Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:15439' (ECDSA) to the list of known hosts. 2025/09/01 09:36:08 fuzzer started 2025/09/01 09:36:08 dialing manager at localhost:35473 syzkaller login: [ 44.679199] cgroup: Unknown subsys name 'net' [ 44.733183] cgroup: Unknown subsys name 'cpuset' [ 44.748248] cgroup: Unknown subsys name 'rlimit' 2025/09/01 09:36:19 syscalls: 2214 2025/09/01 09:36:19 code coverage: enabled 2025/09/01 09:36:19 comparison tracing: enabled 2025/09/01 09:36:19 extra coverage: enabled 2025/09/01 09:36:19 setuid sandbox: enabled 2025/09/01 09:36:19 namespace sandbox: enabled 2025/09/01 09:36:19 Android sandbox: enabled 2025/09/01 09:36:19 fault injection: enabled 2025/09/01 09:36:19 leak checking: enabled 2025/09/01 09:36:19 net packet injection: enabled 2025/09/01 09:36:19 net device setup: enabled 2025/09/01 09:36:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 09:36:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 09:36:19 USB emulation: enabled 2025/09/01 09:36:19 hci packet injection: enabled 2025/09/01 09:36:19 wifi device emulation: enabled 2025/09/01 09:36:19 802.15.4 emulation: enabled 2025/09/01 09:36:19 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 09:36:19 fetching corpus: 50, signal 25304/28624 (executing program) 2025/09/01 09:36:19 fetching corpus: 100, signal 35933/40494 (executing program) 2025/09/01 09:36:19 fetching corpus: 150, signal 42475/48184 (executing program) 2025/09/01 09:36:19 fetching corpus: 200, signal 53308/59780 (executing program) 2025/09/01 09:36:19 fetching corpus: 250, signal 58397/65812 (executing program) 2025/09/01 09:36:20 fetching corpus: 300, signal 64665/72752 (executing program) 2025/09/01 09:36:20 fetching corpus: 350, signal 68577/77425 (executing program) 2025/09/01 09:36:20 fetching corpus: 400, signal 72302/81779 (executing program) 2025/09/01 09:36:20 fetching corpus: 450, signal 75460/85552 (executing program) 2025/09/01 09:36:20 fetching corpus: 500, signal 78700/89366 (executing program) 2025/09/01 09:36:20 fetching corpus: 550, signal 81194/92410 (executing program) 2025/09/01 09:36:20 fetching corpus: 600, signal 84810/96334 (executing program) 2025/09/01 09:36:20 fetching corpus: 650, signal 86872/98957 (executing program) 2025/09/01 09:36:20 fetching corpus: 700, signal 88558/101110 (executing program) 2025/09/01 09:36:20 fetching corpus: 750, signal 90493/103516 (executing program) 2025/09/01 09:36:21 fetching corpus: 800, signal 93899/107013 (executing program) 2025/09/01 09:36:21 fetching corpus: 850, signal 95250/108815 (executing program) 2025/09/01 09:36:21 fetching corpus: 900, signal 96588/110584 (executing program) 2025/09/01 09:36:21 fetching corpus: 950, signal 99220/113243 (executing program) 2025/09/01 09:36:21 fetching corpus: 1000, signal 100423/114828 (executing program) 2025/09/01 09:36:21 fetching corpus: 1050, signal 101921/116552 (executing program) 2025/09/01 09:36:21 fetching corpus: 1100, signal 103749/118447 (executing program) 2025/09/01 09:36:21 fetching corpus: 1150, signal 105097/120055 (executing program) 2025/09/01 09:36:22 fetching corpus: 1200, signal 106779/121802 (executing program) 2025/09/01 09:36:22 fetching corpus: 1250, signal 107956/123145 (executing program) 2025/09/01 09:36:22 fetching corpus: 1300, signal 109551/124836 (executing program) 2025/09/01 09:36:22 fetching corpus: 1350, signal 110607/126076 (executing program) 2025/09/01 09:36:22 fetching corpus: 1400, signal 112090/127489 (executing program) 2025/09/01 09:36:22 fetching corpus: 1450, signal 113179/128699 (executing program) 2025/09/01 09:36:22 fetching corpus: 1500, signal 114526/130042 (executing program) 2025/09/01 09:36:23 fetching corpus: 1550, signal 116205/131539 (executing program) 2025/09/01 09:36:23 fetching corpus: 1600, signal 117476/132720 (executing program) 2025/09/01 09:36:23 fetching corpus: 1650, signal 118450/133721 (executing program) 2025/09/01 09:36:23 fetching corpus: 1700, signal 119096/134539 (executing program) 2025/09/01 09:36:23 fetching corpus: 1750, signal 119945/135414 (executing program) 2025/09/01 09:36:23 fetching corpus: 1800, signal 121093/136416 (executing program) 2025/09/01 09:36:23 fetching corpus: 1850, signal 121812/137200 (executing program) 2025/09/01 09:36:23 fetching corpus: 1900, signal 122822/138144 (executing program) 2025/09/01 09:36:23 fetching corpus: 1950, signal 123717/138941 (executing program) 2025/09/01 09:36:23 fetching corpus: 2000, signal 125170/140010 (executing program) 2025/09/01 09:36:24 