Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:54547' (ECDSA) to the list of known hosts. 2025/09/01 10:22:14 fuzzer started 2025/09/01 10:22:14 dialing manager at localhost:35473 syzkaller login: [ 50.667262] cgroup: Unknown subsys name 'net' [ 50.741094] cgroup: Unknown subsys name 'cpuset' [ 50.754843] cgroup: Unknown subsys name 'rlimit' 2025/09/01 10:22:25 syscalls: 2214 2025/09/01 10:22:25 code coverage: enabled 2025/09/01 10:22:25 comparison tracing: enabled 2025/09/01 10:22:25 extra coverage: enabled 2025/09/01 10:22:25 setuid sandbox: enabled 2025/09/01 10:22:25 namespace sandbox: enabled 2025/09/01 10:22:25 Android sandbox: enabled 2025/09/01 10:22:25 fault injection: enabled 2025/09/01 10:22:25 leak checking: enabled 2025/09/01 10:22:25 net packet injection: enabled 2025/09/01 10:22:25 net device setup: enabled 2025/09/01 10:22:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 10:22:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 10:22:25 USB emulation: enabled 2025/09/01 10:22:25 hci packet injection: enabled 2025/09/01 10:22:25 wifi device emulation: enabled 2025/09/01 10:22:25 802.15.4 emulation: enabled 2025/09/01 10:22:25 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 10:22:25 fetching corpus: 49, signal 18312/21877 (executing program) 2025/09/01 10:22:25 fetching corpus: 99, signal 27871/32873 (executing program) 2025/09/01 10:22:25 fetching corpus: 149, signal 35531/41853 (executing program) 2025/09/01 10:22:25 fetching corpus: 199, signal 42004/49550 (executing program) 2025/09/01 10:22:25 fetching corpus: 249, signal 50904/59340 (executing program) 2025/09/01 10:22:25 fetching corpus: 299, signal 56305/65690 (executing program) 2025/09/01 10:22:25 fetching corpus: 349, signal 60520/70861 (executing program) 2025/09/01 10:22:25 fetching corpus: 399, signal 64169/75417 (executing program) 2025/09/01 10:22:25 fetching corpus: 449, signal 67461/79575 (executing program) 2025/09/01 10:22:26 fetching corpus: 499, signal 69393/82466 (executing program) 2025/09/01 10:22:26 fetching corpus: 549, signal 72209/86152 (executing program) 2025/09/01 10:22:26 fetching corpus: 599, signal 75137/89799 (executing program) 2025/09/01 10:22:26 fetching corpus: 649, signal 77474/92876 (executing program) 2025/09/01 10:22:26 fetching corpus: 699, signal 79569/95741 (executing program) 2025/09/01 10:22:26 fetching corpus: 749, signal 81410/98336 (executing program) 2025/09/01 10:22:26 fetching corpus: 799, signal 83708/101223 (executing program) 2025/09/01 10:22:26 fetching corpus: 849, signal 85707/103846 (executing program) 2025/09/01 10:22:26 fetching corpus: 899, signal 88132/106728 (executing program) 2025/09/01 10:22:26 fetching corpus: 949, signal 90391/109533 (executing program) 2025/09/01 10:22:26 fetching corpus: 999, signal 92128/111816 (executing program) 2025/09/01 10:22:27 fetching corpus: 1049, signal 95058/114925 (executing program) 2025/09/01 10:22:27 fetching corpus: 1099, signal 96816/117067 (executing program) 2025/09/01 10:22:27 fetching corpus: 1149, signal 98253/119000 (executing program) 2025/09/01 10:22:27 fetching corpus: 1199, signal 99603/120786 (executing program) 2025/09/01 10:22:27 fetching corpus: 1249, signal 101100/122759 (executing program) 2025/09/01 10:22:27 fetching corpus: 1299, signal 102952/124870 (executing program) 2025/09/01 10:22:27 fetching corpus: 1349, signal 103923/126366 (executing program) 2025/09/01 10:22:27 fetching corpus: 1399, signal 104857/127772 (executing program) 2025/09/01 10:22:27 fetching corpus: 1449, signal 105847/129221 (executing program) 2025/09/01 10:22:28 fetching corpus: 1499, signal 107490/131049 (executing program) 2025/09/01 10:22:28 fetching corpus: 1549, signal 108618/132548 (executing program) 2025/09/01 10:22:28 fetching corpus: 1599, signal 109701/134017 (executing program) 2025/09/01 10:22:28 fetching corpus: 1649, signal 111139/135597 (executing program) 2025/09/01 10:22:28 fetching corpus: 1699, signal 113068/137411 (executing program) 2025/09/01 10:22:28 fetching corpus: 1749, signal 114486/138949 (executing program) 2025/09/01 10:22:28 fetching corpus: 1799, signal 115365/140114 (executing program) 2025/09/01 10:22:28 fetching corpus: 1849, signal 115900/141133 (executing program) 2025/09/01 10:22:28 fetching corpus: 1899, signal 116589/142212 (executing program) 2025/09/01 10:22:28 fetching corpus: 1949, signal 119840/144639 (executing program) 2025/09/01 10:22:28 fetching corpus: 1999, signal 122206/146523 (executing program) 2025/09/01 10:22:29 fetching corpus: 2049, signal 123711/147908 (executing program) 2025/09/01 10:22:29 fetching corpus: 2099, signal 124878/149044 (executing program) 2025/09/01 10:22:29 fetching corpus: 2149, signal 125679/150036 (executing program) 2025/09/01 10:22:29 fetching corpus: 2199, signal 126709/151094 (executing program) 2025/09/01 10:22:29 fetching corpus: 2249, signal 127675/152133 (executing program) 2025/09/01 10:22:29 fetching corpus: 2299, signal 128535/153055 (executing program) 2025/09/01 10:22:29 fetching corpus: 2349, signal 129166/153859 (executing program) 2025/09/01 10:22:29 fetching corpus: 2399, signal 130027/154770 (executing program) 2025/09/01 10:22:29 fetching corpus: 2449, signal 130789/155565 (executing program) 2025/09/01 10:22:29 fetching corpus: 2499, signal 131544/156355 (executing program) 2025/09/01 10:22:30 fetching corpus: 2549, signal 132244/157113 (executing program) 2025/09/01 10:22:30 fetching corpus: 2599, signal 133142/157946 (executing program) 2025/09/01 10:22:30 fetching corpus: 2649, signal 134002/158712 (executing program) 2025/09/01 10:22:30 fetching corpus: 2699, signal 134912/159512 (executing program) 2025/09/01 10:22:30 fetching corpus: 2749, signal 135816/160295 (executing program) 2025/09/01 10:22:30 fetching corpus: 2799, signal 136678/161048 (executing program) 2025/09/01 10:22:30 fetching corpus: 2849, signal 137180/161687 (executing program) 2025/09/01 10:22:30 fetching corpus: 2899, signal 137655/162281 (executing program) 2025/09/01 10:22:30 fetching corpus: 2949, signal 138183/162834 (executing program) 2025/09/01 10:22:30 fetching corpus: 2999, signal 139126/163520 (executing program) 2025/09/01 10:22:30 fetching corpus: 3049, signal 139635/164105 (executing program) 2025/09/01 10:22:31 fetching corpus: 3099, signal 140097/164616 (executing program) 2025/09/01 10:22:31 fetching corpus: 3149, signal 140802/165189 (executing program) 2025/09/01 10:22:31 fetching corpus: 3199, signal 141688/165800 (executing program) 2025/09/01 10:22:31 fetching corpus: 3249, signal 142317/166369 (executing program) 2025/09/01 10:22:31 fetching corpus: 3299, signal 142953/166894 (executing program) 2025/09/01 10:22:31 fetching corpus: 3349, signal 143491/167360 (executing program) 2025/09/01 10:22:31 fetching corpus: 3399, signal 144216/167851 (executing program) 2025/09/01 10:22:31 fetching corpus: 3449, signal 144740/168304 (executing program) 2025/09/01 10:22:31 fetching corpus: 3499, signal 145182/168759 (executing program) 2025/09/01 10:22:31 fetching corpus: 3549, signal 145751/169236 (executing program) 2025/09/01 10:22:31 fetching corpus: 3599, signal 146372/169640 (executing program) 2025/09/01 10:22:32 fetching corpus: 3649, signal 146813/170021 (executing program) 2025/09/01 10:22:32 fetching corpus: 3699, signal 147633/170437 (executing program) 2025/09/01 10:22:32 fetching corpus: 3749, signal 148151/170927 (executing program) 2025/09/01 10:22:32 fetching corpus: 3799, signal 148590/171273 (executing program) 2025/09/01 10:22:32 fetching corpus: 3849, signal 149213/171609 (executing program) 2025/09/01 10:22:32 fetching corpus: 3899, signal 149753/171976 (executing program) 2025/09/01 10:22:32 fetching corpus: 3949, signal 150333/172299 (executing program) 2025/09/01 10:22:32 fetching corpus: 3999, signal 150748/172607 (executing program) 2025/09/01 10:22:32 fetching corpus: 4049, signal 151305/172880 (executing program) 2025/09/01 10:22:32 fetching corpus: 4099, signal 151816/173254 (executing program) 2025/09/01 10:22:32 fetching corpus: 4149, signal 153534/173559 (executing program) 2025/09/01 10:22:33 fetching corpus: 4199, signal 153991/173814 (executing program) 2025/09/01 10:22:33 fetching corpus: 4249, signal 154562/174013 (executing program) 2025/09/01 10:22:33 fetching corpus: 4299, signal 155014/174022 (executing program) 2025/09/01 10:22:33 fetching corpus: 4349, signal 155381/174024 (executing program) 2025/09/01 10:22:33 fetching corpus: 4399, signal 155951/174029 (executing program) 2025/09/01 10:22:33 fetching corpus: 4449, signal 156461/174083 (executing program) 2025/09/01 10:22:33 fetching corpus: 4499, signal 156882/174092 (executing program) 2025/09/01 10:22:33 fetching corpus: 4549, signal 157345/174094 (executing program) 2025/09/01 10:22:34 fetching corpus: 4599, signal 157916/174104 (executing program) 2025/09/01 10:22:34 fetching corpus: 4649, signal 158478/174106 (executing program) 2025/09/01 10:22:34 fetching corpus: 4699, signal 158852/174138 (executing program) 2025/09/01 10:22:34 fetching corpus: 4749, signal 159283/174146 (executing program) 2025/09/01 10:22:34 fetching corpus: 4799, signal 159850/174147 (executing program) 2025/09/01 10:22:34 fetching corpus: 4849, signal 160520/174150 (executing program) 2025/09/01 10:22:34 