last executing test programs: 4.539871886s ago: executing program 3 (id=4): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_DOWN(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x200, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={&(0x7f00000001c0)={0x204, r3, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f08}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1e}]}]}, @TIPC_NLA_BEARER={0x48, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc444}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3873}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MEDIA={0x44, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x655}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0xfc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb35}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb7c}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x40040}, 0x200000d4) r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000004c0), r0) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x54, r4, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0xc000}, 0x4004090) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r5, &(0x7f0000000640)={0x28, 0x2, 0x0, {0x0, 0x2, 0x8}}, 0x28) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000700)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000740)={'wpan3\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000780)={'wpan4\x00'}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000800)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000000900)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x60, r6, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000095}, 0x8000) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000009c0)={{0x0, 0x6, 0x1a64, 0x9ec, 0x0, 0x8, 0x200, 0x8, 0x6, 0xfffffffe, 0x4, 0x4, 0x2, 0x7, 0x5}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000a80)={0x0, 0x8, 0xdb0, 0x0, 0xfff}) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x1c, r1, 0x410, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044000}, 0x40080) sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x81c0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d00), r2) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000e00)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x5c, r11, 0x4, 0x70bd29, 0x25dfdbfb, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_DATA={0x38, 0xc5, "9a944ab7ec8c19b4629dc62a8912f013cf64dad33829d2fd32ecef1322f0fdb4116099eb7de7d9a6452396f3800cd158bc5baf81"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000800) r12 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000e80), r0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f0000000fc0)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x2008d060}, 0xc, &(0x7f0000000f80)={&(0x7f0000000ec0)={0xa4, r12, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:newrole_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_1\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010102}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wg2\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x4000001) r13 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001000), 0x202000, 0x0) r14 = syz_genetlink_get_family_id$l2tp(&(0x7f0000001080), r2) sendmsg$L2TP_CMD_TUNNEL_GET(r13, &(0x7f0000001180)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001140)={&(0x7f00000010c0)={0x68, r14, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0xffffffffffffffff}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @loopback}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x81}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x9}]}, 0x68}, 0x1, 0x0, 0x0, 0xc800}, 0x1) lchown(&(0x7f00000011c0)='./file0\x00', 0x0, 0x0) 4.323941295s ago: executing program 3 (id=5): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x3, &(0x7f0000000000)=[{0x15}, {0x20}, {0x6, 0x9, 0x0, 0x1}]}) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000000c0)={0x41c21c49b1a76e92}) open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) socket$inet6(0xa, 0x5, 0x0) syz_open_dev$vivid(&(0x7f0000000000), 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x40000000000ead}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x110, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) preadv(r1, &(0x7f0000000b00)=[{&(0x7f0000000300)=""/30, 