Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:55230' (ECDSA) to the list of known hosts. 2025/11/16 08:35:05 fuzzer started 2025/11/16 08:35:05 dialing manager at localhost:37161 syzkaller login: [ 51.898404] cgroup: Unknown subsys name 'net' [ 51.984748] cgroup: Unknown subsys name 'cpuset' [ 52.002524] cgroup: Unknown subsys name 'rlimit' 2025/11/16 08:35:17 syscalls: 208 2025/11/16 08:35:17 code coverage: enabled 2025/11/16 08:35:17 comparison tracing: enabled 2025/11/16 08:35:17 extra coverage: enabled 2025/11/16 08:35:17 setuid sandbox: enabled 2025/11/16 08:35:17 namespace sandbox: enabled 2025/11/16 08:35:17 Android sandbox: enabled 2025/11/16 08:35:17 fault injection: enabled 2025/11/16 08:35:17 leak checking: enabled 2025/11/16 08:35:17 net packet injection: enabled 2025/11/16 08:35:17 net device setup: enabled 2025/11/16 08:35:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/16 08:35:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/16 08:35:17 USB emulation: enabled 2025/11/16 08:35:17 hci packet injection: enabled 2025/11/16 08:35:17 wifi device emulation: enabled 2025/11/16 08:35:17 802.15.4 emulation: enabled 2025/11/16 08:35:17 fetching corpus: 0, signal 0/0 (executing program) 2025/11/16 08:35:18 starting 8 fuzzer processes 08:35:18 executing program 0: sched_rr_get_interval(0x0, &(0x7f0000000000)) times(&(0x7f0000000040)) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r0) mq_timedreceive(0xffffffffffffffff, &(0x7f00000000c0)=""/180, 0xb4, 0x7, &(0x7f0000000180)={0x77359400}) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010100}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:updpwd_exec_t:s0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8084}, 0x44010) syz_usb_connect$cdc_ecm(0x0, 0x5e, &(0x7f0000000300)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4c, 0x1, 0x1, 0x81, 0x40, 0x4, [{{0x9, 0x4, 0x0, 0x2, 0x3, 0x2, 0x6, 0x0, 0xff, {{0x6, 0x24, 0x6, 0x0, 0x0, "e1"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x20, 0x3f, 0x8}, [@acm={0x4, 0x24, 0x2, 0x5}, @network_terminal={0x7, 0x24, 0xa, 0xfc, 0x20, 0x93, 0xff}, @obex={0x5, 0x24, 0x15, 0x1f}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x1, 0x0, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x40, 0x1e, 0x1}}}}}]}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x200, 0x5, 0x1f, 0x40, 0x8, 0x1}, 0xc, &(0x7f00000003c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x12, 0xf, 0xd, 0xfffe}]}, 0x1, [{0xf8, &(0x7f0000000400)=@string={0xf8, 0x3, "d2d93f79828930988ed3cb94f7897c61b05477a3c050ee8648f42c4002d41d2d5582937987fe5bf623939b601d6692a2714fa538d56187b6162ed5686f06823f1f7b6f75ba1b5e0076273ec5bb16bfac0389f416d2c6b3f4e743125b21be38b49618c495ac55ff4c9cb7a8e7b640182d5c2d3a5812a913967a2003a602d09cc371495748340073b83a8f449592de9feef2f66262d6ff363fd73ed24f3d3883f4054328bcbafd8934ede96752bb67bf7c30437b3705dd0e1c693e6b05f5bb0a973c43697cb96774d41d517b5708615a533ee8184d656074b24301df7aa7f4eff2feecbf98fbfd9f073a27c51bcd552207945255fb3264"}}]}) sendmsg$NLBL_UNLABEL_C_ACCEPT(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r1, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x30}}, 0x11) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4000020}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x2c, 0x0, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x44880) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000740), r0) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000780), 0x1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x80, r1, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x32, 0x7, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010100}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x10) syz_usb_connect$cdc_ecm(0x5, 0x63, &(0x7f0000000900)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x51, 0x1, 0x1, 0x7, 0xe0, 0x7, [{{0x9, 0x4, 0x0, 0x8, 0x3, 0x2, 0x6, 0x0, 0x1, {{0x7, 0x24, 0x6, 0x0, 0x0, "62b5"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x3, 0x7, 0x80}, [@ncm={0x6, 0x24, 0x1a, 0xfff}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0xca}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0xad, 0x3}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0xb2, 0x81, 0x20}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x1, 0x2d, 