fetching corpus: 4899, signal 160816/174162 (executing program) 2025/09/01 10:22:34 fetching corpus: 4949, signal 161152/174166 (executing program) 2025/09/01 10:22:34 fetching corpus: 4999, signal 161522/174168 (executing program) 2025/09/01 10:22:34 fetching corpus: 5049, signal 161790/174213 (executing program) 2025/09/01 10:22:35 fetching corpus: 5099, signal 162228/174232 (executing program) 2025/09/01 10:22:35 fetching corpus: 5149, signal 162941/174232 (executing program) 2025/09/01 10:22:35 fetching corpus: 5199, signal 163553/174338 (executing program) 2025/09/01 10:22:35 fetching corpus: 5249, signal 163849/174368 (executing program) 2025/09/01 10:22:35 fetching corpus: 5299, signal 164770/174383 (executing program) 2025/09/01 10:22:35 fetching corpus: 5349, signal 165205/174408 (executing program) 2025/09/01 10:22:35 fetching corpus: 5399, signal 165599/174414 (executing program) 2025/09/01 10:22:35 fetching corpus: 5449, signal 165854/174417 (executing program) 2025/09/01 10:22:35 fetching corpus: 5499, signal 166336/174438 (executing program) 2025/09/01 10:22:35 fetching corpus: 5549, signal 166591/174442 (executing program) 2025/09/01 10:22:35 fetching corpus: 5599, signal 166983/174442 (executing program) 2025/09/01 10:22:36 fetching corpus: 5649, signal 167317/174480 (executing program) 2025/09/01 10:22:36 fetching corpus: 5699, signal 167700/174482 (executing program) 2025/09/01 10:22:36 fetching corpus: 5749, signal 168088/174482 (executing program) 2025/09/01 10:22:36 fetching corpus: 5799, signal 168464/174498 (executing program) 2025/09/01 10:22:36 fetching corpus: 5849, signal 168799/174511 (executing program) 2025/09/01 10:22:36 fetching corpus: 5899, signal 169449/174514 (executing program) 2025/09/01 10:22:36 fetching corpus: 5949, signal 169797/174517 (executing program) 2025/09/01 10:22:36 fetching corpus: 5999, signal 170132/174556 (executing program) 2025/09/01 10:22:36 fetching corpus: 6049, signal 170407/174556 (executing program) 2025/09/01 10:22:36 fetching corpus: 6099, signal 170697/174566 (executing program) 2025/09/01 10:22:36 fetching corpus: 6149, signal 171116/174573 (executing program) 2025/09/01 10:22:36 fetching corpus: 6199, signal 171307/174597 (executing program) 2025/09/01 10:22:37 fetching corpus: 6248, signal 171650/174628 (executing program) 2025/09/01 10:22:37 fetching corpus: 6248, signal 171650/174628 (executing program) 2025/09/01 10:22:38 starting 8 fuzzer processes 10:22:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x20000, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366f6f84b00080801000440004000f801002000400003000000000000008000"/64, 0x40}, {&(0x7f0000010100)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x800}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1000}, {&(0x7f0000010300)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x1800}, {&(0x7f0000010400)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x2000}, {&(0x7f0000010500)="53595a4b414c4c45522020080000e880325132510000e880325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000a0e870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000a0e870325132510000e870325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000a0e870325132510000e870325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000a0e870325132510000e8703251070064000000", 0x120, 0x2800}, {&(0x7f0000010700)="2e202020202020202020201000a0e870325132510000e87032510300000000002e2e2020202020202020201000a0e870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000a0e870325132510000e870325104001a040000", 0x80, 0x7000}, {&(0x7f0000010800)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xb000}, {&(0x7f0000010d00)='syzkallers\x00'/32, 0x20, 0xf000}, {&(0x7f0000010e00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x17000}], 0x0, &(0x7f0000010f00)) 10:22:38 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x154, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) 10:22:38 executing program 1: syz_read_part_table(0x3ff, 0x0, 0x0) 10:22:38 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f00000015c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1, 0xb, 0x0) 10:22:38 executing program 3: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 10:22:38 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:22:38 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x127f, &(0x7f00000000c0)={"9672497e53bbc6c5c2b2869d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:22:38 executing program 6: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[0x0]) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) [ 75.045894] audit: type=1400 