Warning: Permanently added '[localhost]:36598' (ECDSA) to the list of known hosts. 2025/08/29 08:19:39 fuzzer started 2025/08/29 08:19:39 dialing manager at localhost:43077 syzkaller login: [ 50.568936] cgroup: Unknown subsys name 'net' [ 50.657465] cgroup: Unknown subsys name 'cpuset' [ 50.690850] cgroup: Unknown subsys name 'rlimit' 2025/08/29 08:19:48 syscalls: 2214 2025/08/29 08:19:48 code coverage: enabled 2025/08/29 08:19:48 comparison tracing: enabled 2025/08/29 08:19:48 extra coverage: enabled 2025/08/29 08:19:48 setuid sandbox: enabled 2025/08/29 08:19:48 namespace sandbox: enabled 2025/08/29 08:19:48 Android sandbox: enabled 2025/08/29 08:19:48 fault injection: enabled 2025/08/29 08:19:48 leak checking: enabled 2025/08/29 08:19:48 net packet injection: enabled 2025/08/29 08:19:48 net device setup: enabled 2025/08/29 08:19:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/08/29 08:19:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/08/29 08:19:48 USB emulation: enabled 2025/08/29 08:19:48 hci packet injection: enabled 2025/08/29 08:19:48 wifi device emulation: enabled 2025/08/29 08:19:48 802.15.4 emulation: enabled 2025/08/29 08:19:48 fetching corpus: 0, signal 0/2000 (executing program) 2025/08/29 08:19:49 fetching corpus: 50, signal 26794/29595 (executing program) 2025/08/29 08:19:49 fetching corpus: 100, signal 36533/40077 (executing program) 2025/08/29 08:19:49 fetching corpus: 150, signal 44178/48184 (executing program) 2025/08/29 08:19:49 fetching corpus: 200, signal 49358/53815 (executing program) 2025/08/29 08:19:49 fetching corpus: 250, signal 54664/59321 (executing program) 2025/08/29 08:19:49 fetching corpus: 300, signal 59166/63831 (executing program) 2025/08/29 08:19:49 fetching corpus: 350, signal 62793/67466 (executing program) 2025/08/29 08:19:50 fetching corpus: 400, signal 67476/71799 (executing program) 2025/08/29 08:19:50 fetching corpus: 450, signal 71785/75544 (executing program) 2025/08/29 08:19:50 fetching corpus: 500, signal 74011/77677 (executing program) 2025/08/29 08:19:50 fetching corpus: 550, signal 77340/80336 (executing program) 2025/08/29 08:19:50 fetching corpus: 600, signal 79317/81963 (executing program) 2025/08/29 08:19:50 fetching corpus: 650, signal 81132/83410 (executing program) 2025/08/29 08:19:51 fetching corpus: 700, signal 82983/84820 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/85973 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86071 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86144 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86234 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86339 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86450 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86540 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86617 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86694 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86777 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86870 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/86987 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87083 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87163 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87249 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87339 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87437 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87523 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87598 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87678 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87783 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87892 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/87973 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/88065 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/88160 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/88259 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/88340 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/88423 (executing program) 2025/08/29 08:19:51 fetching corpus: 732, signal 84598/88423 (executing program) 2025/08/29 08:19:53 starting 8 fuzzer processes 08:19:53 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f0000019480)=""/4096, &(0x7f0000000000)=0x1000) 08:19:53 executing program 4: remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff, 0x0) 08:19:53 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x4ad}) 08:19:53 executing program 2: r0 = io_uring_setup(0x4760, &(0x7f0000000240)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000c80), 0x80000, 0x0) inotify_init1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:19:53 executing program 3: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 08:19:53 executing program 5: kexec_load(0x8, 0x1, &(0x7f0000001480)=[{0x0}], 0x1) 08:19:53 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) [ 65.015557] audit: type=1400 audit(1756455593.905:7): avc: denied { execmem } for pid=272 