0xe1}}}}}]}}]}}, &(0x7f0000000bc0)={0xa, &(0x7f0000000980)={0xa, 0x6, 0x310, 0x4, 0x1, 0x1, 0xff, 0x81}, 0x40, &(0x7f00000009c0)={0x5, 0xf, 0x40, 0x5, [@wireless={0xb, 0x10, 0x1, 0x4, 0x20, 0xff, 0x0, 0x8e, 0xc1}, @wireless={0xb, 0x10, 0x1, 0x8, 0x86, 0x41, 0x81, 0x8, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0xdf31ef317eb477a4, 0x4, 0x0, 0x9d, 0xf222}, @ss_container_id={0x14, 0x10, 0x4, 0xff, "3bd649a399c076787427170f64d6944e"}, @ext_cap={0x7, 0x10, 0x2, 0x9a0157ac694220b2, 0x2, 0x7, 0x1f}]}, 0x5, [{0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x416}}, {0x4, &(0x7f0000000a40)=@lang_id={0x4, 0x3, 0x2801}}, {0x46, &(0x7f0000000a80)=@string={0x46, 0x3, "c7b083b9e8ea678b9da810f41e149535f334bdc775fdea161ca334cbccc1d9b2b59f1b2cf6203dcb00ce90b3ffa191bca2d6903805ebd288784cc881e4a613e16ae87dac"}}, {0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x2809}}, {0x4a, &(0x7f0000000b40)=@string={0x4a, 0x3, "fc0f583a7ee8a020b47f25b0bb128c3118b865cebf2ba009ee11f99a1ac096525ee5c274497b6d136b1de2b0f1e4707446f2fecfc746af23a7d1f4a0891cd26d302317d3aab1e1e7"}}]}) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x53bb91597d5fcc8f) sendmsg$NLBL_UNLABEL_C_LIST(r0, &(0x7f0000000e80)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d80)={0x84, r2, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @remote}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_bond\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan1\x00'}]}, 0x84}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) clock_gettime(0x0, &(0x7f0000000ec0)={0x0, 0x0}) nanosleep(&(0x7f0000000f00)={r4, r5+60000000}, &(0x7f0000000f40)) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000f80), 0x40, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000001280)={0x0, 0xfffffffffffffffb, 0xda, 0x40, @buffer={0x0, 0x8a, &(0x7f0000000fc0)=""/138}, &(0x7f0000001080)="26e2a1f683f44048d54350fca21c8f8528b092577f1aaeddbe4824f512ed9a153a1afb7e7bd036f3a542f1f48121497ef40bbf60382cd925867156559072715ffc64b87de828adede2690b26a8ec5934216ef9dad120af61c8fdb06d73d15e0ed0c5c255c2ad9d3c90ef5181a7ef5d3b1e3907262cd12b6bccb5c64066061d157be149a569c4a705e689a220a2ab6c0caa5da50f26ae4588b55464239318d94bbb7e4aeffd72897b206bcff4798f305a20eb0445453ad38dada19ff9a0bf385e048deaf5c69a442f9fb9b9ad64508ec8f44206a6a150a2813d54", &(0x7f0000001180)=""/143, 0xffffff81, 0x22, 0xffffffffffffffff, &(0x7f0000001240)}) 08:35:18 executing program 1: ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)={'veth0_to_bond\x00'}) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000040)={0x20, 0xff, 0x6, 0x4, 0x4, "cd2b0c962a5b7f96"}) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000480)={0x2d, 0x8, &(0x7f0000000080)="740eb5bce09d0963519e606c0a7f6ca453b41c092cb8240ed459075be723f119553c9d7c1aaef42ce6ead28d9380098580f7c469d6293c5f8f0a1df5f08d2e00a69ddf5801dfca503ecba94244370f68865bc677dc223508005f0f955b57dee8c95d3ea4bd810cd99a09f43b8cdc6bf4da26b98893169c0ca6c3fc46c8d4c007c469cf51dda7badc7e9885703d54ffec1baa28ea3519df88f95365b4c3c7a031d2530aa9e3917079d40fa702e918b1be50979c2868190ba80daea04e745e17516a6a1b42640a9798b9eccde14d628732662fcdb98ac5e40fee992e88661cb1289b04f9da24da16fb028ea86ba7e8ba68dcbdd28cfe33c4c4621d78fd9a421a06563476fee092739e7683c4cc31c5dd79777c23d0f520ed7ea11f075db49db6760dd5862d144d550ac0ce0b7ed5910195fb693bdfe087bf8120d796a129fa48d931a05c875474678c435fc1c0642a7a3d7d1080cceb3e3b332f196879b4e9afe09ec9a754de9e7cb8661711da01b28a24ee58d74faca49f309dfc0ce4269e2d651c8f2dcdcf734bb3e93684c389cf5281a5df10153b51ec7720005816746f29f0065478df8b76e059058ddf5d655e7077eadab4535454c120fa1a2a4c93d1ec3c73ac51dc5b866d18cef30c9163862dc93ec2f3f143ef38f99d89e33b0b5dca5bf419f242252bdcfa8b7926dc048e6f8017165b600012628e0bb83d7a12004869d2aff7d2876795f9e8d21e0ce3cac3b6005cba6b44e36f7cf76be48eb377290e708e57dd69867a92942190e3482a624fab2642535921e3806640640a0cf201de7ca1b19ea0ea5274c5979975432039288a69a4687cb8aaaed7dbb5565d0262ee4b33cc6069f4a18dd18f8672f9218e0294bad3d30d03ad50116d72f9fef2ccdf608cd4f1fea0d1851b708aa0653023ae5ce1f904f70cd2dabd062c7451b7cff91f843811f406a22a43c9429c4e83d7af4bcccc5502c17fe1b915223ab543463ad4297e72d5602e5c29ef55b729fec6c7622c34e4f2f79213dbcb39d465238df2320d13d098fdccb69223fa218f0a4ae6051d03285c05b4d54ef12eeaa4a5bf41d322bf3ff2718b379eb2bb2693c3bf98016ed75fec920fa3a78821936bfa1c2d201b9e1f76dc7b2969c54d31f03aaa903d3d47e2a34e96682cc2a9f7fffa52fd54a501672d6f1de60e0eac0bf3c65add9b4f2eb0d164aeb5913e9533b85d278f5d016884fbf05720319ca8e71b3a7bda6a6e03c181577243acd9ed3b0faf979bd71ae8e820620d6e1e1dec478aff88c8499b6cb479be21f15db211b49bad09554eb9694e785e99153a7ec7909fcbf44d099f50234f3039d144ab43f786fd637579f221aaf47e79e5f9caf024ed3f673592ab782a167491cb5835d37c565664e25790fa04573daa7c49608fc2a3b8a532d242224f228575ecb6ea396e90b9fa50"}) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f00000004c0)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000500)={'macvlan1\x00', @broadcast}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000540), 