Warning: Permanently added '[localhost]:6449' (ECDSA) to the list of known hosts. 2025/11/14 23:28:12 fuzzer started 2025/11/14 23:28:12 dialing manager at localhost:37161 syzkaller login: [ 51.502584] cgroup: Unknown subsys name 'net' [ 51.572735] cgroup: Unknown subsys name 'cpuset' [ 51.592784] cgroup: Unknown subsys name 'rlimit' 2025/11/14 23:28:24 syscalls: 200 2025/11/14 23:28:24 code coverage: enabled 2025/11/14 23:28:24 comparison tracing: enabled 2025/11/14 23:28:24 extra coverage: enabled 2025/11/14 23:28:24 setuid sandbox: enabled 2025/11/14 23:28:24 namespace sandbox: enabled 2025/11/14 23:28:24 Android sandbox: enabled 2025/11/14 23:28:24 fault injection: enabled 2025/11/14 23:28:24 leak checking: enabled 2025/11/14 23:28:24 net packet injection: enabled 2025/11/14 23:28:24 net device setup: enabled 2025/11/14 23:28:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 23:28:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 23:28:24 USB emulation: enabled 2025/11/14 23:28:24 hci packet injection: enabled 2025/11/14 23:28:24 wifi device emulation: enabled 2025/11/14 23:28:24 802.15.4 emulation: enabled 2025/11/14 23:28:24 fetching corpus: 0, signal 0/0 (executing program) 2025/11/14 23:28:25 starting 8 fuzzer processes 23:28:25 executing program 0: setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x81, 0x1) r0 = accept(0xffffffffffffffff, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, &(0x7f00000000c0)=0x80) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000100)=0x3, &(0x7f0000000140)=0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000180)=0x2, &(0x7f00000001c0)=0x4) socketpair(0x21, 0x1, 0x2, &(0x7f0000000200)={0xffffffffffffffff}) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000240)={0x87, 0x20}, 0x2) r3 = accept4(r2, 0x0, &(0x7f0000000280), 0x80000) getsockname(r3, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000340)=0x80) ioctl$sock_inet_SIOCGIFADDR(r4, 0x8915, &(0x7f0000000380)={'veth1_virt_wifi\x00', {0x2, 0x0, @broadcast}}) getpeername$packet(r2, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000400)=0x14) connect$packet(r0, &(0x7f0000000440)={0x11, 0x12, r5, 0x1, 0xff}, 0x14) clock_getres(0x5, &(0x7f0000000480)) r6 = syz_open_dev$loop(&(0x7f00000004c0), 0x1, 0x10000) ioctl$LOOP_SET_DIRECT_IO(r6, 0x4c08, 0x4) r7 = syz_open_dev$vcsn(&(0x7f0000000500), 0x7, 0x800) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000540)={{{@in=@rand_addr=0x64010100, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e21, 0x3, 0x4e20, 0x1, 0x8, 0x20, 0x20, 0x84, 0x0, 0xee01}, {0x9, 0x3ff, 0x25, 0x300000000000, 0x5, 0x7eb, 0x401, 0x3}, {0x101, 0xfffffffffffffffc, 0x8, 0x2}, 0x70bd, 0x6e6bbe, 0x1, 0x1, 0x1, 0x3}, {{@in=@rand_addr=0x64010101, 0x4d3, 0xff}, 0x2, @in6=@local, 0x3504, 0x1, 0x1, 0x0, 0x100, 0x0, 0x26}}, 0xe8) setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000640)=0x4, 0x1) accept4$inet6(r3, &(0x7f0000000680)={0xa, 0x0, 0x0, @private2}, &(0x7f00000006c0)=0x1c, 0x80800) clock_gettime(0x0, &(0x7f0000000700)) 23:28:25 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/100, 0x64}, {&(0x7f0000000080)=""/248, 0xf8}, {&(0x7f0000000180)=""/117, 0x75}, {&(0x7f0000000200)=""/174, 0xae}, {&(0x7f00000002c0)=""/104, 0x68}, {&(0x7f0000000340)=""/17, 0x11}, {&(0x7f0000000380)=""/151, 0x97}, {&(0x7f0000000440)=""/128, 0x80}, {&(0x7f00000004c0)=""/214, 0xd6}], 0x9}, 0x1}, {{&(0x7f0000000680)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000700)=""/72, 0x48}], 0x1, &(0x7f00000007c0)=""/78, 0x4e}, 0x1}, {{&(0x7f0000000840)=@ieee802154={0x24, @short}, 