Warning: Permanently added '[localhost]:32485' (ECDSA) to the list of known hosts.
2025/08/29 08:09:46 fuzzer started
2025/08/29 08:09:46 dialing manager at localhost:43077
syzkaller login: [ 51.793756] cgroup: Unknown subsys name 'net'
[ 51.847033] cgroup: Unknown subsys name 'cpuset'
[ 51.859681] cgroup: Unknown subsys name 'rlimit'
2025/08/29 08:09:56 syscalls: 2214
2025/08/29 08:09:56 code coverage: enabled
2025/08/29 08:09:56 comparison tracing: enabled
2025/08/29 08:09:56 extra coverage: enabled
2025/08/29 08:09:56 setuid sandbox: enabled
2025/08/29 08:09:56 namespace sandbox: enabled
2025/08/29 08:09:56 Android sandbox: enabled
2025/08/29 08:09:56 fault injection: enabled
2025/08/29 08:09:56 leak checking: enabled
2025/08/29 08:09:56 net packet injection: enabled
2025/08/29 08:09:56 net device setup: enabled
2025/08/29 08:09:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/08/29 08:09:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/08/29 08:09:56 USB emulation: enabled
2025/08/29 08:09:56 hci packet injection: enabled
2025/08/29 08:09:56 wifi device emulation: enabled
2025/08/29 08:09:56 802.15.4 emulation: enabled
2025/08/29 08:09:56 fetching corpus: 0, signal 0/2000 (executing program)
2025/08/29 08:09:56 fetching corpus: 50, signal 25741/28477 (executing program)
2025/08/29 08:09:56 fetching corpus: 100, signal 38688/41841 (executing program)
2025/08/29 08:09:56 fetching corpus: 150, signal 48257/51498 (executing program)
2025/08/29 08:09:57 fetching corpus: 200, signal 53473/56882 (executing program)
2025/08/29 08:09:57 fetching corpus: 250, signal 59182/62451 (executing program)
2025/08/29 08:09:57 fetching corpus: 300, signal 62570/65797 (executing program)
2025/08/29 08:09:57 fetching corpus: 350, signal 66348/69380 (executing program)
2025/08/29 08:09:57 fetching corpus: 400, signal 69680/72284 (executing program)
2025/08/29 08:09:57 fetching corpus: 450, signal 72289/74551 (executing program)
2025/08/29 08:09:57 fetching corpus: 500, signal 74805/76658 (executing program)
2025/08/29 08:09:58 fetching corpus: 550, signal 76855/78288 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/79812 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/79877 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/79945 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80025 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80094 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80175 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80245 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80312 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80384 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80445 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80511 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80581 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80652 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80725 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80800 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80878 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/80967 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81047 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81115 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81195 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81259 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81320 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81384 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81460 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81543 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81607 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81684 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81749 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81753 (executing program)
2025/08/29 08:09:58 fetching corpus: 597, signal 78876/81753 (executing program)
2025/08/29 08:10:00 starting 8 fuzzer processes
08:10:00 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
08:10:00 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
fcntl$setstatus(r0, 0x4, 0x2400)
fcntl$setstatus(r0, 0x4, 0x0)
08:10:00 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000200)={@private1, @private2, @mcast1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1040000})
08:10:00 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
08:10:00 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$CDROMREADRAW(r0, 0x5314, &(0x7f0000000480)={0x0, 0x6})
08:10:00 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
symlink(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00')
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=@random={'security.', 'dont_appraise'}, 0x0, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
08:10:00 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