0x50301, 0x0) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000580)={0xe001, 0x5, 0x2, 0x5, 0x9, "b006027a90fd289e"}) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f00000005c0)=0xfffff801) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000600)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000780), 0x60c002, 0x0) ioctl$SG_GET_SCSI_ID(0xffffffffffffffff, 0x2276, &(0x7f00000007c0)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000800), 0x80801, 0x0) prctl$PR_MCE_KILL(0x21, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000840), 0x4040, 0x0) ioctl$TUNSETOWNER(r3, 0x400454cc, 0x0) 08:35:18 executing program 2: ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000000)) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000002440)={0x0, 0xfffffffffffffffc, 0xdb, 0xff, @scatter={0x6, 0x0, &(0x7f0000002240)=[{&(0x7f0000000040)=""/81, 0x51}, {&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/50, 0x32}, {&(0x7f0000001100)=""/197, 0xc5}, {&(0x7f0000001200)=""/35, 0x23}, {&(0x7f0000001240)=""/4096, 0x1000}]}, &(0x7f00000022c0)="c116f2d1a2c9cefb09e90f194b400c4f1788bc420e8ee5e930b4c0e548dd6e3dbd9cf5f70b0c84b19a4e8fca6b714a0e9a8baa77aa40e0dbf9ff5a0c7ae97597e9c99ab6a46d4077f40479c9d0710ca5a75181dd6bfb685a51e58d3fdfde302cd2954186ad66dc18e070487f485a488a8235b64d47f64bbba6a4f900b1125eda575ebbcd3f6e3e09166f197f474e77f3736fe093dcdbcd25d5223060f4ed20a1aaa7068d53a304194a636a20e11e56972ecdc2e2157d0f1923cb048a502d932a49e91b8ccde94af5103d22056ac1607d0489c4339e5dda7af9ccf6", &(0x7f00000023c0)=""/4, 0xd4bb, 0x10004, 0x3, &(0x7f0000002400)}) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000024c0)='./binderfs2\x00', 0x1ff) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000002500)={0xd, ""/13}) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000002540)=0x2e10) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000002580)=0x7fffffff) syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f00000025c0)) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000002600)=0x7c1) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000002640)=""/4096) r0 = syz_open_dev$sg(&(0x7f0000003640), 0x0, 0x8000) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000003680)) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000036c0), 0x200201, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000003940)={0x53, 0xfffffffffffffffe, 0xe8, 0x2, @buffer={0x0, 0x2f, &(0x7f0000003700)=""/47}, &(0x7f0000003740)="2cd99695928a3a8fd14a4678a2271c1fb2aca9afdf3c1b50f25f30f52c8183ddc4645c751277ee876036b85b5b380ea70494e47a61d1e6e79a34aaa951105de3e14a66581e6b29f1353899b317990b3f4e60f4ac273da606e212063bcf85f6dabced1d4327c8f36d5624f2555391a417aa83c52dc2b1d6e9e7fe9291b7c8f0ce0195cc59d540caeeea0427c57de2afa66323d0fdda097535dc7b81b66d200bbb39c532aa96691e315c2834fbf89d9626597f37d44a1947c75741a27d0fb04919bc493b83ab371b68a6374cd910a4e76e37e4d4573a1dd7c7c69c03387776a0c2e587324be088a325", &(0x7f0000003840)=""/144, 0x9, 0x1, 0x2, &(0x7f0000003900)}) ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000039c0)={0x1, 0x7, [@remote, @multicast, @remote, @remote, @multicast, @local, @random="054d4b8541eb"]}) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000003a00)=0x6e) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000003a40), 0x600040, 0x0) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000003a80)={'sit0\x00'}) 08:35:18 executing program 7: sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x804}, 0x15) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r1, 0x408, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x7}}, ["", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x4000004) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000340), r2) r3 = socket(0x11, 0xa, 0x101) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x38, 0x0, 0x408, 0x4, 0x25dfdbfb, {}, [@GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_TID={0xc, 0x3, 0x2}]}, 0x38}}, 0x20000000) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000480), 0x4200, 0x0) sendmsg$GTP_CMD_GETPDP(r4, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x48, 0x0, 0xd05, 0x70bd25, 0x7ff, {}, [@GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_TID={0xc, 0x3, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_LINK={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_MS_ADDRESS={0x8, 0x5, @loopback}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040000}, 0x48090) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x68, r1, 0x200, 0x70bd26, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x80000001, @link='syz0\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000780)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40000100}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x3c, 0x0, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40015}, 0x40881) sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x2c, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40) r6 = socket(0x11, 0x3, 0xffffffff) sendmsg$TIPC_CMD_SET_LINK_PRI(r6, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x30, r1, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {}, {0x14, 0x18, {0x2, @bearer=@l2={'eth', 0x3a, 'ipvlan1\x00'}}}}, ["", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20008080}, 0x11) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x1c, r7, 0x1, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x50850) ioctl$SG_GET_COMMAND_Q(r4, 0x2270, &(0x7f0000000bc0)) 08:35:18 executing program 3: ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000000)={0x1, 0x7, 0x3, 0x7f, 0x7, "b6ec3edcc3b18ef3"}) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000040)) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x40801, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x400, 0x9, 0x50be, 0x27, 0x3, "b3d4532d20fc4ab3"}) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000100)={0x3a07, 0x7fff, 0x9, 0x3, 0x1b, "bb0ba3b5d1e0a4c8"}) r1 = syz_open_dev$sg(&(0x7f0000000140), 0x6, 0x1) ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000180)) ioctl$TIOCMBIS(r0, 0x5416, &(0x7f00000001c0)=0xffffffff) r2 = mq_open(&(0x7f0000000200)='/dev/vcsu\x00', 0x1, 0xa0, &(0x7f0000000240)={0x8, 0x0, 0xffffffff, 0x2}) mq_notify(r2, &(0x7f0000000440)={0x0, 0x27, 0x1, @thr={&(0x7f0000000280)="a8e40c0bcb53660ad5135536f67a02cf0bb130bd51a0c5f45d2eb45e050e26a6daa447259f821e2cab895d0efaf8542675ab54937ae54b30c7a70baa6bb61e991de01da7ae4e72c90c4c908f3718a05418d116a8f0384ed347c14593171cdb94633e0ec1235a719993780c05f24f08e84f5e46e491fc914f5b3ae55f0558a54e5e66b98434132bf406c8d5d0e131e0515a56a5941abbef15f81f0b06bf7fb70d95c0dc8f96f264c20e1c695e364f9be169ef1d9abfcfb6fc4b2cedf219b3159ea447bd8245e83a783c1cbc3d2a9c06d24e49d28a9afdaaae0e0a3170fec38db02d9c9cea", &(0x7f0000000380)="69ed6af93520d73bf32514aaa474fa7ede206ab888d053f2a412b218c47e4f0b2bf0c0e4865ed59562b5a3cd42cf2f8619e5aa6fb6a97b1278d22d2dc0780bb43067645eed5382a19597b083bd04d43b5c1347b8e75e3c8fa1b34fffc05035f38c7fea234c715332471feb64e652c2132d58981a80acddf8949ab48702e6ccfc00613a94793e894093c2dd45b9c33d203ac26ee0492c8c21b90ad263af89b08a0edce5573215e1dff53f3dab0970bcc42dc8a6f707200a"}}) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000480)={0x0, 0x4, 0x6, 0x1000, 0xc, "3ed9a7c046548eab"}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x54, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x40}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x400000}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x10001}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008041}, 0x440d0) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000600)=0x8) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000680)={&(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x403}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), r3) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000700)={0x530a, 0x8, 0x6, 0x1, 0x9, "3fe6bb1695e8a7335f86d1ed8e98302c89acc8"}) mq_timedreceive(r0, &(0x7f0000000740)=""/182, 0xb6, 