last executing test programs: 3.412872093s ago: executing program 2 (id=147): r0 = syz_clone(0x200880, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x22000000) 3.412318257s ago: executing program 2 (id=149): mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext4\x00', 0x200000, 0x0) 3.333875201s ago: executing program 2 (id=152): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x34, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x0, ')'}]}}, 0x0}, 0x0) ioctl$EVIOCGMASK(r2, 0x80015b1a, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000700)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@local}, {@in=@remote, 0x0, 0x6c}, @in=@multicast2, {0x0, 0x6}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) 3.06193861s ago: executing program 3 (id=159): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) (async) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x25, 0x0, @void}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) socket$can_j1939(0x1d, 0x2, 0x7) (async) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {}, 0xff}, 0x18, &(0x7f0000000180)={0x0}}, 0xee) (async) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {}, 0xff}, 0x18, &(0x7f0000000180)={0x0}}, 0xee) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) (async) r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) capget(&(0x7f00000001c0), 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x540) ioctl$DRM_IOCTL_AUTH_MAGIC(r5, 0x40046411, &(0x7f00000010c0)=0x400000) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xff80, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = socket$inet(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r6, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) (async) setsockopt$inet_msfilter(r6, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r7) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100eb0000000000000003000000400001802c00040014000100020000007f00000100000000000000001400020002000000e000000200000000000000000d0001007564703a73"], 0x54}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1e2) mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='romfs\x00', 0x0, 0x0) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000180)='ntfs3\x00', 0x8, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="00020000010000005556"]) 2.272806921s ago: executing program 3 (id=173): prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) (async) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) (async) ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) (async) brk(0x200000ffc000) (async) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) sysfs$2(0x2, 0x0, &(0x7f0000000180)=""/222) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x200, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) (async) set_mempolicy_home_node(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000080)=r0) (async) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x60) syz_clone(0x0, &(0x7f0000000400)="c7ae9cd7e15bd9e85788b0b770aac47c806cab68da26decbd10a606a7b3a6fe60e3d6988bef386b40a0604c08055f89f56a7", 0x32, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)="13ebc1507dc8a88068573851bbf5f33bbee8c4897de17b30e1362bd84bab9d80b7b79b8a8f77ff213e2caaedede5e8fd45bd9cc67918af2e92fe98d67ab8439879b4306d273cb484e09382b3b922a138b4bcfb03dece206f503d09e47f2a07cf659b556e17342c217b10371aeeee743f505b53e2fb50a089c38e28d739ab943687f55d07b267ee7eeed54ada0780c178a16464") (async) write$binfmt_script(r2, &(0x7f0000001300)={'#! ', './file0', [{0x20, ',\xeaZu\xad\x8b\x1bo\xb5\xaa\t\x8d\x8f6j\\\xb0i\xd0{\xe8\xbd\x94\xe6\xd4[\xa3\x111\xb3\x93\xc9\x16eRuA{\f\xd4qf\a\xc4,V\x04U\x83hspb\xd5\xfa\xe2\xc9e\xc1\xbd:|\x15\xf4\x91\x13\xb6\x06\xc9\xb5D\a6\x11\xc9\x06\xc7\xcc\xfa\xf8\vBp9DCxf7\xcf\x14\xf9\xafFD\xbaz\xdd\x06(c\xb2\xa4.K.fxd\x1b]\xff\x9e'}, {0x20, '\t\x1b\x1c\x1e\xc3h$\xb0^\xc1\xab/\xb9\xf0\x13\xed\xd2\x05\xdfn{q\xac\xca\'\xef\xb0*\x11j=\xfb\x06$pY\x1cD\xd4k\xab\x0f\x1ds\xa5\x10\xdb\x9f0\xc8J\xf3\x98\xc6\xa1\x88\x9c\xe4\r9\xd3\x06L\xbf\x1a\xf1}M79?L\x98e\f\xb5\x0f\xfb\bH\xa8V\xc9ty\xdaJ9E-\xd0Z\xf4\x9b\xa0\xf5\x92\x06\x1b\x81\x03\xb7\xb0\xe3\x88\x85}G\xd9\x05\x85Jn\xf7\xf0\xae\xf7\xe22\x80[\xc62\'\x8e\xafC!b\x12\x9e\xd6\x0fW\x03\xf2c\xa5\x98h\xf9H\xa2\xa8\x83\xcb\x1c\xdd\xdc\xd2}\xfezZ\xc5\xd0ua\xd7\x06\x00\xa8\xf27\x8cU\xfb\xff\xff\xff`\x06Y\xafZ\xefK\xb1\x00\x00\x00\x00\xed\xf5\xb7@/\x9d\x11\x9b\xe5\x9dP\xff\x99w\x81\xca,\x9a\xfc\a\x99\f\b%\x90\xd5\xd8\xb7\xc07#\xb7\xb5\xfc!i/\x05\x865\xeawWV+\xcc\x8c\xd3\xb5\x03\xff\xe0\x00\x00\x00U\xee\xef%\x10\xba\xb4\"\xe5\xaf\\&\xf6\x9b\xb3\x1e\xd50\xce:\xa8|\fv\v\xfam\xb9\xb6\r\xca\x86\xb01\xd18\xd0\xc3\x8e'}, {0x20, '\x00{aU<7*g\xa0W\x110\xba\'\xd8\xad\xe4\x87\x0f\xbd\x0f\x1d\xfd\xbf]8\x0e\x1d\t\x12\xa2L\xb6i\x03\r\bYK8\xc9c\x99\x03\x00\x00\x00\x01\xc8r\n\x80\x04!\x80j\x9f\xb6s\xed1\x96\xc5\x16\x0f|h\xa8\xc9]\xfc\x1c\x97\aQMP\xf8\f\x91\xcf\x90\xad\xbf\xc1:\x96\xe8n\xb7)m\x9e\xc81\x85qL\x06\x81\xa0\x1d\xd2\xc7\xe9\xe8V\xc4\x88I\xdb\xdd\xb1\x98yC\v\x9d\x1e\xad\xcbQ\x02\x00\x00\x00\x00\x00\x00\x00\x86\x01;+\xea,a\x94\xce\xb0h\xaf!^\xe9I\xf2\xd5u\x9c\xab^\n\xe1{B#uTb\xdb\xdc<\x00\x8d\xc6\xdc{)\xa5\xa9D5\xe9\x8a\xc3\xcc\xad\xa5\xd1\xef\xb3\xe7\x8cZ\xdb(\xbb\tV\xda\x05Iz\x04\xbe\xf1^\xe7%\x0e\xf1[|2r\\\x03\xea0\x03\x93@\xae\xba \"\xa5\'Q\x98!+\xb6\xa8\x8d\xd0\x7f\x12\xfay\xa7\xa0\x13f\x0f&\'\xe2\x15\xa7\n\x1a\xf7\x00\xea\x994*.a\n\xf7[~\xe8\x81\xd53}\xc4\x86V[O\xe0\xa2\xd7\xdc\xc5\x0e\xc7\xf2\xec\x13\x8e\xcen\xd8\x00mqc\x9e\x83x\xe6#\x99TJ\xa6\b$\x9c\x97\xac+\x90|\xc5\x1d\x03m\xc5\xd9\x91\xd5\xde\xe2\xa8^\xfeIju.w\xa9\xb1\x8b\xe5JM\xca\xa3\t)\xa8\xbb\xb6\x12lJ\xfb\"\xba\x8b\xe7V\x0eZRc\xe0\xe6\x13\x06\x8c\x1f\xe93q\xfe\xd6tTW\x13\r\xcd\x9c\x92\xf2\xa6\xd8=|\xb7\xe8\xd0\xe1\xbc\xa2\xf5\xdf\xbd\xdb\xb8n\xad{s\x85OU!\x94\xdf\xc9j\x8d\xe1=\xa5d\x81\xeb\xc0\x01N\x04\x84\xe1\xb4\x84\xdd#\xe22\xd99Uc\xeex\xaa`\xe3\xf5\xd5X\xa0\x1d\"\x94J6\x96\xb6OM$\xf6>t\xd0S\x81\xb4\xc9l[\xa4D\xe6/Q\x8d\x16\x00\xf6o*w\xd6\xe2\xac\x15\xfd\vl=\xd9\xfb$\x86@\x7f\xdb\xc1\xe7b\x96OY\xf2\xeceC\x89\x93$C\xcc\xc1\x80I%\xe6\xe0\x14\x0f\x92@y\xc6'}, {0x20, '\xa4\xdfy\xf5Y\xbf\xd9i@8\\\x87h\xa6\xa0\xa43\x84\xe7\xd5\x98\xe8\x01\xd3\xf0\xc72\xdf\xfb\x00\xfd\xcd\xf2q\x84\xcb-\xf3\x92\x12\xef^~v\x10/X\x1e\xc3\xb1T\xf4\xd0m|\xabr\xc7L\x9b3\xbeCJ\xad!\xb2\xb5g\x7f\xe9W\a\x00\x03=q\x8a\x83|\\w\xe1\xf3\xf1\xe8\x83\xef\xe2\x8bU\xebG4<\x1b\a57<;\xefm:?\x8e\x16\tu\xd5=\xc6P5\xd7\xeci\xcaI\x15\x00]\xc6%\x94&9\xac\xa9\xe9k\x99qc2\xc6V6\x1e\x1c\xeb\x9e\xc78\xb4y+\x85\xc4\xfa.\x15\xe4\x11\xa2\x92\t\xde\xa9\xdc\xe1\xfd\x98\xd2Ja\'r4\xe3sFv\x02\xa6\x8exO\xd0D\x8ea\xc3g\xe5V|@1\x15H4(\xb8E\xa4\xa9\x8bp:\x82k/.:\xf6\x003G(\xd4\xfc\xa0\x01\xe3Q\x805?\br\xc2\x96(y\x8c\x95\xf2Rx\xca\x06\xea\xf43\xf2/8L\xd3u\x87m\x96\xfc\x9cU]\xffiN\x14\xe7-{\xea\x9f\'D\xc0\xeeqA\x1a\xed\x8d\xc8\xad\xcdZS\x1b\xb6{\xfa\xa8\x84\nd=\x0e\x8fc9\xf0\x7fK\xd7\b\x86r\xac\xaf\xd0\xb6^y\xc5\x03c\xc22\xa9R\x90\x9e\xfc\xce\x957O\x06]\xdcZ\x17\xb3\x1bb\xc9Dm\xa2\xd3\x91'}]}, 0x4ca) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'tunl0\x00', &(0x7f00000002c0)={'gretap0\x00', 0x0, 0x700, 0x1, 0xf, 0x338c, {{0x6, 0x4, 0x1, 0x38, 0x18, 0x66, 0x0, 0x7, 0x29, 0x0, @private=0xa010100, @private=0xa010101, {[@ra={0x94, 0x4}]}}}}}) r4 = bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r1}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1e00000006000000000000000200000090e30100", @ANYRES32=r2, @ANYBLOB='\t\x00'/20, @ANYRES32=r3, @ANYRES32, @ANYBLOB="00000000000000000500"/20, @ANYRES32, @ANYBLOB="619511099614e6db3f6740fbf5549b230a67702ee59a7fc5121f3be761bdacd32830a5c57e10bc102829584a85d2e07001f03f08a489e4a4ff5915d4fccef3dfdef8c7b97c2f8d98498209b9ba4f339b0000000000000000", @ANYRES32=r4, @ANYBLOB], 0x50) (async) close(r1) 2.223705193s ago: executing program 3 (id=175): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x2) unlink(&(0x7f00000005c0)='./file0\x00') r1 = syz_open_dev$audion(&(0x7f0000000000), 0x2181, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$LOOP_SET_FD(r1, 0x4c00, r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r3, &(0x7f00000003c0), 0x0}, 0x20) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r4, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0088a81327c9167c643c4a1b7880610cc9", 0x26, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$NL80211_CMD_UPDATE_FT_IES(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x30, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val, @val={0xc, 0x99, {0xb, 0x7f}}}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x4}, @NL80211_ATTR_MDID={0x1, 0xb1, 0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4000800) r6 = gettid() timer_create(0x2, &(0x7f000049efa0)={0x0, 0x7, 0x4, @tid=r6}, &(0x7f0000044000)) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000cc0), r7) sendmsg$IEEE802154_LLSEC_LIST_KEY(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, r8, 0x325, 0x70bd27}, 0x14}, 0x1, 0x0, 0x0, 0x10004}, 0x8000) sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r8, 0x400, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c890}, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{0x77359400}, {0x0, 0x9}}, 0x0) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='msdos\x00', 0x2000493, 0x0) 1.774000803s ago: executing program 1 (id=182): r0 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x101000) ioctl$CEC_ADAP_G_CAPS(r0, 0xc04c6100, &(0x7f0000000080)) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00004093'], 0x2a, 0xfffffffffffffffc) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x4, 0xb3, 0x0, 0x5, 0xff, 0x1f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x7}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = add_key(&(0x7f00000001c0)='.request_key_auth\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000019c0)='s', 0x1, 0xfffffffffffffffe) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r6, 0x540a, 0x3) keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1a}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r7 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000080)={0x3, 0x40009, 0x20}) 1.363878481s ago: executing program 3 (id=183): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) move_pages(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000ffb000/0x2000)=nil], &(0x7f00000000c0)=[0x200, 0xb1de00, 0x7439, 0x7, 0x1ff, 0x1dadb4ff, 0xfffffff9], &(0x7f0000000100)=[0x0, 0x0], 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r2, 0x1, 0x28, &(0x7f0000000180)=0x5, 0x4) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000880)=@allocspi={0x104, 0x16, 0x401, 0x0, 0x25dfdbfd, {{{@in=@local, @in=@local, 0x0, 0xfd1, 0x4, 0x2, 0x2, 0x0, 0x0, 0xc}, {@in6=@private2, 0x0, 0x33}, @in6=@loopback, {0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x80000001}, {0x101, 0x0, 0x0, 0x800}, {0x4, 0x6, 0x400}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x94}, 0x0, 0x4ad}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0xb2}}]}, 0x104}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5, 0x4}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv6_getroute={0x1c, 0x1a, 0x1, 0x0, 0x10000000, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x1c}}, 0x0) sendto$inet6(r3, &(0x7f0000000140)="39141ca1b2d270", 0x7, 0x800, &(0x7f0000000180)={0xa, 0x4e20, 0x1b9d, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c) syz_clone(0x200000, &(0x7f00000001c0)="a695693cf17ee64f2cdc65ddd7d210f4cdb78c3e4def086ebfa5e45f845ee189661234d1bddc11ba27099b8d3b91731de9f3332aaa34a437d6bc5e869db0237dba540a2d2639b5d7321ea0050cbdefd9695950f7f95e082c6064e5a55b140e0c561f70aa5c8be7ce66a9dbeac10a723a2e6619b716f3e5d7cf1559d038df33a0e73aa21e3caa4f1dee7e26865235a9ac52acb6783b6d667d9d58f62805b8e1116255cf8d136f303a1352d4118dbc18bbab55e61c2f7f51cb621fc7b9c684801701d562137055d7fc25fc", 