last executing test programs: 2.900843827s ago: executing program 1 (id=214): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) fstat(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x40000) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) write$sndseq(r5, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) r6 = syz_usbip_server_init(0x1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902"], 0x0) write$usbip_server(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000300000001"], 0x35) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x30c4222, &(0x7f0000000300)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x600}}, {@max_read={'max_read', 0x3d, 0x9}}, {@default_permissions}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x200}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1000}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@max_read={'max_read', 0x3d, 0x1}}], [{@context={'context', 0x3d, 'user_u'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x44024) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000100)={0x1}, 0x8) 1.690972696s ago: executing program 1 (id=232): r0 = creat(0x0, 0x108) (async) r1 = socket(0x10, 0x3, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000280)=0x100000001, 0xc5) (async) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", ' \x00'}, 0x28) sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000000240)='n', 0x1}, {&(0x7f0000000b80)='_', 0x1}, {&(0x7f00000006c0)="11", 0x1}, {&(0x7f0000000500)="0f", 0x1}, {&(0x7f0000000d00)='z', 0x1}, {&(0x7f0000001000)="e3", 0x1}, {&(0x7f0000000440)="15", 0x1}, {&(0x7f0000000a80)="16", 0x1}, {&(0x7f0000000e00)='O', 0x1}, {&(0x7f0000002ec0)="cc", 0x1}, {&(0x7f0000003ec0)="9f7892793cc18fbb4543a96afa61eb1a248982f55c500ffcd5fd43c6fea4bd1d1bcd9b7983e49f6eb7e941072f9ba38176537bc9f4c9ce4fe45a03ab7d56fa08831497684e94f45ff79a2c7dea0d0b7ed4ffdfa3659abe8805f0837a0f8b04ccae1f0611e8ce28d0b9e246c2ea99414c4e3ce3c9fbad2c4204e1b3729884a3da97b0b0ba252f96e25bca04a507f928d8ac00ced96eb1e04a9b7504652aaf6034148289658b4af12e2a27a3b30a126aeabc88d1f8fa418ac15e2b964b8bb49f094df8c6e96b11a7e141b4178fa4f3cc9f81413e6f3edc825b010bec1b233a3f900c8c24e6b68b49980c3a36095198bed8be35612f820dd86a856ba75e7265f9cd5fc49b498f0c3411bd24c61e82be3489a1b0f8222547ea0c9c86763a25dd2d4978cb37ea8552030016655c2d424c554e1fdca1f15d3b441df926d8067dac605123", 0x141}, {&(0x7f0000004e40)="f07bda7de3c79786f0e24def3cf0e803292fa7088fae7603e0668ce88cff4f3507b830b654171b44fac84a3fa2089dc8b2e2b6deb8961422d73c89b841a3f4dbfd48fd61b7916d7f781b9d0619af6821359231acd2829813ad3ccf76733fdaccbf8b40597ab466d6885add0ddbd42eb7b5ca64299bf016a2691e7ee2248e0541fb324b202bb7822a36d418a8b9b8585409530fd410058e5fd79dce8c389a882452484d989593c68edc2631b23431720cea6a8d1727ef521ae1a29467e54ee1d3592abb46a2f09c9342403f35f28c6bfa6b2beed1469bb64dfd5bcd3c5cd223d8205972d91f813c53a96e2532a142d5fd9102b2a367a184b10f0d90a8caaf45da49b6cf81f658bff1812a222f6144c14a4f2662971514e8c77b665d7c4737afee4142e5f776ae049072f276a98d9197082955e25f33849d8578c1b3b847626de74f9de58eee4d821c6287b52d24e3b24cc2e7a2d9c65fd3f66391aa4c5c740f9e18b842f55d14d96cc2e6e432d95e87a15f0db960dcf009677af1a8c5a3aecae5bf2f971120403a815fef06d99aeadd43f5ea35d5d34b22d20ee4528162091d4303bba3983611775b9a0530aede9243ba237739605d52de3bfa5b8f2a711d0d33a0", 0x1c1}, {&(0x7f0000000000)="a4", 0x1}, {&(0x7f00000002c0)="c8", 0x1}, {&(0x7f0000001dc0)="fd", 0x1}, {&(0x7f0000000940)="1f", 0x1}], 0x10}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000100)={0x0, 0x0, 0x0}) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010009f0f65c301000000000000000000", @ANYRES32=r7, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008000300070000000800090001000000"], 0x44}}, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, r5}) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x170, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "52087def75c736f85cc7d27338360e8cb966058f66908611a2da3e15d87ea4bbea3d646bddcbf88d74a8f9e560e73cc92e50a1e1eb696bc28149a6f97bca767db6d5a2e4a0ce4e1f337f52af8d065ab3903bf929f30662e91d6466b050411964902e6bfd3d89271fd28b48677d5cf2caefd8a40abbe65daabf39f028156294855a66954d2349461e5b3fdf380433eb7182203d89bd1637c99109d611ac6ddd1f8bd70df15be1196d73cf82360c81beb73bd89d4e22511b72fa9373f5ff75156b83de4ba43f4325cb81ad4e1ebabd12279a1c2cb16d9b64ac46472168b729780d5697663cde109a2ea16079fdfb016066bd7f663500"}, @TCA_GRED_PARMS={0x38, 0x1, {0x1, 0x6, 0x37, 0xa, 0x80000001, 0xb, 0x6, 0xffffffff, 0x2, 0x0, 0xe, 0x9, 0x8, 0x6, 0x8bc, 0x6}}]}}]}, 0x170}}, 0x0) (async) modify_ldt$read(0x1100, 0x0, 0xfffffffffffffe5e) (async) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1000001, 0x3032, 0xffffffffffffffff, 0x0) (async) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r8) (async) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) ptrace$poke(0x4, r9, &(0x7f0000000040), 0x282e) 1.69073484s ago: executing program 1 (id=233): r0 = syz_io_uring_setup(0x6b4c, &(0x7f0000000000)={0x0, 0xa4e0, 0x8000, 0x0, 0x17f}, &(0x7f0000000080), &(0x7f0000000140)) r1 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x800, 0x200, 0x36f, 0x0, r0}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index=0x8, 0xb, {}, 0x2, 0x3, 0x1}) io_uring_enter(r1, 0x567, 0x1000a387, 0x0, 0x0, 0x0) 1.688643313s ago: executing program 1 (id=234): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=@bridge_delneigh={0x1c, 0x1c, 0x1, 0x2000002, 0x25dfdbfd, {0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}}, 0x1c}, 0x1, 0x0, 0x0, 0x20040051}, 0x40c0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000080)={0x0, 0x7f, 0x700}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000240)=@sr0, &(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='gfs2\x00', 0x0, &(0x7f00000035c0)='quota') (async) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f0000002dc0)=[{{&(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10, 0x0, 0x0, &(0x7f0000002ec0)=ANY=[@ANYBLOB="14000000000000000000000007000000000703be000000001400000000000000000000000200000004"], 0x30}}], 0x1, 0x20000814) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0xfffffffffffffc04, 0x0, 0x1, r5, 0x11}) (async) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0xfffffffffffffc04, 0x0, 0x1, r5, 0x1}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3) r7 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x8200, 0x0) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000180)="66b93709000066b80400000066ba000000000f30ba6100b80000efdea000500f2258b800098ed00f01cbf02830baf80c66b8a02b768166efbafc0c66edba4300b8c000efbaf80c66b8a3a9db8b66efbafc0cec", 0x53}], 0x1, 0x5, &(0x7f00000000c0), 0x0) 1.520816287s ago: executing program 3 (id=238): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c) (async) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f0000000280)="ca70", 0x2}], 0x2}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x0, 0xc, 0x171}}, 0x30) 1.451183641s ago: executing program 3 (id=239): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05400000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a300000000014000480080002400000000008000140000000000900010073797a30000000004c000000060a01040000000000000000010000002400048020000180080001006f736600140002800500020000000000080001400000001408000b40000000000900010073797a300000000014000000110001"], 0xd4}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) 1.45090812s ago: executing program 1 (id=240): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) r3 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2}) prctl$PR_SET_NAME(0x53564d41, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x7, 0x0, 0x3}}}}}}}, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) modify_ldt$write(0x1, &(0x7f0000000200), 0x10) modify_ldt$read(0x0, &(0x7f0000001880)=""/4096, 0x1000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) setrlimit(0x8, &(0x7f0000000380)) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) ioctl$TIOCL_BLANKSCREEN(r5, 0x4b67, &(0x7f0000000000)) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.449627801s ago: executing program 3 (id=241): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000009580)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000009280)=[{&(0x7f00000071c0)="2f6a9c0fc95c9b3aa2664252e00b56abd45d2e6f006c1bbea4a0c1cfae29796645fb4bfaae8619eb0d06da5c1608cef2e16f2ce8ddbf4158d2985be8962772b5923590bb6f7936426c3dd89147b2097f9045ac7ee3d3a5923e8ea8980af927be2ee5b2cee2ae414a079de01a64cb3e810a23373759e2da055923fe83507c5530627a9507d88b0489442cc3ca111dafd363e37103a2866c275e617142b01098a285a3adebd28a1f9e1a98dd57579bdd6ea5c1355e644156464f05f4ad75cc500a153ba75b050caa767acde27d3ded", 0xce}], 0x1}}], 0x2, 0x20) (async, rerun: 64) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async, rerun: 64) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async) dup(0xffffffffffffffff) (async) r3 = io_uring_setup(0x355b, &(0x7f0000000080)={0x0, 0x369e, 0x1000, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) (async) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x80000}) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000140)=0x60e0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.021280748s ago: executing program 3 (id=243): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r2) r3 = accept$alg(r1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) recvmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x200007}], 0x1, 0x100, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r5) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x40111}, 0x20000004) write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x4000000000003) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000080)='./file2\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) socket$inet_mptcp(0x2, 0x1, 0x106) close_range(r9, 0xffffffffffffffff, 0x0) sendfile(r0, r4, &(0x7f0000000100)=0x6, 0x100000000010001) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, r10, {0x7}}, './file0\x00'}) ioctl$KVM_RUN(r11, 0xae80, 0x0) 1.019756902s ago: executing program 1 (id=245): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="b4050000000000006110a400000000001f150000000000009500000000000000704fff7649b0983f42d01eccd13e9ec8a0a0ba6f00720c38fb17c6973e6361f5710065aaf625b96d173daf810865508ce8e9e1fa28e8bc8620294d24b6e609fa8a42156ea7394b8e0f09362f9e2576fd38cecff65abf747c96f88c9e0d54c135a1666ac39044329aaff9afb6"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x7, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r2, 0x400455c8, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x8b8, 0x9, 0x5, 0x20101, r0, 0xc, '\x00', 0x0, r2, 0x2, 0x3, 0x5, 0x5}, 0x50) 1.009078797s ago: executing program 2 (id=248): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=ANY=[@ANYBLOB="340000001800dd8dfcffffff000000000200000000000006000000000600150003000000100016800c00028008000100", @ANYRES32, @ANYBLOB="102db0c8658d6bc8667561134fe33c2cda58946def0a57eded1281b9ab48fce135e62490af5f9b077681"], 0x34}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wg0\x00', 0x0}) r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x11, 0x129800) sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0xec, 0x0, 0x9, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_STATUS={0x8}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1a}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x2}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0x13, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xf3}}, @NFCTH_TUPLE={0x84, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0xfe28, 0x2, @multicast2}}}, @CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000}, 0x4040010) r4 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000440)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x7, 0x4, [@loopback]}]}}}], 0x18}, 0x40000) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2e}}}, 0x0, 0x0, 0x44, 0x0, "7792665e0bcdd21bb236171d81a792a4db8b81475d0a23dfe58f7f7d0bd1afcfb348b157d33fcb0a913130894195e73a606a9d458f11b42a2f898a1d6f442dae246bdefcd03bf3cb675b139d084c8e57"}, 0xd8) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000080), 0x10) setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f0000000140)=0x2, 0x4) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="03150000000000001c0012800c0001006d612cbaf814eaff08e08008000700050000000800050076e8e256ffe6a12631cc600fba60c247e196d964076ebadb1fdfc44836bfab33cd482229853ee891a1ed251f32c337c02a30d206e13c6fa393e63b60429401d47fa5fa7097620c17824f99113e6880c6e3d1b1dfe3e0d78914b807ab959870ce56ad6a2af35671d5dd05bcc45a060bd3b0054a9f405d1034ac7127a3e5c4fc2b87d26995fcb1b1a8e7295209e14d5add065e917f5fe7ff147a02d2a0c4a7b529ad92822c32e11e1b0c9404f3e0f2f882ac4903401fe628f54caefe83b9", @ANYRES32=r2, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000480)={0x10003, 0x4, 0x8000000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) 1.006641444s ago: executing program 2 (id=249): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xa1, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f00000001c0)="0f01c4670f01c30f3804443e0f8c00006a00660f1b163e230f79d40f01ca670f22010f20c06635000000800f22c0", 0x2e}], 0x1, 0x40, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00'}) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000074d564b"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 571.455885ms ago: executing program 2 (id=257): futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f00000002c0), 0x93020007) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c01000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb0000fff720000001000000003b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000000000000080000004000000000000000000004000000000000000000000000000000000000000000000000025bd70000000000002000001000000000000000008001f0004000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c", @ANYRES32=0x0, @ANYBLOB="321444"], 0x14c}}, 0x4810) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}}, 0x8000) 491.256017ms ago: executing program 2 (id=259): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES8], 0xb8}}, 0x4048080) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000740)='./file0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2244, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r0, &(0x7f0000000600)='environ\x00') sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="ec000000210001fdffffffffffffff00ac1ee100000000002000000000000000403403f438bd9e28000000000000000000000000000000000a0000edffffff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011"], 0xec}}, 0x0) 431.230522ms ago: executing program 0 (id=260): mkdir(&(0x7f0000000200)='./file0\x00', 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f0000000080)) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xfffffffffffffde8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x18) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) (async) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x800, 0x2, 0x4}, 0x1c) (async) syz_emit_ethernet(0x46, &(0x7f00000003c0)={@empty, @remote, @val={@val={0x88a8, 0x0, 0x1, 0x3}, {0x8100, 0x4, 0x0, 0x4}}, {@ipv6={0x86dd, @udp={0xa, 0x6, "67cabb", 0x8, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, {[], {0x4e23, 0x4e21, 0x8}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10) (async) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = dup(r5) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x8, 0x20, 0x9, 0x80000001, {{0x13, 0x4, 0x1, 0x7, 0x4c, 0x68, 0x0, 0x3, 0x29, 0x0, @broadcast, @remote, {[@lsrr={0x83, 0xf, 0x2, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @rr={0x7, 0x17, 0xc5, [@initdev={0xac, 0x1e, 0x1, 0x0}, @local, @rand_addr=0x64010100, @loopback, @multicast2]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0xc, 0x17, 0x3, 0xe, [{@multicast2, 0xfffffff7}]}]}}}}}) sendmsg$inet(r3, &(0x7f0000000380)={&(0x7f0000000180)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000280)=[{&(0x7f00000001c0)="faba52c431ba8d65a187e550a3010af86474d158fffa8ea9ee710a556f4a", 0x1e}], 0x1, &(0x7f0000000500)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x69}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @loopback, @multicast1}}}, @ip_retopts={{0x90, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x3c, 0x25, 0x3, 0xb, [{@empty, 0x10}, {@dev={0xac, 0x14, 0x14, 0x2a}, 0x8000}, {@rand_addr=0x64010102, 0x4}, {@empty, 0x5}, {@remote, 0x101}, {@multicast1, 0x5}, {@local, 0x8}]}, @timestamp_prespec={0x44, 0x2c, 0xef, 0x3, 0x8, [{@empty, 0x8}, {@loopback, 0xe942}, {@local, 0xb28f}, {@rand_addr=0x64010100, 0xfff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x800}]}, @noop, @noop, @lsrr={0x83, 0x13, 0xeb, [@rand_addr=0x64010101, @loopback, @dev={0xac, 0x14, 0x14, 0x1f}, @local]}]}}}, @ip_retopts={{0x30, 0x0, 0x7, {[@noop, @ra={0x94, 0x4, 0x1}, @noop, @timestamp={0x44, 0x18, 0xa5, 0x0, 0x3, [0x8, 0x3, 0x5, 0x800, 0x3]}, @noop]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x80000000}}, @ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x158}, 0x24040084) (async) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdnio', @ANYRESHEX=r6, @ANYBLOB=',\x00']) 431.007972ms ago: executing program 2 (id=261): r0 = syz_open_dev$media(&(0x7f0000000000), 0x5, 0x2000) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f00000006c0)=0xffffffffffffffff) poll(&(0x7f0000000780)=[{r1, 0x8000}], 0x1, 0x7) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x402) syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x0) ioctl$EVIOCGABS0(r4, 0x80184540, &(0x7f0000000000)=""/14) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000300)="660f5a640bba400066eddefff62f2e2e0f2310a3660f38823efe116766c744240017042a786766c74424025a0000006766c744240600000000670f011c0f98af9c0026d9e46d", 0x46}], 0x1, 0x4, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x17) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000040)=r8, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r8, @ANYBLOB="0000000000000000690000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) sendmsg$nl_route_sched(r7, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@gettfilter={0x34, 0x2e, 0x200, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x9, 0x5}, {0xfff1, 0xa}, {0xf, 0x2}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x800}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40000) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r9 = eventfd(0x5) ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000140)={0x2ffc, r9}) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x20, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 341.037497ms ago: executing program 0 (id=262): mkdir(&(0x7f0000000540)='./file0\x00', 0x108) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf200000000000000700000008ffffffbd0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0xfffffed4}, 0x48) chdir(&(0x7f00000002c0)='./bus\x00') setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="02000000010000000000000004000000ce00000010000000001d000020"], 0x24, 0x0) 340.326687ms ago: executing program 3 (id=263): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {}, {0x5, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) 339.106788ms ago: executing program 0 (id=264): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x400000000000, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f00000001c0)=0x1) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r2, 0x80045440, 0x3) (async, rerun: 32) r3 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1) (rerun: 32) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000}) r5 = creat(&(0x7f0000000300)='./file0\x00', 0xe5) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, 0x0, 0x0, r5}, 0x68) r6 = dup(r4) accept4$vsock_stream(r6, 0x0, 0x0, 0x80800) (async) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e22, @loopback}}, 0x4, 0xfffe}, &(0x7f0000000200)=0x90) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000002c0)={r7, @in6={{0xa, 0x4e24, 0xfffffc94, @empty, 0xff}}, 0xf, 0x8, 0x80000001, 0x2, 0x0, 0xff, 0xff}, 0x9c) (async) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4000010}, 0x8080) 338.728177ms ago: executing program 3 (id=265): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) (async) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r5 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x400000000, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20) (async) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) (async) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x22806d, 0x0) close_range(r2, r4, 0x0) (async) ioctl$SNDRV_PCM_IOCTL_REWIND(r5, 0x40084146, &(0x7f0000000340)=0x84fb) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, r1, 0x5cfe9b9de6b8c055, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 261.437873ms ago: executing program 0 (id=266): r0 = socket$isdn_base(0x22, 0x3, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './file0', [{}], 0xa, "b7faa59e3c66e2e57cf00a08b76aa7b2e450c11b4129239b922d373c48df57c25930dce58b8ec8a092ed98b1ac7a34d63d6d05e14bb9472d4e7a8bd05eaa00d44753b53b6af2a8e339cc594bfd8b112d7b0a4c5578912be3cae1d2e4e4cf7e2badb395f8e328859fff3937b21a3436dfad7779c007648e41c9e0cd3f02ca1afb7df199d2994e8fdeed27f5"}, 0x97) (async) r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x5, &(0x7f0000000080)={0x0, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi3\x00', 