fetching corpus: 2050, signal 125720/140612 (executing program) 2025/09/01 09:36:24 fetching corpus: 2100, signal 126656/141378 (executing program) 2025/09/01 09:36:24 fetching corpus: 2150, signal 127655/142101 (executing program) 2025/09/01 09:36:24 fetching corpus: 2200, signal 128445/142778 (executing program) 2025/09/01 09:36:24 fetching corpus: 2250, signal 129272/143399 (executing program) 2025/09/01 09:36:24 fetching corpus: 2300, signal 130276/144170 (executing program) 2025/09/01 09:36:24 fetching corpus: 2350, signal 132233/145235 (executing program) 2025/09/01 09:36:24 fetching corpus: 2400, signal 133393/145940 (executing program) 2025/09/01 09:36:24 fetching corpus: 2450, signal 134158/146470 (executing program) 2025/09/01 09:36:25 fetching corpus: 2500, signal 134925/146966 (executing program) 2025/09/01 09:36:25 fetching corpus: 2550, signal 135419/147401 (executing program) 2025/09/01 09:36:25 fetching corpus: 2600, signal 136034/147837 (executing program) 2025/09/01 09:36:25 fetching corpus: 2650, signal 136650/148257 (executing program) 2025/09/01 09:36:25 fetching corpus: 2700, signal 137497/148686 (executing program) 2025/09/01 09:36:25 fetching corpus: 2750, signal 137976/149016 (executing program) 2025/09/01 09:36:25 fetching corpus: 2800, signal 138695/149406 (executing program) 2025/09/01 09:36:25 fetching corpus: 2850, signal 139519/149796 (executing program) 2025/09/01 09:36:25 fetching corpus: 2900, signal 140138/150126 (executing program) 2025/09/01 09:36:25 fetching corpus: 2950, signal 140695/150442 (executing program) 2025/09/01 09:36:26 fetching corpus: 3000, signal 141326/150739 (executing program) 2025/09/01 09:36:26 fetching corpus: 3050, signal 141970/151026 (executing program) 2025/09/01 09:36:26 fetching corpus: 3100, signal 142791/151347 (executing program) 2025/09/01 09:36:26 fetching corpus: 3150, signal 143605/151621 (executing program) 2025/09/01 09:36:26 fetching corpus: 3200, signal 144151/151871 (executing program) 2025/09/01 09:36:26 fetching corpus: 3250, signal 144771/152098 (executing program) 2025/09/01 09:36:26 fetching corpus: 3300, signal 145247/152272 (executing program) 2025/09/01 09:36:26 fetching corpus: 3350, signal 145774/152432 (executing program) 2025/09/01 09:36:27 fetching corpus: 3400, signal 146186/152582 (executing program) 2025/09/01 09:36:27 fetching corpus: 3450, signal 146935/152755 (executing program) 2025/09/01 09:36:27 fetching corpus: 3500, signal 147869/152879 (executing program) 2025/09/01 09:36:27 fetching corpus: 3550, signal 148724/153069 (executing program) 2025/09/01 09:36:27 fetching corpus: 3600, signal 149078/153169 (executing program) 2025/09/01 09:36:27 fetching corpus: 3650, signal 149577/153264 (executing program) 2025/09/01 09:36:27 fetching corpus: 3700, signal 150099/153328 (executing program) 2025/09/01 09:36:27 fetching corpus: 3735, signal 150394/153348 (executing program) 2025/09/01 09:36:27 fetching corpus: 3735, signal 150394/153348 (executing program) 2025/09/01 09:36:30 starting 8 fuzzer processes 09:36:30 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:36:30 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fgetxattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000100)=""/254, 0xfe) 09:36:30 executing program 1: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x19, 0x0, 0x0) 09:36:30 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/kexec_crash_size', 0x0, 0x0) pread64(r0, &(0x7f00000001c0)=""/245, 0xf5, 0x800000000) 09:36:30 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind(r0, &(0x7f00000007c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80) 09:36:30 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, 0x1c) 09:36:30 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 09:36:30 executing program 3: syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) [ 66.559466] audit: type=1400 audit(1756719390.509:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 