0x80, &(0x7f00000019c0)=[{&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f00000018c0)=""/111, 0x6f}, {&(0x7f0000001940)=""/120, 0x78}], 0x3, &(0x7f0000001a00)=""/171, 0xab}, 0x2}, {{&(0x7f0000001ac0)=@nfc_llcp, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001b40)=""/245, 0xf5}, {&(0x7f0000001c40)=""/90, 0x5a}, {&(0x7f0000001cc0)=""/167, 0xa7}], 0x3, &(0x7f0000001dc0)=""/246, 0xf6}, 0x1}, {{&(0x7f0000001ec0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000002500)=[{&(0x7f0000001f40)=""/207, 0xcf}, {&(0x7f0000002040)=""/69, 0x45}, {&(0x7f00000020c0)=""/218, 0xda}, {&(0x7f00000021c0)=""/148, 0x94}, {&(0x7f0000002280)=""/63, 0x3f}, {&(0x7f00000022c0)=""/50, 0x32}, {&(0x7f0000002300)=""/17, 0x11}, {&(0x7f0000002340)=""/53, 0x35}, {&(0x7f0000002380)=""/80, 0x50}, {&(0x7f0000002400)=""/197, 0xc5}], 0xa, &(0x7f00000025c0)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, &(0x7f0000003680)=[{&(0x7f00000035c0)=""/172, 0xac}], 0x1, &(0x7f00000036c0)=""/40, 0x28}, 0x1ff}, {{&(0x7f0000003700)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000003840)=[{&(0x7f0000003780)=""/192, 0xc0}], 0x1, &(0x7f0000003880)=""/65, 0x41}, 0x1f}], 0x7, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80000, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000003ac0)={'wlan0\x00'}) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000003b00)={'mangle\x00', 0x0, [0xd45, 0x101, 0x10000, 0x400, 0x5]}, &(0x7f0000003b80)=0x54) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003bc0)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername(r2, &(0x7f0000003c00)=@l2, &(0x7f0000003c80)=0x80) r3 = syz_open_dev$vcsn(&(0x7f0000003cc0), 0x3, 0x60201) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000003d00)={'wlan1\x00'}) fstat(r1, &(0x7f0000003d40)) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_TIOCOUTQ(r4, 0x5411, &(0x7f0000003dc0)) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000003e00)={'wlan0\x00'}) accept$inet6(r1, &(0x7f0000003e40)={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @local}}, &(0x7f0000003e80)=0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000003ec0)={@loopback, 0xac49bb10, 0x0, 0x1, 0x8, 0x0, 0x1}, &(0x7f0000003f00)=0x20) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000003f40)='posixacl\x00', 0x0, 0x0) r5 = socket$inet6(0xa, 0x800, 0x5) setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f0000003f80)={0x87, 0xa, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @pad1, @jumbo={0xc2, 0x4, 0xfff}, @ra={0x5, 0x2, 0x7ff}, @calipso={0x7, 0x30, {0x1, 0xa, 0x7, 0x7, [0x7ff, 0x5, 0xfa, 0x7f2a, 0x3]}}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x49}]}, 0x60) accept$packet(r0, &(0x7f0000004000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000004040)=0x14) ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000004080)={@mcast1, 0x64, r6}) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f0000004100)='bridge_slave_1\x00') 23:28:25 executing program 2: getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x8000000, 0x0, 0xff, 0x0, 0x0, 0x3}, &(0x7f0000000040)=0x20) r0 = socket$inet6(0xa, 0x6, 0x8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@empty, 0x81, 0x2, 0x0, 0x2, 0x3a51, 0x800}, 0x20) r1 = socket$inet6(0xa, 0x5, 0x3) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@mcast2, @in6=@private2, 0x4e20, 0x8, 0x4e24, 0x3, 0xa, 0xb0, 0x20, 0x5c, 0x0, r2}, {0x7ff, 0xb462, 0x4e5, 0xffffffffffff92dc, 0x5, 0x5e, 0x1, 0x3}, {0x4, 0x70, 0xfffffffffffffff8, 0x10001}, 0xffffffc0, 0x6e6bb8, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d4, 0x2b}, 0xa, @in6=@mcast1, 0x3505, 0x3, 0x1, 0x9, 0x0, 0x6}}, 