audit(1756722158.998:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 76.289485] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.291965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.299032] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.302462] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.304476] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.308044] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.311428] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.316153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.316696] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.318528] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.320983] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.324022] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.325056] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.325548] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.334910] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.342630] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.343519] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.344322] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.347597] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.349733] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.354888] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.358516] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.358707] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.360968] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.370425] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.374923] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.377835] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.380267] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.381951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.386998] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.389571] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.392830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.394624] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.400670] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.406569] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.434896] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.441615] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.453492] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.463567] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.478458] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.438664] Bluetooth: hci1: command tx timeout [ 78.438758] Bluetooth: hci4: command tx timeout [ 78.439359] Bluetooth: hci0: command tx timeout [ 78.502289] Bluetooth: hci6: command tx timeout [ 78.502635] Bluetooth: hci3: command tx timeout [ 78.503066] Bluetooth: hci2: command tx timeout [ 78.503901] Bluetooth: hci5: command tx timeout [ 78.567192] Bluetooth: hci7: command tx timeout [ 80.487183] Bluetooth: hci4: command tx timeout [ 80.487834] Bluetooth: hci0: command tx timeout [ 80.488057] Bluetooth: hci1: command tx timeout [ 80.551220] Bluetooth: hci2: command tx timeout [ 80.551666] Bluetooth: hci3: command tx timeout [ 80.552045] Bluetooth: hci5: command tx timeout [ 80.553159] Bluetooth: hci6: command tx timeout [ 80.615172] Bluetooth: hci7: command tx timeout [ 82.534175] Bluetooth: hci0: command tx timeout [ 82.536230] Bluetooth: hci4: command tx timeout [ 82.536607] Bluetooth: hci1: command tx timeout [ 82.598207] Bluetooth: hci5: command tx timeout [ 82.598356] Bluetooth: hci6: command tx timeout [ 82.598987] Bluetooth: hci2: command tx timeout [ 82.599562] Bluetooth: hci3: command tx timeout [ 82.662199] Bluetooth: hci7: command tx timeout [ 84.582225] Bluetooth: hci4: command tx timeout [ 84.582993] Bluetooth: hci1: command tx timeout [ 84.583016] Bluetooth: hci0: command tx timeout [ 84.646327] Bluetooth: hci2: command tx timeout [ 84.646553] Bluetooth: hci6: command tx timeout [ 84.646769] Bluetooth: hci5: command tx timeout [ 84.647987] Bluetooth: hci3: command tx timeout [ 84.712238] Bluetooth: hci7: command tx timeout [ 119.244823] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.245679] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.410623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.411454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:23:23 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f00000015c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1, 0xb, 0x0) 10:23:23 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f00000015c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1, 0xb, 0x0) 10:23:24 executing program 2: r0 = getpid() r1 = pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f00000015c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1, 0xb, 0x0) 10:23:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0x4020940d, 0x0) [ 120.413875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.414514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:23:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0x4020940d, 0x0) 10:23:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0x4020940d, 0x0) [ 120.575341] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.575937] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 10:23:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0x4020940d, 0x0) 10:23:24 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x401070c9, 0x0) [ 120.859661] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.860346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.996175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.996804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.546623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.547254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.649175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.649787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.864561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.865207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.932467] loop0: detected capacity change from 0 to 368 [ 121.996540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.997411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.107971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.109018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.172673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.173677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.282061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.282678] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.301537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.302073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.313313] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.313847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.367480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.368094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.457209] audit: type=1400 audit(1756722206.409:8): avc: denied { open } for pid=3906 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.460021] audit: type=1400 audit(1756722206.409:9): avc: denied { kernel } for pid=3906 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.477926] loop1: detected capacity change from 0 to 1 [ 122.490270] loop1: detected capacity change from 0 to 1 10:23:26 executing program 0: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[0x0]) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) 10:23:26 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x127f, &(0x7f00000000c0)={"9672497e53bbc6c5c2b2869d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:23:26 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x401070c9, 0x0) 10:23:26 executing program 3: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 10:23:26 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:26 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:26 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x154, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) 10:23:26 executing program 6: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[0x0]) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) 10:23:26 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:26 executing program 3: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 10:23:26 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:26 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x401070c9, 0x0) [ 122.837714] kmemleak: Found object by alias at 0x607f1a63d15c [ 122.837735] CPU: 0 UID: 0 PID: 3932 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 122.837754] Tainted: [W]=WARN [ 122.837757] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.837764] Call Trace: [ 122.837769] [ 122.837774] dump_stack_lvl+0xca/0x120 [ 122.837799] __lookup_object+0x94/0xb0 [ 122.837817] delete_object_full+0x27/0x70 [ 122.837833] free_percpu+0x30/0x1160 [ 122.837859] ? arch_uprobe_clear_state+0x16/0x140 [ 122.837879] futex_hash_free+0x38/0xc0 [ 122.837893] mmput+0x2d3/0x390 [ 122.837912] do_exit+0x79d/0x2970 [ 122.837929] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.837943] ? __pfx_do_exit+0x10/0x10 [ 122.837957] ? find_held_lock+0x2b/0x80 [ 122.837975] ? get_signal+0x835/0x2340 [ 122.837996] do_group_exit+0xd3/0x2a0 [ 122.838011] get_signal+0x2315/0x2340 [ 122.838028] ? put_task_stack+0xd2/0x240 [ 