0x1e}], 0x1, 0x80000001, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000100)={0x77359400}, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000180)=@base={0x12, 0x0, 0x8, 0x2}, 0x48) socket(0xa, 0x80000, 0x80000004) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x3, 0xfe, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) 4.064740977s ago: executing program 1 (id=2): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, 0x0, 0x0) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x40, &(0x7f0000000280)=ANY=[@ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r3, &(0x7f0000000000), 0x100000008) flock(0xffffffffffffffff, 0x5) flock(0xffffffffffffffff, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$inet6(0xa, 0x2, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0xfffffffffffffffb, 0x1000) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f0000000240)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='mm_page_alloc\x00', r7}, 0x10) r8 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) ppoll(&(0x7f0000000080)=[{r8, 0x4260}], 0x1, 0x0, 0x0, 0x0) sendmsg$inet6(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0xa, 0x4e25, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="24000000000000fe80000000b334000000be29e39ae286", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f00000000c0)={0x0, 0x0}) ioctl$DVD_READ_STRUCT(0xffffffffffffffff, 0x5390, &(0x7f00000001c0)=@manufact={0x4, 0x3, 0x800, "6b3687be359f80ebbc4f94a55889ce055998f0959c01d4bbe58465bb45eebaf10179c9170826eb3c6a581bf537e845ad6da96688d764f30314a1d899df1bb78c8f014205a61a13847c8e1767dc386d0774d7fc9f0bf96215466ee3a8945b1874c6090dd30c7f08595321579bb19c5e2aa39ddb826542e5dc8ef4f37884ec5f0319fc9eed568c26ca7da02811eaceb7a2f0e2e5016f10eed5e2b6c9cc2ddba83c7e8db72e3dfa5bfad8124d96934503301bed0a0e131f169c2399a1ee0d972d1bde684d653f1ef1451ab12a60f48e2e60c6447ac2bf26bdf08c8d018f72866b5f9ec25ba578f37a39aea6ca1ab56e5c4bb80dd4fa3d7c1052e0d4d43146a9d23058d174c2de4acc1875262a00ff0627b9564e65912b0735e0311e59866a3f93407e7a22f83495eeda4fa765ef814cbfd3faab80ab89a5c93be22f8374b316e8b49ad54dce96ac700bc17867a2111d1f92f2f35d00705c836dd4f65e76e3dbf5f64a9947b069e48d893db123db37b39f6dde38f9aa87d7ed075138c5653c5caed8be118dd8649d700a535fd38a3a85d24962a13fa45a99c3ccced110d63795ad2b2358e76b909e340eb1b9411d6fb567df66a7da87fde05733b16279deed1834bfa5a57c96935dfe06494e6eda5c98d56eaf3245b16a8a08b1f8f6bafe4c2eceecd9271131a599a9c39aa331e4bc1d82c4a20cf770141cfa6f918add0783b96fe907a1354448118a3c38b1915f112b579dc5740f73e36eca1dc33a9d3e95e80e4526fc09271cafcdd82c8a1104b45f7dcbed0b8d202a9cd9a64474374a1690fbe9e0d4dc896ad075057ac54e2faf62db14c83b2d0c570bc767664a0f5f5b39b68ac87ab292a0f0473fbd689bb6ffb2e14f8e3b2fe4b13e9f720da26c69c9f1a5a1e7a84f02d0731457606d2dfd4d81091c812499643c58a185ab2bf9b3a6f112624ba5a7e6be6d1e405ae539ec0ea49d21021ff8f365f3b37b7c9462d57987292de8747ae6070639aa5509fe2b7b4b42d75c8127e1d878398cfb3cc7f3c7bc9cef6b4e1f9b3e915586522008a4cd04d0bfcfbe298141946f8b79636f5ec065590051593a346b6f17d381de20704c86e98ad712b049635faeadd6daa09ef73f46350512d94e92d5b3e5ceed9a91cdc349d489a0bec94eda9f59662d1a848a1fbf1b8d48b10514a4d6884d0f8fecb873dcb3f6b4cf1a067b2355d94ef795d8829333e53cfd0c5724243c8d914a0e6582f20cd92e0bdd9ad5d1795e16ee06f593f35fc9b1336379a018ef1a7392edb689c59f4d6753d9a79aaef687e4e2e0143536a3f1cff32f11ad6462fd13ce0bd1c5830455a8a6174342dbf236b85c1cc8049ae8bb4acf62d7f27cf12ca070998819f40865e21e02bef40d8be21b6e3a872a2300e8e9598c7f49838ceccec702789a05fe90abf27a34025d235762f63f3a7b2ff317b62ab91f76a22045ba81df132745c0a82ce13815c2a3c935fbbd0e8881458f2f53a843a66265f7fc45b4fc37cdaef6684ac444d99a86abdc88ece7c09cb022fc9bd16462f79d3afc9712d7a10de4612784b9c5210e1367132a1612a6285ce4552cf8172c90b85b076bae09c02f1f58a7f4b0e17a2242e7772bd0dff773c71909e256278c67aefe04701ba366725ee06b56d25d0053475d6451bda97eb172a57429f1beaa1d9f28bbd6139143ef49ffde1edc4b3bd815caac0c722a4487504c7e073b46078a81985ad26f5ccea9532923eb2f81a076658a9498093a8a2dbadbb0b5e4ee75d24c6df81019bbbc9046a525824e96e520ce2eb8e6816df38afc50a43791b1e75342b809914f05e4d79c321210a98fadd3f21fb5a790fa663d552d342213e83e4f6df9d233263959cb58a211573581bcdfef6034c3387cb9d3bc194487e602d52e20d8cce42db9eb905b7fe1251c13f9d283169e6cf6d23dfb0d35bb62b9243538e19545349b639990