0xffff, &(0x7f0000000800)) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$SG_GET_SCSI_ID(0xffffffffffffffff, 0x2276, &(0x7f0000000880)) [ 63.174143] audit: type=1400 audit(1763282118.422:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:35:18 executing program 4: ioctl$BINDER_CTL_ADD(0xffffffffffffffff, 0xc1086201, &(0x7f0000000000)={'custom1\x00'}) r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, r0, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_TID={0xc}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}]}, 0x48}, 0x1, 0x0, 0x0, 0x8804}, 0x40010) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(0xffffffffffffffff, 0x3) socket(0x15, 0x800, 0x9) ioctl$BINDER_CTL_ADD(0xffffffffffffffff, 0xc1086201, &(0x7f00000002c0)={'binder1\x00'}) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000400), 0x1080, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000700)={0x78, 0x0, &(0x7f0000000600)=[@register_looper, @clear_death={0x400c630f, 0x1}, @release={0x40046306, 0x2}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r1}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/246, 0xf6, 0x2, 0x1e}}, &(0x7f00000005c0)={0x0, 0x18, 0x30}}}, @dead_binder_done, @increfs={0x40046304, 0x3}, @register_looper], 0x48, 0x0, &(0x7f0000000680)="93ac7a7b2f1374f9dfc5bbcb9902cc106939671d4f3bb2b32c851ae5680c2fb408c27641c50a5c69cf43c663b6ee4ff74c083d484b919d38bb3ae7e9a8b37d84c6762c207c2cb417"}) getuid() socketpair(0x27, 0xa, 0xc00, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x10, 0x13, @udp='udp:syz2\x00'}}, ["", "", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000080}, 0x4004880) sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x24, 0x0, 0xb14, 0x70bd25, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0xfff}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000980)) openat$binderfs(0xffffffffffffff9c, &(0x7f00000009c0)='./binderfs/binder0\x00', 0x2, 0x0) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x38, 0x0, 0x20, 0x70bd28, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}]}, 0x38}, 0x1, 0x0, 0x0, 0x45}, 0x410) r4 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TIOCMBIS(r4, 0x5416, &(0x7f0000000b00)=0x8237) r5 = geteuid() ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000b80)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_xfrm(r2, &(0x7f0000000d40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000bc0)=@polexpire={0x12c, 0x1b, 0x200, 0x70bd2b, 0x25dfdbfd, {{{@in6=@dev={0xfe, 0x80, '\x00', 0x3d}, @in6=@private0, 0x4e21, 0x5, 0x4e23, 0xcfc9, 0x2, 0x80, 0x80, 0x2b, 0x0, r5}, {0x93, 0x9, 0xc3, 0x1, 0x6, 0x7, 0x100, 0x401}, {0x401, 0x8, 0x4, 0x8000}, 0xcc5, 0x6e6bbb, 0x0, 0x0, 0x2, 0x2}, 0xb7}, [@algo_aead={0x61, 0x12, {{'seqiv(aegis128-generic)\x00'}, 0xa8, 0x0, "773eabf1656b4f2774bb07052065804a3e49ab6644"}}, @XFRMA_IF_ID={0x8, 0x1f, r6}]}, 0x12c}, 0x1, 0x0, 0x0, 0x24004000}, 0x20000000) 08:35:18 executing program 5: r0 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x90, r0, 0xeeb653263fc5ee4e, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x14}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @remote}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:sulogin_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}]}, 0x90}, 0x1, 0x0, 0x0, 0x4005050}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xd3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3ff}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3816f1c3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x200580c0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x800}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}]}, 0x34}}, 0x48001) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000440), 0x43c100, 0x0) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xff}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x2c}}, 0x8040) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, 0x0, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_O_TEI={0x8}, @GTPA_LINK={0x8, 0x1, r2}, @GTPA_I_TEI={0x8, 0x8, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000680)) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000700), r1) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x200c000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, r4, 0x200, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4000000}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x2000000) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x2c, r4, 