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:19:53 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x401}) [ 66.237504] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.240175] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.245414] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.246501] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.247345] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.251431] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.255605] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.257698] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.259795] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.267313] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.306414] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 66.308204] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.312808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.316395] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 66.318446] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.322569] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.323610] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 66.325911] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 66.326222] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 66.327533] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.329951] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 66.331325] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.336268] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.339377] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 66.340966] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 66.343658] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.346389] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.347545] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 66.348462] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 66.349137] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.353834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.358848] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 66.360865] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 66.362857] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 66.365146] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 66.369503] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 66.371680] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 66.382880] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 66.406502] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 66.413387] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.322355] Bluetooth: hci1: command tx timeout [ 68.323040] Bluetooth: hci0: command tx timeout [ 68.387093] Bluetooth: hci6: command tx timeout [ 68.387256] Bluetooth: hci5: command tx timeout [ 68.387893] Bluetooth: hci2: command tx timeout [ 68.451158] Bluetooth: hci4: command tx timeout [ 68.451791] Bluetooth: hci3: command tx timeout [ 68.516080] Bluetooth: hci7: command tx timeout [ 70.370059] Bluetooth: hci1: command tx timeout [ 70.371187] Bluetooth: hci0: command tx timeout [ 70.435058] Bluetooth: hci5: command tx timeout [ 70.435434] Bluetooth: hci6: command tx timeout [ 70.435795] Bluetooth: hci2: command tx timeout [ 70.498143] Bluetooth: hci4: command tx timeout [ 70.499222] Bluetooth: hci3: command tx timeout [ 70.563472] Bluetooth: hci7: command tx timeout [ 72.419052] Bluetooth: hci0: command tx timeout [ 72.419076] Bluetooth: hci1: command tx timeout [ 72.483271] Bluetooth: hci2: command tx timeout [ 72.483311] Bluetooth: hci6: command tx timeout [ 72.483708] Bluetooth: hci5: command tx timeout [ 72.547117] Bluetooth: hci4: command tx timeout [ 72.547531] Bluetooth: hci3: command tx timeout [ 72.610101] Bluetooth: hci7: command tx timeout [ 74.466219] Bluetooth: hci0: command tx timeout [ 74.467111] Bluetooth: hci1: command tx timeout [ 74.530229] Bluetooth: hci6: command tx timeout [ 74.531952] Bluetooth: hci2: command tx timeout [ 74.532704] Bluetooth: hci5: command tx timeout [ 74.594065] Bluetooth: hci3: command tx timeout [ 74.594762] Bluetooth: hci4: command tx timeout [ 74.658076] Bluetooth: hci7: command tx timeout [ 103.077489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.078200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.145884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.147142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.329400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.330138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.474178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.474795] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.532542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.533165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.660697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.661924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.791309] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.791925] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.857789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.858597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.933794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.934653] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.986548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.987214] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.030739] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 