0xca, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f00000009c0)="5ca62bb9fdb410ff6f572bf103be3cff1f90bcae96a7a412cbac162691687f2e04ab4361f47e981f483d10837d6073e283c35da78f56ffbcb9fe77f1eb7d1b563802b6c0afe0fd4e8c3a8a593209f1d88990a1161a861d70ad7100a84bf0aa996da7a8c76d06b5c9c3f150c1662463f1d80e4dc6fc4fecf88965e49c817b9fddc74fc409c88d64c0df6f66c7986230e61a0e9b1a8a3e36c82b472a3f14dab7a8a19d44d1528e01fe6afea9b94d6d1af78eecf2400e8da556fc585521f89e84db5ff2bc0e61b9c48e0db21a2bcebff2ccb98c9ce44a9f0965442b3e81044691ca1e207462ad2bb72aa3a2b04ed602057f5cb109c175a07e967bac4e0a70155ab187b54bbe912bb89bfee1df80209007d88e78e5dbe3716f5835ea60848fe330cc52e90136920b9b99af89d7d0d8496079e8ebcaa35d94748a9204f6fa684208458c906ce5773426186b569b2754e96db5f30809efd4cc82b021fdea97c761c8576c71b49693f45bf7fd3757b89381ab82bfd8e103a3d2b384f95d95b1df9dc1969ac39734c784e37ebe8c7b718f6df169845cb900fb4673b3ecbcd4449e6b7324b3d29ada677a47a488d02c89c372bb400eb4d2168e2ea0bc25739936f5dee038e082201cea4332dd2db9b6dbbfa9c10296b4fdea349b6e9bc02b521f378caecb3613dd94dda9a836c6a911e4dd18549e213e901fbe391286904c7e9b0fe1753fadc2cbc1d86886566691051f434f49fb98c25769fb3b7ad68a7d0765d2563ab42b3a2f5e1651d8ecf58ee0888948c5412ea8b88f49023cd5ac025ee85e95621c243dd1e7d2dde53fedb1cbafc0edc2204762f28056cc0b233d6789e71f5916ca5b1ec207a3e5cbf1074deeee560360e8e7291f4a3d380727a4135ee82112b0af2d0239d6813cf2fbc109e1121153804459f86b268ac7409d7c357d67efabc3296b3b1d68e1f895ffee7715074e8f44fcb555e8b56085eaf4168878777a6d0b28e8b67b401c44f763ad7635ff5b58d0b9472d481c6bd73bbb42115538575e8789515bbdc577995c4e0a26f2ea826773c9d9d22d68d21471d37ef0e825be94c1f63b660fe3adc0377c843a06cc092ad9042ca002d94f7dbf83afbbb3febdc72ba9ed54d0b923bfca8888a4a8d625c523f340c71f79fd20b71d183410e4ce1a13e361a30a66ba002cdf775d5035eb6314becd2eff4687517361ec3bbc3bc51b9e4ad6932183ab0f670a051de8a9782731a54241faa679123d01dc67d17dd186d0b2d1e95fb256d8d1b6b07be43632818b989bf8a6966af5c784ffb80349541a990cd4c6dee25ab0e0abf3185dd2505c60b731752af23464a9b6fcd80edc6816e7b06e69eb7baabc7ce82b6d400cf925efcb01c9ba1f12cfc8f0c14327149c1cee6a7dde6110a14f55f947bd83e5a548c70be50a5cb90ceb4c490ade6b9156f58c269b74ac95e219b8f9a4aa7aab9879d5d0aa0e7c9d114d7c5df01d70fbaae962b9864cbcec1d815aed3c669772a87fc9c15dea3f0554915b8ab3dac4df63d39159071e5bfd23a5577ec62918edfd23b83522f2c2c99fcd86bd2cf6f85f1760a3c28098efd7af0da8daf3f15aff8a0f17370c2dfc1cbf26e5f1870c83bbffb3db5cdf719f11f752ff338fbcf05ac696c8ff5a8978a9b493ad7eb80e6443cb949eb0d66cdf78735035b436ca67c437173ae06ec74634ae66d31d137cff7c2c6726bcd6f37dced70056b004ebc765e0c8ffceda8db429b3b1e321fb8956621faad51dce3a9f3b5b05cb8afaa25538671d614862e804ecd8e1ecd12fc52473906971334703733db1a2eb3ac01fe6b9209af2417c832a0d1acd0ece821c22f419a4a2bd86264e99e209b129d4261dcc537ba3a9e6cf6927c3583c9cff919eeed12f081b1c1ab0b79eb0df65b1a6c54647d69c6b2c34862e119478d56fae4fd782be19f49b31d57089d74a0af732c2018af064d06282723f546e915796a6ef18c7b6b8048cdce71fdb89ae6d962fe3a88022a61c24ffeb9c31af6f1768a0a1bf75d97a2aa365f033a9e07225db09444fa7e0536bded5b367cae7b121f0f2052de0d6621073904bf2431670d83bfc2578a35d0c68fdd09af6e115013218d56898ecb17bd0b83a3f0b018468949ddfc089e4aa42701674d10a312389cb42fdecaa520129360e40cb5f9cb88ddfe98c9775cff121a2a871f5a7a25b59e813cffc4ed0084b60ab68fed4ca97b53a3cc3291c1a096fa38741466169abf9726cfb3abae842e5218748df0a771952845a83774436983bee2678d4bda2ebf9ea441c381b3bd4fd37dfd9ca6848ca8e1c80e95ae850578ec40218cfe7be05353b28682d6cebeca9eb1c1f6f8fc0af5ccdbd2d199898917715efcbe23cb1361362475a0f477b117cae3a80fd0e42892e3541808e9fe22d0e9c1c652e9001309e9f1bd4685bb04aa2d304ceac627572c1a5134bf2903cf70d6e3e70ac0a182908f8e5beb7252b7ebaecda9ce19148e04991ef09302e2fb4b1d65a30e3f49eaf0321a301238b1d825b18ddf5ed445a66d8c095aac124c28de298fd55757ac570d5a15be908c3ddf5adf7962540cca8f80b5dd3db34dd16cfd625ee6091b186adb9b0c4922548c6ef273ede267ca2663435f315c234a2d7498b480a8c34b7eb63ea81497ef607aea7cb82f199b6855f8e26b90a2ad559b52d1579bb0ae7e53556991039a3de748cf31415eb51b1b1f06f2f0961453481e78f9690ba854733e8fc4c5b5f5c1beac7a0ac9430a08281ec919cc4090da0561d187ca9e3c0ae0ea3bb5e9de49157105efc22a9cef2d6b7674b3b95d1ddd5f24b151a0556770d01d106ca574b0264b947f4fc994b26908894c7969e28c9663847d29adeebc6391341b8f8b13190c8a508aadf543b4a648dd411d5df2ae751ca6c70ee3aee905cb82c0c88c8b39bd8a1fa249e56284847b9903649119d8161ac21e95eaac8301c22e2a92a24323c73218e919f8e5f2e6c9236ee425690841b09f209603db2af31aec5f0ff78f1016d87a3007f9a88d5ebd16f7943d40de1f4c5f9cf4a74f4e74158e0b8763a880678a561008ec1e1b9dfb17dea90d5d462bff87dfb979c5631b21a5ceae29c059bff1cc4cdb01ed89a90be4c3a81a6ded6a05283028fd30d045d256ce67be1e14128dc2a1a505c82ad28f7d932d7de873f79a868edc025c19eda94bd9d8663fdff4ac1dff4003724c507ceb02dd38784659afc4bbe09eb652d6242bfa82adef93710e249c480d45ee9d57b9c6fee3931c030aad31647fbba69da65bd72b0f0b3934202150f44f3089af2d12aeeb19b14a62c14980893ddc6d45360e2992e2ecf54a78d2adbd63947a9c265032b3a192d636aa3d63f67fabf42220a423a10e558b310398b4e223d33a0f48b159db09523b3252f1485997deffe4fb141451a9fbd16a4d1bba6c6e19a34b4e951ec154915bde48f7437267c22726b655f369b5468f9aa86e8a53976c2d3d3194f92def75f3a3ed7664f15baaa0d517c2236bcca25d4de4ffa4f85816cc38abcb392a0850bb69ade0a40940b6769935e4d7243118165b3059c7c02ac76734fca03eda7e7a9328132507685bbbd6cf8f0cafc8833e4a04f629df753398ce8af4fd35b6d33eb9a8d2dfac66d63950df77836fb0cd2ca89d08ea7f6c015ee902142b1f80882ce89868d1730149a6a169cc3d7f445fd9e795f730994a2de03575de727783856f8358cef5fc5bac2ff81bd041dfbdc6caaf508734db594a34424cff61b17193acdaa7e7caa7a8810cd8f5821989d666431fc542054b3dcc2c536b7dfe88a56b7211fc2c6bb19518e12b65796937c11488589de722114c685aa8e05a254a18c2bd984029d8f48e2ec25f48199094f0bcff9ccc1e2d8e6e99e8f96dec1f5650bc9ab199ad71e44c37968ae1c6a752acc298c845cfcdf980276c5461b1049de481774415e3001341859dd298eacb5e689ad83a94f460001945e554d2a442b4ba3670985f2d2652dcb603de90d1b364f3c4e751477b8484a23f011be04d1ab0ed993114332387b681b82b3c824dfe0375c0681194a65821867396072e44cf0ab7cca623975ab321280070c65991c8f5157318e0817d6b3e09a19abd5fd5a730b340e2cdaa0dc8995b04e0c1f8a8d69cc08cccd10ac938bef6d91abc061830f4a397b0a5d10ed28e790a2971996997816b9250cc8adeda291539838d51b5ac2ce953fabf02cb5b2890e86c8cc9848dc6587e5dfe9bd8eebb285158d1a809636bae42f821efcd6687163d99cdf4820061005c9e050ea557ee5265eae1d976e578a73e2e77014d134051424e931ac7a46e432b1101ec746d53baadb2cb142dd3e93dde8e7c180b59615bb3f6ba6ca4c7be716c83ce8d4ec22eaae3724c8a6c1aed6d5480510f281f8dd568a5aa41c5244ee205bf9c449ceb57e1491f5039328cc871f0638034b9adc07d324a55862af4979de606ab29b13a3864c0defbbb46d77fd8543cc1b36129c21433026a34d345580deff98fd6947d24aaa9fde2e613b86724ed655549dc4c3a089d8a7478339785447d7f46ad11a82cbc693f9f401be12b16db15b99b70cb35c535319f6d939559f3a4035b4647a6a472c53ab98c3b45ff59f558f5e66680974c353a5e63b18349d1e152bd73f50894433290f53bf30ab5dc826e8a317a66fcf74381505b32aea69d3f96bc6e335e6fb8bbfb2efd3011bd3100b3513bc578eb828cfd0ae4a4b2c4a63d7b5a9a4589b80b34bd54a68c0b286b1c2e1d6c0f231e56417e541331beb7b0062cd620cd11afa531cd075b465308c05949d57f54a02ced7f2bb84af480e5634a2b087494c9b70652872d09d8dfbece1e8e55d8501406ee68af6fdd6eabdb44bfa5743d37e5cc01254ee2b74f8422f14ef43ca35e4afeecc5e67030d4272e378d0efa0ba20dc2bdae94a8c9474e5f41faa116a15032d03d2d2f99310910f6ae2fcba726f6bec4e75fe2817504d448aad671bd591ee0f1b95387235262c8168c26d653bf1f25776056e1307694a626d1829733cc568381ae7ca42a6ed38476583d4ee9590b937c367ad0d315f76f880a87eea977b96bef481538b4b37af66a3b8eff5f3a2a80914ceb5ea504581061179e6f6b1800ccaff59502a1e6b6fd0b74f9112cc2c3ed7574413347daf8aa55f5de7d3e13340d72f1e3d4d7deffb49633e16b3659dcb85acaa04a3fd61eedcec3e1c64303ddf6157afd1cf3c1d187411b51dd1ba4aa7ebefa50b529dbe85c192fd510b4ac5cc5cb34a6cf90a7db9e7638a0eb48c99eb62c380c262fa2bd9c991e9b0d43b3b9628b0507f42ad3bdeedc4558a5dac7db8897a10c28dad00888e94adaf18f0850c8c307e9ca2764ba5ce22894665841d6438baba7467d470ac9fd03e18c103ffb592e14fadb69740e19faa450c9344564833feade0be436400e9b517de6da6a244158a1681a3e76ab51533c0dd334e12e5deea482dec4e0097a506f8474e5b5cab1ccc68749b2568791e2427a5bd35020a50fe2869a4e94e16cc98de38342a729c0d4c905919e8a899f37859c8aeb716193b62eed12c207e0bcf5a6f73296fbc2c83ad7c7ab2ee498e393fc3f4c60889d96015a3851b37fdcf9e25d497f491ac7b8d50068b4c85b8aa00c2f5cab3181ce0c6b0cf1ae1ad6fad45ecf72865aad69bb939b53b4611433930fe3499381e87d7068dd9c250df3a37cbcfac3be7e2adbe26700407bf6498bd3dda8f05f2ec6fe2cc9e856cc7166f8dd4e312cd109b68cd52051922777416e38f17a02eb87b23dce16dca99") 1.361225129s ago: executing program 3 (id=184): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000940)={'filter\x00', 0x104, 0x4, 0x3f0, 0x220, 0x220, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @empty, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@random="cab170e97230", @multicast1, @remote, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0xff000000, 0x0, 0x0, {@mac=@remote, {[0x0, 0x0, 0xff]}}, {}, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00', {}, {0xff}}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r1 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r2 = syz_open_dev$media(&(0x7f0000000000), 0x4, 0x62602) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0x7c80, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000082"], 0x34}}, 0x0) r4 = syz_io_uring_setup(0x4a60, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0xfffffffe, 0x1b3}, &(0x7f00000004c0)=0x0, &(0x7f0000000140)=0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, 0x0) socket$packet(0x11, 0xc2340cf684d20d18, 0x300) fcntl$getownex(r2, 0x10, &(0x7f00000001c0)={0x0, 0x0}) capset(&(0x7f0000000200)={0x39900612, r8}, &(0x7f0000000140)={0x6, 0x0, 0xfffffffc, 0xfffffff7, 0xfffffff3, 0xfffffffa}) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x1d, r9}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r9, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) r10 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) ioctl$KVM_DIRTY_TLB(r7, 0x4010aeaa, &(0x7f0000000240)={0x9, 0xfffff001}) prlimit64(0xffffffffffffffff, 0x2, 0x0, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000180)=0x1) ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}}) 1.294209594s ago: executing program 3 (id=185): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100000300"/20, @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) io_uring_setup(0x7a85, &(0x7f0000000200)={0x0, 0x31a9, 0x8, 0x2, 0x304}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54563e896efbde2d340000006800030000000000feffffff0a8e55000000000018020880140001000000000000000000000004000610c30f04000400"], 0x34}}, 0x90) mbind(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x3, 0x0, 0x3, 0x4) r3 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r3) r4 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) read$char_usb(r5, 0x0, 0x46) syz_usb_ep_write$ath9k_ep1(r4, 0x82, 0x4, &(0x7f0000000040)=ANY=[]) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0], 0x50}}, 0x4000000) 892.991055ms ago: executing program 0 (id=192): setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @broadcast}, 0x10) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x12080, 0x0) (async) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x12080, 0x0) r1 = socket$caif_stream(0x25, 0x1, 0x2) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000080)={0x4, r1, 0x26, {0x5, 0xe2}}, 0x1) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f00000000c0)) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) move_mount(r0, &(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00', 0x20) newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = getegid() getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@private1}}, &(0x7f0000000440)=0xe8) fstat(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x1000000, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}], [{@dont_measure}, {@subj_role={'subj_role', 0x3d, '\x00'}}, {@euid_gt={'euid>', r5}}, {@smackfsdef={'smackfsdef', 0x3d, '\xff\xff\xff\xff\xff\xff'}}, {@appraise}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@fowner_gt={'fowner>', r6}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@dont_hash}, {@flag='lazytime'}]}}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000640), &(0x7f0000000680)=0xc) (async) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000640)={0x0}, &(0x7f0000000680)=0xc) syz_open_procfs(r7, &(0x7f00000006c0)='net/protocols\x00') (async) r8 = syz_open_procfs(r7, &(0x7f00000006c0)='net/protocols\x00') syz_open_dev$dri(&(0x7f0000000700), 0xc14c, 0x40000) (async) r9 = syz_open_dev$dri(&(0x7f0000000700), 0xc14c, 0x40000) ioctl$AUTOFS_DEV_IOCTL_FAIL(r8, 0xc0189377, &(0x7f0000000740)={{0x1, 0x1, 0x18, r9, {0x10, 0x9}}, '.\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_FAIL(r8, 0xc0189377, &(0x7f0000000740)={{0x1, 0x1, 0x18, r9, {0x10, 0x9}}, '.