67.786851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.791136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.794135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.798693] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.801430] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.917378] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.921086] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.925051] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.938700] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.941107] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.948015] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.971112] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.978731] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.980615] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.991478] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.994199] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.996891] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.001513] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.004537] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.007255] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.009510] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.010925] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.013545] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.019357] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.020267] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.023343] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.025339] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.029184] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.029589] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.032856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.033097] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.035539] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.037664] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.040475] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.051942] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.067151] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.071909] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.077158] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.120797] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.124348] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.885138] Bluetooth: hci0: command tx timeout [ 70.014835] Bluetooth: hci1: command tx timeout [ 70.076881] Bluetooth: hci2: command tx timeout [ 70.140857] Bluetooth: hci6: command tx timeout [ 70.141019] Bluetooth: hci4: command tx timeout [ 70.141909] Bluetooth: hci3: command tx timeout [ 70.204821] Bluetooth: hci5: command tx timeout [ 70.205357] Bluetooth: hci7: command tx timeout [ 71.934811] Bluetooth: hci0: command tx timeout [ 72.060928] Bluetooth: hci1: command tx timeout [ 72.125838] Bluetooth: hci2: command tx timeout [ 72.188839] Bluetooth: hci4: command tx timeout [ 72.190808] Bluetooth: hci3: command tx timeout [ 72.190861] Bluetooth: hci6: command tx timeout [ 72.252874] Bluetooth: hci7: command tx timeout [ 72.254339] Bluetooth: hci5: command tx timeout [ 73.980854] Bluetooth: hci0: command tx timeout [ 74.108949] Bluetooth: hci1: command tx timeout [ 74.172871] Bluetooth: hci2: command tx timeout [ 74.236910] Bluetooth: hci3: command tx timeout [ 74.236991] Bluetooth: hci4: command tx timeout [ 74.237310] Bluetooth: hci6: command tx timeout [ 74.300836] Bluetooth: hci5: command tx timeout [ 74.301249] Bluetooth: hci7: command tx timeout [ 76.029825] Bluetooth: hci0: command tx timeout [ 76.157943] Bluetooth: hci1: command tx timeout [ 76.220868] Bluetooth: hci2: command tx timeout [ 76.284813] Bluetooth: hci3: command tx timeout [ 76.285941] Bluetooth: hci6: command tx timeout [ 76.286344] Bluetooth: hci4: command tx timeout [ 76.348858] Bluetooth: hci7: command tx timeout [ 76.349279] Bluetooth: hci5: command tx timeout [ 110.137953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.138620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.426803] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.427437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.019650] loop6: detected capacity change from 0 to 9 [ 111.100595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.101879] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.106221] FAT-fs (loop6): FAT read failed (blocknr 32) 09:37:15 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 111.229739] loop6: detected capacity change from 0 to 9 [ 111.244595] FAT-fs (loop6): FAT read failed (blocknr 32) 09:37:15 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 111.331015] loop6: detected capacity change from 0 to 9 [ 111.353785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.354419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.376020] FAT-fs (loop6): FAT read failed (blocknr 32) 09:37:15 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 111.548674] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.549451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:37:15 