b233f605765c76da3d8e36a80aa5480665246a814342b72e0711d512bd9da3404851bac8aba4012cc0142c1ef4a5c2258eec291c5be601d6dc956cf43e761c5b65695a4344f739cd737977b36bec13d6232f3cdc2a336f5f15a25cf61bd7ac3794297b8ae5d51cd904e0ae49d965efc1091ddb564fa922b9667ffe2686c0c350cd0743038e8b8923c9d351dbf12df1f234377518b15f434983cc4286f25333778f52f94a4fd5f3c345797065ad170a7fbf587de272818229c41fbf254118135b45bb0f5324d1dc4cda5014406eae637dcb418c6be4b5ca3f6cdb2ffcc6b017bfd24dc536011a053352783bc22467341b8472360bdf3c8a9cf3c9d01f4b0af982bbb6629c9bcfe7d8011790034224e4de1fe2879f491dbedcd239d3eba54173f6fccd6f2fc51cdd3ddae399c2f97d39536344ec8c2c0e9c9f66bcac3ef695b2a687b671e2e17df5153df0c08206e49e783fbb96535a7087f1297ae425bc2c1c332eca23ecbda555b2478cce2cd6124b74519e0cd1b2723ccad70850c9ec3fd74ea27473aeb34ffd6a16cbd1bbcf057236f5413134c238a8284c85a9656c341c3bf112565163ec3858142fd8b4b037da84c30e593491565f755ba04ce0c17cc15da9e243ac6313f8e7b458b8c960cc46ce36f670f3419aa428bad3612efc2a3eaa22f1c3db01c9d5996e24c2b169b93b1310778557e8e96e47eb5b0a8ac8093fd14e9783e09b8c0f7cbba870601ab1474eaff0d87584da1e55d2d34bb73c9bef3d81313abd2005fdad3d07fd0b675e152f10415555319a4bfe16a6c8c77ce50e94d34569089f25e11fb50428a2113390c0dc42192b0716b6d7aa83245be59f7451ac36c00db0d14bc47f5f23eecb04328158994c672f74d35dc31d9e8bc9795394c50b66b876b49efcdf0427446faf64663bcb"}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0xfffffffffffffdcf, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000002", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYRES8=r4], 0x6f4}}, 0x24004800) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) madvise(&(0x7f0000a2e000/0x3000)=nil, 0xffffffffdf5d1fff, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0xb, 0x6}, &(0x7f0000000140)=0x8) 3.049317715s ago: executing program 3 (id=7): syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) mknod(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x2, 0x0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x42202, 0x0) splice(r0, 0x0, r1, 0x0, 0x114, 0x0) r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x1000000) r3 = open$dir(0x0, 0x481, 0x0) vmsplice(r3, &(0x7f0000000240)=[{&(0x7f0000000300)="10", 0x1}], 0x1, 0x0) 2.076104461s ago: executing program 0 (id=8): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x40, &(0x7f0000000280)=ANY=[@ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r3, &(0x7f0000000000), 0x100000008) flock(0xffffffffffffffff, 0x5) flock(0xffffffffffffffff, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$inet6(0xa, 0x2, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0xfffffffffffffffb, 0x1000) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f0000000240)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='mm_page_alloc\x00', r7}, 0x10) r8 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) ppoll(&(0x7f0000000080)=[{r8, 0x4260}], 0x1, 0x0, 0x0, 0x0) sendmsg$inet6(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0xa, 0x4e25, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="24000000000000fe80000000b334000000be29e39ae286", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f00000000c0)={0x0, 0x0}) ioctl$DVD_READ_STRUCT(0xffffffffffffffff, 0x5390, &(0x7f00000001c0)=@manufact={0x4, 0x3, 0x800, "6b3687be359f80ebbc4f94a55889ce055998f0959c01d4bbe58465bb45eebaf10179c9170826eb3c6a581bf537e845ad6da96688d764f30314a1d899df1bb78c8f014205a61a13847c8e1767dc386d0774d7fc9f0bf96215466ee3a8945b1874c6090dd30c7f08595321579bb19c5e2aa39ddb826542e5dc8ef4f37884ec5f0319fc9eed568c26ca7da02811eaceb7a2f0e2e5016f10eed5e2b6c9cc2ddba83c7e8db72e3dfa5bfad8124d96934503301bed0a0e131f169c2399a1ee0d972d1bde684d653f1ef1451ab12a60f48e2e60c6447ac2bf26bdf08c8d018f72866b5f9ec25ba578f37a39aea6ca1ab56e5c4bb80dd4fa3d7c1052e0d4d43146a9d23058d174c2de4acc1875262a00ff0627b9564e65912b0735e0311e59866a3f93407e7a22f83495eeda4fa765ef814cbfd3faab80ab89a5c93be22f8374b316e8b49ad54dce96ac700bc17867a2111d1f92f2f35d00705c836dd4f65e76e3dbf5f64a9947b069e48d893db123db37b39f6dde38f9aa87d7ed075138c5653c5caed8be118dd8649d700a535fd38a3a85d24962a13fa45a99c3ccced110d63795ad2b2358e76b909e340eb1b9411d6fb567df66a7da87fde05733b16279deed1834bfa5a57c96935dfe06494e6eda5c98d56eaf3245b16a8a08b1f8f6bafe4c2eceecd9271131a599a9c39aa331e4bc1d82c4a20cf770141cfa6f918add0783b96fe907a1354448118a3c38b1915f112b579dc5740f73e36