0xe8) socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000340)={0x6d, {{0xa, 0x4e21, 0x9, @private0, 0x1f}}}, 0x88) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000400)={0x0, @sco={0x1f, @none}, @phonet={0x23, 0x3, 0xff, 0x5}, @sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0xff, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb0, 0x80, 0xd62}) getpeername(r0, &(0x7f0000000480)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, &(0x7f0000000500)=0x80) socketpair(0x27, 0xa, 0xb3c, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r3, &(0x7f0000000580)=@caif=@dbg={0x25, 0x2, 0x7}, 0x80) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000600)={'security\x00', 0x3, [{}, {}, {}]}, 0x58) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000680)=0xffffffffffffffff) r5 = accept4(r0, &(0x7f00000006c0), &(0x7f0000000740)=0x80, 0xc0000) ioctl$sock_ifreq(r5, 0x8947, &(0x7f00000007c0)={'dummy0\x00', @ifru_settings={0x0, 0x0, @raw_hdlc=&(0x7f0000000780)={0x1, 0x1ff}}}) r6 = fsmount(0xffffffffffffffff, 0x0, 0x9) statx(r6, &(0x7f0000000800)='./file0\x00', 0x2000, 0x4, &(0x7f0000000840)) r7 = accept4(r3, &(0x7f0000000940)=@in6={0xa, 0x0, 0x0, @local}, &(0x7f00000009c0)=0x80, 0x800) getsockopt$bt_BT_POWER(r7, 0x112, 0x9, &(0x7f0000000a00)=0x77, &(0x7f0000000a40)=0x1) 23:28:25 executing program 5: r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendto$packet(r0, &(0x7f0000000080)="74ef7723d9cc2a68bb13cea3dcdd", 0xe, 0x48010, &(0x7f00000000c0)={0x11, 0xc, r1, 0x1, 0x6, 0x6, @remote}, 0x14) r2 = syz_open_dev$vcsn(&(0x7f0000000100), 0x5, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f0000000140)=r2, 0x1) eventfd(0x96) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000180)={0x401}, 0x4) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), 0xffffffffffffffff) r4 = socket$packet(0x11, 0xff63b3c1777f407d, 0x300) setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000200)={r1, 0x1, 0x6}, 0x10) ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000000240)=0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x94, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_bond\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_etc_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4040010}, 0x4004095) getsockopt$packet_buf(r0, 0x107, 0x5, &(0x7f0000000400)=""/92, &(0x7f0000000480)=0x5c) socketpair(0x29, 0x6, 0x9, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000500), 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x5, &(0x7f0000000540)=[{0x3, 0x41, 0x2, 0x5}, {0x7, 0xba, 0x81, 0xff}, {0xfff, 0x3, 0x6, 0x6}, {0x6, 0x80, 0x20}, {0x9, 0x1, 0xb1, 0x61c}]}) accept4$packet(r4, &(0x7f00000005c0), &(0x7f0000000600)=0x14, 0x80800) r7 = accept$inet6(r6, &(0x7f0000000640)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000680)=0x1c) setsockopt$inet6_opts(r7, 0x29, 0x39, &(0x7f00000006c0)=@srh={0x1465c52384b77b21, 0x8, 0x4, 0x4, 0x8, 0x20, 0x3ff, [@private2, @local, @loopback, @mcast1]}, 0x48) setsockopt$bt_BT_POWER(r6, 0x112, 0x9, &(0x7f0000000740)=0x5, 0x1) setsockopt$packet_drop_memb(r5, 0x107, 0x2, &(0x7f0000000780)={r1, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10) 23:28:25 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/148, 0x94}, {&(0x7f00000000c0)=""/249, 0xf9}, {&(0x7f00000001c0)=""/33, 0x21}], 0x3}, 0x2}], 0x1, 0x3, 0x0) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000280)={'veth1_to_team\x00', {0x2, 0x0, @initdev}}) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f00000002c0), &(0x7f0000000300)=0x4) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000340)={'bond_slave_1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0}, &(0x7f00000003c0)=0xc) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) socket$inet_tcp(0x2, 