0xa0602, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) (async) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000240)={0xb, 0xf37e, {0x5, 0x0, 0x401, {0x5, 0xd8f}, {0x3ff, 0x1}, @cond=[{0x7fff, 0xff, 0x0, 0x3, 0x5b21, 0x2}, {0xff, 0x4, 0x5d14, 0x800, 0x1, 0x8}]}, {0x54, 0x3, 0x200, {0x11dc, 0x1}, {0xfffb, 0x5}, @cond=[{0x1, 0x7dc2, 0x3fc, 0x6, 0x3, 0x7}, {0xc7c2, 0xfff8, 0x9, 0xfff, 0x0, 0x8}]}}) (async) ioctl$COMEDI_CMD(r3, 0x80506409, &(0x7f0000000100)={0x1, 0x20, 0x80, 0x6dd, 0x0, 0x4, 0x2, 0xd, 0xffffff6f, 0x4, 0x0, 0x8008, &(0x7f0000001140)=[0x6], 0x1, 0x0}) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$IMSETDEVNAME(r0, 0x80184947, 0x0) 260.24311ms ago: executing program 0 (id=267): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000001c0)="b805000000b9fa0000000f01d9660f78c4020a1bf7b805000000b90000c0fe0fae41d901000000b87f8b7f26ba000000000f30660fc775022e0fba600c980f320f3566b857000f00d0", 0x49}], 0x1, 0x10, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = dup(r3) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r5, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000340)) r6 = dup(r4) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000000)={0x1, r6}) syz_kvm_setup_cpu$x86(r6, r2, &(0x7f0000fd6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x11d, 0x51, 0x0, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, 0x54}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 138.592723ms ago: executing program 2 (id=268): bind$can_raw(0xffffffffffffffff, 0x0, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0) openat$urandom(0xffffffffffffff9c, 0x0, 0x101000, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x3, 0x1c, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) r2 = socket(0x1d, 0x2, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x515c38d0ea3ab6c4}]}}, 0x0, 0x2a, 0x0, 0x1}, 0x20) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x2, {0x3}}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r5, 0x800, 0x70bd2c, 0x25dfdbfd}, 0x14}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x8, &(0x7f00000001c0)={&(0x7f0000000380)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {}, {0x7, 0x2}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98) 0s ago: executing program 0 (id=269): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001300010027bd70000000000007000000", @ANYRES32=r3, @ANYBLOB="a2100400884101000c001a800800058004000780"], 0x2c}}, 0x0) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x1790) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newnexthop={0x40, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0x14, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0xdb7b}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c05a}, 0x4000080) kernel console output (not intermixed with test programs): [ 38.184172][ T40] audit: type=1400 audit(1753668134.409:59): avc: denied { write } for pid=5853 comm="sh" path="pipe:[1684]" dev="pipefs" ino=1684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 38.193000][ T40] audit: type=1400 audit(1753668134.409:60): avc: denied { rlimitinh } for pid=5853 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.202331][ T40] audit: type=1400 audit(1753668134.409:61): avc: denied { siginh } for pid=5853 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:52682' (ED25519) to the list of known hosts. [ 39.206148][ T40] audit: type=1400 audit(1753668135.449:62): avc: denied { name_bind } for pid=5860 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.225842][ T40] audit: type=1400 audit(1753668135.469:63): avc: denied { write } for pid=5861 comm="sh" path="pipe:[1700]" dev="pipefs" ino=1700 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 39.237425][ T40] audit: type=1400 audit(1753668135.479:64): avc: denied { execute } for pid=5861 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 39.246153][ T40] audit: type=1400 audit(1753668135.479:65): avc: denied { execute_no_trans } for pid=5861 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 41.072436][ T40] audit: type=1400 audit(1753668137.309:66): avc: denied { mounton } for pid=5861 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 41.074888][ T5861] cgroup: Unknown subsys name 'net' [ 41.231613][ T5861] cgroup: Unknown subsys name 'cpuset' [ 41.238973][ T5861] cgroup: Unknown subsys name 'rlimit' [ 41.427424][ T5901] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.078028][ T5861] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.277662][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 45.277679][ T40] audit: type=1400 audit(1753668141.519:80): avc: denied { execmem } for pid=5942 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.454918][ T40] audit: type=1400 audit(1753668141.689:81): avc: denied { create } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.462123][ T40] audit: type=1400 audit(1753668141.689:82): avc: denied { read write } for pid=5945 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.469683][ T40] audit: type=1400 audit(1753668141.689:83): avc: denied { open } for pid=5945 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.477221][ T40] audit: type=1400 audit(1753668141.699:84): avc: denied { ioctl } for pid=5945 comm="syz-executor" path="socket:[1719]" dev="sockfs" ino=1719 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.499026][ T5952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.502688][ T5952] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.505470][ T5952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.508565][ T5952] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.511291][ T5952] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.513976][ T5952] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.514146][ T5958] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.516463][ T5952] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.519285][ T5958] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.523427][ T5958] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.524164][ T5959] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.528162][ T5958] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.528399][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.528578][ T40] audit: type=1400 audit(1753668141.769:85): avc: denied { read } for pid=5955 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.528605][ T40] audit: type=1400 audit(1753668141.769:86): avc: denied { open } for pid=5955 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.528626][ T40] audit: type=1400 audit(1753668141.769:87): avc: denied { mounton } for pid=5955 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.530661][ T5958] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.533152][ T5961] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.540551][ T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.549036][ T5961] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.555969][ T5958] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.559770][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.562827][ T5958] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.683742][ T40] audit: type=1400 audit(1753668141.919:88): avc: denied { module_request } for pid=5955 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.715846][ T5955] chnl_net:caif_netlink_parms(): no params data found [ 45.906592][ T5955] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.909294][ T5955] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.911628][ T5955] bridge_slave_0: entered allmulticast mode [ 45.914560][ T5955] bridge_slave_0: entered promiscuous mode [ 45.928231][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 45.939761][ T5955] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.942223][ T5955] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.944827][ T5955] bridge_slave_1: entered allmulticast mode [ 45.948911][ T5955] bridge_slave_1: entered promiscuous mode [ 46.002236][ T5955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.005527][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 46.024719][ T5955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.044393][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 46.100904][ T5955] team0: Port device team_slave_0 added [ 46.120683][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.123758][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.128866][ T5947] bridge_slave_0: entered allmulticast mode [ 46.133043][ T5947] bridge_slave_0: entered promiscuous mode [ 46.138541][ T5955] team0: Port device team_slave_1 added [ 46.163581][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.165940][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.168167][ T5947] bridge_slave_1: entered allmulticast mode [ 46.170750][ T5947] bridge_slave_1: entered promiscuous mode [ 46.251302][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.253533][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.261926][ T5955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.285362][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.290056][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.306492][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.308689][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.317463][ T5955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.357449][ T5947] team0: Port device team_slave_0 added [ 46.388454][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.390738][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.393059][ T5949] bridge_slave_0: entered allmulticast mode [ 46.395720][ T5949] bridge_slave_0: entered promiscuous mode [ 46.399012][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.401296][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.403630][ T5945] bridge_slave_0: entered allmulticast mode [ 46.406429][ T5945] bridge_slave_0: entered promiscuous mode [ 46.410846][ T5947] team0: Port device team_slave_1 added [ 46.427655][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.430241][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.432493][ T5949] bridge_slave_1: entered allmulticast mode [ 46.435033][ T5949] bridge_slave_1: entered promiscuous mode [ 46.453134][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.455403][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.457896][ T5945] bridge_slave_1: entered allmulticast mode [ 46.460558][ T5945] bridge_slave_1: entered promiscuous mode [ 46.548263][ T5955] hsr_slave_0: entered promiscuous mode [ 46.550500][ T5955] hsr_slave_1: entered promiscuous mode [ 