[ 66.308803] audit: type=1400 audit(1756455001.004:7): avc: denied { execmem } for pid=275 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
08:10:01 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000004c0)={0x0, 0x0, 0xffffff95})
[ 67.497471] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.500773] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.502556] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.506760] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.511477] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.557549] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 67.562038] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 67.565663] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 67.574992] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 67.579261] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 67.620426] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 67.624184] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 67.625933] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 67.632194] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 67.634408] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 67.701220] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 67.703492] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 67.709318] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 67.710441] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 67.712328] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 67.714317] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 67.725489] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 67.727348] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 67.729545] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 67.731970] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 67.733414] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 67.737768] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 67.741317] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 67.743553] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 67.745545] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 67.749384] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 67.775991] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 67.777371] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 67.783163] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 67.787370] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 67.789364] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 67.798084] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 67.804668] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 67.838420] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 67.857204] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 69.589531] Bluetooth: hci0: command tx timeout
[ 69.652984] Bluetooth: hci1: command tx timeout
[ 69.653606] Bluetooth: hci2: command tx timeout
[ 69.781911] Bluetooth: hci6: command tx timeout
[ 69.782425] Bluetooth: hci5: command tx timeout
[ 69.846351] Bluetooth: hci3: command tx timeout
[ 69.909060] Bluetooth: hci7: command tx timeout
[ 69.909828] Bluetooth: hci4: command tx timeout
[ 71.638902] Bluetooth: hci0: command tx timeout
[ 71.701955] Bluetooth: hci1: command tx timeout
[ 71.702378] Bluetooth: hci2: command tx timeout
[ 71.829957] Bluetooth: hci5: command tx timeout
[ 71.830406] Bluetooth: hci6: command tx timeout
[ 71.894299] Bluetooth: hci3: command tx timeout
[ 71.958043] Bluetooth: hci7: command tx timeout
[ 71.958480] Bluetooth: hci4: command tx timeout
[ 73.686203] Bluetooth: hci0: command tx timeout
[ 73.749955] Bluetooth: hci2: command tx timeout
[ 73.750393] Bluetooth: hci1: command tx timeout
[ 73.877932] Bluetooth: hci6: command tx timeout
[ 73.878381] Bluetooth: hci5: command tx timeout
[ 73.941925] Bluetooth: hci3: command tx timeout
[ 74.005981] Bluetooth: hci7: command tx timeout
[ 74.006408] Bluetooth: hci4: command tx timeout
[ 75.734092] Bluetooth: hci0: command tx timeout
[ 75.797995] Bluetooth: hci1: command tx timeout
[ 75.798770] Bluetooth: hci2: command tx timeout
[ 75.927922] Bluetooth: hci5: command tx timeout
[ 75.928707] Bluetooth: hci6: command tx timeout
[ 75.989933] Bluetooth: hci3: command tx timeout
[ 76.053974] Bluetooth: hci4: command tx timeout
[ 76.054738] Bluetooth: hci7: command tx timeout
[ 106.216313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.217029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.331267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.331911] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.519675] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.520977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.727975] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.728615] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.845507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.846645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.964898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.965497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.111624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.112977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.154043] program syz-executor.5 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 107.154821] ata1.00: invalid service action 31