1197 (only 16 groups) [ 104.144533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.146022] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.233175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.233804] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.253052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.253659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.319440] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.320502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.360964] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.361606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.378308] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 1025 (only 16 groups) [ 104.418588] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 1025 (only 16 groups) [ 104.463540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.464245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.523607] audit: type=1400 audit(1756455633.412:8): avc: denied { open } for pid=3888 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.527148] audit: type=1400 audit(1756455633.412:9): avc: denied { kernel } for pid=3888 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 104.588750] mmap: syz-executor.4 (3894) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. 08:20:33 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f0000019480)=""/4096, &(0x7f0000000000)=0x1000) 08:20:33 executing program 5: kexec_load(0x8, 0x1, &(0x7f0000001480)=[{0x0}], 0x1) 08:20:33 executing program 3: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 08:20:33 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x4ad}) 08:20:33 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x401}) 08:20:33 executing program 2: r0 = io_uring_setup(0x4760, &(0x7f0000000240)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000c80), 0x80000, 0x0) inotify_init1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 08:20:33 executing program 4: remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff, 0x0) 08:20:33 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) [ 104.647510] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 1197 (only 16 groups) 08:20:33 executing program 5: kexec_load(0x8, 0x1, &(0x7f0000001480)=[{0x0}], 0x1) 08:20:33 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x401}) 08:20:33 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f0000019480)=""/4096, &(0x7f0000000000)=0x1000) 08:20:33 executing program 3: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {r1, r2+10000000}}, 0x0) read(r0, &(0x7f00000012c0)=""/210, 0xd2) 08:20:33 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x4ad}) 08:20:33 executing program 6: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 08:20:33 executing program 4: remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff, 0x0) [ 104.766023] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 1025 (only 16 groups) [ 104.886659] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 1197 (only 16 groups) [ 104.889486] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI [ 104.890410] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 104.891093] CPU: 1 UID: 0 PID: 3924 Comm: syz-executor.6 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 104.893451] Tainted: [W]=WARN [ 104.894208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.896742] RIP: 0010:perf_tp_event+0x175/0xe70 [ 104.898603] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 104.901967] RSP: 0018:ffff888013797780 EFLAGS: 00010012 [ 104.902495] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000c2eb000 [ 104.903181] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 104.903928] RBP: ffff8880137979f0 R08: ffff88806cf31340 R09: ffffe8ffffd164b0 [ 104.904646] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 104.905323] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 104.906027] FS: 00007f1d40969700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 104.906786] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.907369] CR2: 00007f1d43507018 CR3: 00000000442bb000 CR4: 0000000000350ef0 [ 104.908059] Call Trace: [ 104.908311] [ 104.908563] ? __pfx_perf_tp_event+0x10/0x10 [ 104.908981] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150 [ 104.909601] ? lock_acquire+0x15e/0x2f0 [ 104.909997] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 104.910627] ? lock_is_held_type+0x9e/0x120 [ 104.911045] ? lock_is_held_type+0x9e/0x120 [ 104.911504] ? ctx_sched_in+0x134/0x9b0 [ 104.911850] ? __pfx_ctx_sched_in+0x10/0x10 [ 104.912296] ? arch_stack_walk+0x9c/0xf0 [ 104.912681] ? find_held_lock+0x2b/0x80 [ 104.913086] ? perf_trace_run_bpf_submit+0xef/0x180 [ 104.913632] ? lock_release+0xc8/0x290 [ 104.913987] perf_trace_run_bpf_submit+0xef/0x180 [ 104.914498] perf_trace_preemptirq_template+0x259/0x430 [ 104.914907] ? mark_held_locks+0x49/0x80 [ 104.915221] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.915665] ? _raw_spin_lock_irqsave+0x53/0x60 [ 104.916148] trace_irq_disable.constprop.0+0xa6/0x100 [ 104.916653] _raw_spin_lock_irqsave+0x53/0x60 [ 104.917122] try_to_wake_up+0xa0/0x11d0 [ 104.917547] ? __pfx_try_to_wake_up+0x10/0x10 [ 104.918010] ? plist_del+0x122/0x270 [ 104.918365] ? find_held_lock+0x2b/0x80 [ 104.918709] ? futex_wake+0x474/0x540 [ 104.919005] wake_up_q+0xa1/0x130 [ 104.919302] futex_wake+0x47e/0x540 [ 104.919584] ? __pfx_futex_wake+0x10/0x10 [ 104.919898] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 104.920281] ? lock_release+0xc8/0x290 [ 104.920577] do_futex+0x26d/0x370 [ 104.920841] ? __pfx_do_futex+0x10/0x10 [ 104.921142] ? __pfx___do_sys_perf_event_open+0x10/0x10 [ 104.921540] ? find_held_lock+0x2b/0x80 [ 104.921845] __x64_sys_futex+0x1c9/0x4d0 [ 104.922152] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.922593] ? __pfx___x64_sys_futex+0x10/0x10 [ 104.922942] do_syscall_64+0xbf/0x360 [ 104.923238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.923626] RIP: 0033:0x7f1d433f3b19 [ 104.923908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 104.925232] RSP: 002b:00007f1d40969218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.925793] RAX: ffffffffffffffda RBX: 00007f1d43506f68 RCX: 00007f1d433f3b19 [ 104.926317] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1d43506f6c [ 104.926842] RBP: 00007f1d43506f60 R08: 000000000000000e R09: 0000000000000000 [ 104.927375] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1d43506f6c [ 104.927897] R13: 00007ffd2745241f R14: 00007f1d40969300 R15: 0000000000022000 [ 104.928425] [ 104.928602] Modules linked in: [ 104.928848] ---[ end trace 0000000000000000 ]--- [ 104.929195] RIP: 0010:perf_tp_event+0x175/0xe70 [ 104.929547] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 104.930867] RSP: 0018:ffff888013797780 EFLAGS: 00010012 [ 104.931264] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000c2eb000 [ 104.931786] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 104.932309] RBP: ffff8880137979f0 R08: ffff88806cf31340 R09: ffffe8ffffd164b0 [ 104.932832] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 104.933355] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 104.933879] FS: 00007f1d40969700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 104.934471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.934905] CR2: 00007f1d43507018 CR3: 00000000442bb000 CR4: 0000000000350ef0 [ 104.935439] note: syz-executor.6[3924] exited with irqs disabled [ 104.936039] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI [ 104.936852] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197] [ 104.937490] CPU: 1 UID: 0 PID: 3924 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) [ 104.938361] Tainted: [D]=DIE, [W]=WARN [ 104.938645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 104.939251] RIP: 0010:perf_tp_event+0x175/0xe70 [ 104.939604] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 104.940922] RSP: 0018:ffff88806cf08ac0 EFLAGS: 00010012 [ 104.941313] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002 [ 104.941831] RDX: ffff88800ebe0000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 104.942351] RBP: ffff88806cf08d30 R08: ffff88806cf313e8 R09: ffffe8ffffd164b0 [ 104.942871] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 104.943400] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000 [ 104.943925] FS: 00007f1d40969700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 104.944510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.944936] CR2: 00007f1d43507018 CR3: 00000000442bb000 CR4: 0000000000350ef0 [ 104.945457] Call Trace: [ 104.945652] [ 104.945819] ? __smp_call_single_queue+0x15b/0x2f0 [ 104.946194] ? __pfx_perf_tp_event+0x10/0x10 [ 104.946527] ? timerqueue_add+0x1c2/0x330 [ 104.946847] ? trace_rcu_utilization+0x26/0x190 [ 104.947213] ? rcu_sched_clock_irq+0x7a0/0x2b40 [ 104.947565] ? css_rstat_updated+0x1b8/0x4d0 [ 104.947902] ? __pfx_css_rstat_updated+0x10/0x10 [ 104.948261] ? kvm_sched_clock_read+0x16/0x30 [ 104.948602] ? sched_clock+0x37/0x60 [ 104.948895] ? __cgroup_account_cputime+0x88/0xc0 [ 104.949261] ? lock_acquire+0x18c/0x2f0 [ 104.949561] ? update_cfs_group+0x11d/0x260 [ 104.949891] ? lock_release+0x1c7/0x290 [ 104.950191] ? perf_trace_run_bpf_submit+0xef/0x180 [ 104.950565] ? sched_balance_trigger+0x1ac/0xcb0 [ 104.950923] perf_trace_run_bpf_submit+0xef/0x180 [ 104.951292] perf_trace_preemptirq_template+0x259/0x430 [ 104.951695] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 