Warning: Permanently added '[localhost]:64004' (ECDSA) to the list of known hosts. 2025/09/01 08:27:09 fuzzer started 2025/09/01 08:27:10 dialing manager at localhost:35473 syzkaller login: [ 50.101719] cgroup: Unknown subsys name 'net' [ 50.166905] cgroup: Unknown subsys name 'cpuset' [ 50.182930] cgroup: Unknown subsys name 'rlimit' 2025/09/01 08:27:21 syscalls: 2214 2025/09/01 08:27:21 code coverage: enabled 2025/09/01 08:27:21 comparison tracing: enabled 2025/09/01 08:27:21 extra coverage: enabled 2025/09/01 08:27:21 setuid sandbox: enabled 2025/09/01 08:27:21 namespace sandbox: enabled 2025/09/01 08:27:21 Android sandbox: enabled 2025/09/01 08:27:21 fault injection: enabled 2025/09/01 08:27:21 leak checking: enabled 2025/09/01 08:27:21 net packet injection: enabled 2025/09/01 08:27:21 net device setup: enabled 2025/09/01 08:27:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 08:27:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 08:27:21 USB emulation: enabled 2025/09/01 08:27:21 hci packet injection: enabled 2025/09/01 08:27:21 wifi device emulation: enabled 2025/09/01 08:27:21 802.15.4 emulation: enabled 2025/09/01 08:27:21 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 08:27:21 fetching corpus: 50, signal 25424/28411 (executing program) 2025/09/01 08:27:21 fetching corpus: 100, signal 41251/44824 (executing program) 2025/09/01 08:27:21 fetching corpus: 150, signal 48927/53045 (executing program) 2025/09/01 08:27:21 fetching corpus: 200, signal 53926/58584 (executing program) 2025/09/01 08:27:21 fetching corpus: 250, signal 58530/63553 (executing program) 2025/09/01 08:27:21 fetching corpus: 300, signal 62962/68198 (executing program) 2025/09/01 08:27:22 fetching corpus: 350, signal 66454/71941 (executing program) 2025/09/01 08:27:22 fetching corpus: 400, signal 69229/74946 (executing program) 2025/09/01 08:27:22 fetching corpus: 450, signal 72796/78484 (executing program) 2025/09/01 08:27:22 fetching corpus: 500, signal 75936/81476 (executing program) 2025/09/01 08:27:22 fetching corpus: 550, signal 79655/84830 (executing program) 2025/09/01 08:27:22 fetching corpus: 600, signal 81877/86930 (executing program) 2025/09/01 08:27:22 fetching corpus: 650, signal 85262/89711 (executing program) 2025/09/01 08:27:22 fetching corpus: 700, signal 87173/91334 (executing program) 2025/09/01 08:27:23 fetching corpus: 750, signal 88518/92513 (executing program) 2025/09/01 08:27:23 fetching corpus: 800, signal 89946/93695 (executing program) 2025/09/01 08:27:23 fetching corpus: 850, signal 92123/95317 (executing program) 2025/09/01 08:27:23 fetching corpus: 900, signal 94889/97303 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/98664 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/98734 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/98808 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/98882 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/98962 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99062 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99135 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99220 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99292 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99378 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99475 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99578 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99650 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99734 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99814 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99895 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/99975 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100064 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100145 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100236 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100322 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100406 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100495 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100582 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100658 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100746 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100835 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/100920 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/101016 (executing program) 2025/09/01 08:27:23 fetching corpus: 946, signal 96911/101080 (executing program) 2025/09/01 08:27:24 fetching corpus: 946, signal 96911/101162 (executing program) 2025/09/01 08:27:24 fetching corpus: 946, signal 96911/101162 (executing program) 2025/09/01 08:27:26 