Debian GNU/Linux 11 syzkaller ttyS0
Warning: Permanently added '[localhost]:62436' (ECDSA) to the list of known hosts.
2025/09/01 08:25:12 fuzzer started
2025/09/01 08:25:12 dialing manager at localhost:35473
syzkaller login: [ 50.408413] cgroup: Unknown subsys name 'net'
[ 50.454391] cgroup: Unknown subsys name 'cpuset'
[ 50.462199] cgroup: Unknown subsys name 'rlimit'
2025/09/01 08:25:22 syscalls: 2214
2025/09/01 08:25:22 code coverage: enabled
2025/09/01 08:25:22 comparison tracing: enabled
2025/09/01 08:25:22 extra coverage: enabled
2025/09/01 08:25:22 setuid sandbox: enabled
2025/09/01 08:25:22 namespace sandbox: enabled
2025/09/01 08:25:22 Android sandbox: enabled
2025/09/01 08:25:22 fault injection: enabled
2025/09/01 08:25:22 leak checking: enabled
2025/09/01 08:25:22 net packet injection: enabled
2025/09/01 08:25:22 net device setup: enabled
2025/09/01 08:25:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 08:25:22 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 08:25:22 USB emulation: enabled
2025/09/01 08:25:22 hci packet injection: enabled
2025/09/01 08:25:22 wifi device emulation: enabled
2025/09/01 08:25:22 802.15.4 emulation: enabled
2025/09/01 08:25:22 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 08:25:23 fetching corpus: 50, signal 25140/28109 (executing program)
2025/09/01 08:25:23 fetching corpus: 100, signal 41566/45109 (executing program)
2025/09/01 08:25:23 fetching corpus: 150, signal 49134/53269 (executing program)
2025/09/01 08:25:23 fetching corpus: 200, signal 55241/59752 (executing program)
2025/09/01 08:25:23 fetching corpus: 250, signal 59160/64130 (executing program)
2025/09/01 08:25:23 fetching corpus: 300, signal 64811/69798 (executing program)
2025/09/01 08:25:23 fetching corpus: 350, signal 66772/72159 (executing program)
2025/09/01 08:25:24 fetching corpus: 400, signal 70865/76135 (executing program)
2025/09/01 08:25:24 fetching corpus: 450, signal 74254/79470 (executing program)
2025/09/01 08:25:24 fetching corpus: 500, signal 77219/82280 (executing program)
2025/09/01 08:25:24 fetching corpus: 550, signal 79841/84765 (executing program)
2025/09/01 08:25:24 fetching corpus: 600, signal 82579/87206 (executing program)
2025/09/01 08:25:24 fetching corpus: 650, signal 85170/89422 (executing program)
2025/09/01 08:25:24 fetching corpus: 700, signal 87929/91679 (executing program)
2025/09/01 08:25:24 fetching corpus: 750, signal 89145/92758 (executing program)
2025/09/01 08:25:24 fetching corpus: 800, signal 90618/93981 (executing program)
2025/09/01 08:25:25 fetching corpus: 850, signal 92763/95564 (executing program)
2025/09/01 08:25:25 fetching corpus: 900, signal 94489/96906 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98355 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98430 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98526 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98598 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98678 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98741 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98819 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98903 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/98981 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99062 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99131 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99231 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99314 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99403 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99492 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99573 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99666 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99742 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99818 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99901 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/99984 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100054 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100148 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100239 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100314 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100409 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100497 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100572 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100648 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100742 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100795 (executing program)
2025/09/01 08:25:25 fetching corpus: 933, signal 96704/100795 (executing program)
2025/09/01 08:25:27 starting 8 fuzzer processes
08:25:27 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, 0x0, 0x0, 0x0)
08:25:27 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001680)='/sys/class/mem', 0x0, 0x0)
lseek(r0, 0x0, 0x2)
08:25:27 executing program 7:
prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0)
08:25:27 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000080)="8873d6ab3f00", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0})