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 111.731332] loop6: detected capacity change from 0 to 9 [ 111.746332] FAT-fs (loop6): FAT read failed (blocknr 32) [ 111.794694] audit: type=1400 audit(1756719435.751:8): avc: denied { open } for pid=3845 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.800904] audit: type=1400 audit(1756719435.751:9): avc: denied { kernel } for pid=3845 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 09:37:15 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) [ 111.863087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.863691] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.871736] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.872801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.880660] loop6: detected capacity change from 0 to 9 [ 111.903424] FAT-fs (loop6): FAT read failed (blocknr 32) 09:37:15 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fgetxattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000100)=""/254, 0xfe) 09:37:15 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}, {&(0x7f0000010200)='\x00\x00\x00\x00rrAa', 0x8, 0x9e0}], 0x0, &(0x7f00000000c0)) mknodat$loop(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1) 09:37:15 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fgetxattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000100)=""/254, 0xfe) [ 112.043634] loop6: detected capacity change from 0 to 9 [ 112.056973] FAT-fs (loop6): FAT read failed (blocknr 32) [ 112.118183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.119781] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.223024] audit: type=1400 audit(1756719436.179:10): avc: denied { watch_reads } for pid=3870 comm="syz-executor.0" path="/syzkaller-testdir580172956/syzkaller.EyP0YK/0/file0" dev="sda" ino=15977 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1 [ 112.271699] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.272340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.324286] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.325438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.447068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.447702] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.475704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.476557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.588875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.589506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.665631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.667174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.994837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.995447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.031529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.032495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 09:37:17 executing program 3: pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) 09:37:17 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind(r0, &(0x7f00000007c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80) 09:37:17 executing program 1: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x19, 0x0, 0x0) 09:37:17 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, 0x1c) 09:37:17 executing program 6: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 09:37:17 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fgetxattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000100)=""/254, 0xfe) 09:37:17 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/kexec_crash_size', 0x0, 0x0) pread64(r0, &(0x7f00000001c0)=""/245, 0xf5, 0x800000000) 09:37:17 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:37:17 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, 0x1c) 09:37:17 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind(r0, &(0x7f00000007c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80) 09:37:17 executing program 1: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x19, 0x0, 0x0) 09:37:17 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:37:17 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:37:17 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/kexec_crash_size', 0x0, 0x0) pread64(r0, &(0x7f00000001c0)=""/245, 0xf5, 0x800000000) 09:37:17 executing program 6: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 09:37:17 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, 0x1c) 09:37:17 executing program 3: pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) 09:37:17 