starting 8 fuzzer processes 08:27:26 executing program 0: syz_mount_image$nfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=@reiserfs_2={0x8}, &(0x7f0000000180), 0x3) 08:27:26 executing program 1: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0) 08:27:26 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x27, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:27:26 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) [ 66.121115] audit: type=1400 audit(1756715246.258:7): avc: denied { execmem } for pid=271 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:27:26 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0xc8}) 08:27:26 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f000000a180), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f000000a1c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 08:27:26 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:27:26 executing program 7: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001340), 0x8, 0x0) r1 = eventfd2(0xf8a8, 0x0) dup2(r1, r0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001300), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 67.216223] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.220161] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.222315] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.229222] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.232054] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.362143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.365042] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.366973] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.374985] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.377588] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.481355] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.491152] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.495131] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.497967] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.501043] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.504692] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.511063] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.512778] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.533500] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.546368] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.640792] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.642550] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.661205] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.671295] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.673086] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.675251] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.676992] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.680249] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.681996] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.689703] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.695099] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.706636] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.724288] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.726390] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.729200] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.730558] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.741018] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.742787] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.744788] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.758639] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.313378] Bluetooth: hci0: command tx timeout [ 69.440839] Bluetooth: hci1: command tx timeout [ 69.569272] Bluetooth: hci3: command tx timeout [ 69.569409] Bluetooth: hci2: command tx timeout [ 69.824808] Bluetooth: hci4: command tx timeout [ 69.824839] Bluetooth: hci6: command tx timeout [ 69.825605] Bluetooth: hci7: command tx timeout [ 69.826370] Bluetooth: hci5: command tx timeout [ 71.360840] Bluetooth: hci0: command tx timeout [ 71.489816] Bluetooth: hci1: command tx timeout [ 71.616823] Bluetooth: hci3: command tx timeout [ 71.617792] Bluetooth: hci2: command tx timeout [ 71.873840] Bluetooth: hci5: command tx timeout [ 71.874290] Bluetooth: hci7: command tx timeout [ 71.874318] Bluetooth: hci6: command tx timeout [ 71.875175] Bluetooth: hci4: command tx timeout [ 73.409756] Bluetooth: hci0: command tx timeout [ 73.536890] Bluetooth: hci1: command tx timeout [ 73.665758] Bluetooth: hci2: command tx timeout [ 73.666165] Bluetooth: hci3: command tx timeout [ 73.920933] Bluetooth: hci4: command tx timeout [ 73.921385] Bluetooth: hci6: command tx timeout [ 73.922602] Bluetooth: hci5: command tx timeout [ 73.923092] Bluetooth: hci7: command tx timeout [ 75.456865] Bluetooth: hci0: command tx timeout [ 75.585777] Bluetooth: hci1: command tx timeout [ 75.712792] Bluetooth: hci3: command tx timeout [ 75.713215] Bluetooth: hci2: command tx timeout [ 75.968836] Bluetooth: hci6: command tx timeout [ 75.969306] Bluetooth: hci5: command tx timeout [ 75.969692] Bluetooth: hci4: command tx timeout [ 75.970534] Bluetooth: hci7: command tx timeout [ 103.589760] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.590437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.742054] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.742707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.757190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.757779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.799103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.799741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.866316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.867072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.896438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.897166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.925397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.926095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.950834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.951438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.990183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.991090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.027516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.028316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.073281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.074111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.104118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.104775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.142416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.143124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.184518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.185191] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:28:04 executing program 7: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001340), 0x8, 0x0) r1 = eventfd2(0xf8a8, 0x0) dup2(r1, r0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001300), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 08:28:04 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0xc8}) [ 104.282714] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.283479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.380396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.381071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 08:28:05 executing program 7: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001340), 0x8, 0x0) r1 = eventfd2(0xf8a8, 0x0) dup2(r1, r0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001300), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 08:28:05 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x27, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:28:05 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f000000a180), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f000000a1c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 08:28:05 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0xc8}) 08:28:05 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) 08:28:05 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:05 executing program 0: syz_mount_image$nfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=@reiserfs_2={0x8}, &(0x7f0000000180), 0x3) 08:28:05 executing program 1: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0) 08:28:05 executing program 6: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0xc8}) 08:28:05 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f000000a180), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f000000a1c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 08:28:05 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) [ 105.225385] kmemleak: Found object by alias at 0x607f1a63daec [ 105.225405] CPU: 1 UID: 0 PID: 3911 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 105.225424] Tainted: [W]=WARN [ 105.225427] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 105.225435] Call Trace: [ 105.225439] [ 105.225444] dump_stack_lvl+0xca/0x120 [ 105.225469] __lookup_object+0x94/0xb0 [ 105.225487] delete_object_full+0x27/0x70 [ 105.225504] free_percpu+0x30/0x1160 [ 105.225521] ? arch_uprobe_clear_state+0x16/0x140 [ 105.225542] futex_hash_free+0x38/0xc0 [ 105.225556] mmput+0x2d3/0x390 [ 105.225576] do_exit+0x79d/0x2970 [ 105.225594] ? __pfx_do_exit+0x10/0x10 [ 105.225608] ? find_held_lock+0x2b/0x80 [ 105.225627] ? get_signal+0x835/0x2340 [ 105.225647] do_group_exit+0xd3/0x2a0 [ 105.225663] get_signal+0x2315/0x2340 [ 105.225681] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 105.225699] ? __pfx_get_signal+0x10/0x10 [ 105.225715] ? do_futex+0x135/0x370 [ 105.225734] ? __pfx_do_futex+0x10/0x10 [ 105.225749] arch_do_signal_or_restart+0x80/0x790 [ 105.225768] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.225784] ? __x64_sys_futex+0x1c9/0x4d0 [ 105.225797] ? __x64_sys_futex+0x1d2/0x4d0 [ 105.225812] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.225826] ? xfd_validate_state+0x55/0x180 [ 105.225847] exit_to_user_mode_loop+0x8b/0x110 [ 105.225861] do_syscall_64+0x2f7/0x360 [ 105.225874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.225886] RIP: 0033:0x7f98e0cc3b19 [ 105.225896] Code: Unable to access opcode bytes at 0x7f98e0cc3aef. [ 105.225901] RSP: 002b:00007f98de239218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.225913] RAX: fffffffffffffe00 RBX: 00007f98e0dd6f68 RCX: 00007f98e0cc3b19 [ 105.225921] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f98e0dd6f68 [ 105.225928] RBP: 00007f98e0dd6f60 R08: 0000000000000000 R09: 0000000000000000 [ 105.225935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98e0dd6f6c [ 105.225942] R13: 00007ffcc9e0622f R14: 00007f98de239300 R15: 0000000000022000 [ 105.225958] [ 105.225961] kmemleak: Object (percpu) 0x607f1a63dae0 (size 16): [ 105.225969] kmemleak: comm "syz-executor.6", pid 283, jiffies 4294771964 [ 105.225978] kmemleak: min_count = 1 [ 105.225982] kmemleak: count = 0 [ 105.225986] kmemleak: flags = 0x21 [ 105.225990] kmemleak: checksum = 0 [ 105.225995] kmemleak: backtrace: [ 105.225999] pcpu_alloc_noprof+0x87a/0x1170 [ 105.226015] mm_init+0x99b/0x1170 [ 105.226023] copy_process+0x3ab7/0x73c0 [ 105.226033] kernel_clone+0xea/0x7f0 [ 105.226043] __do_sys_clone+0xce/0x120 [ 105.226053] do_syscall_64+0xbf/0x360 [ 105.226063] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:28:06 executing program 0: syz_mount_image$nfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=@reiserfs_2={0x8}, &(0x7f0000000180), 0x3) 08:28:06 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:06 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x27, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:28:06 executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) 08:28:06 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f000000a180), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f000000a1c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 08:28:06 executing program 7: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001340), 0x8, 0x0) r1 = eventfd2(0xf8a8, 0x0) dup2(r1, r0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000001300), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 08:28:06 executing program 1: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0) 08:28:06 executing program 6: prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffeff) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0) 08:28:06 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) [ 106.115828] kmemleak: Found object by alias at 0x607f1a63dae8 [ 106.115851] CPU: 1 UID: 0 PID: 3930 Comm: syz-executor.3 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 106.115873] Tainted: [W]=WARN [ 106.115878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.115888] Call Trace: [ 106.115893] [ 106.115899] dump_stack_lvl+0xca/0x120 [ 106.115934] __lookup_object+0x94/0xb0 [ 106.115956] delete_object_full+0x27/0x70 [ 106.115977] free_percpu+0x30/0x1160 [ 106.115998] ? arch_uprobe_clear_state+0x16/0x140 [ 106.116024] futex_hash_free+0x38/0xc0 [ 106.116042] mmput+0x2d3/0x390 [ 106.116066] do_exit+0x79d/0x2970 [ 106.116083] ? lock_release+0xc8/0x290 [ 106.116104] ? __pfx_do_exit+0x10/0x10 [ 106.116122] ? find_held_lock+0x2b/0x80 [ 106.116144] ? get_signal+0x835/0x2340 [ 106.116169] do_group_exit+0xd3/0x2a0 [ 106.116188] get_signal+0x2315/0x2340 [ 106.116212] ? do_vfs_ioctl+0x125/0x1470 [ 106.116236] ? __pfx_get_signal+0x10/0x10 [ 106.116257] ? do_futex+0x135/0x370 [ 106.116274] ? __pfx_do_futex+0x10/0x10 [ 106.116294] arch_do_signal_or_restart+0x80/0x790 [ 106.116316] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 106.116337] ? __x64_sys_futex+0x1c9/0x4d0 [ 106.116353] ? __x64_sys_futex+0x1d2/0x4d0 [ 106.116372] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.116388] ? selinux_file_ioctl+0xb9/0x280 [ 106.116414] exit_to_user_mode_loop+0x8b/0x110 [ 