0x1, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x7c) fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000400)='bond_slave_1\x00', &(0x7f0000000440)="487af4e2cee02d304f04860d7f95078ba3e447fd7e2cedd00b347b6bc9e38bf22c6356e9f5287b0717deff637f037d5a86771aee46f429c97b8342487291a4ec1409054fdb4d2e3b6c10b0b91be12b0f5c0bb01fda2e6af503a57c636bbbcb6ad30236b164d83deb85bfefe22e907a4e60e056489b3fb43afa2c5acf203ef8e8e6a57dcc870aedb094e06f66cd0f2d6632f8dcd4dc7c9ab1990e5236ac7479d7655643beb21fac767df5f397eac57309e386c4f6fe871bf1fda05ad6c74be061dcf9d8737dfce24c395f68a2cb17c97dc9b6", 0xd2) ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f0000000540)=0x1ff) fsconfig$FSCONFIG_SET_PATH(r2, 0x3, &(0x7f0000000580)='veth1_to_team\x00', &(0x7f00000005c0)='./file0\x00', r2) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) r3 = accept(r0, &(0x7f0000000600)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, &(0x7f0000000680)=0x80) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f00000006c0)={0x0, 0xcf82, 0x0, 0x5, 0x800}, 0x14) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r3) r5 = ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) r6 = syz_open_procfs$userns(r1, &(0x7f0000000780)) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f0000000880)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x60, r4, 0x100, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x25}, @void, @val={0xc, 0x99, {0xfffffffb, 0x6c}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x1e}}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r5}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r6}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x9, 0x13}}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 23:28:25 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x40002) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x10000, 0x0, 0xb, 0x1, 0x8, "285fdde835c9be573d3f19292405ffedef1e56777b29f795e5e78607d78d99a787659d5c2de7861f14b5403c1bca5dc41cf1503d26270967d754d6d5f1c0b8b6", "49be19233415aa22c0b658a4b01ed8283de027cd4ccf2ec790b1273775f7de06b4aca939d15a377256be814dfba9c178ceeffb3ff4aa2da448c240dec237fd91", "7b16b29b08a6d2af0755c4b4c4a2cfcb9edb0403ecde9cfdd2ce4ad388029cf7", [0x6, 0x8]}) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000140)) r1 = syz_open_dev$loop(&(0x7f0000000180), 0xfff, 0x48200) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x17, 0x1b, 0x9, "e3c6e1fb6f65b3b61585d5a45190a3fe0d303ff7847d364922d9a3c511c3b9651fd53d0f723492baf52462afdfc0dc72226229163ff40eee22ee8562446556eb", "0b5147937b6742ee7882d37ca55d6e77cf860bc318cbe60362217014d812c89c7f8e51cf0ba67506667908b12a7a06352ccff38b773be8babb329ac1d49cae9a", "b4ce017037ed42af50195f6eca3aff5f862643daf51a14acf6b1109dce53fd2a", [0xd56, 0x8000]}) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000002c0)) r2 = syz_open_dev$vcsn(&(0x7f00000003c0), 0x6, 0x10400) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0xa, 0x16, 0xd, "4026588ab5cbcf4cda68642f93ac1022777f01990df544ac424c12bb294d6ba345e8bc18b6601fab3d269a996338da109f41fa32ff591c69510cbd161b0175e6", "ed94a7c18c95d8f2847ac82e4416212158f4f770ddb9d016927edefcdb8246a4408dde490331f50a09620e5f322f8a43c6772337b692ae4c9300209016c8d634", "0740b777038518f7b6b324d9d4c235913909a4d762f7a5f80c76fba92ce35d33", [0x9, 0x9]}) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000500)) r3 = syz_open_dev$vcsn(&(0x7f0000000600), 0x500, 0x8000c0) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x132) ioctl$sock_inet_SIOCGIFADDR(r3, 