0x6b6d5123569a5b24, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004}, 0x1) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x3c, r4, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xbf2c}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x60}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x4104) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x140068}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a40)={0xb4, r0, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_SECCTX={0x23, 0x7, 'system_u:object_r:default_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xa}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x17}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0xb4}, 0x1, 0x0, 0x0, 0x845}, 0x20000000) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000bc0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x28, r5, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8000}]}, 0x28}, 0x1, 0x0, 0x0, 0xf841f06ced0a6cba}, 0x4) r6 = syz_genetlink_get_family_id$gtp(&(0x7f0000000d00), r3) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x24, r6, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x24}, 0x1, 0x0, 0x0, 0x240080c0}, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f0000000f40)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e80)={0x68, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x0, @media='udp\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4081}, 0x4840) 08:35:18 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x6, 0x801) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4102000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r1, 0x10, 0x70bd26, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8054}, 0x4008040) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40200c0}, 0x60) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa4, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'batadv_slave_0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_SECCTX={0x2e, 0x7, 'system_u:object_r:iptables_unit_file_t:s0\x00'}]}, 0xa4}, 0x1, 0x0, 0x0, 0x10}, 0x7) r3 = syz_open_dev$vcsn(&(0x7f0000000440), 0xc4a0, 0x8000) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, r4, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x800}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004094}, 0x4000085) r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000005c0), 0x40800, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000640), r3) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, r6, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x18, 0x17, {0xd, 0x100, @l2={'eth', 0x3a, 'sit0\x00'}}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x200000c0}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000740), r0) r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4c083) mq_timedsend(r3, &(0x7f00000008c0)="0027f6c93c782e581d3cc285ec1c74c2bc99daf009f7b8dc169245349a2799f72cdcd78fbb2c5a35d87892ff741bc3c9026c0fc5b0a7fb561c68062dd0e9da7bd979dd1156ac57195b160bb7f0aae2a7caf00658a25fd8063bc2be350d89faeb9f173176c2f9ed290f181d05056215ea0cf0b43034244a", 0x77, 0x2, &(0x7f0000000940)) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r8, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x68, r6, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x4c, 0x18, {0x2, @media='eth\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x5}, 0x40000c0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000ac0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {}, {0x18, 0x17, {0x16, 0x9, @udp='udp:syz1\x00'}}}, ["", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x40) [ 