106.116431] do_syscall_64+0x2f7/0x360 [ 106.116452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.116467] RIP: 0033:0x7f91cebfcb19 [ 106.116479] Code: Unable to access opcode bytes at 0x7f91cebfcaef. [ 106.116485] RSP: 002b:00007f91cc172218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.116500] RAX: fffffffffffffe00 RBX: 00007f91ced0ff68 RCX: 00007f91cebfcb19 [ 106.116510] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f91ced0ff68 [ 106.116518] RBP: 00007f91ced0ff60 R08: 0000000000000000 R09: 0000000000000000 [ 106.116528] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f91ced0ff6c [ 106.116537] R13: 00007ffc34da8c3f R14: 00007f91cc172300 R15: 0000000000022000 [ 106.116556] [ 106.116561] kmemleak: Object (percpu) 0x607f1a63dae0 (size 16): [ 106.116570] kmemleak: comm "syz-executor.4", pid 281, jiffies 4294772757 [ 106.116579] kmemleak: min_count = 1 [ 106.116584] kmemleak: count = 0 [ 106.116588] kmemleak: flags = 0x21 [ 106.116593] kmemleak: checksum = 0 [ 106.116598] kmemleak: backtrace: [ 106.116602] pcpu_alloc_noprof+0x87a/0x1170 [ 106.116622] mm_init+0x99b/0x1170 [ 106.116632] copy_process+0x3ab7/0x73c0 [ 106.116645] kernel_clone+0xea/0x7f0 [ 106.116658] __do_sys_clone+0xce/0x120 [ 106.116671] do_syscall_64+0xbf/0x360 [ 106.116683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.157348] kmemleak: Found object by alias at 0x607f1a63daec [ 106.157378] CPU: 0 UID: 0 PID: 3928 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 106.157424] Tainted: [W]=WARN [ 106.157432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.157445] Call Trace: [ 106.157452] [ 106.157462] dump_stack_lvl+0xca/0x120 [ 106.157507] __lookup_object+0x94/0xb0 [ 106.157540] delete_object_full+0x27/0x70 [ 106.157573] free_percpu+0x30/0x1160 [ 106.157606] ? arch_uprobe_clear_state+0x16/0x140 [ 106.157645] futex_hash_free+0x38/0xc0 [ 106.157673] mmput+0x2d3/0x390 [ 106.157711] do_exit+0x79d/0x2970 [ 106.157745] ? signal_wake_up_state+0x85/0x120 [ 106.157777] ? zap_other_threads+0x2b9/0x3a0 [ 106.157809] ? __pfx_do_exit+0x10/0x10 [ 106.157835] ? do_group_exit+0x1c3/0x2a0 [ 106.157863] ? lock_release+0xc8/0x290 [ 106.157896] do_group_exit+0xd3/0x2a0 [ 106.157926] __x64_sys_exit_group+0x3e/0x50 [ 106.157955] x64_sys_call+0x18c5/0x18d0 [ 106.157986] do_syscall_64+0xbf/0x360 [ 106.158010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.158036] RIP: 0033:0x7f98e0cc3b19 [ 106.158058] Code: Unable to access opcode bytes at 0x7f98e0cc3aef. [ 106.158073] RSP: 002b:00007ffcc9e06458 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 106.158097] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f98e0cc3b19 [ 106.158112] RDX: 00007f98e0c7672b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 106.158127] RBP: 0000000000000000 R08: 0000001b2d429808 R09: 0000000000000000 [ 106.158141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.158154] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcc9e06540 [ 106.158185] [ 106.158192] kmemleak: Object (percpu) 0x607f1a63dae0 (size 16): [ 106.158206] kmemleak: comm "syz-executor.5", pid 282, jiffies 4294772894 [ 106.158220] kmemleak: min_count = 1 [ 106.158228] kmemleak: count = 0 [ 106.158235] kmemleak: flags = 0x21 [ 106.158243] kmemleak: checksum = 0 [ 106.158250] kmemleak: backtrace: [ 106.158256] pcpu_alloc_noprof+0x87a/0x1170 [ 106.158288] mm_init+0x99b/0x1170 [ 106.158304] copy_process+0x3ab7/0x73c0 [ 106.158325] kernel_clone+0xea/0x7f0 [ 106.158344] __do_sys_clone+0xce/0x120 [ 106.158365] do_syscall_64+0xbf/0x360 [ 106.158384] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:28:06 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0x27, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 08:28:06 executing program 0: syz_mount_image$nfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=@reiserfs_2={0x8}, &(0x7f0000000180), 0x3) 08:28:06 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:06 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) [ 106.269989] ================================================================== [ 106.270649] BUG: KASAN: slab-use-after-free in sched_mm_cid_remote_clear+0x271/0x470 [ 106.271298] Write of size 8 at addr ffff888041f0a0b0 by task syz-executor.5/3941 [ 106.272335] [ 106.272706] CPU: 1 UID: 0 PID: 3941 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 106.272726] Tainted: [W]=WARN [ 106.272730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.272738] Call Trace: [ 106.272742] [ 106.272747] dump_stack_lvl+0xca/0x120 [ 106.272774] print_report+0xcb/0x610 [ 106.272791] ? __virt_addr_valid+0x100/0x5d0 [ 106.272811] ? sched_mm_cid_remote_clear+0x271/0x470 [ 106.272829] ? sched_mm_cid_remote_clear+0x271/0x470 [ 106.272848] kasan_report+0xca/0x100 [ 106.272864] ? sched_mm_cid_remote_clear+0x271/0x470 [ 106.272884] kasan_check_range+0x39/0x1b0 [ 106.272896] sched_mm_cid_remote_clear+0x271/0x470 [ 106.272915] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10 [ 106.272933] ? task_mm_cid_work+0x21a/0x840 [ 106.272951] ? find_held_lock+0x2b/0x80 [ 106.272969] ? task_mm_cid_work+0x368/0x840 [ 106.272989] ? lock_release+0xc8/0x290 [ 106.273004] ? lock_is_held_type+0x9e/0x120 [ 106.273023] task_mm_cid_work+0x39f/0x840 [ 106.273040] ? task_mm_cid_work+0x21a/0x840 [ 106.273059] ? __pfx_task_mm_cid_work+0x10/0x10 [ 106.273077] ? lock_release+0xc8/0x290 [ 106.273091] task_work_run+0x172/0x280 [ 106.273106] ? __pfx_task_work_run+0x10/0x10 [ 106.273122] exit_to_user_mode_loop+0xef/0x110 [ 106.273135] do_syscall_64+0x2f7/0x360 [ 106.273148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.273160] RIP: 0033:0x7f2065110b19 [ 106.273169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 106.273181] RSP: 002b:00007f2062665108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 106.273193] RAX: 0000000000000004 RBX: 00007f2065224020 RCX: 00007f2065110b19 [ 106.273214] RDX: 0000000020ffd000 RSI: 0000000020000240 RDI: 0000000000003cfc [ 106.273221] RBP: 0000000020000240 R08: 0000000020000300 R09: 0000000020000300 [ 106.273229] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000300 [ 106.273236] R13: 0000000020ffd000 R14: 00000000200002c0 R15: 0000000020ffd000 [ 106.273248] [ 106.273252] [ 106.293445] Allocated by task 114: [ 106.293732] kasan_save_stack+0x24/0x50 [ 106.294053] kasan_save_track+0x14/0x30 [ 106.294371] __kasan_slab_alloc+0x59/0x70 [ 106.294704] kmem_cache_alloc_noprof+0x205/0x690 [ 106.295084] alloc_empty_file+0x58/0x1e0 [ 106.295412] path_openat+0xe0/0x2880 [ 106.295713] do_filp_open+0x1e8/0x450 [ 106.296017] do_sys_openat2+0x104/0x1b0 [ 106.296339] __x64_sys_openat+0x142/0x200 [ 106.296677] do_syscall_64+0xbf/0x360 [ 106.296985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.297403] [ 106.297540] Freed by task 114: [ 106.297795] kasan_save_stack+0x24/0x50 [ 106.298116] kasan_save_track+0x14/0x30 [ 106.298437] __kasan_save_free_info+0x3a/0x60 [ 106.298793] __kasan_slab_free+0x3f/0x50 [ 106.299118] slab_free_after_rcu_debug+0xd6/0x290 [ 106.299506] rcu_core+0x7c8/0x1800 [ 106.299793] handle_softirqs+0x1b1/0x770 [ 106.300124] __irq_exit_rcu+0xc4/0x100 [ 106.300439] irq_exit_rcu+0x9/0x20 [ 106.300721] sysvec_apic_timer_interrupt+0x70/0x80 [ 106.301113] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 106.301541] [ 106.301678] Last potentially related work creation: [ 106.302066] kasan_save_stack+0x24/0x50 [ 106.302390] kasan_record_aux_stack+0x89/0xa0 [ 106.302749] kmem_cache_free+0x148/0x540 [ 106.303072] __fput+0x67b/0xb50 [ 106.303342] fput_close_sync+0x10f/0x240 [ 106.303668] __x64_sys_close+0x8f/0x120 [ 106.303990] do_syscall_64+0xbf/0x360 [ 106.304292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.304697] [ 106.304838] The buggy address belongs to the object at ffff888041f0a000 [ 106.304838] which belongs to the cache filp of size 360 [ 106.305749] The buggy address is located 176 bytes inside of [ 106.305749] freed 360-byte region [ffff888041f0a000, ffff888041f0a168) [ 106.306687] [ 106.306825] The buggy address belongs to the physical page: [ 106.307265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41f0a [ 106.307887] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 106.308481] memcg:ffff88800b7c0e01 [ 106.308762] flags: 0x100000000000040(head|node=0|zone=1) [ 106.309189] page_type: f5(slab) [ 106.309463] raw: 0100000000000040 ffff888009415500 dead000000000122 0000000000000000 [ 106.310067] raw: 0000000000000000 0000000000120012 00000000f5000000 ffff88800b7c0e01 [ 106.310673] head: 0100000000000040 ffff888009415500 dead000000000122 0000000000000000 [ 106.311293] head: 0000000000000000 0000000000120012 00000000f5000000 ffff88800b7c0e01 [ 106.311905] head: 0100000000000001 ffffea000107c281 00000000ffffffff 00000000ffffffff [ 106.312516] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002 [ 106.313126] page dumped because: kasan: bad access detected [ 106.313573] [ 106.313709] Memory state around the buggy address: [ 106.314093] ffff888041f09f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.314662] ffff888041f0a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.315231] >ffff888041f0a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.315793] ^ [ 106.316182] ffff888041f0a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 106.316749] ffff888041f0a180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 