0x8915, &(0x7f0000000640)={'gretap0\x00'}) r4 = syz_open_dev$vcsn(&(0x7f0000000680), 0xfff, 0x0) ioctl$NS_GET_USERNS(r4, 0xb701, 0x0) r5 = syz_open_dev$loop(&(0x7f00000006c0), 0x3, 0x80) ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f0000000700)={0x0, {}, 0x0, {}, 0x58bb, 0x8, 0x6, 0x16, "b9ea98b273a8e030c2a63a6faab4f387f9840497a6a09d9d8f738d5ad3c4110bf71c91bea7ad85638e75682221dd090bc13e28bdc3286cdcd5bb1ccc1c747e08", "fa09dd2cdbf45d2c53dd92b279f1ec7311c2dd2a2f3dda47ea6ee26c86c9e525", [0x4, 0x120000000]}) setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f00000007c0)={0x80000000}, 0x4) accept$packet(r3, &(0x7f0000000a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000a80)=0x14) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000b40)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x3c, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@GTPA_TID={0xc, 0x3, 0x1}, @GTPA_LINK={0x8, 0x1, r6}, @GTPA_PEER_ADDRESS={0x8, 0x4, @empty}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x800) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000b80), 0x4) 23:28:25 executing program 7: pselect6(0x40, &(0x7f0000000000)={0x6, 0x3ff, 0x7, 0x10001, 0xffffffff, 0x10001, 0x8, 0xfffffffffffffffe}, &(0x7f0000000040)={0x200, 0x4, 0x1, 0x10b, 0xe768, 0x0, 0xff, 0x5}, &(0x7f0000000080)={0x7ff, 0x0, 0x5, 0x726b81da, 0x1, 0x1000000000, 0x7, 0xffffffff7fffffff}, &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100)={[0x8000]}, 0x8}) r0 = io_uring_setup(0x67fb, &(0x7f0000000180)={0x0, 0x61e8, 0x8, 0x3, 0x202}) r1 = syz_open_dev$vcsn(&(0x7f0000000200), 0xe77, 0x2) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000240)=r1, 0x1) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000280), 0x4) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f00000002c0)=@dstopts={0x2, 0x2, '\x00', [@enc_lim={0x4, 0x1, 0x6}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x7fffffff}]}, 0x18) r2 = socket(0x25, 0x80000, 0x6) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000300)={'raw\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r3 = io_uring_setup(0x1393, &(0x7f0000000380)={0x0, 0xcf9, 0x4, 0x2, 0x1ae, 0x0, r1}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000440)={0x8, &(0x7f0000000400)=[{0x6, 0x5, 0x81, 0x8001}, {0x7, 0xfd, 0x6, 0x5}, {0xa029, 0x3, 0x1, 0x7}, {0x4, 0x5, 0x7, 0x8}, {0xcae, 0x4, 0x8, 0x6}, {0xff, 0x2, 0x3f, 0x10001}, {0x1ff, 0x5, 0x3f}, {0x13, 0x3, 0xc8, 0x7f}]}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r4) r5 = fsmount(r1, 0x0, 0x1) ioctl$LOOP_SET_FD(r5, 0x4c00, r4) r6 = syz_open_dev$vcsn(&(0x7f0000000480), 0x1, 0x84982) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000004c0)={@dev={0xfe, 0x80, '\x00', 0x3e}, 0x3, 0x2, 0xfd, 0x0, 0x8, 0x6}, &(0x7f0000000500)=0x20) keyctl$session_to_parent(0x12) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000540), 0xffffffffffffffff) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3) r7 = fsopen(&(0x7f0000000580)='esdfs\x00', 0x1) fsconfig$FSCONFIG_SET_PATH(r7, 0x3, &(0x7f00000005c0)='\'*\']!:]!)&.\x00', &(0x7f0000000600)='./file0\x00', r1) [ 62.560126] audit: type=1400 audit(1763162905.194:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 23:28:25 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) r1 = accept4$packet(r0, 0x0, &(0x7f0000000000), 0x800) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_NET_NS_FD={0x8}, @GTPA_LINK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x48011) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@local, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000280)=0xe8) bind$packet(r1, &(0x7f00000002c0)={0x11, 