[ 107.185247] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.185840] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.247747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.249899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.297694] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.298635] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.363137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.363780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.447594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.448350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.703151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.703778] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.731768] audit: type=1400 audit(1756455042.421:8): avc: denied { open } for pid=3868 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.738654] audit: type=1400 audit(1756455042.421:9): avc: denied { kernel } for pid=3868 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 107.750405] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
[ 107.796293] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
[ 107.797666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.798482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.302042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.302661] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.322813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.323408] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
08:10:43 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
08:10:43 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000004c0)={0x0, 0x0, 0xffffff95})
08:10:43 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
08:10:43 executing program 2:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
ioctl$CDROMREADRAW(r0, 0x5314, &(0x7f0000000480)={0x0, 0x6})
08:10:43 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000200)={@private1, @private2, @mcast1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1040000})
08:10:43 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
08:10:43 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
fcntl$setstatus(r0, 0x4, 0x2400)
fcntl$setstatus(r0, 0x4, 0x0)
08:10:43 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
symlink(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00')
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=@random={'security.', 'dont_appraise'}, 0x0, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
[ 108.468819] sr 1:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
[ 108.469749] program syz-executor.5 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 108.470591] ata1.00: invalid service action 31
08:10:43 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000200)={@private1, @private2, @mcast1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1040000})
08:10:43 executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
08:10:43 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
[ 108.531766] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
[ 108.532716] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 108.533409] CPU: 1 UID: 0 PID: 3918 Comm: syz-executor.4 Tainted: G W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.535743] Tainted: [W]=WARN
[ 108.536447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.538193] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.539594] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.543502] RSP: 0018:ffff888045847780 EFLAGS: 00010012
[ 108.543941] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a02d000
[ 108.544492] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 108.545049] RBP: ffff8880458479f0 R08: ffff88806cf31340 R09: ffffe8ffffd16a50
[ 108.545598] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.546153] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.546702] FS: 00007fbc4d4fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.547322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.547773] CR2: 00007fbc50099018 CR3: 00000000439fe000 CR4: 0000000000350ef0
[ 108.548322] Call Trace:
[ 108.548528]
[ 108.548710] ? __pfx_perf_tp_event+0x10/0x10
[ 108.549070] ? visit_groups_merge.constprop.0.isra.0+0x6e7/0x1150
[ 108.549550] ? lock_acquire+0x15e/0x2f0
[ 108.549867] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10
[ 108.550368] ? lock_is_held_type+0x9e/0x120
[ 108.550714] ? lock_is_held_type+0x9e/0x120