46.553347][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.555510][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.565654][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.570578][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.575235][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.580347][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.584069][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.586318][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.593472][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.603822][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.699862][ T5945] team0: Port device team_slave_0 added [ 46.706271][ T5945] team0: Port device team_slave_1 added [ 46.710066][ T5949] team0: Port device team_slave_0 added [ 46.764652][ T5949] team0: Port device team_slave_1 added [ 46.781923][ T5947] hsr_slave_0: entered promiscuous mode [ 46.784239][ T5947] hsr_slave_1: entered promiscuous mode [ 46.786714][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.789350][ T5947] Cannot create hsr debugfs directory [ 46.820656][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.822833][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.830845][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.838637][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.840786][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.848604][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.852377][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.854856][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.863556][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.891118][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.893516][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.901812][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.967133][ T5949] hsr_slave_0: entered promiscuous mode [ 46.969367][ T5949] hsr_slave_1: entered promiscuous mode [ 46.971395][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.973809][ T5949] Cannot create hsr debugfs directory [ 47.128686][ T5945] hsr_slave_0: entered promiscuous mode [ 47.130946][ T5945] hsr_slave_1: entered promiscuous mode [ 47.133049][ T5945] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.135510][ T5945] Cannot create hsr debugfs directory [ 47.295993][ T5955] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.304521][ T5955] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.312551][ T5955] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.316954][ T5955] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.352641][ T5947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.361314][ T5947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.365547][ T5947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.369781][ T5947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.420502][ T5949] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.435352][ T5949] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.440298][ T5949] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.444111][ T5949] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.496957][ T5955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.513200][ T5945] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.519259][ T5945] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.523770][ T5945] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.529454][ T5945] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.554361][ T5955] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.556075][ T5948] Bluetooth: hci3: command tx timeout [ 47.556082][ T5958] Bluetooth: hci1: command tx timeout [ 47.559893][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.563501][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.580079][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.582362][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.607204][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.632828][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.642898][ T5955] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.646102][ T5948] Bluetooth: hci2: command tx timeout [ 47.646135][ T5958] Bluetooth: hci0: command tx timeout [ 47.657931][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.665141][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.667592][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.670585][ T40] audit: type=1400 audit(1753668143.909:89): avc: denied { sys_module } for pid=5955 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 47.679029][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.681330][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.695419][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.703702][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.710399][ T1210] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.712852][ T1210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.730740][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.733449][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.740696][ T5947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.765164][ T5955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.774809][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.793302][ T1210] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.796258][ T1210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.803799][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.806093][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.862456][ T5955] veth0_vlan: entered promiscuous mode [ 47.869953][ T5955] veth1_vlan: entered promiscuous mode [ 47.883270][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.894027][ T5955] veth0_macvtap: entered promiscuous mode [ 47.902612][ T5955] veth1_macvtap: entered promiscuous mode [ 47.923754][ T5947] veth0_vlan: entered promiscuous mode [ 47.928842][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.934790][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.938163][ T5947] veth1_vlan: entered promiscuous mode [ 47.944568][ T5955] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.948559][ T5955] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.952142][ T5955] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.955128][ T5955] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.967467][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.994391][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.024417][ T5947] veth0_macvtap: entered promiscuous mode [ 48.024617][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.030202][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.048744][ T5947] veth1_macvtap: entered promiscuous mode [ 48.054788][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.058045][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.069995][ T5949] veth0_vlan: entered promiscuous mode [ 48.079334][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.085235][ T5945] veth0_vlan: entered promiscuous mode [ 48.090521][ T5949] veth1_vlan: entered promiscuous mode [ 48.093926][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.099861][ T5947] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.102749][ T5947] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.107511][ T5947] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.110870][ T5955] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.110994][ T5947] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.122967][ T5945] veth1_vlan: entered promiscuous mode [ 48.151228][ T5949] veth0_macvtap: entered promiscuous mode [ 48.165976][ T5949] veth1_macvtap: entered promiscuous mode [ 48.187905][ T5945] veth0_macvtap: entered promiscuous mode [ 48.206258][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.209937][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.216932][ T5945] veth1_macvtap: entered promiscuous mode [ 48.237629][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.240737][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.243393][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.253030][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.259765][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.266327][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.271673][ T5945] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.274434][ T5945] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.278482][ T5945] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.281245][ T5945] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.285328][ T5949] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.288618][ T5949] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.291820][ T5949] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.294984][ T5949] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.371839][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.374365][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.374609][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.379864][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.394400][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.397201][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.419624][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.422267][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.677958][ T1467] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 48.835764][ T1467] usb 7-1: Using ep0 maxpacket: 32 [ 48.867575][ T1467] usb 7-1: unable to get BOS descriptor or descriptor too short [ 48.870789][ T1467] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 48.873191][ T1467] usb 7-1: can't read configurations, error -71 [ 49.271690][ T6062] tmpfs: Unknown parameter '00000000000000000000000' [ 49.284120][ T6060] Bluetooth: MGMT ver 1.23 [ 49.381060][ T6065] netlink: 80 bytes leftover after parsing attributes in process `syz.1.9'. [ 49.398497][ T6065] sctp: failed to load transform for md5: -2 [ 49.429379][ T6078] netlink: 'syz.2.12': attribute type 3 has an invalid length. [ 49.487834][ T6083] netlink: 'syz.0.14': attribute type 20 has an invalid length. [ 49.490970][ T6084] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13'. [ 49.554553][ T6094] xt_CT: You must specify a L4 protocol and not use inversions on it [ 49.592039][ T6091] bond0: entered promiscuous mode [ 49.600172][ T6091] bond_slave_0: entered promiscuous mode [ 49.602586][ T6092] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18'. [ 49.602598][ T6092] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18'. [ 49.613720][ T6091] bond_slave_1: entered promiscuous mode [ 49.616148][ T6091] bond0: entered allmulticast mode [ 49.617856][ T6091] bond_slave_0: entered allmulticast mode [ 49.619630][ T6091] bond_slave_1: entered allmulticast mode [ 49.635828][ T5948] Bluetooth: hci3: command tx timeout [ 49.645728][ T5948] Bluetooth: hci1: command tx timeout [ 49.703686][ T6110] 9pnet_fd: Insufficient options for proto=fd [ 49.715702][ T5948] Bluetooth: hci2: command tx timeout [ 49.715753][ T5958] Bluetooth: hci0: command tx timeout [ 49.768430][ T6119] 9pnet_virtio: no channels available for device syz [ 49.824965][ T6124] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 49.831501][ T6124] 9pnet_virtio: no channels available for device syz [ 49.954943][ T6139] Zero length message leads to an empty skb [ 50.016010][ T6145] loop8: detected capacity change from 0 to 79 [ 50.135768][ T6161] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 50.137897][ T6161] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 50.140950][ T6161] vhci_hcd vhci_hcd.0: Device attached [ 50.146783][ T6164] vhci_hcd: unknown pdu 2 [ 50.150295][ T1141] vhci_hcd: stop threads [ 50.151657][ T1141] vhci_hcd: release socket [ 50.153073][ T1141] vhci_hcd: disconnect device [ 50.182064][ T6171] [U] ²§N{st3 ö)ŸLÌó´ñb§o7UˆÑŽÌNQþʈ t™²­QöZ4s  [ 50.405706][ T5988] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 50.481405][ T40] kauditd_printk_skb: 105 callbacks suppressed [ 50.481418][ T40] audit: type=1400 audit(1753668146.719:195): avc: denied { unmount } for pid=5947 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 50.555695][ T5988] usb 6-1: device descriptor read/64, error -71 [ 50.564500][ T40] audit: type=1400 audit(1753668146.799:196): avc: denied { read } for pid=6173 comm="syz.3.39" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.571639][ T40] audit: type=1400 audit(1753668146.799:197): avc: denied { read } for pid=6173 comm="syz.3.39" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.578655][ T40] audit: type=1400 audit(1753668146.799:198): avc: denied { open } for pid=6173 comm="syz.3.39" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.578817][ T6174] netlink: 24 bytes leftover after parsing attributes in process `syz.3.39'. [ 50.585854][ T40] audit: type=1400 audit(1753668146.799:199): avc: denied { map } for pid=6173 comm="syz.3.39" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.596980][ T40] audit: type=1400 audit(1753668146.799:200): avc: denied { execute } for pid=6173 comm="syz.3.39" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.691080][ T40] audit: type=1400 audit(1753668146.929:201): avc: denied { name_bind } for pid=6177 comm="syz.3.40" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 50.707392][ T6181] syz.2.41 uses obsolete (PF_INET,SOCK_PACKET) [ 50.711926][ T40] audit: type=1400 audit(1753668146.949:202): avc: denied { sys_module } for pid=6179 comm="syz.2.41" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 50.805800][ T5988] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 50.939813][ T6192] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.945683][ T5988] usb 6-1: device descriptor read/64, error -71 [ 50.969437][ T6201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.45'. [ 50.973944][ T40] audit: type=1400 audit(1753668147.209:203): avc: denied { connect } for pid=6200 comm="syz.0.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 50.986340][ T40] audit: type=1400 audit(1753668147.209:204): avc: denied { connect } for pid=6200 comm="syz.0.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 51.065893][ T5988] usb usb6-port1: attempt power cycle [ 51.116551][ T6214] process 'syz.2.48' launched './file1' with NULL argv: empty string added [ 51.145031][ T6218] program syz.0.50 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 51.149995][ T6218] netlink: 'syz.0.50': attribute type 1 has an invalid length. [ 51.150985][ T6219] netlink: 'syz.0.50': attribute type 1 has an invalid length. [ 51.153298][ T6218] netlink: 224 bytes leftover after parsing attributes in process `syz.0.50'. [ 51.155941][ T6219] netlink: 224 bytes leftover after parsing attributes in process `syz.0.50'. [ 51.178470][ T6015] IPVS: starting estimator thread 0... [ 51.181398][ T6223] netlink: 24 bytes leftover after parsing attributes in process `syz.2.51'. [ 51.276566][ T6222] IPVS: using max 45 ests per chain, 108000 per kthread [ 51.284752][ T6236] netlink: 'syz.2.56': attribute type 9 has an invalid length. [ 51.405807][ T5988] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 51.415522][ T6261] warning: `syz.2.63' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 51.428186][ T5988] usb 6-1: device descriptor read/8, error -71 [ 51.498269][ T6270] loop6: detected capacity change from 0 to 524287999 [ 51.504238][ T6270] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.508838][ T6270] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.512642][ T6270] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 51.517946][ T6270] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 51.607352][ T6284] usb usb1: check_ctrlrecip: process 6284 (syz.0.68) requesting ep 01 but needs 81 [ 51.610361][ T6284] usb usb1: usbfs: process 6284 (syz.0.68) did not claim interface 0 before use [ 51.615317][ T6283] usb usb1: check_ctrlrecip: process 6283 (syz.0.68) requesting ep 01 but needs 81 [ 51.615347][ T6267] mmap: syz.2.65 (6267) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 51.618569][ T6283] usb usb1: usbfs: process 6283 (syz.0.68) did not claim interface 0 before use [ 51.696057][ T5988] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 51.715765][ T5958] Bluetooth: hci1: command tx timeout [ 51.715777][ T5948] Bluetooth: hci3: command tx timeout [ 51.726022][ T5988] usb 6-1: device descriptor read/8, error -71 [ 51.796049][ T5958] Bluetooth: hci2: command tx timeout [ 51.796218][ T5948] Bluetooth: hci0: command tx timeout [ 51.835899][ T6015] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 51.845933][ T5988] usb usb6-port1: unable to enumerate USB device [ 51.939410][ T6309] netlink: 'syz.2.77': attribute type 1 has an invalid length. [ 51.952340][ T6312] 9pnet_fd: Insufficient options for proto=fd [ 51.953294][ T6309] 8021q: adding VLAN 0 to HW filter on device bond1 [ 51.980452][ T6309] bond1: (slave veth3): Enslaving as an active interface with a down link [ 51.994912][ T6309] bond1: (slave veth0_to_bond): making interface the new active one [ 51.997304][ T6015] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.999584][ T6309] veth0_to_bond: entered promiscuous mode [ 52.001710][ T6015] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 52.004563][ T6309] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 52.007655][ T6015] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 52.007679][ T6015] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 52.007690][ T6015] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.012312][ T6015] usb 8-1: config 0 descriptor?? [ 52.029207][ T6309] netlink: 16 bytes leftover after parsing attributes in process `syz.2.77'. [ 52.046645][ T6318] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 52.048666][ T6318] [U] J"—e:ÀÆ" [ 52.253949][ T6335] trusted_key: syz.0.82 sent an empty control message without MSG_MORE. [ 52.257649][ T6335] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 52.265783][ T6332] netlink: 'syz.0.82': attribute type 12 has an invalid length. [ 52.268941][ T6332] netlink: 'syz.0.82': attribute type 29 has an invalid length. [ 52.376913][ T6342] fuse: Bad value for 'group_id' [ 52.378539][ T6342] fuse: Bad value for 'group_id' [ 52.407504][ T6342] overlay: filesystem on ./bus is read-only [ 52.431046][ T6015] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 52.908588][ T6358] random: crng reseeded on system resumption [ 53.038724][ T34] usb 8-1: USB disconnect, device number 2 [ 53.195732][ T6399] tls_set_device_offload: netdev not found [ 53.386960][ T6438] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nbd2": -EINTR [ 53.411296][ T6444] IPVS: set_ctl: invalid protocol: 161 172.30.1.3:19999 [ 53.418051][ T6444] IPVS: ip_vs_edit_dest(): server weight less than zero [ 53.490983][ T6449] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 53.573185][ T6453] sctp: [Deprecated]: syz.2.116 (pid 6453) Use of int in max_burst socket option deprecated. [ 53.573185][ T6453] Use struct sctp_assoc_value instead [ 53.613615][ T6456] sctp: [Deprecated]: syz.2.116 (pid 6456) Use of int in max_burst socket option deprecated. [ 53.613615][ T6456] Use struct sctp_assoc_value instead [ 53.707938][ T6462] 8021q: adding VLAN 0 to HW filter on device bond1 [ 53.714500][ T6462] bond1: (slave batadv1): Opening slave failed [ 53.726507][ T6463] bond1: (slave batadv1): Opening slave failed [ 53.728792][ T6461] kvm: vcpu 0: requested 148514 ns lapic timer period limited to 200000 ns [ 53.731757][ T6461] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294906079 (8589812158 ns) > initial count (200000 ns). Using initial count to start timer. [ 53.796356][ T5948] Bluetooth: hci1: command tx timeout [ 53.805766][ T5948] Bluetooth: hci3: command tx timeout [ 53.875901][ T5958] Bluetooth: hci0: command tx timeout [ 53.878275][ T5948] Bluetooth: hci2: command tx timeout [ 53.986417][ T6480] tipc: Enabling of bearer rejected, failed to enable media [ 54.079838][ T6489] xt_hashlimit: size too large, truncated to 1048576 [ 54.086956][ T6489] syz.3.125: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 54.092210][ T6489] CPU: 2 UID: 0 PID: 6489 Comm: syz.3.125 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(full) [ 54.092244][ T6489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.092253][ T6489] Call Trace: [ 54.092258][ T6489] [ 54.092264][ T6489] dump_stack_lvl+0x16c/0x1f0 [ 54.092288][ T6489] warn_alloc+0x248/0x3a0 [ 54.092305][ T6489] ? __pfx_warn_alloc+0x10/0x10 [ 54.092326][ T6489] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 54.092341][ T6489] ? __vmalloc_node_noprof+0xad/0xf0 [ 54.092356][ T6489] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 54.092375][ T6489] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 54.092391][ T6489] ? __lock_acquire+0x622/0x1c90 [ 54.092401][ T6489] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 54.092415][ T6489] ? __alloc_pages_noprof+0xb/0x1b0 [ 54.092429][ T6489] ? ___kmalloc_large_node+0x84/0x1e0 [ 54.092444][ T6489] __kvmalloc_node_noprof+0x30a/0x620 [ 54.092459][ T6489] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 54.092473][ T6489] ? net_generic+0xea/0x2a0 [ 54.092485][ T6489] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 54.092501][ T6489] ? hashlimit_mt_check_common+0x8bb/0x1460 [ 54.092515][ T6489] hashlimit_mt_check_common+0x8bb/0x1460 [ 54.092532][ T6489] hashlimit_mt_check+0x71/0x90 [ 54.092545][ T6489] ? __pfx_hashlimit_mt_check+0x10/0x10 [ 54.092559][ T6489] xt_check_match+0x283/0xa50 [ 54.092573][ T6489] ? __init_zone_device_page+0x2d2/0x690 [ 54.092587][ T6489] ? __pfx_xt_check_match+0x10/0x10 [ 54.092602][ T6489] ? xt_find_target+0x1f2/0x290 [ 54.092616][ T6489] ? xt_find_match+0x1f6/0x290 [ 54.092632][ T6489] find_check_entry.constprop.0+0x34e/0xa20 [ 54.092649][ T6489] ? __pfx_find_check_entry.constprop.0+0x10/0x10 [ 54.092667][ T6489] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.092685][ T6489] ? kfree+0x2b4/0x4d0 [ 54.092697][ T6489] ? translate_table+0xc0e/0x17b0 [ 54.092712][ T6489] translate_table+0xd0b/0x17b0 [ 54.092735][ T6489] ? __pfx_translate_table+0x10/0x10 [ 54.092752][ T6489] do_ip6t_set_ctl+0x570/0xb00 [ 54.092765][ T6489] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 54.092780][ T6489] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 54.092794][ T6489] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 54.092812][ T6489] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 54.092825][ T6489] nf_setsockopt+0x8a/0xf0 [ 54.092838][ T6489] ipv6_setsockopt+0x135/0x170 [ 54.092852][ T6489] rawv6_setsockopt+0xc2/0x510 [ 54.092864][ T6489] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 54.092875][ T6489] ? selinux_socket_setsockopt+0x6a/0x80 [ 54.092891][ T6489] ? sock_common_setsockopt+0x2e/0xf0 [ 54.092903][ T6489] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 54.092915][ T6489] do_sock_setsockopt+0xf0/0x1d0 [ 54.092929][ T6489] __sys_setsockopt+0x1a0/0x230 [ 54.092946][ T6489] __x64_sys_setsockopt+0xbd/0x160 [ 54.092961][ T6489] ? do_syscall_64+0x91/0x4c0 [ 54.092970][ T6489] ? lockdep_hardirqs_on+0x7c/0x110 [ 54.092985][ T6489] do_syscall_64+0xcd/0x4c0 [ 54.092995][ T6489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.093006][ T6489] RIP: 0033:0x7fed2678e9a9 [ 54.093015][ T6489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.093024][ T6489] RSP: 002b:00007fed275b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 54.093034][ T6489] RAX: ffffffffffffffda RBX: 00007fed269b5fa0 RCX: 00007fed2678e9a9 [ 54.093040][ T6489] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 54.093046][ T6489] RBP: 00007fed26810d69 R08: 0000000000000588 R09: 0000000000000000 [ 54.093051][ T6489] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000 [ 54.093057][ T6489] R13: 0000000000000000 R14: 00007fed269b5fa0 R15: 00007ffeb1925018 [ 54.093070][ T6489] [ 54.093073][ T6489] Mem-Info: [ 54.218460][ T6424] orangefs_mount: mount request failed with -4 [ 54.218481][ T6489] active_anon:8540 inactive_anon:0 isolated_anon:0 [ 54.218481][ T6489] active_file:553 inactive_file:45062 isolated_file:0 [ 54.218481][ T6489] unevictable:1775 dirty:1637 writeback:0 [ 54.218481][ T6489] slab_reclaimable:11382 slab_unreclaimable:68880 [ 54.218481][ T6489] mapped:24359 shmem:2441 pagetables:1149 [ 54.218481][ T6489] sec_pagetables:295 bounce:0 [ 54.218481][ T6489] kernel_misc_reclaimable:0 [ 54.218481][ T6489] free:466393 free_pcp:17171 free_cma:0 [ 54.236245][ T6489] Node 0 active_anon:33788kB inactive_anon:0kB active_file:2212kB inactive_file:180048kB unevictable:3564kB isolated(anon):0kB isolated(file):0kB mapped:97436kB dirty:6512kB writeback:0kB shmem:6228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12560kB pagetables:4252kB sec_pagetables:1180kB all_unreclaimable? no Balloon:0kB [ 54.243329][ T6496] netlink: 'syz.0.127': attribute type 11 has an invalid length. [ 54.246640][ T6489] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:36kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:112kB pagetables:220kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 54.259772][ T6489] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 54.269298][ T6489] lowmem_reserve[]: 0 1234 1234 1234 1234 [ 54.271140][ T6489] Node 0 DMA32 free:248120kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33788kB inactive_anon:0kB active_file:2212kB inactive_file:180048kB unevictable:3564kB writepending:6512kB present:2080628kB managed:1264284kB mlocked:128kB bounce:0kB free_pcp:49392kB local_pcp:12552kB free_cma:0kB [ 54.282280][ T6489] lowmem_reserve[]: 0 0 0 0 0 [ 54.284020][ T6489] Node 1 Normal free:1602092kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB writepending:36kB present:2097152kB managed:1781956kB mlocked:0kB bounce:0kB free_pcp:19460kB local_pcp:4104kB free_cma:0kB [ 54.294121][ T6489] lowmem_reserve[]: 0 0 0 0 0 [ 54.296765][ T6489] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 54.300795][ T6489] Node 0 DMA32: 602*4kB (UME) 786*8kB (UME) 472*16kB (UME) 392*32kB (UME) 51*64kB (UME) 21*128kB (UME) 19*256kB (UME) 11*512kB (UM) 6*1024kB (UME) 4*2048kB (UM) 46*4096kB (UM) = 247992kB [ 54.306732][ T6489] Node 1 Normal: 4*4kB (E) 7*8kB (UME) 8*16kB (UME) 21*32kB (UME) 9*64kB (UME) 9*128kB (UME) 2*256kB (UE) 5*512kB (ME) 3*1024kB (UE) 2*2048kB (UM) 388*4096kB (M) = 1602088kB [ 54.312185][ T6489] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 54.315219][ T6489] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 54.318614][ T6489] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 54.321584][ T6489] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 54.324455][ T6489] 48028 total pagecache pages [ 54.326057][ T6489] 0 pages in swap cache [ 54.327384][ T6489] Free swap = 124996kB [ 54.328711][ T6489] Total swap = 124996kB [ 54.330034][ T6489] 1048443 pages RAM [ 54.331254][ T6489] 0 pages HighMem/MovableOnly [ 54.332758][ T6489] 283043 pages reserved [ 54.334127][ T6489] 0 pages cma reserved [ 55.017763][ T6520] __nla_validate_parse: 9 callbacks suppressed [ 55.017777][ T6520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.136'. [ 55.034214][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 55.035710][ T6520] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 55.038814][ T6520] IPv6: NLM_F_CREATE should be set when creating new route [ 55.340305][ T6536] loop8: detected capacity change from 79 to 78 [ 55.347519][ T6544] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 55.353058][ T6544] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 55.407324][ T6555] netlink: 12 bytes leftover after parsing attributes in process `syz.1.143'. [ 55.412642][ T6555] xfrm1: entered promiscuous mode [ 55.414256][ T6555] xfrm1: entered allmulticast mode [ 55.419226][ T5359] udevd[5359]: worker [6170] terminated by signal 33 (Unknown signal 33) [ 55.421915][ T5359] udevd[5359]: worker [6170] failed while handling '/devices/virtual/block/loop8' [ 55.459893][ T6554] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 55.459893][ T6554] The task syz.0.142 (6554) triggered the difference, watch for misbehavior. [ 55.595183][ T6568] program syz.2.140 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 55.641353][ T40] kauditd_printk_skb: 105 callbacks suppressed [ 55.641362][ T40] audit: type=1400 audit(1753668151.879:310): avc: denied { mount } for pid=6566 comm="syz.1.147" name="/" dev="hugetlbfs" ino=9144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 55.682015][ T40] audit: type=1400 audit(1753668151.919:311): avc: denied { unmount } for pid=5955 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 55.734296][ T6577] netlink: 276 bytes leftover after parsing attributes in process `syz.1.149'. [ 55.748058][ T40] audit: type=1400 audit(1753668151.989:312): avc: denied { map } for pid=6576 comm="syz.1.149" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 55.755007][ T40] audit: type=1400 audit(1753668151.989:313): avc: denied { execute } for pid=6576 comm="syz.1.149" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 55.911189][ T40] audit: type=1400 audit(1753668152.149:314): avc: denied { append } for pid=6578 comm="syz.1.150" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 56.044813][ T40] audit: type=1400 audit(1753668152.279:315): avc: denied { setopt } for pid=6583 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 56.101772][ T6561] overlayfs: statfs failed on './file0' [ 56.115106][ T40] audit: type=1400 audit(1753668152.349:316): avc: denied { accept } for pid=6585 comm="syz.1.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 56.144040][ T40] audit: type=1400 audit(1753668152.379:317): avc: denied { create } for pid=6590 comm="syz.2.153" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1 [ 56.179064][ T40] audit: type=1400 audit(1753668152.419:318): avc: denied { mount } for pid=6595 comm="syz.1.156" name="/" dev="overlay" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.188730][ T40] audit: type=1400 audit(1753668152.419:319): avc: denied { listen } for pid=6595 comm="syz.1.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 56.537384][ T6611] /dev/sr0: Can't open blockdev [ 56.773083][ T6622] netlink: 'syz.1.165': attribute type 2 has an invalid length. [ 56.775816][ T6622] netlink: 244 bytes leftover after parsing attributes in process `syz.1.165'. [ 57.075755][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 57.075774][ T63] Bluetooth: hci4: command 0x1003 tx timeout [ 57.195509][ T6649] dummy0: entered allmulticast mode [ 57.206353][ T6651] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=224 sclass=netlink_route_socket pid=6651 comm=syz.2.174 [ 57.358417][ T6664] netlink: 32 bytes leftover after parsing attributes in process `syz.2.178'. [ 57.556410][ T5958] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 57.556876][ T5948] Bluetooth: hci5: command 0x1003 tx timeout [ 57.603813][ T6671] netlink: 'syz.0.180': attribute type 10 has an invalid length. [ 57.610915][ T6671] macvlan0: entered promiscuous mode [ 57.613427][ T6671] macvlan0: entered allmulticast mode [ 57.618872][ T6671] veth1_vlan: entered allmulticast mode [ 57.622521][ T6671] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 57.665415][ T6680] Illegal XDP return value 8 on prog (id 22) dev N/A, expect packet loss! [ 57.728470][ T6693] capability: warning: `syz.0.186' uses deprecated v2 capabilities in a way that may be insecure [ 57.759070][ T6683] kvm: kvm [6682]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc1) = 0xe0000011 [ 57.763309][ T6683] kvm: kvm [6682]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc2) = 0xe0000011 [ 57.781270][ T6683] kvm: kvm [6682]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0xe0000011 [ 57.802461][ T6683] kvm: kvm [6682]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0xe0000011 [ 57.806206][ T6683] kvm: kvm [6682]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0xe0000011 [ 57.824132][ T6683] kvm_intel: kvm [6682]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x1d9) = 0xe0000011 [ 57.872209][ T6711] netlink: 16 bytes leftover after