0x6, r3, 0x1, 0x7, 0x6, @multicast}, 0x14) syz_genetlink_get_family_id$gtp(&(0x7f0000000300), 0xffffffffffffffff) getresuid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000400), 0xb94a609343a03b28, 0x0) ioctl$RNDADDENTROPY(r5, 0x40085203, &(0x7f0000000440)={0x6, 0x20, "571a42675eac746e2316675a31d43e0c867a4ec39ca1cca07d7d8b8d3fc8b2ee"}) getsockopt$inet_tcp_int(r4, 0x6, 0x8, &(0x7f0000000480), &(0x7f00000004c0)=0x4) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000500)='veth1_macvtap\x00') setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000540)={r3, 0x1, 0x6, @broadcast}, 0x10) getsockopt$inet_tcp_int(r4, 0x6, 0x24, &(0x7f0000000580), &(0x7f00000005c0)=0x4) socketpair(0x23, 0x5, 0x7, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000640)=0xa3, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) getsockopt$IP6T_SO_GET_ENTRIES(r7, 0x29, 0x41, &(0x7f00000006c0)={'nat\x00', 0xf, "805d42bbee12303b6f7b0f47160fc1"}, &(0x7f0000000700)=0x33) bind$packet(r7, &(0x7f0000000740)={0x11, 0x3f, r3, 0x1, 0x2, 0x6, @broadcast}, 0x14) [ 63.704585] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.706435] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.708206] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.713326] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.716993] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.765146] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.766915] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.768294] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.781282] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.783279] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.834273] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.841443] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.843177] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.847442] ================================================================== [ 63.848509] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 63.849504] Read of size 2 at addr ffff88800bb7d7b8 by task kworker/u11:1/290 [ 63.851297] [ 63.852937] CPU: 0 UID: 0 PID: 290 Comm: kworker/u11:1 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 63.852966] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 63.852980] Workqueue: hci3 hci_cmd_work [ 63.853009] Call Trace: [ 63.853017] [ 63.853025] dump_stack_lvl+0xca/0x120 [ 63.853052] print_report+0xcb/0x610 [ 63.853079] ? __virt_addr_valid+0x100/0x5d0 [ 63.853103] ? hci_cmd_work+0x66d/0x6d0 [ 63.853129] ? hci_cmd_work+0x66d/0x6d0 [ 63.853156] kasan_report+0xca/0x100 [ 63.853182] ? hci_cmd_work+0x66d/0x6d0 [ 63.853211] hci_cmd_work+0x66d/0x6d0 [ 63.853239] process_one_work+0x8e1/0x19c0 [ 63.853274] ? __pfx_process_one_work+0x10/0x10 [ 63.853303] ? rcuwait_wake_up+0x27/0x290 [ 63.853332] ? move_linked_works+0x172/0x270 [ 63.853355] ? assign_work+0x196/0x240 [ 63.853384] worker_thread+0x67e/0xe90 [ 63.853413] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 63.853438] ? __pfx_worker_thread+0x10/0x10 [ 63.853468] kthread+0x3c8/0x740 [ 63.853494] ? __pfx_kthread+0x10/0x10 [ 63.853520] ? ret_from_fork+0x79/0x7a0 [ 63.853541] ? lock_release+0xc8/0x290 [ 63.853572] ? __pfx_kthread+0x10/0x10 [ 63.853599] ret_from_fork+0x67a/0x7a0 [ 63.853619] ? __pfx_ret_from_fork+0x10/0x10 [ 63.853641] ? __switch_to+0x759/0x1060 [ 63.853669] ? __pfx_kthread+0x10/0x10 [ 63.853696] ret_from_fork_asm+0x1a/0x30 [ 63.853730] [ 63.853737] [ 63.876168] Allocated by task 289: [ 63.876692] kasan_save_stack+0x24/0x50 [ 63.877291] kasan_save_track+0x14/0x30 [ 63.877890] __kasan_slab_alloc+0x59/0x70 [ 