[ 108.551058] ? ctx_sched_in+0x134/0x9b0
[ 108.551371] ? __pfx_ctx_sched_in+0x10/0x10
[ 108.551705] ? arch_stack_walk+0x9c/0xf0
[ 108.552035] ? find_held_lock+0x2b/0x80
[ 108.552355] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.552749] ? lock_release+0xc8/0x290
[ 108.553065] perf_trace_run_bpf_submit+0xef/0x180
[ 108.553450] perf_trace_preemptirq_template+0x259/0x430
[ 108.553872] ? mark_held_locks+0x49/0x80
[ 108.554194] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.554657] ? _raw_spin_lock_irqsave+0x53/0x60
[ 108.555032] trace_irq_disable.constprop.0+0xa6/0x100
[ 108.555438] _raw_spin_lock_irqsave+0x53/0x60
[ 108.555798] try_to_wake_up+0xa0/0x11d0
[ 108.556119] ? __pfx_try_to_wake_up+0x10/0x10
[ 108.556478] ? plist_del+0x122/0x270
[ 108.556775] ? find_held_lock+0x2b/0x80
[ 108.557099] ? futex_wake+0x474/0x540
[ 108.557407] wake_up_q+0xa1/0x130
[ 108.557687] futex_wake+0x47e/0x540
[ 108.557981] ? __pfx_futex_wake+0x10/0x10
[ 108.558309] ? __do_sys_perf_event_open+0x44d/0x2c20
[ 108.558708] ? lock_release+0xc8/0x290
[ 108.559017] do_futex+0x26d/0x370
[ 108.559296] ? __pfx_do_futex+0x10/0x10
[ 108.559611] ? __pfx___do_sys_perf_event_open+0x10/0x10
[ 108.560027] ? find_held_lock+0x2b/0x80
[ 108.560345] __x64_sys_futex+0x1c9/0x4d0
[ 108.560665] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.561136] ? __pfx___x64_sys_futex+0x10/0x10
[ 108.561499] do_syscall_64+0xbf/0x360
[ 108.561800] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.562202] RIP: 0033:0x7fbc4ff85b19
[ 108.562494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 108.563889] RSP: 002b:00007fbc4d4fb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 108.564472] RAX: ffffffffffffffda RBX: 00007fbc50098f68 RCX: 00007fbc4ff85b19
[ 108.565038] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbc50098f6c
[ 108.565587] RBP: 00007fbc50098f60 R08: 000000000000000e R09: 0000000000000000
[ 108.566143] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbc50098f6c
[ 108.566695] R13: 00007ffe0a0704af R14: 00007fbc4d4fb300 R15: 0000000000022000
[ 108.567251]
[ 108.567436] Modules linked in:
[ 108.567691] ---[ end trace 0000000000000000 ]---
[ 108.568056] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.568424] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.569829] RSP: 0018:ffff888045847780 EFLAGS: 00010012
[ 108.570243] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a02d000
[ 108.570796] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 108.571349] RBP: ffff8880458479f0 R08: ffff88806cf31340 R09: ffffe8ffffd16a50
[ 108.571900] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.572453] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.573014] FS: 00007fbc4d4fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.573636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.574087] CR2: 00007fbc50099018 CR3: 00000000439fe000 CR4: 0000000000350ef0
[ 108.574640] note: syz-executor.4[3918] exited with irqs disabled
[ 108.575163] Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
[ 108.576022] KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
[ 108.576690] CPU: 1 UID: 0 PID: 3918 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 108.577611] Tainted: [D]=DIE, [W]=WARN
[ 108.577909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 108.578542] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.578912] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.580301] RSP: 0018:ffff88806cf08b40 EFLAGS: 00010012
[ 108.580711] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
[ 108.581268] RDX: ffff888016885280 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 108.581817] RBP: ffff88806cf08db0 R08: ffff88806cf313e8 R09: ffffe8ffffd16a50
[ 108.582368] R10: 0000000000000000 R11: ffff88801e945498 R12: dffffc0000000000
[ 108.582916] R13: 0000000000000014 R14: ffff88806cf313e8 R15: dffffc0000000000
[ 108.583466] FS: 00007fbc4d4fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.584086] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.584559] CR2: 00007fbc50099018 CR3: 00000000439fe000 CR4: 0000000000350ef0
[ 108.585144] Call Trace:
[ 108.585354]
[ 108.585536] ? __pfx_perf_tp_event+0x10/0x10
[ 108.585908] ? update_load_avg+0x17d/0x1ef0
[ 108.586260] ? update_cfs_group+0x11d/0x260
[ 108.586612] ? kvm_sched_clock_read+0x16/0x30
[ 108.586988] ? enqueue_task_fair+0xded/0x1e00
[ 108.587356] ? check_preempt_wakeup_fair+0x6e/0x950
[ 108.587763] ? wakeup_preempt+0x140/0x2a0
[ 108.588110] ? lock_release+0x1c7/0x290
[ 108.588443] ? lock_release+0x1c7/0x290
[ 108.588774] ? do_raw_spin_unlock+0x53/0x220
[ 108.589147] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 108.589560] ? try_to_wake_up+0x8ae/0x11d0
[ 108.589912] ? perf_trace_run_bpf_submit+0xef/0x180
[ 108.590323] ? lock_release+0x1c7/0x290
[ 108.590654] perf_trace_run_bpf_submit+0xef/0x180
[ 108.591055] perf_trace_preemptirq_template+0x259/0x430