eca1dc33a9d3e95e80e4526fc09271cafcdd82c8a1104b45f7dcbed0b8d202a9cd9a64474374a1690fbe9e0d4dc896ad075057ac54e2faf62db14c83b2d0c570bc767664a0f5f5b39b68ac87ab292a0f0473fbd689bb6ffb2e14f8e3b2fe4b13e9f720da26c69c9f1a5a1e7a84f02d0731457606d2dfd4d81091c812499643c58a185ab2bf9b3a6f112624ba5a7e6be6d1e405ae539ec0ea49d21021ff8f365f3b37b7c9462d57987292de8747ae6070639aa5509fe2b7b4b42d75c8127e1d878398cfb3cc7f3c7bc9cef6b4e1f9b3e915586522008a4cd04d0bfcfbe298141946f8b79636f5ec065590051593a346b6f17d381de20704c86e98ad712b049635faeadd6daa09ef73f46350512d94e92d5b3e5ceed9a91cdc349d489a0bec94eda9f59662d1a848a1fbf1b8d48b10514a4d6884d0f8fecb873dcb3f6b4cf1a067b2355d94ef795d8829333e53cfd0c5724243c8d914a0e6582f20cd92e0bdd9ad5d1795e16ee06f593f35fc9b1336379a018ef1a7392edb689c59f4d6753d9a79aaef687e4e2e0143536a3f1cff32f11ad6462fd13ce0bd1c5830455a8a6174342dbf236b85c1cc8049ae8bb4acf62d7f27cf12ca070998819f40865e21e02bef40d8be21b6e3a872a2300e8e9598c7f49838ceccec702789a05fe90abf27a34025d235762f63f3a7b2ff317b62ab91f76a22045ba81df132745c0a82ce13815c2a3c935fbbd0e8881458f2f53a843a66265f7fc45b4fc37cdaef6684ac444d99a86abdc88ece7c09cb022fc9bd16462f79d3afc9712d7a10de4612784b9c5210e1367132a1612a6285ce4552cf8172c90b85b076bae09c02f1f58a7f4b0e17a2242e7772bd0dff773c71909e256278c67aefe04701ba366725ee06b56d25d0053475d6451bda97eb172a57429f1beaa1d9f28bbd6139143ef49ffde1edc4b3bd815caac0c722a4487504c7e073b46078a81985ad26f5ccea9532923eb2f81a076658a9498093a8a2dbadbb0b5e4ee75d24c6df81019bbbc9046a525824e96e520ce2eb8e6816df38afc50a43791b1e75342b809914f05e4d79c321210a98fadd3f21fb5a790fa663d552d342213e83e4f6df9d233263959cb58a211573581bcdfef6034c3387cb9d3bc194487e602d52e20d8cce42db9eb905b7fe1251c13f9d283169e6cf6d23dfb0d35bb62b9243538e19545349b639990b233f605765c76da3d8e36a80aa5480665246a814342b72e0711d512bd9da3404851bac8aba4012cc0142c1ef4a5c2258eec291c5be601d6dc956cf43e761c5b65695a4344f739cd737977b36bec13d6232f3cdc2a336f5f15a25cf61bd7ac3794297b8ae5d51cd904e0ae49d965efc1091ddb564fa922b9667ffe2686c0c350cd0743038e8b8923c9d351dbf12df1f234377518b15f434983cc4286f25333778f52f94a4fd5f3c345797065ad170a7fbf587de272818229c41fbf254118135b45bb0f5324d1dc4cda5014406eae637dcb418c6be4b5ca3f6cdb2ffcc6b017bfd24dc536011a053352783bc22467341b8472360bdf3c8a9cf3c9d01f4b0af982bbb6629c9bcfe7d8011790034224e4de1fe2879f491dbedcd239d3eba54173f6fccd6f2fc51cdd3ddae399c2f97d39536344ec8c2c0e9c9f66bcac3ef695b2a687b671e2e17df5153df0c08206e49e783fbb96535a7087f1297ae425bc2c1c332eca23ecbda555b2478cce2cd6124b74519e0cd1b2723ccad70850c9ec3fd74ea27473aeb34ffd6a16cbd1bbcf057236f5413134c238a8284c85a9656c341c3bf112565163ec3858142fd8b4b037da84c30e593491565f755ba04ce0c17cc15da9e243ac6313f8e7b458b8c960cc46ce36f670f3419aa428bad3612efc2a3eaa22f1c3db01c9d5996e24c2b169b93b1310778557e8e96e47eb5b0a8ac8093fd14e9783e09b8c0f7cbba870601ab1474eaff0d87584da1e55d2d34bb73c9bef3d81313abd2005fdad3d07fd0b675e152f10415555319a4bfe16a6c8c77ce50e94d34569089f25e11fb50428a2113390c0dc42192b0716b6d7aa83245be59f7451ac36c00db0d14bc47f5f23eecb04328158994c672f74d35dc31d9e8bc9795394c50b66b876b49efcdf0427446faf64663bcb"}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0xfffffffffffffdcf, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000002", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYRES8=r4], 0x6f4}}, 0x24004800) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) madvise(&(0x7f0000a2e000/0x3000)=nil, 0xffffffffdf5d1fff, 0x0) 1.217680427s ago: executing program 0 (id=11): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) rename(0x0, 0x0) 1.056472563s ago: executing program 0 (id=12): connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000200)={0x3c, r1, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x3c}}, 0x0) 980.317545ms ago: executing program 0 (id=13): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)={0x20, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x20}], 0x1}, 0x0) 980.08507ms ago: executing program 0 (id=14): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$netlink(0x10, 0x3, 0x4) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000002980)={0x9, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="cc0000001b0001000000000000000000ac141400000000000000000000000000fe8000000000000000000020000000aa00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/63], 0xcc}}, 0x0) 409.874471ms ago: executing program 2 (id=19): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0xaa, 0x6a, 0xa, 0xff00}, [@call={0x3c}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) 360.640428ms ago: executing program 2 (id=20): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000100)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) 360.480283ms ago: executing program 2 (id=21): r0 = syz_open_dev$dri(&(0x7f0000004280), 0x2000000000, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f00000000c0)=[r2], &(0x7f00000020c0), 0x0, 0x0}) 360.305522ms ago: executing program 1 (id=22): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000014"], 0x34}}, 0x0) 276.587678ms ago: executing program 2 (id=23): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), 0xffffffffffffffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4501, 0x8) sendmmsg$unix(r1, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000001500)=""/3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) listen(r2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0) 276.396527ms ago: executing program 1 (id=24): r0 = socket$tipc(0x1e, 0x4, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x89, &(0x7f0000000180), &(0x7f00000004c0)=0x4) 276.269344ms ago: executing program 1 (id=25): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x4}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 276.071644ms ago: executing program 2 (id=26): socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$rds(0x15, 0x5, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) getsockname(0xffffffffffffffff, 0x0, &(0x7f0000000240)) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 200.101659ms ago: executing program 2 (id=27): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000200)) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000b0d000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=28): bind$inet(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) socket$inet(0x2, 0x0, 0x0) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000000c0)={@loopback}, 0x14) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) kernel console output (not intermixed with test programs): [ 46.324164][ T39] audit: type=1400 audit(1720344662.016:83): avc: denied { read } for pid=4671 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 46.565505][ T39] audit: type=1400 audit(1720344662.256:84): avc: denied { write } for pid=5177 comm="sftp-server" path="pipe:[2893]" dev="pipefs" ino=2893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 48.217304][ T39] audit: type=1400 audit(1720344663.916:85): avc: denied { append } for pid=4671 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 48.226833][ T39] audit: type=1400 audit(1720344663.916:86): avc: denied { open } for pid=4671 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 48.236332][ T39] audit: type=1400 audit(1720344663.916:87): avc: denied { getattr } for pid=4671 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:44453' (ED25519) to the list of known hosts. [ 50.758839][ T5188] cgroup: Unknown subsys name 'net' [ 50.894913][ T5188] cgroup: Unknown subsys name 'rlimit' [ 51.133254][ T5191] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 52.085515][ T5188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.161873][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 56.161883][ T39] audit: type=1400 audit(1720344671.856:105): avc: denied { execmem } for pid=5193 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 56.671387][ T39] audit: type=1400 audit(1720344672.366:106): avc: denied { mounton } for pid=5197 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 56.686487][ T39] audit: type=1400 audit(1720344672.366:107): avc: denied { mount } for pid=5197 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 56.694761][ T39] audit: type=1400 audit(1720344672.366:108): avc: denied { create } for pid=5197 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.703613][ T5200] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.703649][ T39] audit: type=1400 audit(1720344672.366:109): avc: denied { read write } for pid=5197 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.703677][ T39] audit: type=1400 audit(1720344672.366:110): avc: denied { open } for pid=5197 