122.838043] ? __pfx_get_signal+0x10/0x10 [ 122.838060] ? __schedule+0xe91/0x3590 [ 122.838080] arch_do_signal_or_restart+0x80/0x790 [ 122.838102] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 122.838119] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.838132] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 122.838145] ? __pfx___x64_sys_futex+0x10/0x10 [ 122.838158] ? xfd_validate_state+0x55/0x180 [ 122.838179] exit_to_user_mode_loop+0x8b/0x110 [ 122.838192] do_syscall_64+0x2f7/0x360 [ 122.838204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.838217] RIP: 0033:0x7fd2f695db19 [ 122.838226] Code: Unable to access opcode bytes at 0x7fd2f695daef. [ 122.838231] RSP: 002b:00007fd2f3ed3218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 122.838243] RAX: 0000000000000001 RBX: 00007fd2f6a70f68 RCX: 00007fd2f695db19 [ 122.838250] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd2f6a70f6c [ 122.838257] RBP: 00007fd2f6a70f60 R08: 000000000000000e R09: 0000000000000000 [ 122.838264] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fd2f6a70f6c [ 122.838271] R13: 00007ffc54f860bf R14: 00007fd2f3ed3300 R15: 0000000000022000 [ 122.838287] [ 122.838291] kmemleak: Object (percpu) 0x607f1a63d158 (size 8): [ 122.838297] kmemleak: comm "syz-executor.6", pid 3930, jiffies 4294789692 [ 122.838305] kmemleak: min_count = 1 [ 122.838308] kmemleak: count = 0 [ 122.838312] kmemleak: flags = 0x21 [ 122.838316] kmemleak: checksum = 0 [ 122.838319] kmemleak: backtrace: [ 122.838323] pcpu_alloc_noprof+0x87a/0x1170 [ 122.838339] percpu_ref_init+0x37/0x400 [ 122.838350] blk_alloc_queue+0x571/0x750 [ 122.838367] blk_mq_alloc_queue+0x170/0x280 [ 122.838379] __blk_mq_alloc_disk+0x2a/0x120 [ 122.838391] loop_add+0x494/0xb60 [ 122.838405] loop_control_ioctl+0x13b/0x640 [ 122.838418] __x64_sys_ioctl+0x18f/0x210 [ 122.838434] do_syscall_64+0xbf/0x360 [ 122.838443] entry_SYSCALL_64_after_hwframe+0x77/0x7f 10:23:26 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x401070c9, 0x0) 10:23:26 executing program 3: r0 = io_uring_setup(0x5ffd, &(0x7f0000000140)) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 10:23:26 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:26 executing program 0: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[0x0]) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) 10:23:26 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:26 executing program 6: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) io_setup(0xfff, &(0x7f0000000040)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[0x0]) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x240, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) 10:23:26 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x154, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}, 0x24}}, 0x0) 10:23:26 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x127f, &(0x7f00000000c0)={"9672497e53bbc6c5c2b2869d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:23:26 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) [ 123.014448] Oops: general protection fault, probably for non-canonical address 0xeafffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 123.015375] KASAN: maybe wild-memory-access in range [0x5800000000000190-0x5800000000000197] [ 123.016034] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.017174] Tainted: [W]=WARN [ 123.017789] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.019619] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.020613] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.024687] RSP: 0018:ffff888045787780 EFLAGS: 00010012 [ 123.025377] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90003ca8000 [ 123.025939] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 5800000000000190 [ 123.026498] RBP: ffff8880457879f0 R08: ffff88806ce31340 R09: ffffe8ffffc15158 [ 123.027054] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.027610] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.028167] FS: 00007fcada541700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.028797] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.029254] CR2: 00007f028988d730 CR3: 00000000460e7000 CR4: 0000000000350ef0 [ 123.029810] Call Trace: [ 123.030020] [ 123.030205] ? __pfx_perf_tp_event+0x10/0x10 [ 123.030562] ? __asan_memcpy+0x3d/0x60 [ 123.030879] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 123.031381] ? lock_is_held_type+0x9e/0x120 [ 123.031729] ? ctx_sched_in+0x134/0x9b0 [ 123.032041] ? css_rstat_updated+0x1b8/0x4d0 [ 123.032396] ? __pfx_css_rstat_updated+0x10/0x10 [ 123.032776] ? lock_is_held_type+0x9e/0x120 [ 123.033121] ? trace_pelt_se_tp+0xdf/0x130 [ 