 R08: 00007fa1dd6aa700 R09: 0000000000000000 [ 109.716607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa1e0247f6c [ 109.717541] R13: 00007ffe8700951f R14: 00007fa1dd6aa300 R15: 0000000000022000 [ 109.718491] [ 109.718807] Modules linked in: [ 109.719478] ---[ end trace 0000000000000000 ]--- [ 109.720135] RIP: 0010:perf_tp_event+0x175/0xe70 [ 109.720763] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 109.723512] RSP: 0018:ffff8880189e7600 EFLAGS: 00010212 [ 109.724432] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002015000 [ 109.725411] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 109.726382] RBP: ffff8880189e7870 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 109.727350] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 109.728309] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 109.729256] FS: 00007fa1dd6aa700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 109.730324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.731118] CR2: 0000001b2ce21000 CR3: 0000000043b79000 CR4: 0000000000350ef0 [ 109.732078] note: syz-executor.1[4000] exited with preempt_count 1 [ 109.732280] kmemleak: Found object by alias at 0x607f1a638b4c [ 109.732301] CPU: 0 UID: 0 PID: 3998 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.732321] Tainted: [D]=DIE, [W]=WARN [ 109.732325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.732332] Call Trace: [ 109.732336] [ 109.732341] dump_stack_lvl+0xca/0x120 [ 109.732365] __lookup_object+0x94/0xb0 [ 109.732381] delete_object_full+0x27/0x70 [ 109.732396] free_percpu+0x30/0x1160 [ 109.732413] ? arch_uprobe_clear_state+0x16/0x140 [ 109.732431] futex_hash_free+0x38/0xc0 [ 109.732445] mmput+0x2d3/0x390 [ 109.732463] do_exit+0x79d/0x2970 [ 109.732478] ? __pfx_do_exit+0x10/0x10 [ 109.732491] ? do_raw_spin_lock+0x123/0x260 [ 109.732507] ? get_signal+0x835/0x2340 [ 109.732526] do_group_exit+0xd3/0x2a0 [ 109.732539] get_signal+0x2315/0x2340 [ 109.732556] ? errseq_sample+0x5a/0x70 [ 109.732570] ? __pfx_perf_trace_lock+0x10/0x10 [ 109.732585] ? __pfx_get_signal+0x10/0x10 [ 109.732601] ? do_futex+0x135/0x370 [ 109.732613] ? __pfx_do_futex+0x10/0x10 [ 109.732626] arch_do_signal_or_restart+0x80/0x790 [ 109.732644] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 109.732659] ? __x64_sys_futex+0x1c9/0x4d0 [ 109.732671] ? __x64_sys_futex+0x1d2/0x4d0 [ 109.732683] ? __sys_socket+0x9f/0x260 [ 109.732698] ? __pfx___x64_sys_futex+0x10/0x10 [ 109.732710] ? xfd_validate_state+0x55/0x180 [ 109.732728] exit_to_user_mode_loop+0x8b/0x110 [ 109.732740] do_syscall_64+0x2f7/0x360 [ 109.732751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.732763] RIP: 0033:0x7f71379a5b19 [ 109.732772] Code: Unable to access opcode bytes at 0x7f71379a5aef. [ 109.732777] RSP: 002b:00007f7134f1b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.732789] RAX: 0000000000000000 RBX: 00007f7137ab8f68 RCX: 00007f71379a5b19 [ 109.732796] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7137ab8f68 [ 109.732803] RBP: 00007f7137ab8f60 R08: 0000000000000000 R09: 0000000000000000 [ 109.732810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7137ab8f6c [ 109.732817] R13: 00007fffc8175f1f R14: 00007f7134f1b300 R15: 0000000000022000 [ 109.732828] [ 109.732832] kmemleak: Object (percpu) 0x607f1a638b48 (size 8): [ 109.732838] kmemleak: comm "syz-executor.3", pid 3997, jiffies 4294776579 [ 109.732845] kmemleak: min_count = 1 [ 109.732849] kmemleak: count = 0 [ 109.732853] kmemleak: flags = 0x21 [ 109.732856] kmemleak: checksum = 0 [ 109.732860] kmemleak: backtrace: [ 109.732868] pcpu_alloc_noprof+0x87a/0x1170 [ 109.732883] perf_trace_event_init+0x366/0xa10 [ 109.732897] perf_trace_init+0x1a4/0x2f0 [ 109.732908] perf_tp_event_init+0xa6/0x120 [ 109.732924] perf_try_init_event+0x140/0x9f0 [ 109.732937] perf_event_alloc.part.0+0x118e/0x45f0 [ 109.732953] __do_sys_perf_event_open+0x719/0x2c20 [ 109.732966] do_syscall_64+0xbf/0x360 [ 109.732974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.769618] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51 [ 109.770741] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4000, name: syz-executor.1 [ 109.771809] preempt_count: 0, expected: 0 [ 109.772338] RCU nest depth: 2, expected: 0 [ 109.772854] INFO: lockdep is turned off. [ 109.773387] CPU: 1 UID: 0 PID: 4000 Comm: syz-executor.1 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 109.773418] Tainted: [D]=DIE, [W]=WARN [ 109.773424] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 109.773435] Call Trace: [ 109.773441] [ 109.773447] dump_stack_lvl+0xfa/0x120 [ 109.773480] __might_resched+0x2f3/0x510 [ 109.773501] exit_signals+0x25/0x940 [ 109.773530] do_exit+0x2db/0x2970 [ 109.773551] ? _printk+0xbe/0xf0 [ 109.773571] ? __pfx__printk+0x10/0x10 [ 109.773590] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 109.773610] ? __pfx_do_exit+0x10/0x10 [ 