08:25:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000006c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [{0x3}, {0x4}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}]}, 0x28}}, 0x0)
08:25:27 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
fchmod(r0, 0x0)
08:25:27 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='mpol=prefer:00'])
08:25:27 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
[ 65.811665] audit: type=1400 audit(1756715127.865:7): avc: denied { execmem } for pid=271 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 67.091136] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.095711] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.097827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.102019] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.104667] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.126707] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.130555] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.132815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.135394] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.140929] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.146343] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.147781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.157968] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.164634] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.166895] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.168488] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.178160] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.182223] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.184087] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.185710] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.187610] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.189227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.191011] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.192637] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.193887] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.195128] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.202417] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.204004] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.206115] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.207674] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.215397] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.220917] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.222925] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.224547] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.226130] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.231079] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 67.241859] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 67.250417] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.252936] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 67.273198] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 69.187181] Bluetooth: hci1: command tx timeout
[ 69.250010] Bluetooth: hci2: command tx timeout
[ 69.250570] Bluetooth: hci0: command tx timeout
[ 69.313539] Bluetooth: hci6: command tx timeout
[ 69.314546] Bluetooth: hci5: command tx timeout
[ 69.314588] Bluetooth: hci4: command tx timeout
[ 69.315356] Bluetooth: hci7: command tx timeout
[ 69.377563] Bluetooth: hci3: command tx timeout
[ 71.233656] Bluetooth: hci1: command tx timeout
[ 71.297538] Bluetooth: hci2: command tx timeout
[ 71.298538] Bluetooth: hci0: command tx timeout
[ 71.361523] Bluetooth: hci4: command tx timeout
[ 71.361985] Bluetooth: hci5: command tx timeout
[ 71.362375] Bluetooth: hci6: command tx timeout
[ 71.362942] Bluetooth: hci7: command tx timeout
[ 71.426622] Bluetooth: hci3: command tx timeout
[ 73.281561] Bluetooth: hci1: command tx timeout
[ 73.345762] Bluetooth: hci0: command tx timeout
[ 73.346228] Bluetooth: hci2: command tx timeout
[ 73.411481] Bluetooth: hci4: command tx timeout
[ 73.411553] Bluetooth: hci7: command tx timeout
[ 73.411917] Bluetooth: hci6: command tx timeout
[ 73.412983] Bluetooth: hci5: command tx timeout
[ 73.473510] Bluetooth: hci3: command tx timeout
[ 75.329548] Bluetooth: hci1: command tx timeout
[ 75.393753] Bluetooth: hci2: command tx timeout
[ 75.394570] Bluetooth: hci0: command tx timeout
[ 75.457625] Bluetooth: hci6: command tx timeout
[ 75.458640] Bluetooth: hci5: command tx timeout
[ 75.458705] Bluetooth: hci7: command tx timeout
[ 75.459406] Bluetooth: hci4: command tx timeout
[ 75.522571] Bluetooth: hci3: command tx timeout
[ 106.955173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.956053] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.082246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.082976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.260301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.261497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.378561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.379183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:26:09 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='mpol=prefer:00'])