parsing attributes in process `syz.0.190'. [ 57.950012][ T6715] vlan2: entered allmulticast mode [ 57.951951][ T6715] veth0_to_bond: entered allmulticast mode [ 57.968786][ T6722] netlink: 56 bytes leftover after parsing attributes in process `syz.2.194'. [ 57.975422][ T6722] netlink: 36 bytes leftover after parsing attributes in process `syz.2.194'. [ 57.997108][ T6724] netlink: 'syz.0.193': attribute type 10 has an invalid length. [ 57.998367][ T6722] netlink: 56 bytes leftover after parsing attributes in process `syz.2.194'. [ 58.002591][ T6724] syz_tun: entered promiscuous mode [ 58.007451][ T6724] syz_tun: entered allmulticast mode [ 58.009797][ T6724] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 58.205495][ T6747] tap0: tun_chr_ioctl cmd 1074025678 [ 58.207282][ T6747] tap0: group set to 0 [ 58.256588][ T6749] netlink: 72 bytes leftover after parsing attributes in process `syz.2.202'. [ 58.449043][ T6775] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 58.455904][ T6777] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878) [ 58.458765][ T6777] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 58.461316][ T6773] fuse: Unknown parameter 'grd' [ 58.502762][ T6783] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 58.504883][ T6783] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 58.510432][ T6783] vhci_hcd vhci_hcd.0: Device attached [ 58.728720][ T6807] input: syz1 as /devices/virtual/input/input6 [ 58.745661][ T54] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 58.746111][ T6015] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 58.797266][ T6814] ip6t_rpfilter: unknown options [ 58.926960][ T54] usb 6-1: config 0 has no interfaces? [ 58.928733][ T54] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 58.931622][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.939550][ T54] usb 6-1: config 0 descriptor?? [ 58.954042][ T6818] overlayfs: failed to resolve './file0': -2 [ 59.145411][ T54] usb 6-1: USB disconnect, device number 6 [ 59.146561][ T6786] vhci_hcd: connection closed [ 59.148745][ T13] vhci_hcd: stop threads [ 59.152080][ T13] vhci_hcd: release socket [ 59.154146][ T13] vhci_hcd: disconnect device [ 59.205783][ T6015] vhci_hcd: vhci_device speed not set [ 59.385079][ T6825] syz.0.225: attempt to access beyond end of device [ 59.385079][ T6825] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 59.391638][ T6825] syz.0.225: attempt to access beyond end of device [ 59.391638][ T6825] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 59.396574][ T6825] Mount JFS Failure: -5 [ 59.398529][ T6825] jfs_mount failed w/return code = -5 [ 59.482734][ T6831] netlink: 'syz.2.227': attribute type 13 has an invalid length. [ 59.486128][ T6831] netlink: 'syz.2.227': attribute type 17 has an invalid length. [ 59.513061][ T6833] capability: warning: `syz.0.229' uses 32-bit capabilities (legacy support in use) [ 59.519334][ T6831] dummy0: left allmulticast mode [ 59.523260][ T6831] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 59.621410][ T6837] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 59.624155][ T6837] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 59.838355][ T6847] /dev/sr0: Can't open blockdev [ 59.895483][ T6858] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 60.317161][ T6893] PKCS7: Unknown OID: [4] 5.25.43183(bad) [ 60.317336][ T6894] PKCS7: Unknown OID: [4] 5.25.43183(bad) [ 60.319110][ T6893] PKCS7: Only support pkcs7_signedData type [ 60.321014][ T6894] PKCS7: Only support pkcs7_signedData type [ 60.350177][ T6896] __nla_validate_parse: 7 callbacks suppressed [ 60.350187][ T6896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.248'. [ 60.354979][ T6896] netlink: 12 bytes leftover after parsing attributes in process `syz.2.248'. [ 60.790308][ T5948] Bluetooth: hci2: unexpected cc 0x0402 length: 4 > 1 [ 60.813536][ T40] kauditd_printk_skb: 165 callbacks suppressed [ 60.813547][ T40] audit: type=1400 audit(1753668157.049:485): avc: denied { append } for pid=6919 comm="syz.0.255" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 60.823619][ T40] audit: type=1400 audit(1753668157.049:486): avc: denied { read } for pid=6919 comm="syz.0.255" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 60.841950][ T40] audit: type=1400 audit(1753668157.049:487): avc: denied { open } for pid=6919 comm="syz.0.255" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 60.849937][ T40] audit: type=1400 audit(1753668157.049:488): avc: denied { ioctl } for pid=6919 comm="syz.0.255" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 60.852884][ T6928] futex_wake_op: syz.2.257 tries to shift op by 32; fix this program [ 60.860920][ T40] audit: type=1400 audit(1753668157.049:489): avc: denied { set_context_mgr } for pid=6919 comm="syz.0.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 60.887299][ T40] audit: type=1400 audit(1753668157.129:490): avc: denied { create } for pid=6926 comm="syz.2.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 60.892247][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.258'. [ 60.893656][ T40] audit: type=1400 audit(1753668157.129:491): avc: denied { write } for pid=6926 comm="syz.2.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 60.910127][ T6931] @: entered promiscuous mode [ 60.911676][ T6931] @: entered allmulticast mode [ 60.914427][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.258'. [ 60.932837][ T40] audit: type=1400 audit(1753668157.169:492): avc: denied { mounton } for pid=6933 comm="syz.2.259" path="/proc/284/task" dev="proc" ino=12720 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 60.940618][ T40] audit: type=1400 audit(1753668157.169:493): avc: denied { mount } for pid=6933 comm="syz.2.259" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 60.974518][ T40] audit: type=1400 audit(1753668157.209:494): avc: denied { append } for pid=6941 comm="syz.2.261" name="event3" dev="devtmpfs" ino=1298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 61.052761][ T6947] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 61.091324][ T6956] ======================================================= [ 61.091324][ T6956] WARNING: The mand mount option has been deprecated and [ 61.091324][ T6956] and is ignored by this kernel. Remove the mand [ 61.091324][ T6956] option from the mount to silence this warning. [ 61.091324][ T6956] ======================================================= [ 61.122388][ T6958] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 61.213069][ T6962] kvm: kvm [6961]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc1) = 0xfffffc18 [ 61.216120][ T6962] kvm: kvm [6961]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc2) = 0xfffffc18 [ 61.233092][ T6962] kvm: kvm [6961]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0xfffffc18 [ 61.253287][ T6962] kvm: kvm [6961]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0xfffffc18 [ 61.256542][ T6962] kvm: kvm [6961]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0xfffffc18 [ 61.336489][ T6968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.268'. [ 61.441385][ T6970] ------------[ cut here ]------------ [ 61.443843][ T6970] WARNING: CPU: 1 PID: 6970 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 61.448124][ T6970] Modules linked in: [ 61.452541][ T6970] CPU: 1 UID: 0 PID: 6970 Comm: syz.0.269 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(full) [ 61.457494][ T6970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.461919][ T6970] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 61.464700][ T6970] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 83 fe 0a 0f 86 0a fe ff ff 80 3d 9d 46 7d 0e 00 75 0b c6 05 94 46 7d 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 61.472731][ T6970] RSP: 0018:ffffc9000dacf438 EFLAGS: 00010246 [ 61.475302][ T6970] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 61.481934][ T6970] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040dc0 [ 61.485243][ T6970] RBP: 0000000001000000 R08: 0000000000000005 R09: 0000000000000000 [ 61.489380][ T6970] R10: 0000000000200000 R11: 0000000000000001 R12: 000000000000000c [ 61.492663][ T6970] R13: 1ffff92001b59e9c R14: 0000000001000000 R15: 000000000000000c [ 61.496048][ T6970] FS: 00007ff29d9fc6c0(0000) GS:ffff8880d6820000(0000) knlGS:0000000000000000 [ 61.499783][ T6970] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.502727][ T6970] CR2: 0000200000001000 CR3: 00000000604d7000 CR4: 0000000000352ef0 [ 61.506157][ T6970] Call Trace: [ 61.507594][ T6970] [ 61.508907][ T6970] ? stack_trace_save+0x8e/0xc0 [ 61.511009][ T6970] ? __pfx_stack_trace_save+0x10/0x10 [ 61.513296][ T6970] ? stack_depot_save_flags+0x28/0xa40 [ 61.515678][ T6970] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 61.518354][ T6970] ? kasan_save_stack+0x42/0x60 [ 61.520414][ T6970] ? kasan_save_stack+0x33/0x60 [ 61.522461][ T6970] ? kasan_save_track+0x14/0x30 [ 61.524466][ T6970] ? __kasan_kmalloc+0xaa/0xb0 [ 61.526047][ T6970] ? common_read+0xc1/0x3d0 [ 61.527516][ T6970] ? policydb_read+0x871/0x3220 [ 61.529057][ T6970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.530959][ T6970] ? hashtab_init+0x1b1/0x290 [ 61.532453][ T6970] __alloc_pages_noprof+0xb/0x1b0 [ 61.534068][ T6970] ___kmalloc_large_node+0x84/0x1e0 [ 61.535772][ T6970] ? hashtab_init+0x1b1/0x290 [ 61.537289][ T6970] __kmalloc_large_node_noprof+0x1c/0x70 [ 61.539055][ T6970] __kmalloc_noprof.cold+0xc/0x61 [ 61.540777][ T6970] hashtab_init+0x1b1/0x290 [ 61.542241][ T6970] ? __asan_memcpy+0x3c/0x60 [ 61.543731][ T6970] common_read+0x1c2/0x3d0 [ 61.545158][ T6970] ? __pfx_common_read+0x10/0x10 [ 61.546789][ T6970] ? __kmalloc_noprof+0x242/0x510 [ 61.548381][ T6970] ? __pfx_common_read+0x10/0x10 [ 61.549923][ T6970] policydb_read+0x871/0x3220 [ 61.551412][ T6970] ? __pfx_policydb_read+0x10/0x10 [ 61.553027][ T6970] security_load_policy+0x15c/0x12c0 [ 61.554674][ T6970] ? irqentry_exit+0x3b/0x90 [ 61.556212][ T6970] ? __pfx_security_load_policy+0x10/0x10 [ 61.558012][ T6970] ? _copy_from_user+0x93/0xd0 [ 61.559514][ T6970] sel_write_load+0x332/0x1bd0 [ 61.561022][ T6970] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 61.562846][ T6970] ? __lock_acquire+0xb8a/0x1c90 [ 61.564400][ T6970] ? __pfx_sel_write_load+0x10/0x10 [ 61.566087][ T6970] ? __pfx_sel_write_load+0x10/0x10 [ 61.567712][ T6970] vfs_write+0x2a0/0x1150 [ 61.569082][ T6970] ? __pfx___mutex_lock+0x10/0x10 [ 61.570603][ T6970] ? __pfx_vfs_write+0x10/0x10 [ 61.572104][ T6970] ? __fget_files+0x20e/0x3c0 [ 61.573615][ T6970] ksys_write+0x12a/0x250 [ 61.574973][ T6970] ? __pfx_ksys_write+0x10/0x10 [ 61.576575][ T6970] do_syscall_64+0xcd/0x4c0 [ 61.578015][ T6970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.579848][ T6970] RIP: 0033:0x7ff29cb8e9a9 [ 61.581257][ T6970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.587233][ T6970] RSP: 002b:00007ff29d9fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.589773][ T6970] RAX: ffffffffffffffda RBX: 00007ff29cdb5fa0 RCX: 00007ff29cb8e9a9 [ 61.592205][ T6970] RDX: 0000000000001790 RSI: 0000200000000000 RDI: 0000000000000003 [ 61.594674][ T6970] RBP: 00007ff29cc10d69 R08: 0000000000000000 R09: 0000000000000000 [ 61.597177][ T6970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.599624][ T6970] R13: 0000000000000000 R14: 00007ff29cdb5fa0 R15: 00007ffdb527d2f8 [ 61.602076][ T6970] [ 61.603062][ T6970] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 61.605343][ T6970] CPU: 1 UID: 0 PID: 6970 Comm: syz.0.269 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(full) [ 61.608965][ T6970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.612245][ T6970] Call Trace: [ 61.613312][ T6970] [ 61.614247][ T6970] dump_stack_lvl+0x3d/0x1f0 [ 61.615699][ T6970] panic+0x71c/0x800 [ 61.616949][ T6970] ? __pfx_panic+0x10/0x10 [ 61.618343][ T6970] ? show_trace_log_lvl+0x29b/0x3e0 [ 61.619943][ T6970] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 61.621843][ T6970] check_panic_on_warn+0xab/0xb0 [ 61.623398][ T6970] __warn+0xf6/0x3c0 [ 61.624636][ T6970] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 61.626521][ T6970] report_bug+0x3c3/0x580 [ 61.627879][ T6970] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 61.629761][ T6970] handle_bug+0x184/0x210 [ 61.631113][ T6970] exc_invalid_op+0x17/0x50 [ 61.632548][ T6970] asm_exc_invalid_op+0x1a/0x20 [ 61.634061][ T6970] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 61.636239][ T6970] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 83 fe 0a 0f 86 0a fe ff ff 80 3d 9d 46 7d 0e 00 75 0b c6 05 94 46 7d 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 61.642110][ T6970] RSP: 0018:ffffc9000dacf438 EFLAGS: 00010246 [ 61.644017][ T6970] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 61.646455][ T6970] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040dc0 [ 61.648881][ T6970] RBP: 0000000001000000 R08: 0000000000000005 R09: 0000000000000000 [ 61.651347][ T6970] R10: 0000000000200000 R11: 0000000000000001 R12: 000000000000000c [ 61.653784][ T6970] R13: 1ffff92001b59e9c R14: 0000000001000000 R15: 000000000000000c [ 61.656226][ T6970] ? stack_trace_save+0x8e/0xc0 [ 61.657761][ T6970] ? __pfx_stack_trace_save+0x10/0x10 [ 61.659419][ T6970] ? stack_depot_save_flags+0x28/0xa40 [ 61.661123][ T6970] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 61.663074][ T6970] ? kasan_save_stack+0x42/0x60 [ 61.664598][ T6970] ? kasan_save_stack+0x33/0x60 [ 61.666110][ T6970] ? kasan_save_track+0x14/0x30 [ 61.667649][ T6970] ? __kasan_kmalloc+0xaa/0xb0 [ 61.669149][ T6970] ? common_read+0xc1/0x3d0 [ 61.670577][ T6970] ? policydb_read+0x871/0x3220 [ 61.672099][ T6970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.674030][ T6970] ? hashtab_init+0x1b1/0x290 [ 61.675508][ T6970] __alloc_pages_noprof+0xb/0x1b0 [ 61.677087][ T6970] ___kmalloc_large_node+0x84/0x1e0 [ 61.678715][ T6970] ? hashtab_init+0x1b1/0x290 [ 61.680192][ T6970] __kmalloc_large_node_noprof+0x1c/0x70 [ 61.681933][ T6970] __kmalloc_noprof.cold+0xc/0x61 [ 61.683521][ T6970] hashtab_init+0x1b1/0x290 [ 61.684951][ T6970] ? __asan_memcpy+0x3c/0x60 [ 61.686397][ T6970] common_read+0x1c2/0x3d0 [ 61.687827][ T6970] ? __pfx_common_read+0x10/0x10 [ 61.689387][ T6970] ? __kmalloc_noprof+0x242/0x510 [ 61.690947][ T6970] ? __pfx_common_read+0x10/0x10 [ 61.692488][ T6970] policydb_read+0x871/0x3220 [ 61.693974][ T6970] ? __pfx_policydb_read+0x10/0x10 [ 61.695541][ T6970] security_load_policy+0x15c/0x12c0 [ 61.697131][ T6970] ? irqentry_exit+0x3b/0x90 [ 61.698545][ T6970] ? __pfx_security_load_policy+0x10/0x10 [ 61.700306][ T6970] ? _copy_from_user+0x93/0xd0 [ 61.701747][ T6970] sel_write_load+0x332/0x1bd0 [ 61.703233][ T6970] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 61.705031][ T6970] ? __lock_acquire+0xb8a/0x1c90 [ 61.706542][ T6970] ? __pfx_sel_write_load+0x10/0x10 [ 61.708133][ T6970] ? __pfx_sel_write_load+0x10/0x10 [ 61.709760][ T6970] vfs_write+0x2a0/0x1150 [ 61.711098][ T6970] ? __pfx___mutex_lock+0x10/0x10 [ 61.712658][ T6970] ? __pfx_vfs_write+0x10/0x10 [ 61.714119][ T6970] ? __fget_files+0x20e/0x3c0 [ 61.715583][ T6970] ksys_write+0x12a/0x250 [ 61.716946][ T6970] ? __pfx_ksys_write+0x10/0x10 [ 61.718480][ T6970] do_syscall_64+0xcd/0x4c0 [ 61.719900][ T6970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.721735][ T6970] RIP: 0033:0x7ff29cb8e9a9 [ 61.723214][ T6970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.729101][ T6970] RSP: 002b:00007ff29d9fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.731653][ T6970] RAX: ffffffffffffffda RBX: 00007ff29cdb5fa0 RCX: 00007ff29cb8e9a9 [ 61.734109][ T6970] RDX: 0000000000001790 RSI: 0000200000000000 RDI: 0000000000000003 [ 61.736546][ T6970] RBP: 00007ff29cc10d69 R08: 0000000000000000 R09: 0000000000000000 [ 61.738992][ T6970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.741440][ T6970] R13: 0000000000000000 R14: 00007ff29cdb5fa0 R15: 00007ffdb527d2f8 [ 61.743882][ T6970] [ 61.745457][ T6970] Kernel Offset: disabled [ 61.746794][ T6970] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:02:37 Registers: info registers vcpu 0 CPU#0 RAX=00000000000bed5f RBX=0000000000000000 RCX=ffffffff8b869c99 RDX=0000000000000000 RSI=ffffffff8de3046a RDI=ffffffff8c1574e0 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed100d486645 R10=ffff88806a43322b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a94250 R15=0000000000000000 RIP=ffffffff8b8687ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6720000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f87d8018e9c CR3=00000000345e1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000f0000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055eec87e3600 000055eec87e3600 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb9648350 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f636f6c6c615f5f 20353339343a632e 636f6c6c615f6567 61702f6d6d207461 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65645f746e657665 3a725f7463656a62 6f3a755f6d657473 79733d747865746e ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f637420745f6d64 617379733a725f6d 64617379733a746f 6f723d747865746e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f63732038393231 3d6f6e6920227366 706d74766564223d 766564202233746e ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 657665223d656d61 6e20223136322e32 2e7a7973223d6d6d 6f6320313439363d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855a57c5 RDI=ffffffff9b0b9e60 RBP=ffffffff9b0b9e20 RSP=ffffc9000daced90 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=000000000000006c R14=ffffffff9b0b9e20 R15=ffffffff855a5760 RIP=ffffffff855a57ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff29d9fc6c0 ffffffff 00c00000 GS =0000 ffff8880d6820000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000001000 CR3=00000000604d7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cc11d42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cc11d4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cc11d49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cc11d5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cc11de3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cc11ec1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cd86488 00007ff29cd86480 00007ff29cd86478 00007ff29cd86450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29d8ed100 00007ff29cd86440 00007ff29cd86458 00007ff29cd864a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff29cd86498 00007ff29cd86490 00007ff29cd86488 00007ff29cd86480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000006024b RBX=0000000000000002 RCX=ffffffff8b869c99 RDX=0000000000000000 RSI=ffffffff8de3046a RDI=ffffffff8c1574e0 RBP=ffffed1003c53910 RSP=ffffc90000187df8 R8 =0000000000000001 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000001 R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90a94250 R15=0000000000000000 RIP=ffffffff8b8687ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6920000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000000200 CR3=0000000033f26000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000001df8a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555cba8b2b 000055555cba6ba0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555cbaaf10 000055555cba9aa0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 020016a203000200 16a0030ffffffffa 0800169803018080 8608001690030204 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0304040016b40318 040016b003000800 16a80300020016a6 0300020016a40300 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 16cc0328040016c8 0300040016c40300 020016c2032a0200 16c00302080016b8 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030c040016d00302 10b880840016ce03 0010b080840016ce 031801e080808400 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 014080828010000c 80040100000a0806 060168e0408681b4 08000ce003001000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0cd0030010000cc0 030210000cb00301 8010000290030204 0016f80306040016 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f4030c040016f003 06edf6080016e803 06040016e4031004 0016e00301ffa804 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0016d80302040016 d4030c040016d003 0210b880840016ce 030010b080840016 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000684f3 RBX=0000000000000003 RCX=ffffffff8b869c99 RDX=0000000000000000 RSI=ffffffff8de3046a RDI=ffffffff8c1574e0 RBP=ffffed1003c56000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000001 R12=0000000000000003 R13=ffff88801e2b0000 R14=ffffffff90a94250 R15=0000000000000000 RIP=ffffffff8b8687ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a20000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fadf737df98 CR3=0000000051626000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffddd50e040 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f572fa11d42 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f572fa11d4f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f572fa11d49 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f572fa11d5d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f572fa11de3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f572fa11ec1 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000bc ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000bc ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000