64.307914] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.310815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.314402] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.318878] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.321972] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.430707] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.432870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.437063] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.441066] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.444157] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.512154] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.514124] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.517146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.527736] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.535781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.566086] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.577321] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.592912] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.597755] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.601714] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.603366] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.604541] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.605951] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.606419] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.608862] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.609585] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.612581] ================================================================== [ 64.613640] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 64.614653] Read of size 2 at addr ffff88800d031538 by task kworker/u11:6/309 [ 64.616371] [ 64.616859] CPU: 1 UID: 0 PID: 309 Comm: kworker/u11:6 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 64.616888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 64.616902] Workqueue: hci4 hci_cmd_work [ 64.616931] Call Trace: [ 64.616938] [ 64.616946] dump_stack_lvl+0xca/0x120 [ 64.616973] print_report+0xcb/0x610 [ 64.617000] ? __virt_addr_valid+0x100/0x5d0 [ 64.617025] ? hci_cmd_work+0x66d/0x6d0 [ 64.617051] ? hci_cmd_work+0x66d/0x6d0 [ 64.617077] kasan_report+0xca/0x100 [ 64.617103] ? hci_cmd_work+0x66d/0x6d0 [ 64.617133] hci_cmd_work+0x66d/0x6d0 [ 64.617160] process_one_work+0x8e1/0x19c0 [ 64.617195] ? __pfx_process_one_work+0x10/0x10 [ 64.617224] ? move_linked_works+0x172/0x270 [ 64.617247] ? assign_work+0x196/0x240 [ 64.617276] worker_thread+0x67e/0xe90 [ 64.617305] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 64.617330] ? __pfx_worker_thread+0x10/0x10 [ 64.617360] kthread+0x3c8/0x740 [ 64.617386] ? __pfx_kthread+0x10/0x10 [ 64.617412] ? ret_from_fork+0x79/0x7a0 [ 64.617432] ? lock_release+0xc8/0x290 [ 64.617465] ? __pfx_kthread+0x10/0x10 [ 64.617492] ret_from_fork+0x67a/0x7a0 [ 64.617514] ? __pfx_ret_from_fork+0x10/0x10 [ 64.617538] ? __switch_to+0x759/0x1060 [ 64.617566] ? __pfx_kthread+0x10/0x10 [ 64.617593] ret_from_fork_asm+0x1a/0x30 [ 64.617626] [ 64.617633] [ 64.642186] Allocated by task 288: [ 64.642711] kasan_save_stack+0x24/0x50 [ 64.643282] kasan_save_track+0x14/0x30 [ 64.643850] __kasan_slab_alloc+0x59/0x70 [ 64.644441] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 64.645183] __alloc_skb+0x2ab/0x370 [ 64.645729] hci_cmd_sync_alloc+0x34/0x300 [ 64.646351] __hci_cmd_sync_sk+0xf7/0x5c0 [ 64.646974] hci_write_ca_timeout_sync+0x8f/0x1e0 [ 64.647669] hci_dev_open_sync+0x1874/0x1f60 [ 64.648308] hci_power_on+0xdb/0x5d0 [ 64.648856] process_one_work+0x8e1/0x19c0 [ 64.649470] worker_thread+0x67e/0xe90 [ 64.650038] kthread+0x3c8/0x740 [ 64.650553] ret_from_fork+0x67a/0x7a0 [ 64.651110] ret_from_fork_asm+0x1a/0x30 [ 64.651718] [ 64.651972] Freed by task 304: [ 64.652441] kasan_save_stack+0x24/0x50 [ 64.653023] kasan_save_track+0x14/0x30 [ 64.653597] kasan_save_free_info+0x3a/0x60 [ 64.654220] __kasan_slab_free+0x43/0x70 [ 64.654813] kmem_cache_free+0x26f/0x500 [ 64.655404] kfree_skbmem+0x18a/0x1f0 [ 64.655967] sk_skb_reason_drop+0x10e/0x1b0 [ 64.656580] vhci_read+0x3d5/0x5d0 [ 64.657103] vfs_read+0x1eb/0xc70 [ 64.657608] ksys_read+0x121/0x240 [ 64.658122] do_syscall_64+0xbf/0x430 [ 64.658688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.659422] [ 64.659681] The buggy address belongs to the object at ffff88800d031500 [ 64.659681] which belongs to the cache skbuff_head_cache of size 232 [ 64.661490] The buggy address is located 56 bytes inside of [ 64.661490] freed 232-byte region [ffff88800d031500, ffff88800d0315e8) [ 64.663178] [ 64.663431] The buggy address belongs to the physical page: [ 64.664228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd031 [ 64.665336] flags: 0x100000000000000(node=0|zone=1) [ 64.666039] page_type: f5(slab) [ 64.666535] raw: 0100000000000000 ffff8880096c78c0 dead000000000122 