123.033456] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.033864] ? lock_is_held_type+0x9e/0x120 [ 123.034211] perf_trace_run_bpf_submit+0xef/0x180 [ 123.034601] perf_trace_preemptirq_template+0x259/0x430 [ 123.035019] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.035480] ? check_preempt_wakeup_fair+0x406/0x950 [ 123.035880] ? find_held_lock+0x2b/0x80 [ 123.036204] ? try_to_wake_up+0x8ae/0x11d0 [ 123.036543] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.036949] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.037350] trace_hardirqs_on+0x26/0x40 [ 123.037672] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 123.038069] try_to_wake_up+0x8ae/0x11d0 [ 123.038393] ? __pfx_try_to_wake_up+0x10/0x10 [ 123.038751] ? plist_del+0x122/0x270 [ 123.039051] ? find_held_lock+0x2b/0x80 [ 123.039373] ? futex_wake+0x474/0x540 [ 123.039680] wake_up_q+0xa1/0x130 [ 123.039964] futex_wake+0x47e/0x540 [ 123.040261] ? __pfx_futex_wake+0x10/0x10 [ 123.040595] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 123.040995] ? lock_release+0xc8/0x290 [ 123.041312] do_futex+0x26d/0x370 [ 123.041591] ? __pfx_do_futex+0x10/0x10 [ 123.041915] __x64_sys_futex+0x1c9/0x4d0 [ 123.042243] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.042704] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.043074] ? xfd_validate_state+0x55/0x180 [ 123.043435] do_syscall_64+0xbf/0x360 [ 123.043740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.044147] RIP: 0033:0x7fcadcfcbb19 [ 123.044440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.045849] RSP: 002b:00007fcada541218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.046441] RAX: ffffffffffffffda RBX: 00007fcadd0def68 RCX: 00007fcadcfcbb19 [ 123.046993] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcadd0def6c [ 123.047550] RBP: 00007fcadd0def60 R08: 000000000000000e R09: 0000000000000000 [ 123.048103] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fcadd0def6c [ 123.048662] R13: 00007ffd30f9afcf R14: 00007fcada541300 R15: 0000000000022000 [ 123.049223] [ 123.049411] Modules linked in: [ 123.049667] ---[ end trace 0000000000000000 ]--- [ 123.050065] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.050442] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.051852] RSP: 0018:ffff888045787780 EFLAGS: 00010012 [ 123.052268] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90003ca8000 [ 123.052823] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 5800000000000190 [ 123.053377] RBP: ffff8880457879f0 R08: ffff88806ce31340 R09: ffffe8ffffc15158 [ 123.053939] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.054498] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.055055] FS: 00007fcada541700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.055678] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.056133] CR2: 00007f028988d730 CR3: 00000000460e7000 CR4: 0000000000350ef0 [ 123.056692] note: syz-executor.6[3955] exited with irqs disabled [ 123.057223] Oops: general protection fault, probably for non-canonical address 0xeafffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 123.058093] KASAN: maybe wild-memory-access in range [0x5800000000000190-0x5800000000000197] [ 123.058752] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 123.059683] Tainted: [D]=DIE, [W]=WARN 10:23:27 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000005c0), 0x24, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) 10:23:27 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x145802, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x127f, &(0x7f00000000c0)={"9672497e53bbc6c5c2b2869d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 123.059985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.060716] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.061093] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.062505] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 123.062927] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffffff818998a3 [ 123.063483] RDX: ffff888015f83700 RSI: ffffffff8189a4e7 RDI: 5800000000000190 [ 123.064036] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc15158 [ 123.064588] R10: 0000000000000000 R11: ffff888017f7ac98 R12: dffffc0000000000 [ 123.065144] R13: 0000000000000000 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 123.065695] FS: 00007fcada541700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.066326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.066780] CR2: 00007f028988d730 CR3: 00000000460e7000 CR4: 0000000000350ef0 [ 123.067333] Call Trace: [ 123.067539] [ 123.067716] ? __pfx_perf_tp_event+0x10/0x10 [ 123.068072] ? do_raw_spin_lock+0x123/0x260 [ 123.068418] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.068789] ? lock_acquire+0x18c/0x2f0 [ 123.069107] ? lock_release+0x1c7/0x290 [ 123.069424] ? do_raw_spin_unlock+0x53/0x220 [ 123.069779] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 123.070185] ? try_to_wake_up+0x128/0x11d0 [ 123.070523] ? do_raw_spin_lock+0x123/0x260 [ 123.070867] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 123.071244] ? perf_trace_run_bpf_submit+0xef/0x180 [ 123.071644] perf_trace_run_bpf_submit+0xef/0x180 [ 123.072030] perf_trace_preemptirq_template+0x259/0x430 [ 123.072451] ? read_tsc+0x9/0x20 [ 123.072728] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 123.073183] ? clockevents_program_event+0x135/0x360 [ 123.073585] ? tick_program_event+0xac/0x140 [ 123.073944] ? handle_softirqs+0x16e/0x770 [ 123.074284] trace_irq_enable.constprop.0+0xa6/0x100 [ 123.074681] trace_hardirqs_on+0x26/0x40 [ 123.075001] handle_softirqs+0x16e/0x770 [ 123.075334] __irq_exit_rcu+0xc4/0x100 [ 123.075649] irq_exit_rcu+0x9/0x20 [ 123.075930] sysvec_apic_timer_interrupt+0x70/0x80 [ 123.076321] [ 123.076503] [ 123.076686] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 123.077098] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 123.077471] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 123.078887] RSP: 0018:ffff888045787f28 EFLAGS: 00000246 [ 123.079302] RAX: 0000000000000001 RBX: ffff888015f83700 RCX: ffffffff817c3ab6 [ 123.079852] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 123.080405] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 123.080954] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888015f83700 [ 123.081509] R13: 0000000000000000 R14: eafffc0000000032 R15: 0000000000000000 [ 123.082076] ? trace_irq_enable.constprop.0+0x26/0x100 [ 123.082486] ? make_task_dead+0x214/0x3b0 [ 123.082816] ? make_task_dead+0x214/0x3b0 [ 123.083145] ? do_syscall_64+0xbf/0x360 [ 123.083461] rewind_stack_and_make_dead+0x16/0x20 [ 123.083846] RIP: 0033:0x7fcadcfcbb19 [ 123.084138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.085544] RSP: 002b:00007fcada541218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.086141] RAX: ffffffffffffffda RBX: 00007fcadd0def68 RCX: 00007fcadcfcbb19 [ 123.086693] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcadd0def6c [ 123.087248] RBP: 00007fcadd0def60 R08: 000000000000000e R09: 0000000000000000 [ 123.087806] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fcadd0def6c [ 123.088357] R13: 00007ffd30f9afcf R14: 00007fcada541300 R15: 0000000000022000 [ 123.088908] [ 123.089096] Modules linked in: [ 123.089354] ---[ end trace 0000000000000000 ]--- [ 123.089720] RIP: 0010:perf_tp_event+0x175/0xe70 [ 123.090101] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 123.091502] RSP: 0018:ffff888045787780 EFLAGS: 00010012 [ 123.091918] RAX: 0b00000000000032 RBX: 57ffffffffffffa0 RCX: ffffc90003ca8000 [ 123.092473] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 5800000000000190 [ 123.093026] RBP: ffff8880457879f0 R08: ffff88806ce31340 R09: ffffe8ffffc15158 [ 123.093580] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 123.094138] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 123.094692] FS: 00007fcada541700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 123.095315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.095768] CR2: 00007f028988d730 CR3: 00000000460e7000 CR4: 0000000000350ef0 [ 123.096325] Kernel panic - not syncing: Fatal exception in interrupt [ 123.097019] Kernel Offset: disabled [ 123.097305] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 10:23:27 Registers: info registers vcpu 0 RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888045787070 R8 =0000000000000000 R9 =ffffed100148f046 R10=0000000000000064 R11=0000000065646f43 R12=0000000000000064 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fcada541700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f028988d730 CR3=00000000460e7000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fcadd0b27c000007fcadd0b27c8 XMM02=00007fcadd0b27e000007fcadd0b27c0 XMM03=00007fcadd0b27c800007fcadd0b27c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff88800df15488 RBX=800000000ed9f007 RCX=ffffffff819d0093 RDX=ffff888016b73700 RSI=0000000000000000 RDI=0000000000000007 RBP=00000000000000e2 RSP=ffff888045c07670 R8 =0000000000000000 R9 =fffff94000066f0e R10=800000000ed9f007 R11=1ffff1100d9e6bb1 R12=00000000000000e2 R13=00007f71cec90000 R14=ffff888045c07ad0 R15=800000000ed9f007 RIP=ffffffff819d08ba RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055555a4cbc58 CR3=000000003ce0a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000