executing program 6: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 09:37:17 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:37:17 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind(r0, &(0x7f00000007c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80) 09:37:17 executing program 1: newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1100) setresuid(0x0, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x19, 0x0, 0x0) 09:37:17 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/kexec_crash_size', 0x0, 0x0) pread64(r0, &(0x7f00000001c0)=""/245, 0xf5, 0x800000000) 09:37:17 executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:37:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) dup2(r0, r1) 09:37:17 executing program 2: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x22, &(0x7f0000001680)=[{&(0x7f0000000580)=""/199, 0xc7}], 0x1) 09:37:17 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/image_size', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/179, 0xb3) 09:37:17 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$tmpfs(0x0, &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xd400080b) inotify_rm_watch(r0, r1) 09:37:17 executing program 3: pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x0, 0x0, 0x0, 0x4) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x15) 09:37:17 executing program 2: r0 = syz_io_uring_setup(0x2260, &(0x7f0000003a00), &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000003a80), &(0x7f0000003ac0)) r1 = dup(r0) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x22, &(0x7f0000001680)=[{&(0x7f0000000580)=""/199, 0xc7}], 0x1) 09:37:17 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000600), 0x1, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x80284504, &(0x7f0000000200)) 09:37:17 executing program 6: unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1400}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 09:37:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) dup2(r0, r1) 09:37:17 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/image_size', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/179, 0xb3) 09:37:17 executing program 0: openat$full(0xffffffffffffff9c, &(0x7f00000032c0), 0x1, 0x0) 09:37:17 executing program 4: r0 = memfd_create(&(0x7f0000000080)=':^/\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40000000) [ 113.639409] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 113.640377] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.641114] CPU: 1 UID: 0 PID: 3974 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.642955] Tainted: [W]=WARN [ 113.643803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.645753] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.647258] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.650548] RSP: 0018:ffff8880422c7780 EFLAGS: 00010012 [ 113.650982] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.651556] RDX: ffff88801e2b0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.652137] RBP: ffff8880422c79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b60 [ 113.652716] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.653295] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.653880] FS: 000055556b4ee400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.654581] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.655071] CR2: 0000001b2d224000 CR3: 000000001f8f3000 CR4: 0000000000350ef0 [ 113.655676] Call Trace: [ 113.655901] [ 113.656097] ? __ext4_journal_stop+0xe2/0x1f0 [ 113.656495] ? ext4_dirty_inode+0xf1/0x130 [ 113.656865] ? __mark_inode_dirty+0x1b7/0xd00 [ 113.657256] ? do_user_addr_fault+0x4fa/0xeb0 [ 113.657652] ? __pfx_perf_tp_event+0x10/0x10 [ 113.658047] ? lock_acquire+0x15e/0x2f0 [ 113.658390] ? __virt_addr_valid+0x1c6/0x5d0 [ 113.658781] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.659277] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.659774] ? __lock_acquire+0x694/0x1b70 [ 113.660134] ? __lock_acquire+0xc65/0x1b70 [ 113.660500] ? page_ref_add_unless.constprop.0+0x25/0x390 [ 113.660973] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.661396] ? __lock_acquire+0xc65/0x1b70 [ 113.661763] perf_trace_run_bpf_submit+0xef/0x180 [ 113.662195] perf_trace_preemptirq_template+0x259/0x430 [ 113.662646] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.663147] ? _raw_spin_lock_irqsave+0x53/0x60 [ 113.663549] trace_irq_disable.constprop.0+0xa6/0x100 [ 113.663996] _raw_spin_lock_irqsave+0x53/0x60 [ 113.664391] try_to_wake_up+0xa0/0x11d0 [ 