08:26:09 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
08:26:10 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
08:26:10 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='mpol=prefer:00'])
08:26:10 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='mpol=prefer:00'])
08:26:10 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
08:26:10 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
08:26:10 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockname(r0, 0x0, &(0x7f0000000100))
[ 108.354821] audit: type=1400 audit(1756715170.409:8): avc: denied { open } for pid=3855 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 108.359505] audit: type=1400 audit(1756715170.409:9): avc: denied { kernel } for pid=3855 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 108.431183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.431773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.509955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.510895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.600847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.600852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.601589] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.602792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.679313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.681581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.718983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.719624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.772180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.773218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.836612] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.837210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.935008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.935664] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.029047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.030292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.533334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.534560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.577669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 109.579066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:26:11 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, 0x0, 0x0, 0x0)
08:26:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000080)="8873d6ab3f00", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0})
08:26:11 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
08:26:11 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockname(r0, 0x0, &(0x7f0000000100))
08:26:11 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
fchmod(r0, 0x0)
08:26:11 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001680)='/sys/class/mem', 0x0, 0x0)
lseek(r0, 0x0, 0x2)
08:26:11 executing program 4:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
fchmod(r0, 0x0)
08:26:11 executing program 7:
prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0)
08:26:11 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
fchmod(r0, 0x0)
08:26:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000080)="8873d6ab3f00", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0})
08:26:11 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
pwrite64(r0, 0x0, 0x0, 0x0)
08:26:11 executing program 6:
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000fff000/0x1000)=nil)
08:26:11 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
fchmod(r0, 0x0)
08:26:11 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000080)="8873d6ab3f00", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0})
08:26:11 executing program 3:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001680)='/sys/class/mem', 0x0, 0x0)
lseek(r0, 0x0, 0x2)
08:26:11 executing program 4:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
fchmod(r0, 0x0)
08:26:11 executing program 7:
prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x0)
08:26:11 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockname(r0, 0x0, &(0x7f0000000100))
[ 110.016643] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#1] SMP KASAN NOPTI
[ 110.017605] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587]
[ 110.018272] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.019933] Tainted: [W]=WARN
[ 110.020792] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.022702] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.024229] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.027696] RSP: 0018:ffff888044367780 EFLAGS: 00010012
[ 110.028145] RAX: 00200000000000b0 RBX: ffff8880442f0641 RCX: ffffc90001dfc000
[ 110.028728] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580
[ 110.029316] RBP: ffff8880443679f0 R08: ffff88806cf31340 R09: ffffe8ffffd16330
[ 110.029892] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.030469] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000
[ 110.031052] FS: 00007f0a66619700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 110.031716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.032209] CR2: 00007f0a691b7018 CR3: 000000001eac8000 CR4: 0000000000350ef0