63.878506] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 63.879253] __alloc_skb+0x2ab/0x370 [ 63.879811] hci_cmd_sync_alloc+0x34/0x300 [ 63.880438] __hci_cmd_sync_sk+0xf7/0x5c0 [ 63.881066] hci_read_dev_class_sync+0x2c/0x170 [ 63.881763] hci_dev_open_sync+0x1874/0x1f60 [ 63.882421] hci_power_on+0xdb/0x5d0 [ 63.882984] process_one_work+0x8e1/0x19c0 [ 63.883619] worker_thread+0x67e/0xe90 [ 63.884209] kthread+0x3c8/0x740 [ 63.884719] ret_from_fork+0x67a/0x7a0 [ 63.885386] ret_from_fork_asm+0x1a/0x30 [ 63.886002] [ 63.886033] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.886263] Freed by task 301: [ 63.887343] kasan_save_stack+0x24/0x50 [ 63.887938] kasan_save_track+0x14/0x30 [ 63.888544] kasan_save_free_info+0x3a/0x60 [ 63.889192] __kasan_slab_free+0x43/0x70 [ 63.889805] kmem_cache_free+0x26f/0x500 [ 63.890419] kfree_skbmem+0x18a/0x1f0 [ 63.890989] sk_skb_reason_drop+0x10e/0x1b0 [ 63.891633] vhci_read+0x3d5/0x5d0 [ 63.892181] vfs_read+0x1eb/0xc70 [ 63.892709] ksys_read+0x121/0x240 [ 63.893245] do_syscall_64+0xbf/0x430 [ 63.893822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.894588] [ 63.894847] The buggy address belongs to the object at ffff88800bb7d780 [ 63.894847] which belongs to the cache skbuff_head_cache of size 232 [ 63.896717] The buggy address is located 56 bytes inside of [ 63.896717] freed 232-byte region [ffff88800bb7d780, ffff88800bb7d868) [ 63.898437] [ 63.898687] The buggy address belongs to the physical page: [ 63.899477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbb7d [ 63.900619] memcg:ffff888009f2de81 [ 63.901141] anon flags: 0x100000000000000(node=0|zone=1) [ 63.901928] page_type: f5(slab) [ 63.902425] raw: 0100000000000000 ffff8880096c78c0 ffffea0000364d40 dead000000000003 [ 63.903553] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888009f2de81 [ 63.904667] page dumped because: kasan: bad access detected [ 63.905487] [ 63.905743] Memory state around the buggy address: [ 63.906430] ffff88800bb7d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.907462] ffff88800bb7d700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 63.908504] >ffff88800bb7d780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.909534] ^ [ 63.910271] ffff88800bb7d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 63.911317] ffff88800bb7d880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 63.912374] ================================================================== [ 63.913522] Disabling lock debugging due to kernel taint [ 63.914753] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.915336] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.919740] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.920360] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.922602] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 63.923746] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.924832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 63.926079] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.928932] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 63.931133] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.933367] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.937303] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.938710] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 