\x00'}) r11 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) ioctl$FITHAW(r11, 0xc0045878) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r8, 0xc0189372, &(0x7f00000007c0)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r8, 0xc0189372, &(0x7f00000007c0)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000980)={0x4}, 0x8) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000980)={0x4, 0x0}, 0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a40)={{r8, 0xffffffffffffffff}, &(0x7f00000009c0), &(0x7f0000000a00)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1, 0xc, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x8}, [@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1}, @ldst={0x0, 0x1, 0x0, 0x1, 0x8, 0x6}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x3}, @map_fd={0x18, 0x7, 0x1, 0x0, r8}, @generic={0xe, 0x0, 0x2, 0x9, 0x9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}]}, &(0x7f0000000880)='GPL\x00', 0xffffff80, 0x37, &(0x7f00000008c0)=""/55, 0x41000, 0x20, '\x00', r4, @fallback=0x19, r12, 0x8, &(0x7f0000000900)={0x1, 0x6}, 0x8, 0x10, &(0x7f0000000940)={0x1, 0xb, 0x40, 0x7}, 0x10, r13, r12, 0x2, &(0x7f0000000a80)=[r10, r10, r14, r0], &(0x7f0000000ac0)=[{0x2, 0x5, 0xa, 0x4}, {0x1, 0x1, 0xf, 0xb}], 0x10, 0x6ff8, @void, @value}, 0x94) setsockopt$ax25_SO_BINDTODEVICE(r10, 0x101, 0x19, &(0x7f0000000bc0)=@netrom={'nr', 0x0}, 0x10) r15 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0) ioctl$VHOST_VDPA_GET_GROUP_NUM(r15, 0x8004af81, &(0x7f0000000c40)) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r12, 0xc01064bd, &(0x7f0000000d00)={&(0x7f0000000c80)="c16e8f8fbd386e28896e0960cee3f188548c1cac5c08ddc310a87d1d6075a80fa03e25efe24f3d71b7f60253eb199bfd048e200b051bfeebf4144250eeb1d5175ca9ea1b7e2c1a9568aeb57a76c43a8d32d246ac375e3cfaf63e99b0c441dc955eab6e4522d910d5f38b1334ff684c2f96c4dd", 0x73}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f0000000e40)={&(0x7f0000000d40)=[0x0], &(0x7f0000000d80)=[0x0, 0x0], &(0x7f0000000dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000e00)=[0x0, 0x0], 0x1, 0x2, 0xa, 0x2}) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f0000000e40)={&(0x7f0000000d40)=[0x0], &(0x7f0000000d80)=[0x0, 0x0], &(0x7f0000000dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000e00)=[0x0, 0x0], 0x1, 0x2, 0xa, 0x2}) ioctl$DRM_IOCTL_MODE_GETFB(r10, 0xc01c64ad, &(0x7f0000000e80)={r16}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f00), 0xffffffffffffffff) (async) r17 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f00), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f40)={0x40, r17, 0x800, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x62}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x124}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f8}]]}, 0x40}, 0x1, 0x0, 0x0, 0x4080}, 0x4) (async) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f40)={0x40, r17, 0x800, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x62}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x124}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f8}]]}, 0x40}, 0x1, 0x0, 0x0, 0x4080}, 0x4) 803.739549ms ago: executing program 0 (id=193): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000940)={'filter\x00', 0x104, 0x4, 0x3f0, 0x220, 0x220, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @empty, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@random="cab170e97230", @multicast1, @remote, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0xff000000, 0x0, 0x0, {@mac=@remote, {[0x0, 0x0, 0xff]}}, {}, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00', {}, {0xff}}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r1 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r2 = syz_open_dev$media(&(0x7f0000000000), 0x4, 0x62602) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000080)) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, 0x0) socket$packet(0x11, 0xc2340cf684d20d18, 0x300) fcntl$getownex(r2, 0x10, &(0x7f00000001c0)={0x0, 0x0}) capset(&(0x7f0000000200)={0x39900612, r3}, &(0x7f0000000140)={0x6, 0x0, 0xfffffffc, 0xfffffff7, 0xfffffff3, 0xfffffffa}) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x1d, r4}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) prlimit64(0xffffffffffffffff, 0x2, 0x0, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000180)=0x1) ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}}) 803.356104ms ago: executing program 1 (id=194): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) syz_emit_ethernet(0x66, &(0x7f00000005c0)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x30, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x0, 0x0, @loopback, @empty}}}}}}}, 0x0) mount(&(0x7f0000000080)=@md0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='qnx6\x00', 0x80081f, 0x0) 802.058106ms ago: executing program 1 (id=195): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr-camellia-aesni,rmd256)\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r2, 0x801, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0b}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "c612fb89dc"}, @NL80211_KEY_TYPE={0x8}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4091}, 0x0) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x62) 750.569287ms ago: executing program 0 (id=196): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x810c52, &(0x7f0000000180)={'trans=virtio,', {[{@dfltgid={'dfltgid', 0x3d, 0xee00}}]}}) 750.149928ms ago: executing program 1 (id=197): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan1\x00', 0x0}) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2800000011146ff90000050000000000080001000000000008004b0013"], 0x28}}, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000140)={r6, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r7, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fedbdf250c00000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802112000000000680008000249b6e707798ca3623a494a0000000800370000000000", @ANYRES16=r0], 0x38}, 0x1, 0x0, 0x0, 0x849}, 0x4000) 684.212227ms ago: executing program 1 (id=198): clock_settime(0x5, &(0x7f0000000040)) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') write$binfmt_script(r0, &(0x7f0000000ac0)={'#! ', './file0', [], 0xa, '\\'}, 0xc) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='status\x00') preadv(r1, &(0x7f0000000440)=[{&(0x7f0000000280)=""/117, 0x75}], 0x1, 0x0, 0x0) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0) r2 = getuid() lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_virtio(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1000012, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=virtio,access=', @ANYRESDEC=r3]) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in=@remote}}, &(0x7f0000000080)=0xe8) read$FUSE(r1, &(0x7f0000000b00)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) read$FUSE(r0, &(0x7f0000002b40)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r8 = getgid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000340)={{0x1, 0x1, 0x18, r0, {0xee00, 0x0}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff, 0x0}}, './file0\x00'}) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000010004000000000002000100", @ANYRES32=0x0, @ANYBLOB="02000100", @ANYRES32=r2, @ANYBLOB="02000600", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=r4, @ANYBLOB="040007000000000008000500", @ANYRES32=r5, @ANYBLOB="0817d900a0b6e2e87b4dccef5a1e52dc288c5ba2457a12afe39c11", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r8, @ANYBLOB="08000500", @ANYRES32=r9, @ANYBLOB="08000300", @ANYRES32=r10, @ANYBLOB="10000400000000002000000000000000"], 0x7c, 0x1) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3) 684.029437ms ago: executing program 0 (id=199): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup, 0xffffffffffffffff, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) (async) timer_create(0x7, &(0x7f0000000000)={0x0, 0x22, 0x1}, &(0x7f0000000080)=0x0) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)="480000001500257f09004b01fcfc8c860a881300f217e0060000e3323909b8f8896e33719fe3bb036e0bc90900000000000000000000ffff5bf1090000d0bd5e000000006203005b", 0x48}], 0x1) (async) timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000000180)) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)={0x14, r1, 0x1}, 0x14}}, 0x0) 683.780258ms ago: executing program 1 (id=200): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r0 = syz_open_dev$loop(&(0x7f0000000200), 0x3, 0xd00) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000002400)) r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "020037e0"}, 0x0, 0x2, {0x0}}) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x100004, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) ppoll(&(0x7f0000000340)=[{r2, 0x1}], 0x1, 0x0, 0x0, 0x0) r3 = socket(0x1, 0x2, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x8090) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_DYNSET_FLAGS={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_DYNSET_OP={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_DYNSET_SREG_KEY={0x8}]}}}]}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x20040815}, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000000)={{{@in6=@empty, @in=@initdev}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000100)=0xe8) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f0000000140), 0x10) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r8 = dup(r7) write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe935"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8]) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r8, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, 0x0, 0x20, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x9, 0x18}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x34}}, 0x4000800) socket$netlink(0x10, 0x3, 0x0) 552.962238ms ago: executing program 0 (id=201): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xc, 0xd, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e000000850000000700000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$inet6(0xa, 0x2, 0x0) fchown(r2, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x0, {}, [{0x54, 0x1, [@m_bpf={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_OPS={0x4}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x68}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8}}}}]}, 0x38}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="0000090000980500000000000800", 0x0, 0x80000002, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 552.504414ms ago: executing program 0 (id=202): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000cc0)=ANY=[], 0x0) write$snapshot(r0, &(0x7f0000000000)="e78757c9ac66c2a51849d49515e974767e2c73d85c1fc0ea33f0102e1519c5204f3b63711ac4dbe107ea624f3e0015ce170292ee3c2193637d8d7f69963a74bd31911d1ea947a13a4ca6a59b3fdfdc666dc7d47cd5bceca7bf0d53993031531ec3a0d91bdae74e9e68b573419933537cd238ac1ba9f799dcbb1f68329c56109c5b4a24954486228715d68847c2709bef10cfe62f04b6295ecb7767f79d77ec95057410cbf58d44a92ec6d5aa1f757c434bc772eefc12b619c53c14428763b4174d5f7213e6413883b14a0c9c14279e6154649048b83d3965", 0xd8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000090900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a300000000028000480240001800a0001007175657565000000140002800600014000020000060003400001000014000000110001"], 0xd8}}, 0x4000040) ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304) r2 = fsmount(0xffffffffffffffff, 0x1, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0193a2e89a00000000001fffffff04000180080002"], 0x20}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, r4, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c001}, 0x8005) 272.910988ms ago: executing program 2 (id=203): r0 = socket$alg(0x26, 0x5, 0x0) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f00000000c0)) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) r2 = fanotify_init(0x8, 0x40000) fanotify_mark(r2, 0x1, 0x100018, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0) read(r1, &(0x7f00000008c0)=""/4096, 0x1000) 4.13279ms ago: executing program 2 (id=204): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async) r2 = syz_open_dev$sndpcmp(&(0x7f0000002440), 0x0, 0x0) mmap(&(0x7f0000839000/0xe000)=nil, 0xe000, 0x2, 0x12, r2, 0x6097000) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd2a, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x3c}}, 0x20048880) (async) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010002000000000000000c0001000100000000000000000000a5839227f8c32321000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000001840), 0xffffffffffffffff) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000700)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x4, 0x1}, 0xfffffffffffffe99, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 0s ago: executing program 2 (id=205): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000940)={'filter\x00', 0x104, 0x4, 0x3f0, 0x220, 0x220, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @empty, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@random="cab170e97230", @multicast1, @remote, 0x8}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0xff000000, 0x0, 0x0, {@mac=@remote, {[0x0, 0x0, 0xff]}}, {}, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 'xfrm0\x00', 'ipvlan1\x00', {}, {0xff}}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r1 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) r2 = syz_open_dev$media(&(0x7f0000000000), 0x4, 0x62602) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0x7c80, 0x0) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, 0x0) socket$packet(0x11, 0xc2340cf684d20d18, 0x300) fcntl$getownex(r2, 0x10, &(0x7f00000001c0)={0x0, 0x0}) capset(&(0x7f0000000200)={0x39900612, r4}, &(0x7f0000000140)={0x6, 0x0, 0xfffffffc, 0xfffffff7, 0xfffffff3, 0xfffffffa}) r5 = syz_open_dev$I2C(&(0x7f0000002400), 0xa, 0x480) read$FUSE(r1, &(0x7f00000024c0)={0x2020}, 0x2020) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000002480)={0x0, 0x6, 0x7, &(0x7f0000002440)={0x19, "0e8222606612b745338752553a42f61981a54d27ce3a4313c752f3f77a1c2155bb"}}) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x0, 0x2}) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x2b, 0x0, "fca57b76070d3dab6b0ec22c3b4e860e817343e91f2a7ebc860f6f4fb693e0ffd7f933e856d35e17f5e064800e1b8ab99c03a012548145d120157e5da1bd9e00"}, 