[ 110.032796] Call Trace:
[ 110.033014]
[ 110.033207] ? __pfx_perf_tp_event+0x10/0x10
[ 110.033583] ? __asan_memcpy+0x3d/0x60
[ 110.033911] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 110.034423] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 110.034956] ? lock_is_held_type+0x9e/0x120
[ 110.035328] ? ctx_sched_in+0x134/0x9b0
[ 110.035667] ? __lock_acquire+0x694/0x1b70
[ 110.036043] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.036466] ? find_held_lock+0x2b/0x80
[ 110.036809] perf_trace_run_bpf_submit+0xef/0x180
[ 110.037219] perf_trace_preemptirq_template+0x259/0x430
[ 110.037661] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.038137] ? __pfx___smp_call_single_queue+0x10/0x10
[ 110.038581] ? find_held_lock+0x2b/0x80
[ 110.038918] ? try_to_wake_up+0x8ae/0x11d0
[ 110.039283] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 110.039719] trace_irq_enable.constprop.0+0xa6/0x100
[ 110.040145] trace_hardirqs_on+0x26/0x40
[ 110.040485] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 110.040903] try_to_wake_up+0x8ae/0x11d0
[ 110.041246] ? __pfx_try_to_wake_up+0x10/0x10
[ 110.041628] ? plist_del+0x122/0x270
[ 110.041944] ? find_held_lock+0x2b/0x80
[ 110.042285] ? futex_wake+0x474/0x540
[ 110.042614] wake_up_q+0xa1/0x130
[ 110.042916] futex_wake+0x47e/0x540
[ 110.043231] ? __pfx_futex_wake+0x10/0x10
[ 110.043578] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 110.044009] ? lock_release+0xc8/0x290
[ 110.044348] do_futex+0x26d/0x370
[ 110.044646] ? __pfx_do_futex+0x10/0x10
[ 110.044985] __x64_sys_futex+0x1c9/0x4d0
[ 110.045330] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.045822] ? __pfx___x64_sys_futex+0x10/0x10
[ 110.046211] do_syscall_64+0xbf/0x360
[ 110.046530] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.046956] RIP: 0033:0x7f0a690a3b19
[ 110.047268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.048754] RSP: 002b:00007f0a66619218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.049384] RAX: ffffffffffffffda RBX: 00007f0a691b6f68 RCX: 00007f0a690a3b19
[ 110.049982] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0a691b6f6c
[ 110.050577] RBP: 00007f0a691b6f60 R08: 000000000000000e R09: 0000000000000000
[ 110.051163] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f0a691b6f6c
[ 110.051760] R13: 00007fff016146bf R14: 00007f0a66619300 R15: 0000000000022000
[ 110.052358]
[ 110.052556] Modules linked in:
[ 110.052828] ---[ end trace 0000000000000000 ]---
[ 110.052833] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 110.053221] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.054869] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 110.055246] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.056528] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.058023] RSP: 0018:ffff888044367780 EFLAGS: 00010012
[ 110.059748] Tainted: [D]=DIE, [W]=WARN
[ 110.060191] RAX: 00200000000000b0 RBX: ffff8880442f0641 RCX: ffffc90001dfc000
[ 110.060744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.061323] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580
[ 110.062513] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.063088] RBP: ffff8880443679f0 R08: ffff88806cf31340 R09: ffffe8ffffd16330
[ 110.063750] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.064329] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.066943] RSP: 0018:ffff88804436f780 EFLAGS: 00010012
[ 110.067525] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000
[ 110.067529]
[ 110.067538] FS: 00007f0a66619700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 110.068320] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc90005216000
[ 110.068902] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.069151] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 110.069811] CR2: 00007f0a691b7018 CR3: 000000001eac8000 CR4: 0000000000350ef0
[ 110.070831] RBP: ffff88804436f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16330
[ 110.071307] note: syz-executor.5[3945] exited with irqs disabled
[ 110.072328] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 110.075815] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 110.076864] FS: 00007f187b58a700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 110.078009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.078845] CR2: 00007f187e128018 CR3: 0000000042ff6000 CR4: 0000000000350ef0
[ 110.079850] Call Trace:
[ 110.080252]
[ 110.080586] ? __pfx_perf_tp_event+0x10/0x10
[ 110.081228] ? avc_has_perm_noaudit+0x150/0x3d0
[ 110.081918] ? lock_acquire+0x18c/0x2f0
[ 110.082497] ? lock_acquire+0x18c/0x2f0
[ 110.083076] ? lock_release+0x1c7/0x290
[ 110.083663] ? lock_acquire+0x18c/0x2f0
[ 110.084263] ? lock_acquire+0x18c/0x2f0
[ 110.084839] ? lock_release+0x1c7/0x290
[ 110.085419] ? __is_insn_slot_addr+0x140/0x290
[ 110.086090] ? kernel_text_address+0x5b/0xc0
[ 110.086731] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 110.087515] ? __kernel_text_address+0xd/0x40
[ 110.088193] ? unwind_get_return_address+0x59/0xa0
[ 110.088910] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 110.089681] ? arch_stack_walk+0x9c/0xf0