63.939191] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.941195] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.941837] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.943185] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.943940] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.944584] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.945835] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.949923] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.953687] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.958963] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.960141] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 63.961894] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 63.963673] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.794734] Bluetooth: hci0: command tx timeout [ 65.858677] Bluetooth: hci1: command tx timeout [ 65.989118] Bluetooth: hci7: command tx timeout [ 65.989550] Bluetooth: hci6: command tx timeout [ 65.990228] Bluetooth: hci5: command tx timeout [ 65.990251] Bluetooth: hci2: command tx timeout [ 65.990262] Bluetooth: hci3: command tx timeout [ 66.050679] Bluetooth: hci4: command tx timeout [ 67.842681] Bluetooth: hci0: command tx timeout [ 67.906693] Bluetooth: hci1: command tx timeout [ 68.035733] Bluetooth: hci3: command tx timeout [ 68.036201] Bluetooth: hci2: command tx timeout [ 68.036589] Bluetooth: hci6: command tx timeout [ 68.037041] Bluetooth: hci5: command tx timeout [ 68.037065] Bluetooth: hci7: command tx timeout [ 68.098731] Bluetooth: hci4: command tx timeout [ 69.891146] Bluetooth: hci0: command tx timeout [ 69.954782] Bluetooth: hci1: command tx timeout [ 70.082715] Bluetooth: hci6: command tx timeout [ 70.083693] Bluetooth: hci7: command tx timeout [ 70.083739] Bluetooth: hci5: command tx timeout [ 70.084099] Bluetooth: hci2: command tx timeout [ 70.084524] Bluetooth: hci3: command tx timeout [ 70.146731] Bluetooth: hci4: command tx timeout [ 71.938701] Bluetooth: hci0: command tx timeout [ 72.002698] Bluetooth: hci1: command tx timeout [ 72.130750] Bluetooth: hci3: command tx timeout [ 72.131385] Bluetooth: hci2: command tx timeout [ 72.132812] Bluetooth: hci5: command tx timeout [ 72.132836] Bluetooth: hci7: command tx timeout [ 72.133388] Bluetooth: hci6: command tx timeout [ 72.194730] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 23:28:26 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff8293dc70 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff8880207ff620 R8 =00000000ffffffff R9 =ffffed10040ffeb5 R10=0000000000000000 R11=000000003a555043 R12=0000000000000076 R13=ffffffff889747d0 R14=ffffffff88974780 R15=ffffffff88974a40 RIP=ffffffff8293dcc5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4f11be0710 CR3=000000001fef1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00ffffffffffff0000000000000000 XMM01=0100010001000000ffffffffffffffff XMM02=0500050005000000455441564952505f XMM03=0000000000000000000000564952505f XMM04=00030005000500050005000000455441 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff8880193c7730 RCX=ffff8880193c7708 RDX=1ffff11003278ee7 RSI=ffffffff8161a5de RDI=ffff8880193c7738 RBP=0000000000000000 RSP=ffff8880193c7648 R8 =0000000000000001 R9 =ffff8880193c76a8 R10=000000000003ca6e R11=000000000000454a R12=ffff8880193c7730 R13=0000000000000000 R14=ffff88801b423780 R15=0000000000000dc0 RIP=ffffffff8161a2af RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe21521e8c0 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000559199891220 CR3=000000001ef04000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=7269762f736563697665642f7379732f XMM01=006c6175747269762f73656369766564 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00010100000000ff0000000000000000 XMM06=00000002ffffffff000055919989f650 XMM07=00000000000000000000000000000000 XMM08=697361622f6372732f2e2e000d0a0920 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000