[ 108.591494] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 108.591975] ? read_tsc+0x9/0x20
[ 108.592262] ? ktime_get+0x16d/0x270
[ 108.592571] ? __pfx_lapic_next_deadline+0x10/0x10
[ 108.592980] ? clockevents_program_event+0x135/0x360
[ 108.593400] ? _raw_spin_lock_irq+0x42/0x50
[ 108.593754] trace_irq_disable.constprop.0+0xa6/0x100
[ 108.594174] _raw_spin_lock_irq+0x42/0x50
[ 108.594517] run_timer_softirq+0x10f/0x210
[ 108.594869] handle_softirqs+0x1b1/0x770
[ 108.595213] __irq_exit_rcu+0xc4/0x100
[ 108.595542] irq_exit_rcu+0x9/0x20
[ 108.595835] sysvec_apic_timer_interrupt+0x70/0x80
[ 108.596238]
[ 108.596425]
[ 108.596610] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 108.597046] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 108.597431] Code: 38 00 85 db 0f 84 21 01 00 00 e8 d9 96 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 27 92 38 00 48 85 db 0f 84 17 01 00 00 b9 96 38 00 31 ff 65 8b 1d 60 df 48 06 81 e3 ff ff ff 7f 89 de
[ 108.598912] RSP: 0018:ffff888045847f28 EFLAGS: 00000246
[ 108.599347] RAX: 0000000000000001 RBX: ffff888016885280 RCX: ffffffff817c2b86
[ 108.599921] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 108.600493] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 108.601073] R10: ffffffff8643ac57 R11: 0000000000000001 R12: ffff888016885280
[ 108.601649] R13: 0000000000000000 R14: dffffc0020000032 R15: 0000000000000000
[ 108.602228] ? trace_irq_enable.constprop.0+0x26/0x100
[ 108.602658] ? make_task_dead+0x214/0x3b0
[ 108.603002] ? make_task_dead+0x214/0x3b0
[ 108.603345] ? do_syscall_64+0xbf/0x360
[ 108.603672] rewind_stack_and_make_dead+0x16/0x20
[ 108.604071] RIP: 0033:0x7fbc4ff85b19
[ 108.604373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 108.605841] RSP: 002b:00007fbc4d4fb218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 108.606453] RAX: ffffffffffffffda RBX: 00007fbc50098f68 RCX: 00007fbc4ff85b19
[ 108.607031] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbc50098f6c
[ 108.607607] RBP: 00007fbc50098f60 R08: 000000000000000e R09: 0000000000000000
[ 108.608180] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fbc50098f6c
[ 108.608750] R13: 00007ffe0a0704af R14: 00007fbc4d4fb300 R15: 0000000000022000
[ 108.609332]
[ 108.609526] Modules linked in:
[ 108.609793] ---[ end trace 0000000000000000 ]---
[ 108.610174] RIP: 0010:perf_tp_event+0x175/0xe70
[ 108.610558] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 108.612018] RSP: 0018:ffff888045847780 EFLAGS: 00010012
[ 108.612451] RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000a02d000
[ 108.613034] RDX: 0000000000040000 RSI: ffffffff818995b7 RDI: 0000000100000190
[ 108.613626] RBP: ffff8880458479f0 R08: ffff88806cf31340 R09: ffffe8ffffd16a50
[ 108.614221] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 108.614798] R13: 0000000000000014 R14: ffff88806cf31340 R15: dffffc0000000000
[ 108.615383] FS: 00007fbc4d4fb700(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
[ 108.616049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.616532] CR2: 00007fbc50099018 CR3: 00000000439fe000 CR4: 0000000000350ef0
[ 108.617129] Kernel panic - not syncing: Fatal exception in interrupt
[ 108.617749] Kernel Offset: disabled
[ 108.618054] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
08:10:43 Registers:
info registers vcpu 0
RAX=dffffc0000000000 RBX=ffff8880e55dd000 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff81358702 RDI=ffff88806ce31850 RBP=ffffffff85c1c760 RSP=ffff8880188278a8
R8 =0000000000000001 R9 =ffff8880188279b0 R10=000000000003be53 R11=000000000002746e
R12=ffffffff81358702 R13=ffff8880188279b8 R14=ffff888018827d90 R15=ffff888018827970
RIP=ffffffff815af2b0 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f34c58528c0 00000000 00000000
GS =0000 ffff8880e55dd000 00000000 00000000
LDT=0000 fffffe1600000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdc043c13a4 CR3=000000000c469000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f
XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000561020ea3ca00000561020ea3c80
XMM06=000000000000000000000000ffffffff XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e32c5 RDI=ffffffff88724180 RBP=ffffffff88724140 RSP=ffff888045847070
R8 =0000000000000000 R9 =ffffed10016cd046 R10=0000000000000020 R11=0000000065646f43
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88724140 R15=ffffffff828e32b0
RIP=ffffffff828e331d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fbc4d4fb700 00000000 00000000
GS =0000 ffff8880e56dd000 00000000 00000000
LDT=0000 fffffe6300000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbc50099018 CR3=00000000439fe000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007fbc5006c7c000007fbc5006c7c8
XMM02=00007fbc5006c7e000007fbc5006c7c0 XMM03=00007fbc5006c7c800007fbc5006c7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000