[ 110.090265] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.090999] perf_trace_run_bpf_submit+0xef/0x180
[ 110.091707] perf_trace_preemptirq_template+0x259/0x430
[ 110.092492] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 110.093287] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.094127] ? __pfx___resched_curr+0x10/0x10
[ 110.094790] ? check_preempt_wakeup_fair+0x406/0x950
[ 110.095537] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 110.096305] trace_irq_enable.constprop.0+0xa6/0x100
[ 110.097039] trace_hardirqs_on+0x26/0x40
[ 110.097627] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 110.098335] try_to_wake_up+0x8ae/0x11d0
[ 110.098936] ? __pfx_try_to_wake_up+0x10/0x10
[ 110.099597] ? plist_del+0x122/0x270
[ 110.100182] ? __futex_unqueue+0xda/0x1c0
[ 110.100783] wake_up_q+0xa1/0x130
[ 110.101302] futex_wake+0x47e/0x540
[ 110.101845] ? __pfx_futex_wake+0x10/0x10
[ 110.102453] ? kmem_cache_free+0x2a1/0x540
[ 110.103140] ? putname.part.0+0x11b/0x160
[ 110.103752] do_futex+0x26d/0x370
[ 110.104295] ? __pfx_do_futex+0x10/0x10
[ 110.104881] ? count_memcg_events+0x32b/0x420
[ 110.105538] __x64_sys_futex+0x1c9/0x4d0
[ 110.106125] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.106951] ? __x64_sys_openat+0x142/0x200
[ 110.107572] ? __pfx___x64_sys_futex+0x10/0x10
[ 110.108267] do_syscall_64+0xbf/0x360
[ 110.108818] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.109549] RIP: 0033:0x7f187e014b19
[ 110.110076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.112649] RSP: 002b:00007f187b58a218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.113722] RAX: ffffffffffffffda RBX: 00007f187e127f68 RCX: 00007f187e014b19
[ 110.114722] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f187e127f6c
[ 110.115713] RBP: 00007f187e127f60 R08: 000000000000000e R09: 0000000000000000
[ 110.116735] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f187e127f6c
[ 110.117731] R13: 00007fffc3b1a15f R14: 00007f187b58a300 R15: 0000000000022000
[ 110.118735]
[ 110.119074] Modules linked in:
[ 110.119537] ---[ end trace 0000000000000000 ]---
[ 110.119538] Oops: general protection fault, probably for non-canonical address 0xe01ffc00000000b0: 0000 [#3] SMP KASAN NOPTI
[ 110.120221] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.121084] KASAN: maybe wild-memory-access in range [0x0100000000000580-0x0100000000000587]
[ 110.121722] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.122378] CPU: 1 UID: 0 PID: 3945 Comm: syz-executor.5 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.124940] RSP: 0018:ffff888044367780 EFLAGS: 00010012
[ 110.125862] Tainted: [D]=DIE, [W]=WARN
[ 110.125869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.126595] RAX: 00200000000000b0 RBX: ffff8880442f0641 RCX: ffffc90001dfc000
[ 110.126898] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.128044] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580
[ 110.128598] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.129237] RBP: ffff8880443679f0 R08: ffff88806cf31340 R09: ffffe8ffffd16330
[ 110.129790] RSP: 0018:ffff88806cf08b80 EFLAGS: 00010012
[ 110.132317] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.132868]
[ 110.132874] RAX: 00200000000000b0 RBX: ffff8880442f0641 RCX: ffffffff8189a55c
[ 110.133603] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000
[ 110.134161] RDX: ffff88800a9c5280 RSI: ffffffff8189a5dd RDI: 0100000000000580
[ 110.134415] FS: 00007f187b58a700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 110.134966] RBP: ffff88806cf08df0 R08: ffff88806cf313e8 R09: ffffe8ffffd16330
[ 110.135954] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.136509] R10: 0000000000000000 R11: ffff888018eb0c98 R12: dffffc0000000000
[ 110.137624] CR2: 00007f187e128018 CR3: 0000000042ff6000 CR4: 0000000000350ef0
[ 110.138174] R13: 0100000000000000 R14: ffff88806cf313e8 R15: dffffc0000000000
[ 110.138983] note: syz-executor.4[3946] exited with irqs disabled
[ 110.139534] FS: 00007f0a66619700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 110.142201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.142662] CR2: 00007f0a691b7018 CR3: 000000001eac8000 CR4: 0000000000350ef0
[ 110.143226] Call Trace:
[ 110.143434]
[ 110.143614] ? __pfx_perf_tp_event+0x10/0x10
[ 110.143976] ? trace_pelt_se_tp+0xdf/0x130
[ 110.144329] ? place_entity+0x300/0x410
[ 110.144649] ? lock_acquire+0x18c/0x2f0
[ 110.144968] ? update_cfs_group+0x11d/0x260
[ 110.145316] ? lock_release+0x1c7/0x290
[ 110.145634] ? trace_softirq_raise+0xbe/0x100
[ 110.146002] ? run_posix_cpu_timers+0x160/0x7d0
[ 110.146377] ? __raise_softirq_irqoff+0x5f/0x90
[ 110.146747] ? __pfx_run_posix_cpu_timers+0x10/0x10
[ 110.147143] ? sched_balance_trigger+0x1ac/0xcb0
[ 110.147527] ? sched_tick+0x27c/0x6c0
[ 110.147842] ? do_raw_spin_lock+0x123/0x260
[ 110.148202] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 110.148581] ? perf_trace_run_bpf_submit+0xef/0x180
[ 110.148983] perf_trace_run_bpf_submit+0xef/0x180
[ 110.149373] perf_trace_preemptirq_template+0x259/0x430
[ 110.149796] ? read_tsc+0x9/0x20
[ 110.150079] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 110.150539] ? clockevents_program_event+0x135/0x360