104.952135] ? lock_acquire+0x18c/0x2f0 [ 104.952434] ? irqentry_enter+0x2a/0x60 [ 104.952736] trace_irq_disable.constprop.0+0xa6/0x100 [ 104.953117] irqentry_enter+0x2a/0x60 [ 104.953408] sysvec_call_function_single+0x18/0xc0 [ 104.953777] asm_sysvec_call_function_single+0x1a/0x20 [ 104.954167] RIP: 0010:handle_softirqs+0x174/0x770 [ 104.954538] Code: c8 83 83 3c 0a 00 00 01 c7 44 24 20 0a 00 00 00 48 89 44 24 18 65 66 c7 05 0f 84 48 06 00 00 e8 42 80 40 00 fb bb ff ff ff ff <48> c7 c5 c0 c0 a0 85 41 0f bc de 83 c3 01 0f 85 9b 00 00 00 e9 8d [ 104.955860] RSP: 0018:ffff88806cf08f78 EFLAGS: 00000246 [ 104.956253] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff817c2b86 [ 104.956772] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813bac2e [ 104.957290] RBP: ffff888013797e78 R08: 0000000000000000 R09: 0000000000000000 [ 104.957810] R10: ffffffff8643ac57 R11: 000000000001d949 R12: 0000000000000000 [ 104.958328] R13: 0000000000000000 R14: 0000000000000100 R15: 0000000000000000 [ 104.958849] ? trace_irq_enable.constprop.0+0x26/0x100 [ 104.959242] ? handle_softirqs+0x16e/0x770 [ 104.959565] ? handle_softirqs+0x16e/0x770 [ 104.959892] __irq_exit_rcu+0xc4/0x100 [ 104.960191] irq_exit_rcu+0x9/0x20 [ 104.960457] sysvec_apic_timer_interrupt+0x70/0x80 [ 104.960825] [ 104.960996] [ 104.961168] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 104.961555] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 104.961930] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de [ 104.963361] RSP: 0018:ffff888013797f28 EFLAGS: 00000246 [ 104.963776] RAX: 0000000000000001 RBX: ffff88800ebe0000 RCX: ffffffff817c2b86 [ 104.964330] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 104.964883] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 104.965440] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff88800ebe0000 [ 104.966003] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000 [ 104.966560] ? trace_irq_enable.constprop.0+0x26/0x100 [ 104.966977] ? make_task_dead+0x214/0x3b0 [ 104.967325] ? make_task_dead+0x214/0x3b0 [ 104.967664] ? do_syscall_64+0xbf/0x360 [ 104.967988] rewind_stack_and_make_dead+0x16/0x20 [ 104.968384] RIP: 0033:0x7f1d433f3b19 [ 104.968688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 104.970111] RSP: 002b:00007f1d40969218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 104.970712] RAX: ffffffffffffffda RBX: 00007f1d43506f68 RCX: 00007f1d433f3b19 [ 104.971283] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1d43506f6c [ 104.971846] RBP: 00007f1d43506f60 R08: 000000000000000e R09: 0000000000000000 [ 104.972411] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f1d43506f6c [ 104.972978] R13: 00007ffd2745241f R14: 00007f1d40969300 R15: 0000000000022000 [ 104.973545] [ 104.973737] Modules linked in: [ 104.974003] ---[ end trace 0000000000000000 ]--- [ 104.974380] RIP: 0010:perf_tp_event+0x175/0xe70 [ 104.974760] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 104.976187] RSP: 0018:ffff888013797780 EFLAGS: 00010012 [ 104.976610] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000c2eb000 [ 104.977174] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190 [ 104.977738] RBP: ffff8880137979f0 R08: ffff88806cf31340 R09: ffffe8ffffd164b0 [ 104.978303] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 104.978869] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000 [ 104.979441] FS: 00007f1d40969700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000 [ 104.980076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.980536] CR2: 00007f1d43507018 CR3: 00000000442bb000 CR4: 0000000000350ef0 [ 104.981100] Kernel panic - not syncing: Fatal exception in interrupt [ 104.981695] Kernel Offset: disabled [ 104.981994] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 08:20:33 Registers: info registers vcpu 0 RAX=0000000000000070 RBX=0000000000000070 RCX=ffffffff825494fa RDX=00000000000101f3 RSI=ffffffff82549508 RDI=0000000000000007 RBP=ffff88800a3c81a0 RSP=ffff88800a82f5c0 R8 =0000000000000000 R9 =fffffbfff0c8758a R10=00000000000101f3 R11=ffff88800e875738 R12=00000000000101f3 R13=ffff88800a3c8050 R14=ffff88800a3c8048 R15=ffff88800a3c8060 RIP=ffffffff8254950e RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55dd000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d225000 CR3=000000003ac90000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888013797070 R8 =0000000000000000 R9 =ffffed10016e6046 R10=0000000000000065 R11=0000000065646f43 R12=0000000000000065 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0 RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1d40969700 00000000 00000000 GS =0000 ffff8880e56dd000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1d43507018 CR3=00000000442bb000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f1d434da7c000007f1d434da7c8 XMM02=00007f1d434da7e000007f1d434da7c0 XMM03=00007f1d434da7c800007f1d434da7c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000