0xd8) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(0xffffffffffffffff, &(0x7f0000000200)={0x1d, r7}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r7, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) prlimit64(0xffffffffffffffff, 0x2, 0x0, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000180)=0x1) ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}}) kernel console output (not intermixed with test programs): [ 81.492510][ T835] cfg80211: failed to load regulatory.db [ 305.731527][ T40] audit: type=1400 audit(1744087426.285:83): avc: denied { read } for pid=5336 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 305.737664][ T40] audit: type=1400 audit(1744087426.285:84): avc: denied { append } for pid=5336 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 305.743605][ T40] audit: type=1400 audit(1744087426.285:85): avc: denied { open } for pid=5336 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 305.749306][ T40] audit: type=1400 audit(1744087426.285:86): avc: denied { getattr } for pid=5336 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:30097' (ED25519) to the list of known hosts. [ 305.886502][ T40] audit: type=1400 audit(1744087426.435:87): avc: denied { name_bind } for pid=5957 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 305.910067][ T40] audit: type=1400 audit(1744087426.455:88): avc: denied { execute } for pid=5959 comm="sh" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 305.917496][ T40] audit: type=1400 audit(1744087426.455:89): avc: denied { execute_no_trans } for pid=5959 comm="sh" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 307.712381][ T40] audit: type=1400 audit(1744087428.265:90): avc: denied { mounton } for pid=5959 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 307.714772][ T5959] cgroup: Unknown subsys name 'net' [ 307.720230][ T40] audit: type=1400 audit(1744087428.265:91): avc: denied { mount } for pid=5959 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 307.729402][ T40] audit: type=1400 audit(1744087428.275:92): avc: denied { unmount } for pid=5959 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 307.895971][ T5959] cgroup: Unknown subsys name 'cpuset' [ 307.902104][ T5959] cgroup: Unknown subsys name 'rlimit' [ 308.114545][ T5963] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 308.771375][ T5959] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 311.844058][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 311.844074][ T40] audit: type=1400 audit(1744087432.395:105): avc: denied { execmem } for pid=5964 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 312.065932][ T40] audit: type=1400 audit(1744087432.615:106): avc: denied { create } for pid=5968 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 312.072470][ T40] audit: type=1400 audit(1744087432.615:107): avc: denied { read write } for pid=5968 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 312.078856][ T40] audit: type=1400 audit(1744087432.615:108): avc: denied { open } for pid=5968 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 312.085265][ T40] audit: type=1400 audit(1744087432.625:109): avc: denied { ioctl } for pid=5968 comm="syz-executor" path="socket:[2015]" dev="sockfs" ino=2015 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 312.121665][ T5984] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 312.124020][ T5984] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 312.126498][ T5984] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 312.128627][ T5983] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 312.129178][ T5984] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 312.132661][ T5983] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 312.134279][ T5984] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 312.135924][ T5983] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 312.136242][ T5985] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 312.137039][ T5985] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 312.137381][ T5985] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 312.138179][ T5985] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 312.138726][ T5984] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 312.140669][ T5983] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 312.141881][ T5986] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 312.143550][ T5986] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 312.144772][ T40] audit: type=1400 audit(1744087432.695:110): avc: denied { read } for pid=5978 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 312.145158][ T40] audit: type=1400 audit(1744087432.695:111): avc: denied { open } for pid=5978 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 312.145392][ T5983] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 312.148184][ T5986] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 312.154185][ T40] audit: type=1400 audit(1744087432.695:112): avc: denied { mounton } for pid=5968 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 312.170750][ T5986] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 312.186008][ T5986] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 312.341619][ T40] audit: type=1400 audit(1744087432.895:113): avc: denied { module_request } for pid=5968 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 312.397865][ T5968] chnl_net:caif_netlink_parms(): no params data found [ 312.490941][ T5978] chnl_net:caif_netlink_parms(): no params data found [ 312.598918][ T5968] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.601859][ T5968] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.604736][ T5968] bridge_slave_0: entered allmulticast mode [ 312.608335][ T5968] bridge_slave_0: entered promiscuous mode [ 312.614039][ T5968] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.616218][ T5968] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.618621][ T5968] bridge_slave_1: entered allmulticast mode [ 312.621873][ T5968] bridge_slave_1: entered promiscuous mode [ 312.655277][ T5969] chnl_net:caif_netlink_parms(): no params data found [ 312.764997][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.767463][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.769635][ T5978] bridge_slave_0: entered allmulticast mode [ 312.772623][ T5978] bridge_slave_0: entered promiscuous mode [ 312.784988][ T5968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.788537][ T5970] chnl_net:caif_netlink_parms(): no params data found [ 312.797159][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.799176][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.801282][ T5978] bridge_slave_1: entered allmulticast mode [ 312.803672][ T5978] bridge_slave_1: entered promiscuous mode [ 312.819795][ T5968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.857020][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.906343][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.969170][ T5968] team0: Port device team_slave_0 added [ 312.988002][ T5978] team0: Port device team_slave_0 added [ 312.991712][ T5968] team0: Port device team_slave_1 added [ 313.023814][ T5978] team0: Port device team_slave_1 added [ 313.060575][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.063209][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.065700][ T5969] bridge_slave_0: entered allmulticast mode [ 313.068970][ T5969] bridge_slave_0: entered promiscuous mode [ 313.098329][ T5968] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.100716][ T5968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.109661][ T5968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.113294][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.115334][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.117210][ T5969] bridge_slave_1: entered allmulticast mode [ 313.119870][ T5969] bridge_slave_1: entered promiscuous mode [ 313.166925][ T5968] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 313.169356][ T5968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.177627][ T5968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 313.193355][ T5970] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.195299][ T5970] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.197137][ T5970] bridge_slave_0: entered allmulticast mode [ 313.199385][ T5970] bridge_slave_0: entered promiscuous mode [ 313.202443][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.204276][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.211919][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.220994][ T5969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.223667][ T5970] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.226410][ T5970] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.229053][ T5970] bridge_slave_1: entered allmulticast mode [ 313.232908][ T5970] bridge_slave_1: entered promiscuous mode [ 313.261636][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 313.264065][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.273108][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 313.278571][ T5969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.368535][ T5969] team0: Port device team_slave_0 added [ 313.387541][ T5970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.393498][ T5970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.420254][ T5969] team0: Port device team_slave_1 added [ 313.468616][ T5968] hsr_slave_0: entered promiscuous mode [ 313.472119][ T5968] hsr_slave_1: entered promiscuous mode [ 313.538283][ T5970] team0: Port device team_slave_0 added [ 313.559279][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.562623][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.571526][ T5969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.576584][ T5970] team0: Port device team_slave_1 added [ 313.580536][ T5978] hsr_slave_0: entered promiscuous mode [ 313.582669][ T5978] hsr_slave_1: entered promiscuous mode [ 313.584404][ T5978] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 313.586577][ T5978] Cannot create hsr debugfs directory [ 313.601537][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 313.603271][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.609751][ T5969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 313.713510][ T5970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.715413][ T5970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.723983][ T5970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.731058][ T5970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 313.733757][ T5970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.742853][ T5970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 313.761386][ T5969] hsr_slave_0: entered promiscuous mode [ 313.764157][ T5969] hsr_slave_1: entered promiscuous mode [ 313.766520][ T5969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 313.768495][ T5969] Cannot create hsr debugfs directory [ 313.958030][ T5970] hsr_slave_0: entered promiscuous mode [ 313.960023][ T5970] hsr_slave_1: entered promiscuous mode [ 313.962070][ T5970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 313.964198][ T5970] Cannot create hsr debugfs directory [ 314.133186][ T5968] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 314.141563][ T5968] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 314.145155][ T5968] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 314.169801][ T5968] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 314.211556][ T5975] Bluetooth: hci1: command tx timeout [ 314.211570][ T5986] Bluetooth: hci2: command tx timeout [ 314.211661][ T5294] Bluetooth: hci0: command tx timeout [ 314.211841][ T5294] Bluetooth: hci3: command tx timeout [ 314.220209][ T5978] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 314.229222][ T5978] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 314.243400][ T5978] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 314.257352][ T5978] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 314.282736][ T5969] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 314.286811][ T5969] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 314.294966][ T5969] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 314.299485][ T5969] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 314.343363][ T5968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.357871][ T5970] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 314.362392][ T5970] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 314.365969][ T5970] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 314.369971][ T5970] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 314.405110][ T5968] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.424625][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.426663][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.436783][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.438728][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.453450][ T5978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.476105][ T5978] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.480105][ T5969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.493013][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.495687][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.516609][ T5969] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.534824][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.536765][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.539932][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.541937][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.549979][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.552253][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.568179][ T5970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.587314][ T40] audit: type=1400 audit(1744087435.135:114): avc: denied { sys_module } for pid=5968 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 314.612814][ T5970] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.627181][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.629187][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.637509][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.639521][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.677240][ T5968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.726923][ T5968] veth0_vlan: entered promiscuous mode [ 314.731004][ T5969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.738052][ T5968] veth1_vlan: entered promiscuous mode [ 314.770636][ T5968] veth0_macvtap: entered promiscuous mode [ 314.774966][ T5978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.785068][ T5968] veth1_macvtap: entered promiscuous mode [ 314.792328][ T5969] veth0_vlan: entered promiscuous mode [ 314.803481][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 314.809810][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.817412][ T5968] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.820569][ T5968] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.826349][ T5968] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.829466][ T5968] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.836309][ T5969] veth1_vlan: entered promiscuous mode [ 314.858027][ T5970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.860506][ T5978] veth0_vlan: entered promiscuous mode [ 314.884122][ T5978] veth1_vlan: entered promiscuous mode [ 314.907112][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.911519][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.922637][ T5969] veth0_macvtap: entered promiscuous mode [ 314.943628][ T5969] veth1_macvtap: entered promiscuous mode [ 314.955669][ T5970] veth0_vlan: entered promiscuous mode [ 314.956046][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.960702][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.969384][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 314.972992][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.976375][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 314.982696][ T5970] veth1_vlan: entered promiscuous mode [ 314.985092][ T5978] veth0_macvtap: entered promiscuous mode [ 314.988312][ T5969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 314.992153][ T5969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.995483][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.998332][ T5978] veth1_macvtap: entered promiscuous mode [ 315.004765][ T5969] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.007278][ T5969] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.009723][ T5969] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.012971][ T5969] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.022821][ T5968] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 315.038102][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.042378][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.046152][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.049087][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.054982][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.060678][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.064883][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.067687][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.070926][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.074931][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.092511][ T5978] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.094958][ T5978] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.097417][ T5978] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.099855][ T5978] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.115776][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.118309][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.123533][ T5970] veth0_macvtap: entered promiscuous mode [ 315.132950][ T5970] veth1_macvtap: entered promiscuous mode [ 315.148450][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.150743][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.167778][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.170009][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.172184][ T5970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.175391][ T5970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.177903][ T5970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.180767][ T5970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.183617][ T5970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.186366][ T5970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.190118][ T5970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.205309][ T5970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.209396][ T5970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.213508][ T5970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.217409][ T5970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.221517][ T5970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.225290][ T5970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.230115][ T5970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.234009][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.236136][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.237855][ T5970] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.241296][ T5970] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.245577][ T5970] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.248726][ T5970] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.287173][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.292576][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.308783][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.310965][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.373671][ T6049] netlink: 576 bytes leftover after parsing attributes in process `syz.2.3'. [ 315.385463][ T6050] sp0: Synchronizing with TNC [ 315.437944][ T6057] rdma_op ffff88804ed6d1f0 conn xmit_rdma 0000000000000000 [ 315.501528][ T6061] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 315.503533][ T6061] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 315.507084][ T6061] vhci_hcd vhci_hcd.0: Device attached [ 315.509309][ T6063] vhci_hcd: unknown pdu 1 [ 315.511327][ T78] vhci_hcd: stop threads [ 315.512482][ T78] vhci_hcd: release socket [ 315.513678][ T78] vhci_hcd: disconnect device [ 315.595006][ T6070] capability: warning: `syz.0.10' uses deprecated v2 capabilities in a way that may be insecure [ 315.654577][ T5985] Bluetooth: hci4: sending frame failed (-49) [ 315.656696][ T5975] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 315.729065][ T6075] sp0: Synchronizing with TNC [ 315.796108][ T6090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17'. [ 315.796112][ T6091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17'. [ 315.802439][ T6090] netlink: 48 bytes leftover after parsing attributes in process `syz.0.17'. [ 315.917815][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.920249][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.924743][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.926953][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.929594][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.933126][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.935213][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.937318][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.939803][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.945278][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.947409][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.949480][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.951864][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.953898][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.956045][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.958175][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.960521][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.963049][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.965177][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.967430][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.969517][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.972097][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.974987][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.977385][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.979466][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.981751][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.983833][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.985911][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.988006][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.990060][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.992370][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.994510][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.996614][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 315.998708][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.000803][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.002943][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.005040][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.007100][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.009213][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.011752][ T24] hid-generic 0004:FFFFFFFF:0000.0002: unknown main item tag 0x0 [ 316.015924][ T24] hid-generic 0004:FFFFFFFF:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 316.059469][ T6105] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6105 comm=syz.1.22 [ 316.096567][ T6116] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 316.161444][ T63] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 316.166612][ T6120] 9pnet_fd: p9_fd_create_tcp (6120): problem connecting socket to 127.0.0.1 [ 316.291937][ T5985] Bluetooth: hci3: command tx timeout [ 316.293579][ T5975] Bluetooth: hci1: command tx timeout [ 316.301387][ T5975] Bluetooth: hci2: command tx timeout [ 316.323535][ T63] usb 5-1: config 0 has no interfaces? [ 316.325496][ T63] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 316.328658][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.355355][ T63] usb 5-1: config 0 descriptor?? [ 316.482363][ T6161] kvm: kvm [6160]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000052) = 0x0 [ 316.560499][ T6168] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6168 comm=syz.3.41 [ 316.593538][ T6173] netlink: 'syz.2.42': attribute type 1 has an invalid length. [ 316.595749][ T6173] netlink: 'syz.2.42': attribute type 2 has an invalid length. [ 316.659385][ T6181] SELinux: ebitmap: truncated map [ 316.659468][ T834] usb 5-1: USB disconnect, device number 2 [ 316.665387][ T6181] SELinux: failed to load policy [ 316.672750][ T6176] syz.3.43: attempt to access beyond end of device [ 316.672750][ T6176] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 316.677345][ T6176] XFS (nbd3): SB validate failed with error -5. [ 316.770636][ T6203] usb usb1: usbfs: process 6203 (syz.2.50) did not claim interface 0 before use [ 316.772431][ T6204] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 316.817931][ T6206] netlink: 108 bytes leftover after parsing attributes in process `syz.3.51'. [ 316.820477][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.51'. [ 316.861734][ T40] kauditd_printk_skb: 177 callbacks suppressed [ 316.861746][ T40] audit: type=1400 audit(1744087437.415:292): avc: denied { read } for pid=6205 comm="syz.3.51" path="socket:[7904]" dev="sockfs" ino=7904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 316.891349][ T6034] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 316.892393][ T6203] /dev/sr0: Can't open blockdev [ 316.939704][ T40] audit: type=1400 audit(1744087437.485:293): avc: denied { connect } for pid=6210 comm="syz.3.52" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 316.945256][ T40] audit: type=1400 audit(1744087437.485:294): avc: denied { write } for pid=6210 comm="syz.3.52" path="socket:[7906]" dev="sockfs" ino=7906 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 316.972387][ T6204] /dev/sr0: Can't open blockdev [ 316.997784][ T6215] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 316.999368][ T6217] syz.2.53 uses obsolete (PF_INET,SOCK_PACKET) [ 317.006868][ T40] audit: type=1400 audit(1744087437.555:295): avc: denied { write } for pid=6214 comm="syz.2.53" name="event1" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 317.014286][ T40] audit: type=1400 audit(1744087437.555:296): avc: denied { create } for pid=6214 comm="syz.2.