[ 110.150948] ? tick_program_event+0xac/0x140
[ 110.151298] ? handle_softirqs+0x16e/0x770
[ 110.151640] trace_irq_enable.constprop.0+0xa6/0x100
[ 110.152050] trace_hardirqs_on+0x26/0x40
[ 110.152372] handle_softirqs+0x16e/0x770
[ 110.152706] __irq_exit_rcu+0xc4/0x100
[ 110.153023] irq_exit_rcu+0x9/0x20
[ 110.153311] sysvec_apic_timer_interrupt+0x70/0x80
[ 110.153707]
[ 110.153892]
[ 110.154076] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 110.154492] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 110.154870] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[ 110.156299] RSP: 0018:ffff888044367f28 EFLAGS: 00000246
[ 110.156720] RAX: 0000000000000001 RBX: ffff88800a9c5280 RCX: ffffffff817c3ab6
[ 110.157279] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 110.157841] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 110.158399] R10: ffffffff8643b457 R11: 3030303030302043 R12: ffff88800a9c5280
[ 110.158961] R13: 0000000000000000 R14: e01ffc00000000b0 R15: 0000000000000000
[ 110.159520] ? trace_irq_enable.constprop.0+0x26/0x100
[ 110.159934] ? make_task_dead+0x214/0x3b0
[ 110.160281] ? make_task_dead+0x214/0x3b0
[ 110.160613] ? do_syscall_64+0xbf/0x360
[ 110.160934] rewind_stack_and_make_dead+0x16/0x20
[ 110.161327] RIP: 0033:0x7f0a690a3b19
[ 110.161623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 110.163049] RSP: 002b:00007f0a66619218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 110.163646] RAX: ffffffffffffffda RBX: 00007f0a691b6f68 RCX: 00007f0a690a3b19
[ 110.164217] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0a691b6f6c
[ 110.164788] RBP: 00007f0a691b6f60 R08: 000000000000000e R09: 0000000000000000
[ 110.165349] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f0a691b6f6c
[ 110.165910] R13: 00007fff016146bf R14: 00007f0a66619300 R15: 0000000000022000
[ 110.166472]
[ 110.166659] Modules linked in:
[ 110.166922] ---[ end trace 0000000000000000 ]---
[ 110.166924] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
[ 110.167293] RIP: 0010:perf_tp_event+0x26b/0xe70
[ 110.168843] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 110.169203] Code: 3c 20 00 0f 85 3d 0b 00 00 4c 8b ab 00 03 00 00 4d 85 ed 4c 0f 44 eb e8 d3 50 ea ff 49 8d bd 80 05 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 fd 0a 00 00 4d 8b ad 80 05 00 00 4d 85 ed 0f
[ 110.170396] CPU: 0 UID: 0 PID: 3946 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 110.171806] RSP: 0018:ffff888044367780 EFLAGS: 00010012
[ 110.173438] Tainted: [D]=DIE, [W]=WARN
[ 110.173847] RAX: 00200000000000b0 RBX: ffff8880442f0641 RCX: ffffc90001dfc000
[ 110.174378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.174933] RDX: 0000000000040000 RSI: ffffffff8189a5dd RDI: 0100000000000580
[ 110.176058] RIP: 0010:perf_tp_event+0x175/0xe70
[ 110.176611] RBP: ffff8880443679f0 R08: ffff88806cf31340 R09: ffffe8ffffd16330
[ 110.177257] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 110.177813] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 110.180301] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[ 110.180860] R13: 0100000000000000 R14: ffff88806cf31340 R15: dffffc0000000000
[ 110.180864]
[ 110.180874] FS: 00007f0a66619700(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000
[ 110.181583] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 110.182141] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.182377] RDX: ffff88800a9c3700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
[ 110.183000] CR2: 00007f0a691b7018 CR3: 000000001eac8000 CR4: 0000000000350ef0
[ 110.183963] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16330
[ 110.184423] Kernel panic - not syncing: Fatal exception in interrupt
[ 111.231199] Shutting down cpus with NMI
[ 111.233213] Kernel Offset: disabled
[ 111.233503] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:26:12 Registers:
info registers vcpu 0
RAX=fffffbfff0f0f608 RBX=fffffbfff0f0f609 RCX=ffffffff84be3c0e RDX=fffffbfff0f0f609
RSI=0000000000000004 RDI=ffffffff8787b044 RBP=fffffbfff0f0f608 RSP=ffff88804436f510
R8 =0000000000000000 R9 =fffffbfff0f0f608 R10=ffffffff8787b047 R11=202c746c75616620
R12=1ffff1100886dea7 R13=0000000000000007 R14=fffffbfff0f0f608 R15=ffff88804436f568
RIP=ffffffff81b00961 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f187b58a700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f187e128018 CR3=0000000042ff6000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f187e0fb7c000007f187e0fb7c8
XMM02=00007f187e0fb7e000007f187e0fb7c0 XMM03=00007f187e0fb7c800007f187e0fb7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888044367070
R8 =0000000000000000 R9 =ffffed1001727046 R10=0000000000000020 R11=0000000065646f43
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f0a66619700 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe6300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0a691b7018 CR3=000000001eac8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f0a6918a7c000007f0a6918a7c8
XMM02=00007f0a6918a7e000007f0a6918a7c0 XMM03=00007f0a6918a7c800007f0a6918a7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000