106.317320] ================================================================== [ 106.317882] Disabling lock debugging due to kernel taint [ 106.322810] kmemleak: Found object by alias at 0x607f1a63dae8 [ 106.322825] CPU: 1 UID: 0 PID: 3937 Comm: syz-executor.3 Tainted: G B W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 106.322845] Tainted: [B]=BAD_PAGE, [W]=WARN [ 106.322849] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 106.322856] Call Trace: [ 106.322860] [ 106.322864] dump_stack_lvl+0xca/0x120 [ 106.322884] __lookup_object+0x94/0xb0 [ 106.322900] delete_object_full+0x27/0x70 [ 106.322916] free_percpu+0x30/0x1160 [ 106.322932] ? arch_uprobe_clear_state+0x16/0x140 [ 106.322951] futex_hash_free+0x38/0xc0 [ 106.322965] mmput+0x2d3/0x390 [ 106.322983] do_exit+0x79d/0x2970 [ 106.322996] ? signal_wake_up_state+0x85/0x120 [ 106.323011] ? zap_other_threads+0x2b9/0x3a0 [ 106.323026] ? __pfx_do_exit+0x10/0x10 [ 106.323039] ? do_group_exit+0x1c3/0x2a0 [ 106.323052] ? lock_release+0xc8/0x290 [ 106.323067] do_group_exit+0xd3/0x2a0 [ 106.323081] __x64_sys_exit_group+0x3e/0x50 [ 106.323095] x64_sys_call+0x18c5/0x18d0 [ 106.323110] do_syscall_64+0xbf/0x360 [ 106.323121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.323132] RIP: 0033:0x7f91cebfcb19 [ 106.323141] Code: Unable to access opcode bytes at 0x7f91cebfcaef. [ 106.323146] RSP: 002b:00007ffc34da8e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 106.323157] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f91cebfcb19 [ 106.323165] RDX: 00007f91cebaf72b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 106.323172] RBP: 0000000000000000 R08: 0000001b2d1211e8 R09: 0000000000000000 [ 106.323179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.323186] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc34da8f50 [ 106.323196] [ 106.323200] kmemleak: Object (percpu) 0x607f1a63dae0 (size 16): [ 106.323207] kmemleak: comm "syz-executor.3", pid 285, jiffies 4294772959 [ 106.323214] kmemleak: min_count = 1 [ 106.323218] kmemleak: count = 0 [ 106.323222] kmemleak: flags = 0x21 [ 106.323225] kmemleak: checksum = 0 [ 106.323229] kmemleak: backtrace: [ 106.323232] pcpu_alloc_noprof+0x87a/0x1170 [ 106.323248] mm_init+0x99b/0x1170 [ 106.323256] copy_process+0x3ab7/0x73c0 [ 106.323266] kernel_clone+0xea/0x7f0 [ 106.323276] __do_sys_clone+0xce/0x120 [ 106.323287] do_syscall_64+0xbf/0x360 [ 106.323296] entry_SYSCALL_64_after_hwframe+0x77/0x7f 08:28:06 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:06 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:06 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:06 executing program 7: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) 08:28:06 executing program 3: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x8, 0xb0, 0x9}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000100)) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = getpid() r4 = pidfd_open(r3, 0x0) copy_file_range(r4, 0x0, r2, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) r6 = syz_io_uring_setup(0x3cfc, &(0x7f0000000240), &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_register$IORING_REGISTER_PROBE(r6, 0x8, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x2, r6, 0xa0}) msgget$private(0x0, 0x0) r7 = msgget(0x1, 0x5c2) msgctl$IPC_RMID(r7, 0x0) msgsnd(r7, &(0x7f0000000340)={0x1, "48cfbcfdb41e527b820d56645476c0662c70cf260ada5b3acc5c870aadd5023d71b9bf22450a63e7e86221b191008fd1056c94ff18ce28d203137c64b5b511a64de2f7e5cfda024d0ffb1be30b99067ad4bbdf411e6d6850b06f27132ec45f0a0c3eb98466db79607db51b91b5e9ba461c9040f4b83aee225aa95d8d9561af36010a984f3579638770ca0eaa"}, 0x94, 0x0) VM DIAGNOSIS: 08:28:06 Registers: info registers vcpu 0 RAX=000000000000fe00 RBX=ffff88806cf3c300 RCX=ffffc90008829000 RDX=0000000000040000 RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888043a77418 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d9e7861 R13=ffff88806cf3c308 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff816880d8 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f150e283700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1510e21018 CR3=000000000fbd9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f1510df47c000007f1510df47c8 XMM02=00007f1510df47e000007f1510df47c0 XMM03=00007f1510df47c800007f1510df47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888043037718 R8 =0000000000000000 R9 =ffffed1001399046 R10=0000000000000020 R11=74735f706d756420 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2062665700 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d223000 CR3=000000000d8f7000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000