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 317.025343][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.027973][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.044031][ T6034] usb 6-1: config 12 has an invalid interface number: 198 but max is 1 [ 317.046909][ T6034] usb 6-1: config 12 has an invalid interface number: 23 but max is 1 [ 317.049124][ T6034] usb 6-1: config 12 has no interface number 0 [ 317.050811][ T6034] usb 6-1: config 12 has no interface number 1 [ 317.052760][ T6034] usb 6-1: config 12 interface 198 altsetting 0 endpoint 0x5 has an invalid bInterval 220, changing to 11 [ 317.055806][ T6034] usb 6-1: config 12 interface 198 altsetting 0 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 317.058707][ T6034] usb 6-1: config 12 interface 198 altsetting 0 endpoint 0x1 has invalid maxpacket 1040, setting to 64 [ 317.062371][ T6034] usb 6-1: config 12 interface 198 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 317.065313][ T6034] usb 6-1: config 12 interface 198 altsetting 0 has an endpoint descriptor with address 0x17, changing to 0x7 [ 317.068433][ T6034] usb 6-1: config 12 interface 198 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 317.071975][ T6034] usb 6-1: config 12 interface 198 altsetting 0 has a duplicate endpoint with address 0x5, skipping [ 317.074834][ T6034] usb 6-1: config 12 interface 23 altsetting 1 has a duplicate endpoint with address 0xF, skipping [ 317.077643][ T6034] usb 6-1: config 12 interface 23 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 317.080461][ T6034] usb 6-1: config 12 interface 23 altsetting 1 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 317.083860][ T6034] usb 6-1: config 12 interface 23 altsetting 1 bulk endpoint 0xE has invalid maxpacket 16 [ 317.086411][ T6034] usb 6-1: config 12 interface 23 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 317.089224][ T6034] usb 6-1: config 12 interface 23 altsetting 1 has a duplicate endpoint with address 0x7, skipping [ 317.092581][ T6034] usb 6-1: config 12 interface 23 has no altsetting 0 [ 317.096216][ T6034] usb 6-1: New USB device found, idVendor=0499, idProduct=1018, bcdDevice=11.67 [ 317.098547][ T6034] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.100631][ T6034] usb 6-1: Product: ᐌ [ 317.101858][ T6034] usb 6-1: Manufacturer: ꍐ⸤妛㦴厔䋔ૂὪ뒨椥螧퍖䩛섥컖ڼ㎁遪歋乗帑愐껑㿚ꃀ油臔蝹䆚슙抾 [ 317.105183][ T6034] usb 6-1: SerialNumber: ᬲ玉甧ੲ庵鉪醧ﺵ隬錱镀젃蹊䚗꯯呈㝯䕄닉矴䩉寝䒴ꃨᇴ屔늞ٻ걲ꌱ봰鲐큥㖪챠휌㑯嬵葻䷃닻ⸯ皁紵级 [ 317.112761][ T6180] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 317.233581][ T6221] Zero length message leads to an empty skb [ 317.321004][ T6034] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 317.323641][ T6034] snd-usb-audio 6-1:12.198: probe with driver snd-usb-audio failed with error -2 [ 317.329995][ T6034] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 317.343461][ T6034] snd-usb-audio 6-1:12.23: probe with driver snd-usb-audio failed with error -2 [ 317.347899][ T6034] usb 6-1: USB disconnect, device number 2 [ 317.522288][ T5972] udevd[5972]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:12.23/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.721187][ T63] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 317.791208][ T6033] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 317.893277][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.897166][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.900822][ T63] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 317.905810][ T63] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 317.909032][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.914250][ T63] usb 5-1: config 0 descriptor?? [ 317.941256][ T6033] usb 8-1: Using ep0 maxpacket: 8 [ 317.945341][ T6033] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 317.947886][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 317.951604][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 317.955142][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 317.958328][ T6033] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 317.962794][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 317.965564][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.082437][ T40] audit: type=1400 audit(1744087438.635:297): avc: denied { create } for pid=6236 comm="syz.1.58" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 318.089937][ T40] audit: type=1400 audit(1744087438.635:298): avc: denied { write } for pid=6236 comm="syz.1.58" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 318.095986][ T40] audit: type=1400 audit(1744087438.635:299): avc: denied { read } for pid=6236 comm="syz.1.58" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 318.172724][ T6033] usb 8-1: usb_control_msg returned -32 [ 318.174594][ T6033] usbtmc 8-1:16.0: can't read capabilities [ 318.371189][ T5975] Bluetooth: hci2: command tx timeout [ 318.371275][ T5985] Bluetooth: hci1: command tx timeout [ 318.381271][ T5975] Bluetooth: hci3: command 0x040f tx timeout [ 318.527601][ T6241] usbtmc 8-1:16.0: control status returned 0 [ 318.728839][ T1465] usb 8-1: USB disconnect, device number 2 [ 318.803005][ T6254] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=6254 comm=syz.2.62 [ 318.807016][ T40] audit: type=1400 audit(1744087439.355:300): avc: denied { execute } for pid=6252 comm="syz.2.62" name="file0" dev="tmpfs" ino=133 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 318.807202][ T6254] process 'syz.2.62' launched './file0' with NULL argv: empty string added [ 318.817556][ T40] audit: type=1400 audit(1744087439.365:301): avc: denied { execute_no_trans } for pid=6252 comm="syz.2.62" path="/22/file0" dev="tmpfs" ino=133 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 319.014961][ T6260] kvm: emulating exchange as write [ 319.020916][ T6260] can0: slcan on ptm0. [ 319.171679][ T6260] can0 (unregistered): slcan off ptm0. [ 319.204601][ T6275] netlink: 172 bytes leftover after parsing attributes in process `syz.1.66'. [ 319.365942][ T6288] QAT: Invalid ioctl 1342215182 [ 319.366028][ T6014] hid (null): global environment stack underflow [ 319.372631][ T6014] hid-generic 0001:007E:0004.0003: unknown main item tag 0x1 [ 319.374795][ T6014] hid-generic 0001:007E:0004.0003: global environment stack underflow [ 319.377009][ T6014] hid-generic 0001:007E:0004.0003: item 0 4 1 11 parsing failed [ 319.379377][ T6014] hid-generic 0001:007E:0004.0003: probe with driver hid-generic failed with error -22 [ 319.461863][ T6294] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 319.780522][ T6309] netlink: 'syz.2.78': attribute type 7 has an invalid length. [ 319.787260][ T6309] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.789874][ T6309] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.793034][ T6309] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.795467][ T6309] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 319.849585][ T6314] virtio-fs: tag <(null)> not found [ 319.853490][ T6317] virtio-fs: tag <(null)> not found [ 319.938599][ T6323] mkiss: ax0: crc mode is auto. [ 319.972459][ T5975] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 319.975378][ T5975] Bluetooth: hci0: Injecting HCI hardware error event [ 319.977897][ T5975] Bluetooth: hci0: hardware error 0x00 [ 320.019497][ T6328] warning: `syz.3.84' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 320.099729][ T6338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.87'. [ 320.102213][ T6338] netlink: 12 bytes leftover after parsing attributes in process `syz.3.87'. [ 320.143607][ T6342] FAULT_INJECTION: forcing a failure. [ 320.143607][ T6342] name failslab, interval 1, probability 0, space 0, times 1 [ 320.148087][ T6342] CPU: 0 UID: 0 PID: 6342 Comm: syz.3.89 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 320.148100][ T6342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 320.148110][ T6342] Call Trace: [ 320.148114][ T6342] [ 320.148118][ T6342] dump_stack_lvl+0x16c/0x1f0 [ 320.148187][ T6342] should_fail_ex+0x512/0x640 [ 320.148205][ T6342] ? fs_reclaim_acquire+0xae/0x150 [ 320.148221][ T6342] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 320.148237][ T6342] should_failslab+0xc2/0x120 [ 320.148249][ T6342] __kmalloc_noprof+0xd2/0x510 [ 320.148263][ T6342] tomoyo_realpath_from_path+0xc2/0x6e0 [ 320.148279][ T6342] ? tomoyo_profile+0x47/0x60 [ 320.148290][ T6342] tomoyo_path_number_perm+0x245/0x580 [ 320.148302][ T6342] ? tomoyo_path_number_perm+0x237/0x580 [ 320.148317][ T6342] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 320.148331][ T6342] ? find_held_lock+0x2b/0x80 [ 320.148356][ T6342] ? find_held_lock+0x2b/0x80 [ 320.148368][ T6342] ? hook_file_ioctl_common+0x145/0x410 [ 320.148382][ T6342] ? __fget_files+0x20e/0x3c0 [ 320.148394][ T6342] security_file_ioctl+0x9b/0x240 [ 320.148410][ T6342] __x64_sys_ioctl+0xb7/0x200 [ 320.148425][ T6342] do_syscall_64+0xcd/0x260 [ 320.148441][ T6342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.148451][ T6342] RIP: 0033:0x7f32a298d169 [ 320.148460][ T6342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.148469][ T6342] RSP: 002b:00007f32a37c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.148479][ T6342] RAX: ffffffffffffffda RBX: 00007f32a2ba5fa0 RCX: 00007f32a298d169 [ 320.148490][ T6342] RDX: 0000200000000100 RSI: 000000004014563c RDI: 0000000000000004 [ 320.148496][ T6342] RBP: 00007f32a37c0090 R08: 0000000000000000 R09: 0000000000000000 [ 320.148501][ T6342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.148507][ T6342] R13: 0000000000000000 R14: 00007f32a2ba5fa0 R15: 00007ffe09dfb8c8 [ 320.148520][ T6342] [ 320.148524][ T6342] ERROR: Out of memory at tomoyo_realpath_from_path. [ 320.279081][ T63] usbhid 5-1:0.0: can't add hid device: -71 [ 320.280804][ T63] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 320.288779][ T63] usb 5-1: USB disconnect, device number 3 [ 320.315820][ T6353] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8301 sclass=netlink_route_socket pid=6353 comm=syz.2.92 [ 320.451850][ T5986] Bluetooth: hci3: command 0x040f tx timeout [ 320.454156][ T5985] Bluetooth: hci2: command tx timeout [ 320.454169][ T5294] Bluetooth: hci1: command tx timeout [ 320.621431][ T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 320.768243][ T6376] FAULT_INJECTION: forcing a failure. [ 320.768243][ T6376] name failslab, interval 1, probability 0, space 0, times 0 [ 320.772107][ T6376] CPU: 3 UID: 0 PID: 6376 Comm: syz.0.101 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 320.772124][ T6376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 320.772131][ T6376] Call Trace: [ 320.772135][ T6376] [ 320.772139][ T6376] dump_stack_lvl+0x16c/0x1f0 [ 320.772160][ T6376] should_fail_ex+0x512/0x640 [ 320.772176][ T6376] ? fs_reclaim_acquire+0xae/0x150 [ 320.772199][ T6376] ? tomoyo_encode2+0x100/0x3e0 [ 320.772220][ T6376] should_failslab+0xc2/0x120 [ 320.772239][ T6376] __kmalloc_noprof+0xd2/0x510 [ 320.772255][ T6376] ? d_absolute_path+0x136/0x1a0 [ 320.772279][ T6376] tomoyo_encode2+0x100/0x3e0 [ 320.772304][ T6376] tomoyo_encode+0x29/0x50 [ 320.772323][ T6376] tomoyo_realpath_from_path+0x18f/0x6e0 [ 320.772351][ T6376] tomoyo_path_number_perm+0x245/0x580 [ 320.772368][ T6376] ? tomoyo_path_number_perm+0x237/0x580 [ 320.772382][ T6376] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 320.772397][ T6376] ? find_held_lock+0x2b/0x80 [ 320.772439][ T6376] ? find_held_lock+0x2b/0x80 [ 320.772459][ T6376] ? hook_file_ioctl_common+0x145/0x410 [ 320.772480][ T6376] ? __fget_files+0x20e/0x3c0 [ 320.772500][ T6376] security_file_ioctl+0x9b/0x240 [ 320.772522][ T6376] __x64_sys_ioctl+0xb7/0x200 [ 320.772545][ T6376] do_syscall_64+0xcd/0x260 [ 320.772568][ T6376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.772585][ T6376] RIP: 0033:0x7f6de838d169 [ 320.772598][ T6376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.772612][ T6376] RSP: 002b:00007f6de9242038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.772627][ T6376] RAX: ffffffffffffffda RBX: 00007f6de85a5fa0 RCX: 00007f6de838d169 [ 320.772637][ T6376] RDX: 0000200000000100 RSI: 000000004014563c RDI: 0000000000000004 [ 320.772647][ T6376] RBP: 00007f6de9242090 R08: 0000000000000000 R09: 0000000000000000 [ 320.772656][ T6376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.772665][ T6376] R13: 0000000000000000 R14: 00007f6de85a5fa0 R15: 00007ffc573bb628 [ 320.772685][ T6376] [ 320.772701][ T6376] ERROR: Out of memory at tomoyo_realpath_from_path. [ 320.801150][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 320.836777][ T24] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 320.839205][ T24] usb 6-1: config 0 has no interface number 0 [ 320.840834][ T24] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 320.843522][ T24] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 320.845928][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.849805][ T24] usb 6-1: config 0 descriptor?? [ 320.853794][ T24] iowarrior 6-1:0.1: no interrupt-in endpoint found [ 320.996997][ T6385] netlink: 28 bytes leftover after parsing attributes in process `syz.0.105'. [ 321.055311][ T6358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 321.058646][ T6358] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 321.069192][ T57] usb 6-1: USB disconnect, device number 3 [ 321.086563][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.089238][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.092017][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.094647][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.097518][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.099921][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.102490][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.104846][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.108743][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.111219][ T6387] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 321.113976][ T6394] kvm: apic: phys broadcast and lowest prio [ 321.157376][ T6399] xt_hashlimit: size too large, truncated to 1048576 [ 321.244501][ T6408] FAULT_INJECTION: forcing a failure. [ 321.244501][ T6408] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 321.248148][ T6408] CPU: 1 UID: 0 PID: 6408 Comm: syz.2.112 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 321.248163][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 321.248169][ T6408] Call Trace: [ 321.248173][ T6408] [ 321.248177][ T6408] dump_stack_lvl+0x16c/0x1f0 [ 321.248195][ T6408] should_fail_ex+0x512/0x640 [ 321.248209][ T6408] _copy_from_user+0x2e/0xd0 [ 321.248222][ T6408] video_usercopy+0xedd/0x1720 [ 321.248240][ T6408] ? __pfx___video_do_ioctl+0x10/0x10 [ 321.248255][ T6408] ? selinux_bprm_creds_for_exec+0xc60/0xc60 [ 321.248272][ T6408] ? __pfx_video_usercopy+0x10/0x10 [ 321.248296][ T6408] v4l2_ioctl+0x1ba/0x250 [ 321.248310][ T6408] ? __pfx_v4l2_ioctl+0x10/0x10 [ 321.248325][ T6408] __x64_sys_ioctl+0x190/0x200 [ 321.248341][ T6408] do_syscall_64+0xcd/0x260 [ 321.248356][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.248367][ T6408] RIP: 0033:0x7fb0fd38d169 [ 321.248376][ T6408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.248385][ T6408] RSP: 002b:00007fb0fe171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 321.248395][ T6408] RAX: ffffffffffffffda RBX: 00007fb0fd5a5fa0 RCX: 00007fb0fd38d169 [ 321.248401][ T6408] RDX: 0000200000000100 RSI: 000000004014563c RDI: 0000000000000004 [ 321.248407][ T6408] RBP: 00007fb0fe171090 R08: 0000000000000000 R09: 0000000000000000 [ 321.248413][ T6408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.248419][ T6408] R13: 0000000000000000 R14: 00007fb0fd5a5fa0 R15: 00007ffcce393e58 [ 321.248431][ T6408] [ 321.320497][ T6412] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 321.542520][ T6429] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 321.592822][ T6433] netlink: 'syz.3.120': attribute type 32 has an invalid length. [ 321.602484][ T835] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 321.699484][ T6440] FAULT_INJECTION: forcing a failure. [ 321.699484][ T6440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.703438][ T6440] CPU: 3 UID: 0 PID: 6440 Comm: syz.3.122 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 321.703452][ T6440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 321.703459][ T6440] Call Trace: [ 321.703463][ T6440] [ 321.703467][ T6440] dump_stack_lvl+0x16c/0x1f0 [ 321.703485][ T6440] should_fail_ex+0x512/0x640 [ 321.703499][ T6440] _copy_to_user+0x32/0xd0 [ 321.703519][ T6440] simple_read_from_buffer+0xcb/0x170 [ 321.703537][ T6440] proc_fail_nth_read+0x197/0x270 [ 321.703554][ T6440] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 321.703571][ T6440] ? rw_verify_area+0xcf/0x680 [ 321.703585][ T6440] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 321.703601][ T6440] vfs_read+0x1de/0xc70 [ 321.703619][ T6440] ? __pfx___mutex_lock+0x10/0x10 [ 321.703634][ T6440] ? __pfx_vfs_read+0x10/0x10 [ 321.703653][ T6440] ? __fget_files+0x20e/0x3c0 [ 321.703667][ T6440] ksys_read+0x12a/0x240 [ 321.703675][ T6440] ? __pfx_ksys_read+0x10/0x10 [ 321.703683][ T6440] ? v4l2_ioctl+0x1c5/0x250 [ 321.703702][ T6440] do_syscall_64+0xcd/0x260 [ 321.703717][ T6440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.703728][ T6440] RIP: 0033:0x7f32a298bb7c [ 321.703737][ T6440] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 321.703747][ T6440] RSP: 002b:00007f32a37c0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 321.703757][ T6440] RAX: ffffffffffffffda RBX: 00007f32a2ba5fa0 RCX: 00007f32a298bb7c [ 321.703763][ T6440] RDX: 000000000000000f RSI: 00007f32a37c00a0 RDI: 0000000000000008 [ 321.703769][ T6440] RBP: 00007f32a37c0090 R08: 0000000000000000 R09: 0000000000000000 [ 321.703775][ T6440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.703780][ T6440] R13: 0000000000000000 R14: 00007f32a2ba5fa0 R15: 00007ffe09dfb8c8 [ 321.703793][ T6440] [ 321.752619][ T835] usb 7-1: config 0 has an invalid interface number: 50 but max is 0 [ 321.764972][ T835] usb 7-1: config 0 has no interface number 0 [ 321.766935][ T835] usb 7-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 321.770307][ T835] usb 7-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 321.778093][ T835] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 321.781040][ T835] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.784682][ T835] usb 7-1: Product: syz [ 321.786078][ T835] usb 7-1: Manufacturer: syz [ 321.787617][ T835] usb 7-1: SerialNumber: syz [ 321.790806][ T835] usb 7-1: config 0 descriptor?? [ 321.793595][ T6416] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 321.801168][ T835] yurex 7-1:0.50: USB YUREX device now attached to Yurex #0 [ 321.951832][ T6462] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 321.964137][ T40] kauditd_printk_skb: 65 callbacks suppressed [ 321.964152][ T40] audit: type=1400 audit(1744087442.515:367): avc: denied { setopt } for pid=6464 comm="syz.3.130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 321.971966][ T40] audit: type=1400 audit(1744087442.515:368): avc: denied { connect } for pid=6464 comm="syz.3.130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 322.030290][ T6470] netlink: 44 bytes leftover after parsing attributes in process `syz.0.131'. [ 322.039212][ T6416] netlink: 'syz.2.116': attribute type 1 has an invalid length. [ 322.042677][ T6416] netlink: 'syz.2.116': attribute type 3 has an invalid length. [ 322.044781][ T6416] netlink: 228 bytes leftover after parsing attributes in process `syz.2.116'. [ 322.050399][ T1465] usb 7-1: USB disconnect, device number 2 [ 322.052579][ T5975] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 322.060241][ T1465] yurex 7-1:0.50: USB YUREX #0 now disconnected [ 322.094115][ T40] audit: type=1400 audit(1744087442.645:369): avc: denied { setopt } for pid=6471 comm="syz.3.133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 322.126912][ T40] audit: type=1400 audit(1744087442.675:370): avc: denied { create } for pid=6478 comm="syz.3.134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 322.146753][ T40] audit: type=1400 audit(1744087442.695:371): avc: denied { read } for pid=6478 comm="syz.3.134" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 322.155706][ T40] audit: type=1400 audit(1744087442.695:372): avc: denied { open } for pid=6478 comm="syz.3.134" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 322.164469][ T40] audit: type=1400 audit(1744087442.695:373): avc: denied { ioctl } for pid=6478 comm="syz.3.134" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 322.225196][ T40] audit: type=1400 audit(1744087442.775:374): avc: denied { shutdown } for pid=6482 comm="syz.3.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 322.227301][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.136'. [ 322.232036][ T40] audit: type=1400 audit(1744087442.775:375): avc: denied { getopt } for pid=6482 comm="syz.3.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 322.232072][ T40] audit: type=1400 audit(1744087442.775:376): avc: denied { create } for pid=6482 comm="syz.3.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 322.246996][ T6484] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 322.385978][ T6495] xt_hashlimit: invalid rate [ 322.388282][ T6495] netlink: 44 bytes leftover after parsing attributes in process `syz.0.139'. [ 322.541245][ T5975] Bluetooth: hci3: command 0x040f tx timeout [ 322.710180][ T6531] syz.2.149: attempt to access beyond end of device [ 322.710180][ T6531] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 322.720192][ T6531] EXT4-fs (nbd2): unable to read superblock [ 322.725921][ T6533] netlink: 32 bytes leftover after parsing attributes in process `syz.1.150'. [ 322.728780][ T6533] netlink: 32 bytes leftover after parsing attributes in process `syz.1.150'. [ 322.804298][ T6537] block device autoloading is deprecated and will be removed. [ 322.817988][ T6525] virtiofs: Unknown parameter 'dyn' [ 322.916571][ T6551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 322.920697][ T57] libceph: connect (1)[c::]:6789 error -101 [ 322.925365][ T57] libceph: mon0 (1)[c::]:6789 connect error [ 323.006266][ T6553] ceph: No mds server is up or the cluster is laggy [ 323.023212][ T835] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 323.085655][ T6562] tipc: Started in network mode [ 323.087127][ T6562] tipc: Node identity 7f000001, cluster identity 4711 [ 323.090573][ T6562] tipc: Enabled bearer , priority 10 [ 323.092789][ T6562] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 323.155976][ T6580] tipc: Started in network mode [ 323.157371][ T6580] tipc: Node identity c6f281976aa8, cluster identity 4711 [ 323.159333][ T6580] tipc: Enabled bearer , priority 0 [ 323.174241][ T6580] tipc: Disabling bearer [ 323.183515][ T6562] /dev/sr0: Can't open blockdev [ 323.191209][ T835] usb 7-1: Using ep0 maxpacket: 8 [ 323.194211][ T6562] program syz.3.159 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 323.196377][ T835] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 323.199767][ T835] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 323.202736][ T835] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 323.205363][ T835] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 323.207970][ T835] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 323.211707][ T835] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 323.214137][ T835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.294287][ T6560] /dev/sr0: Can't open blockdev [ 323.419545][ T835] usb 7-1: usb_control_msg returned -32 [ 323.426326][ T835] usbtmc 7-1:16.0: can't read capabilities [ 323.755276][ T6617] netlink: 32 bytes leftover after parsing attributes in process `syz.0.170'. [ 323.793711][ T6623] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 323.825473][ T6625] overlayfs: overlapping lowerdir path [ 323.830796][ T6625] overlayfs: conflicting lowerdir path [ 324.202222][ T10] tipc: Node number set to 2130706433 [ 325.041193][ T835] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 325.205667][ T6686] x_tables: duplicate underflow at hook 1 [ 325.211209][ T835] usb 8-1: Using ep0 maxpacket: 32 [ 325.214389][ T835] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 325.216499][ T835] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 325.218824][ T835] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 325.221380][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 325.224857][ T835] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 325.227746][ T835] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 325.231709][ T835] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 325.234875][ T835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.239111][ T835] usb 8-1: config 0 descriptor?? [ 325.364100][ T6698] ======================================================= [ 325.364100][ T6698] WARNING: The mand mount option has been deprecated and [ 325.364100][ T6698] and is ignored by this kernel. Remove the mand [ 325.364100][ T6698] option from the mount to silence this warning. [ 325.364100][ T6698] ======================================================= [ 325.383809][ T6700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.197'. [ 325.447440][ T835] usblp 8-1:0.0: usblp1: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 