109.773629] ? kcov_ioctl+0x386/0x6c0 [ 109.773651] make_task_dead+0x174/0x3b0 [ 109.773671] ? do_syscall_64+0xbf/0x360 [ 109.773687] rewind_stack_and_make_dead+0x16/0x20 [ 109.773712] RIP: 0033:0x7fa1e0134b19 [ 109.773725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 109.773742] RSP: 002b:00007fa1dd6aa218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 109.773759] RAX: ffffffffffffffda RBX: 00007fa1e0247f68 RCX: 00007fa1e0134b19 [ 109.773771] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa1e0247f68 [ 109.773782] RBP: 00007fa1e0247f60 R08: 00007fa1dd6aa700 R09: 0000000000000000 [ 109.773794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa1e0247f6c [ 109.773804] R13: 00007ffe8700951f R14: 00007fa1dd6aa300 R15: 0000000000022000 [ 109.773822] 08:41:52 executing program 7: syz_emit_ethernet(0x8a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x54, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @fastopen={0x22, 0x4, "e1ea"}, @mss={0x2, 0x4}, @md5sig={0x13, 0x12, "ef1cbdb0f69905295e5431d540756bec"}, @md5sig={0x13, 0x12, "735093986a972b9cee6a771e74575c8f"}, @mss={0x2, 0x4}, @window={0x3, 0x3}]}}}}}}}}, 0x0) 08:41:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x12, 0x0, &(0x7f00000018c0)) 08:41:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x12, 0x0, &(0x7f00000018c0)) 08:41:52 executing program 7: syz_emit_ethernet(0x8a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x54, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @fastopen={0x22, 0x4, "e1ea"}, @mss={0x2, 0x4}, @md5sig={0x13, 0x12, "ef1cbdb0f69905295e5431d540756bec"}, @md5sig={0x13, 0x12, "735093986a972b9cee6a771e74575c8f"}, @mss={0x2, 0x4}, @window={0x3, 0x3}]}}}}}}}}, 0x0) 08:41:52 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @local}, {0x0, 0x4e20, 0x8}}}}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000006ac0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40000042, 0x0) 08:41:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x12, 0x0, &(0x7f00000018c0)) 08:41:52 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() sched_getattr(r0, &(0x7f0000001400)={0x38}, 0x38, 0x0) 08:41:52 executing program 7: syz_emit_ethernet(0x8a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "7437b8", 0x54, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @fastopen={0x22, 0x4, "e1ea"}, @mss={0x2, 0x4}, @md5sig={0x13, 0x12, "ef1cbdb0f69905295e5431d540756bec"}, @md5sig={0x13, 0x12, "735093986a972b9cee6a771e74575c8f"}, @mss={0x2, 0x4}, @window={0x3, 0x3}]}}}}}}}}, 0x0) 08:41:52 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000000)={@mcast2}, 0x14) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 08:41:52 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) r1 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) dup2(r1, r0) openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 08:41:52 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010100, @local}, {0x0, 0x4e20, 0x8}}}}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000006ac0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40000042, 0x0) 08:41:52 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000000)={@mcast2}, 0x14) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 08:41:52 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() sched_getattr(r0, &(0x7f0000001400)={0x38}, 0x38, 0x0) 08:41:52 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x14) 08:41:52 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) r1 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) dup2(r1, r0) openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 08:41:52 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000000)={@mcast2}, 0x14) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 08:41:52 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080), 0x6) r1 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) dup2(r1, r0) openat$hpet(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 110.551156] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 110.552025] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 110.552597] CPU: 0 UID: 0 PID: 4032 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.553511] Tainted: [D]=DIE, [W]=WARN [ 110.553796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.554459] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.554836] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.556230] RSP: 0018:ffff8880451b7780 EFLAGS: 00010012 [ 110.556650] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 110.557224] RDX: ffff888016eab700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 110.557779] RBP: ffff8880451b79f0 R08: ffff88806ce31340 R09: ffffe8ffffc15b10 [ 110.558334] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 110.558862] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000 [ 110.559413] FS: 000055557a8c3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 