113.664743] ? __pfx_try_to_wake_up+0x10/0x10 [ 113.665134] ? plist_del+0x122/0x270 [ 113.665456] ? find_held_lock+0x2b/0x80 [ 113.665803] ? futex_wake+0x474/0x540 [ 113.666144] wake_up_q+0xa1/0x130 [ 113.666456] futex_wake+0x47e/0x540 [ 113.666776] ? __pfx_futex_wake+0x10/0x10 [ 113.667133] ? __handle_mm_fault+0x753/0x3260 [ 113.667522] ? __lock_acquire+0x694/0x1b70 [ 113.667887] do_futex+0x26d/0x370 [ 113.668191] ? __pfx_do_futex+0x10/0x10 [ 113.668538] ? find_held_lock+0x2b/0x80 [ 113.668884] __x64_sys_futex+0x1c9/0x4d0 [ 113.669235] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.669733] ? __pfx___x64_sys_futex+0x10/0x10 [ 113.670134] do_syscall_64+0xbf/0x360 [ 113.670465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.670911] RIP: 0033:0x7f831cd2ab19 [ 113.671236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.672754] RSP: 002b:00007fff236997f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.673393] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f831cd2ab19 [ 113.673998] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f831ce3df68 [ 113.674598] RBP: 00007f831ce3df60 R08: 0000001b2d2218cc R09: 0000000000000000 [ 113.675193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f831ce42c60 [ 113.675792] R13: 00007fff23699900 R14: 00007f831ce3df60 R15: 000000000001bb62 [ 113.676391] [ 113.676597] Modules linked in: [ 113.676877] ---[ end trace 0000000000000000 ]--- [ 113.677276] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.677680] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.679221] RSP: 0018:ffff8880422c7780 EFLAGS: 00010012 [ 113.679673] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.680270] RDX: ffff88801e2b0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.680875] RBP: ffff8880422c79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b60 [ 113.681472] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.682075] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.682678] FS: 000055556b4ee400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.683350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.683852] CR2: 0000001b2d224000 CR3: 000000001f8f3000 CR4: 0000000000350ef0 [ 113.684451] note: syz-executor.3[3974] exited with irqs disabled [ 113.685096] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 113.686045] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 113.686747] CPU: 1 UID: 0 PID: 3974 Comm: syz-executor.3 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 113.687705] Tainted: [D]=DIE, [W]=WARN [ 113.688019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 113.688700] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.689092] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.690570] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012 [ 113.691001] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.691582] RDX: ffff88801e2b0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.692159] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd16b60 [ 113.692737] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 113.693312] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 113.693899] FS: 000055556b4ee400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.694561] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.695036] CR2: 0000001b2d224000 CR3: 000000001f8f3000 CR4: 0000000000350ef0 [ 113.695618] Call Trace: [ 113.695844] [ 113.696029] ? enqueue_task_fair+0xded/0x1e00 [ 113.696413] ? __pfx_perf_tp_event+0x10/0x10 [ 113.696781] ? timerqueue_add+0x1c2/0x330 [ 113.697114] ? kvm_sched_clock_read+0x16/0x30 [ 113.697482] ? sched_clock+0x37/0x60 [ 113.697788] ? sched_clock_cpu+0x6c/0x4e0 [ 113.698136] ? trace_pelt_se_tp+0xdf/0x130 [ 113.698473] ? __update_load_avg_se+0x428/0xa40 [ 113.698859] ? do_raw_spin_lock+0x123/0x260 [ 113.699206] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.699584] ? lock_acquire+0x18c/0x2f0 [ 113.699901] ? update_cfs_group+0x11d/0x260 [ 113.700246] ? lock_release+0x1c7/0x290 [ 113.700567] ? perf_trace_run_bpf_submit+0xef/0x180 [ 113.700970] perf_trace_run_bpf_submit+0xef/0x180 [ 113.701359] perf_trace_preemptirq_template+0x259/0x430 [ 113.701784] ? lock_release+0x1c7/0x290 [ 113.702113] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 113.702577] ? lock_acquire+0x18c/0x2f0 [ 113.702897] ? irqentry_enter+0x2a/0x60 [ 113.703216] trace_irq_disable.constprop.0+0xa6/0x100 [ 113.703625] irqentry_enter+0x2a/0x60 [ 113.703936] sysvec_call_function_single+0x18/0xc0 [ 113.704333] asm_sysvec_call_function_single+0x1a/0x20 [ 113.704749] RIP: 