325.452688][ T835] usb 8-1: USB disconnect, device number 3 [ 325.457014][ T835] usblp1: removed [ 325.549984][ T6712] random: crng reseeded on system resumption [ 325.793437][ T24] usb 7-1: USB disconnect, device number 3 [ 325.836473][ T6715] "syz.2.203" (6715) uses obsolete ecb(arc4) skcipher [ 325.911147][ T959] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 326.061161][ T959] usb 8-1: Using ep0 maxpacket: 32 [ 326.065063][ T959] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 326.067500][ T959] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 326.076580][ T959] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 326.079115][ T959] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 326.081968][ T959] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 326.084646][ T959] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 326.088164][ T959] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 326.090657][ T959] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.094140][ T959] usb 8-1: config 0 descriptor?? [ 326.160814][ T6725] ================================================================== [ 326.163077][ T6725] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.165448][ T6725] Write of size 1440 at addr ffffc90003c1dda0 by task vivid-000-vid-c/6725 [ 326.169157][ T6725] [ 326.169845][ T6725] CPU: 2 UID: 0 PID: 6725 Comm: vivid-000-vid-c Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 326.169859][ T6725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.169866][ T6725] Call Trace: [ 326.169870][ T6725] [ 326.169874][ T6725] dump_stack_lvl+0x116/0x1f0 [ 326.169891][ T6725] print_report+0xc3/0x670 [ 326.169903][ T6725] ? __virt_addr_valid+0x5e/0x590 [ 326.169920][ T6725] ? tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.169930][ T6725] kasan_report+0xe0/0x110 [ 326.169941][ T6725] ? tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.169952][ T6725] kasan_check_range+0xef/0x1a0 [ 326.169966][ T6725] __asan_memcpy+0x3c/0x60 [ 326.169981][ T6725] tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.169998][ T6725] ? __pfx_tpg_fill_plane_buffer+0x10/0x10 [ 326.170010][ T6725] vivid_fillbuff+0x8d2/0x4250 [ 326.170027][ T6725] ? stack_trace_save+0x8e/0xc0 [ 326.170041][ T6725] ? __pfx_stack_trace_save+0x10/0x10 [ 326.170058][ T6725] ? __pfx_vivid_fillbuff+0x10/0x10 [ 326.170078][ T6725] ? v4l2_ctrl_request_setup+0x45e/0xa60 [ 326.170091][ T6725] ? lockdep_hardirqs_on+0x7c/0x110 [ 326.170105][ T6725] ? vivid_thread_vid_cap_tick+0x814/0x15d0 [ 326.170121][ T6725] vivid_thread_vid_cap_tick+0x814/0x15d0 [ 326.170139][ T6725] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 326.170155][ T6725] vivid_thread_vid_cap+0x454/0xda0 [ 326.170173][ T6725] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 326.170190][ T6725] ? do_raw_spin_lock+0x12c/0x2b0 [ 326.170202][ T6725] ? find_held_lock+0x2b/0x80 [ 326.170216][ T6725] ? rcu_is_watching+0x12/0xc0 [ 326.170229][ T6725] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 326.170243][ T6725] ? lockdep_hardirqs_on+0x7c/0x110 [ 326.170256][ T6725] ? __kthread_parkme+0x19e/0x250 [ 326.170272][ T6725] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 326.170288][ T6725] kthread+0x3c2/0x780 [ 326.170299][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.170308][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.170318][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.170328][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.170337][ T6725] ? rcu_is_watching+0x12/0xc0 [ 326.170350][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.170360][ T6725] ret_from_fork+0x45/0x80 [ 326.170371][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.170381][ T6725] ret_from_fork_asm+0x1a/0x30 [ 326.170400][ T6725] [ 326.170403][ T6725] [ 326.233310][ T6725] The buggy address belongs to the virtual mapping at [ 326.233310][ T6725] [ffffc90003c07000, ffffc90003c1f000) created by: [ 326.233310][ T6725] vb2_vmalloc_alloc+0x135/0x3f0 [ 326.238008][ T6725] [ 326.238693][ T6725] The buggy address belongs to the physical page: [ 326.240447][ T6725] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x83 pfn:0x243f1 [ 326.242871][ T6725] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 326.244824][ T6725] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 326.247170][ T6725] raw: 0000000000000083 0000000000000000 00000001ffffffff 0000000000000000 [ 326.249414][ T6725] page dumped because: kasan: bad access detected [ 326.251128][ T6725] page_owner tracks the page as allocated [ 326.252673][ T6725] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6724, tgid 6723 (syz.2.205), ts 326112940476, free_ts 326111314639 [ 326.258064][ T6725] post_alloc_hook+0x181/0x1b0 [ 326.259801][ T6725] get_page_from_freelist+0x1193/0x39b0 [ 326.261718][ T6725] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 326.263412][ T6725] alloc_pages_mpol+0x1fb/0x550 [ 326.265081][ T6725] alloc_pages_noprof+0x131/0x390 [ 326.266417][ T6725] __vmalloc_node_range_noprof+0x732/0x1540 [ 326.268026][ T6725] vmalloc_user_noprof+0x6b/0x90 [ 326.269348][ T6725] vb2_vmalloc_alloc+0x135/0x3f0 [ 326.270756][ T6725] __vb2_queue_alloc+0x8c6/0x1280 [ 326.272111][ T6725] vb2_core_reqbufs+0xa90/0xfe0 [ 326.273526][ T6725] __vb2_init_fileio+0x3f1/0x1100 [ 326.275279][ T6725] __vb2_perform_fileio+0x9c2/0x1660 [ 326.276692][ T6725] vb2_fop_read+0x215/0x3e0 [ 326.277903][ T6725] v4l2_read+0x226/0x360 [ 326.279101][ T6725] vfs_read+0x1de/0xc70 [ 326.280216][ T6725] ksys_read+0x12a/0x240 [ 326.281365][ T6725] page last free pid 0 tgid 0 stack trace: [ 326.282924][ T6725] __free_frozen_pages+0x69d/0xff0 [ 326.284287][ T6725] tlb_remove_table_rcu+0x116/0x1a0 [ 326.285690][ T6725] rcu_core+0x799/0x14e0 [ 326.286838][ T6725] handle_softirqs+0x216/0x8e0 [ 326.288141][ T6725] __irq_exit_rcu+0x109/0x170 [ 326.289425][ T6725] irq_exit_rcu+0x9/0x30 [ 326.290592][ T6725] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 326.292111][ T6725] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 326.293724][ T6725] [ 326.294390][ T6725] Memory state around the buggy address: [ 326.295901][ T6725] ffffc90003c1df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 326.297990][ T6725] ffffc90003c1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 326.300084][ T6725] >ffffc90003c1e000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 326.302218][ T6725] ^ [ 326.303399][ T6725] ffffc90003c1e080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 326.305622][ T6725] ffffc90003c1e100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 326.307851][ T6725] ================================================================== [ 326.311939][ T6725] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 326.313947][ T6725] CPU: 2 UID: 0 PID: 6725 Comm: vivid-000-vid-c Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 326.316855][ T6725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.319799][ T6725] Call Trace: [ 326.320752][ T6725] [ 326.321608][ T6725] dump_stack_lvl+0x3d/0x1f0 [ 326.322916][ T6725] panic+0x71c/0x800 [ 326.324017][ T6725] ? __pfx_panic+0x10/0x10 [ 326.325345][ T6725] ? irqentry_exit+0x3b/0x90 [ 326.326715][ T6725] ? lockdep_hardirqs_on+0x7c/0x110 [ 326.328181][ T6725] ? preempt_schedule_thunk+0x16/0x30 [ 326.329665][ T6725] ? tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.331257][ T6725] ? preempt_schedule_common+0x44/0xc0 [ 326.332795][ T6725] ? check_panic_on_warn+0x1f/0xb0 [ 326.334224][ T6725] ? tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.335855][ T6725] check_panic_on_warn+0xab/0xb0 [ 326.337240][ T6725] end_report+0x107/0x170 [ 326.338454][ T6725] kasan_report+0xee/0x110 [ 326.339718][ T6725] ? tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.341326][ T6725] kasan_check_range+0xef/0x1a0 [ 326.342696][ T6725] __asan_memcpy+0x3c/0x60 [ 326.343958][ T6725] tpg_fill_plane_buffer+0x2cb6/0x43c0 [ 326.345485][ T6725] ? __pfx_tpg_fill_plane_buffer+0x10/0x10 [ 326.347115][ T6725] vivid_fillbuff+0x8d2/0x4250 [ 326.348464][ T6725] ? stack_trace_save+0x8e/0xc0 [ 326.349829][ T6725] ? __pfx_stack_trace_save+0x10/0x10 [ 326.351342][ T6725] ? __pfx_vivid_fillbuff+0x10/0x10 [ 326.352798][ T6725] ? v4l2_ctrl_request_setup+0x45e/0xa60 [ 326.354362][ T6725] ? lockdep_hardirqs_on+0x7c/0x110 [ 326.355819][ T6725] ? vivid_thread_vid_cap_tick+0x814/0x15d0 [ 326.357460][ T6725] vivid_thread_vid_cap_tick+0x814/0x15d0 [ 326.359061][ T6725] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 326.360650][ T6725] vivid_thread_vid_cap+0x454/0xda0 [ 326.362108][ T6725] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 326.363706][ T6725] ? do_raw_spin_lock+0x12c/0x2b0 [ 326.365133][ T6725] ? find_held_lock+0x2b/0x80 [ 326.366459][ T6725] ? rcu_is_watching+0x12/0xc0 [ 326.367812][ T6725] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 326.369437][ T6725] ? lockdep_hardirqs_on+0x7c/0x110 [ 326.370896][ T6725] ? __kthread_parkme+0x19e/0x250 [ 326.372312][ T6725] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 326.373899][ T6725] kthread+0x3c2/0x780 [ 326.375058][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.376354][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.377650][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.378984][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.380296][ T6725] ? rcu_is_watching+0x12/0xc0 [ 326.381656][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.382961][ T6725] ret_from_fork+0x45/0x80 [ 326.384211][ T6725] ? __pfx_kthread+0x10/0x10 [ 326.385508][ T6725] ret_from_fork_asm+0x1a/0x30 [ 326.386866][ T6725] [ 326.388308][ T6725] Kernel Offset: disabled [ 326.389526][ T6725] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:44:06 Registers: info registers vcpu 0 CPU#0 RAX=00000000000cba75 RBX=0000000000000000 RCX=ffffffff8b723439 RDX=0000000000000000 RSI=ffffffff8dbeeb26 RDI=ffffffff8bf46500 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed100d4865bd R10=ffff88806a432deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90865310 R15=0000000000000000 RIP=ffffffff8b721ccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69b3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb0fe12ef98 CR3=0000000024834000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe2e36abb0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e776f6e6b6e7500 6f6c6c3332302500 657a697320740004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b524a4b4e4b5000 4a49491617150000 405f4c560551464a 5751560541444700 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000000bf5df RBX=0000000000000001 RCX=ffffffff8b723439 RDX=0000000000000000 RSI=ffffffff8dbeeb26 RDI=ffffffff8bf46500 RBP=ffffed1003ad0488 RSP=ffffc90000177df8 R8 =0000000000000001 R9 =ffffed100d4a65bd R10=ffff88806a532deb R11=0000000000000000 R12=0000000000000001 R13=ffff88801d682440 R14=ffffffff90865310 R15=0000000000000000 RIP=ffffffff8b721ccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6ab3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000564d339fc908 CR3=000000004c4d4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004000040 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc573bb9b0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6de840f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6de840f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6de840f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6de840f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6de840f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6de840f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854e0bc5 RDI=ffffffff9ae254e0 RBP=ffffffff9ae254a0 RSP=ffffc9000477f168 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ae254a0 R15=ffffffff854e0b60 RIP=ffffffff854e0bef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6bb3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000002400 CR3=0000000024834000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe2e36abb0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e776f6e6b6e7500 6f6c6c3332302500 657a697320740004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b524a4b4e4b5000 4a49491617150000 405f4c560551464a 5751560541444700 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000009327b RBX=0000000000000003 RCX=ffffffff8b723439 RDX=0000000000000000 RSI=ffffffff8dbeeb26 RDI=ffffffff8bf46500 RBP=ffffed1003bd3000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e65bd R10=ffff88806a732deb R11=ffffffff9adebfb8 R12=0000000000000003 R13=ffff88801de98000 R14=ffffffff90865310 R15=0000000000000000 RIP=ffffffff8b721ccf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6cb3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb0fe12fd58 CR3=00000000319c2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000004000040 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe2e36ae10 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe919e0f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000