110.560020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.560466] CR2: 0000000020000000 CR3: 000000001e4e7000 CR4: 0000000000350ef0 [ 110.561013] Call Trace: [ 110.561216] [ 110.561388] ? __kernel_text_address+0xd/0x40 [ 110.561761] ? __pfx_perf_tp_event+0x10/0x10 [ 110.562127] ? __pfx_do_raw_spin_trylock+0x10/0x10 [ 110.562517] ? lock_release+0x1c7/0x290 [ 110.562819] ? do_raw_spin_unlock+0x53/0x220 [ 110.563188] ? kasan_unpoison+0x27/0x60 [ 110.563501] ? __kasan_unpoison_pages+0x2f/0x40 [ 110.563878] ? get_page_from_freelist+0x194a/0x24b0 [ 110.564259] ? should_fail_alloc_page+0xe8/0x110 [ 110.564612] ? css_rstat_updated+0x1b8/0x4d0 [ 110.564953] ? __pfx_css_rstat_updated+0x10/0x10 [ 110.565308] ? trace_mm_page_alloc+0xfc/0x150 [ 110.565644] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.566016] perf_trace_run_bpf_submit+0xef/0x180 [ 110.566378] perf_trace_preemptirq_template+0x259/0x430 [ 110.566786] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.567228] ? check_preempt_wakeup_fair+0x406/0x950 [ 110.567607] ? wakeup_preempt+0x140/0x2a0 [ 110.567917] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 110.568297] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.568679] trace_hardirqs_on+0x26/0x40 [ 110.568980] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 110.569348] try_to_wake_up+0x8ae/0x11d0 [ 110.569655] ? __pfx_try_to_wake_up+0x10/0x10 [ 110.569994] ? plist_del+0x122/0x270 [ 110.570277] ? __futex_unqueue+0xda/0x1c0 [ 110.570589] wake_up_q+0xa1/0x130 [ 110.570855] futex_wake+0x47e/0x540 [ 110.571146] ? __pfx_futex_wake+0x10/0x10 [ 110.571457] ? __handle_mm_fault+0x753/0x3260 [ 110.571800] ? vma_start_read+0x304/0x8e0 [ 110.572108] ? __pfx___handle_mm_fault+0x10/0x10 [ 110.572470] do_futex+0x26d/0x370 [ 110.572734] ? __pfx_do_futex+0x10/0x10 [ 110.573032] ? count_memcg_events+0x32b/0x420 [ 110.573373] __x64_sys_futex+0x1c9/0x4d0 [ 110.573679] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.574115] ? __pfx___x64_sys_futex+0x10/0x10 [ 110.574457] do_syscall_64+0xbf/0x360 [ 110.574747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.575134] RIP: 0033:0x7fbcc581eb19 [ 110.575411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.576819] RSP: 002b:00007ffc9b7259c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.577370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbcc581eb19 [ 110.577888] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbcc5931f68 [ 110.578409] RBP: 00007fbcc5931f60 R08: 00007fbcc592e0a0 R09: 0000000000000000 [ 110.578926] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbcc59361d8 [ 110.579448] R13: 00007ffc9b725ad0 R14: 00007fbcc5931f60 R15: 000000000001af6e [ 110.579977] [ 110.580153] Modules linked in: [ 110.580394] ---[ end trace 0000000000000000 ]--- [ 110.580745] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.581094] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.582455] RSP: 0018:ffff8880189e7600 EFLAGS: 00010212 [ 110.582886] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002015000 [ 110.583466] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.584014] RBP: ffff8880189e7870 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 110.584531] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.585048] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.585588] FS: 000055557a8c3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 110.586230] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.586656] CR2: 0000000020000000 CR3: 000000001e4e7000 CR4: 0000000000350ef0 [ 110.587209] note: syz-executor.7[4032] exited with irqs disabled [ 110.587775] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#3] SMP KASAN NOPTI [ 110.588596] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197] [ 110.589206] CPU: 0 UID: 0 PID: 4032 Comm: syz-executor.7 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 110.590092] Tainted: [D]=DIE, [W]=WARN [ 110.590402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 110.591072] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.591424] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.592832] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 110.593236] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002 [ 110.593757] RDX: ffff888016eab700 RSI: ffffffff818995b7 RDI: 0000000000000191 [ 110.594275] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15b10 [ 110.594827] R10: 0000000000000000 R11: ffff88800e6bd898 R12: dffffc0000000000 [ 110.595437] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 110.596012] FS: 000055557a8c3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 110.596658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.597084] CR2: 0000000020000000 CR3: 000000001e4e7000 CR4: 0000000000350ef0 [ 110.597608] Call Trace: [ 110.597800] [ 110.597968] ? __pfx_perf_tp_event+0x10/0x10 [ 110.598302] ? enqueue_task_fair+0xded/0x1e00 [ 110.598647] ? check_preempt_wakeup_fair+0x6e/0x950 [ 110.599019] ? wakeup_preempt+0x140/0x2a0 [ 110.599339] ? lock_release+0x1c7/0x290 [ 110.599638] ? lock_release+0x1c7/0x290 [ 110.599937] ? do_raw_spin_unlock+0x53/0x220 [ 110.600271] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 110.600651] ? try_to_wake_up+0x8ae/0x11d0 [ 110.600972] ? do_raw_spin_lock+0x123/0x260 [ 110.601296] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.601649] ? perf_trace_run_bpf_submit+0xef/0x180 [ 110.602023] perf_trace_run_bpf_submit+0xef/0x180 [ 110.602390] perf_trace_preemptirq_template+0x259/0x430 [ 110.602791] ? read_tsc+0x9/0x20 [ 110.603062] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 110.603502] ? clockevents_program_event+0x135/0x360 [ 110.603883] ? tick_program_event+0xac/0x140 [ 110.604212] ? handle_softirqs+0x16e/0x770 [ 110.604563] trace_irq_enable.constprop.0+0xa6/0x100 [ 110.604978] trace_hardirqs_on+0x26/0x40 [ 110.605291] handle_softirqs+0x16e/0x770 [ 110.605602] __irq_exit_rcu+0xc4/0x100 [ 110.605900] irq_exit_rcu+0x9/0x20 [ 110.606167] sysvec_apic_timer_interrupt+0x70/0x80 [ 110.606548] [ 110.606719] [ 110.606891] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 110.607285] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 110.607635] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 110.608960] RSP: 0018:ffff8880451b7f28 EFLAGS: 00000246 [ 110.609356] RAX: 0000000000000001 RBX: ffff888016eab700 RCX: ffffffff817c2b86 [ 110.609875] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 110.610393] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 110.610967] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016eab700 [ 110.611546] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000 [ 110.612081] ? trace_irq_enable.constprop.0+0x26/0x100 [ 110.612467] ? make_task_dead+0x214/0x3b0 [ 110.612808] ? make_task_dead+0x214/0x3b0 [ 110.613151] ? do_syscall_64+0xbf/0x360 [ 110.613473] rewind_stack_and_make_dead+0x16/0x20 [ 110.613874] RIP: 0033:0x7fbcc581eb19 [ 110.614178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.615855] RSP: 002b:00007ffc9b7259c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.616627] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbcc581eb19 [ 110.617352] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbcc5931f68 [ 110.618057] RBP: 00007fbcc5931f60 R08: 00007fbcc592e0a0 R09: 0000000000000000 [ 110.618774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbcc59361d8 [ 110.619535] R13: 00007ffc9b725ad0 R14: 00007fbcc5931f60 R15: 000000000001af6e [ 110.620252] [ 110.620494] Modules linked in: [ 110.620831] ---[ end trace 0000000000000000 ]--- [ 110.621322] RIP: 0010:perf_tp_event+0x175/0xe70 [ 110.621832] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 110.623678] RSP: 0018:ffff8880189e7600 EFLAGS: 00010212 [ 110.624233] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90002015000 [ 110.624991] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 110.625728] RBP: ffff8880189e7870 R08: ffff88806cf31340 R09: ffffe8ffffd15b10 [ 110.626469] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 110.627201] R13: 000000000000002c R14: ffff88806cf31340 R15: dffffc0000000000 [ 110.627932] FS: 000055557a8c3400(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000 [ 110.628750] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.629334] CR2: 0000000020000000 CR3: 000000001e4e7000 CR4: 0000000000350ef0 [ 110.630054] Kernel panic - not syncing: Fatal exception in interrupt [ 110.630899] Kernel Offset: disabled [ 110.631285] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:41:52 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3c300 RCX=ffffffff816880fc RDX=ffff88800a9b1b80 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888044487988 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9c6bb1 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555577eb9400 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=0000000043b24000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00ff00000000000000000000000000ff XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007f30de7dc7c800007f30de7dc7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e3230 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff8880189e6f78 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=3030303030302052 R12=0000000000000051 R13=ffffffff88724190 R14=ffffffff88724140 R15=ffffffff88724400 RIP=ffffffff828e3285 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa1dd6aa700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe4000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ce21000 CR3=0000000043b79000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fa1e021b7c000007fa1e021b7c8 XMM02=00007fa1e021b7e000007fa1e021b7c0 XMM03=00007fa1e021b7c800007fa1e021b7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000