0010:handle_softirqs+0x174/0x770 [ 113.705142] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f d4 48 06 00 00 e8 72 8f 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d [ 113.706574] RSP: 0018:ffff88806cf08f78 EFLAGS: 00000246 [ 113.706993] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c3ab6 [ 113.707553] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e [ 113.708112] RBP: ffff8880422c7e78 R08: 0000000000000000 R09: 0000000000000000 [ 113.708672] R10: ffffffff8643b457 R11: ffff88801747f898 R12: 0000000000000000 [ 113.709250] R13: 0000000000000000 R14: 0000000000000382 R15: 0000000000000000 [ 113.709834] ? trace_irq_enable.constprop.0+0x26/0x100 [ 113.710277] ? handle_softirqs+0x16e/0x770 [ 113.710634] ? handle_softirqs+0x16e/0x770 [ 113.711004] __irq_exit_rcu+0xc4/0x100 [ 113.711335] irq_exit_rcu+0x9/0x20 [ 113.711634] sysvec_apic_timer_interrupt+0x70/0x80 [ 113.712046] [ 113.712236] [ 113.712432] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.712863] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 113.713252] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 113.714739] RSP: 0018:ffff8880422c7f28 EFLAGS: 00000246 [ 113.715180] RAX: 0000000000000001 RBX: ffff88801e2b0000 RCX: ffffffff817c3ab6 [ 113.715765] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 113.716343] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 113.716917] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801e2b0000 [ 113.717493] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 113.718091] ? trace_irq_enable.constprop.0+0x26/0x100 [ 113.718525] ? make_task_dead+0x214/0x3b0 [ 113.718872] ? make_task_dead+0x214/0x3b0 [ 113.719217] ? do_syscall_64+0xbf/0x360 [ 113.719549] rewind_stack_and_make_dead+0x16/0x20 [ 113.719951] RIP: 0033:0x7f831cd2ab19 [ 113.720259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 113.721717] RSP: 002b:00007fff236997f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.722337] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f831cd2ab19 [ 113.722915] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f831ce3df68 [ 113.723492] RBP: 00007f831ce3df60 R08: 0000001b2d2218cc R09: 0000000000000000 [ 113.724072] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f831ce42c60 [ 113.724645] R13: 00007fff23699900 R14: 00007f831ce3df60 R15: 000000000001bb62 [ 113.725231] [ 113.725426] Modules linked in: [ 113.725704] ---[ end trace 0000000000000000 ]--- [ 113.726098] RIP: 0010:perf_tp_event+0x175/0xe70 [ 113.726492] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 113.727958] RSP: 0018:ffff8880422c7780 EFLAGS: 00010012 [ 113.728390] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 113.728971] RDX: ffff88801e2b0000 RSI: ffffffff8189a4e7 RDI: 0000000100000190 [ 113.729550] RBP: ffff8880422c79f0 R08: ffff88806cf31340 R09: ffffe8ffffd16b60 [ 113.730149] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 113.730739] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 113.731329] FS: 000055556b4ee400(0000) GS:ffff8880e56d8000(0000) knlGS:0000000000000000 [ 113.731999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.732472] CR2: 0000001b2d224000 CR3: 000000001f8f3000 CR4: 0000000000350ef0 [ 113.733107] Kernel panic - not syncing: Fatal exception in interrupt [ 113.733909] Kernel Offset: disabled [ 113.734288] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 09:37:17 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffffea00004eb800 RCX=ffffffff819d0593 RDX=ffff888042768000 RSI=ffffffff819d12fc RDI=0000000000000001 RBP=0000000000000000 RSP=ffff88804223f878 R8 =0000000000000000 R9 =fffff9400009d700 R10=0000000000000000 R11=1ffff1100d9c6f7b R12=0000000000000000 R13=00007f7cfe0d1000 R14=ffff88804223fce0 R15=8000000013ae0007 RIP=ffffffff8173f6b8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3dea48813c CR3=000000003556c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff8880422c7070 R8 =0000000000000000 R9 =ffffed10017a8046 R10=0000000000000020 R11=0000000065646f43 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556b4ee400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d224000 CR3=000000001f8f3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000ff000000000000ff0000000000 XMM01=00000001000000000000010000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=ffffffff812c82b4ffffffff812c82a8 XMM04=ffffffff81be6be5ffffffff81be6bc8 XMM05=ffffffff81be6a7effffffff81be6a53 XMM06=ffffffff81be6a0dffffffff81b58ded XMM07=ffffffff81b58d49ffffffff812c8387 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000