0000000000000000 [ 64.667627] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 64.668723] page dumped because: kasan: bad access detected [ 64.669512] [ 64.669759] Memory state around the buggy address: [ 64.670463] ffff88800d031400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.671477] ffff88800d031480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 64.672493] >ffff88800d031500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.673517] ^ [ 64.674241] ffff88800d031580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 64.675270] ffff88800d031600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 64.676290] ================================================================== [ 64.677483] Disabling lock debugging due to kernel taint [ 64.693492] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.694697] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.708786] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.710888] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.712945] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.714170] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.725356] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.727704] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.731290] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.733915] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.735626] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.745770] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.770606] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.777784] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.339861] Bluetooth: hci0: command tx timeout [ 66.467583] Bluetooth: hci1: command tx timeout [ 66.595568] Bluetooth: hci2: command tx timeout [ 66.787542] Bluetooth: hci5: command tx timeout [ 66.787582] Bluetooth: hci6: command tx timeout [ 66.788348] Bluetooth: hci3: command tx timeout [ 66.788751] Bluetooth: hci4: command tx timeout [ 66.851556] Bluetooth: hci7: command tx timeout [ 68.387488] Bluetooth: hci0: command tx timeout [ 68.515530] Bluetooth: hci1: command tx timeout [ 68.643503] Bluetooth: hci2: command tx timeout [ 68.835506] Bluetooth: hci3: command tx timeout [ 68.836522] Bluetooth: hci4: command tx timeout [ 68.836918] Bluetooth: hci6: command tx timeout [ 68.836937] Bluetooth: hci5: command tx timeout [ 68.900480] Bluetooth: hci7: command tx timeout [ 70.435724] Bluetooth: hci0: command tx timeout [ 70.565496] Bluetooth: hci1: command tx timeout [ 70.691533] Bluetooth: hci2: command tx timeout [ 70.883554] Bluetooth: hci4: command tx timeout [ 70.883999] Bluetooth: hci6: command tx timeout [ 70.884366] Bluetooth: hci5: command tx timeout [ 70.884830] Bluetooth: hci3: command tx timeout [ 70.947491] Bluetooth: hci7: command tx timeout [ 72.485473] Bluetooth: hci0: command tx timeout [ 72.611567] Bluetooth: hci1: command tx timeout [ 72.739519] Bluetooth: hci2: command tx timeout [ 72.931546] Bluetooth: hci3: command tx timeout [ 72.931575] Bluetooth: hci5: command tx timeout [ 72.932383] Bluetooth: hci6: command tx timeout [ 72.932510] Bluetooth: hci4: command tx timeout [ 72.995534] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 08:35:20 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffff88801c053780 RCX=ffff888013f4fa14 RDX=1ffff110027e9f61 RSI=ffffffff81b78f22 RDI=ffff888013f4fac0 RBP=ffff888013f4fb18 RSP=ffff888013f4fa38 R8 =0000000000000001 R9 =ffff888013f4fb00 R10=000000000003ca6e R11=0000000000026dc7 R12=0000000000000000 R13=ffff888013f4fb08 R14=ffff88801c053780 R15=ffff888013f4fac0 RIP=ffffffff815be4f8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe2800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f527efbc020 CR3=000000000d14c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000ff000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88800f25f618 R8 =0000000000000000 R9 =ffffed100167d046 R10=0000000000000037 R11=30373278302f3237 R12=0000000000000037 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0 RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f35ace15070 CR3=0000000009c58000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f3d071767c000007f3d071767c8 XMM02=00007f3d071767e000007f3d071767c0 XMM03=00007f3d071767c800007f3d071767c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000