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.723153][ T39] audit: type=1400 audit(1720344672.386:111): avc: denied { ioctl } for pid=5197 comm="syz-executor" path="socket:[5924]" dev="sockfs" ino=5924 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.725295][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.735903][ T5212] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 56.735919][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.735932][ T5210] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 56.737422][ T5213] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 56.737949][ T5213] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 56.739279][ T5211] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 56.740036][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.740664][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.741178][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.742553][ T5210] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 56.744905][ T4633] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 56.747155][ T5210] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 56.750558][ T39] audit: type=1400 audit(1720344672.446:112): avc: denied { read } for pid=5197 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 56.750690][ T4633] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 56.751917][ T5210] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 56.753483][ T4633] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 56.753843][ T4633] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 56.754330][ T65] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 56.756962][ T5210] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 56.759277][ T39] audit: type=1400 audit(1720344672.446:113): avc: denied { open } for pid=5197 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 56.761481][ T5210] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.763844][ T39] audit: type=1400 audit(1720344672.446:114): avc: denied { mounton } for pid=5197 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 56.785477][ T5204] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 56.816958][ T5204] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 56.820633][ T5204] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.102464][ T5197] chnl_net:caif_netlink_parms(): no params data found [ 57.123464][ T5199] chnl_net:caif_netlink_parms(): no params data found [ 57.188563][ T5205] chnl_net:caif_netlink_parms(): no params data found [ 57.386292][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.389736][ T5197] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.392303][ T5197] bridge_slave_0: entered allmulticast mode [ 57.395187][ T5197] bridge_slave_0: entered promiscuous mode [ 57.455483][ T5197] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.458893][ T5197] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.461640][ T5197] bridge_slave_1: entered allmulticast mode [ 57.465548][ T5197] bridge_slave_1: entered promiscuous mode [ 57.524846][ T5205] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.528067][ T5205] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.531081][ T5205] bridge_slave_0: entered allmulticast mode [ 57.534283][ T5205] bridge_slave_0: entered promiscuous mode [ 57.538551][ T5206] chnl_net:caif_netlink_parms(): no params data found [ 57.589459][ T5205] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.592544][ T5205] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.595573][ T5205] bridge_slave_1: entered allmulticast mode [ 57.598911][ T5205] bridge_slave_1: entered promiscuous mode [ 57.608846][ T5197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.612231][ T5199] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.614796][ T5199] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.618252][ T5199] bridge_slave_0: entered allmulticast mode [ 57.621437][ T5199] bridge_slave_0: entered promiscuous mode [ 57.686463][ T5197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.690528][ T5199] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.693915][ T5199] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.701127][ T5199] bridge_slave_1: entered allmulticast mode [ 57.705312][ T5199] bridge_slave_1: entered promiscuous mode [ 57.737527][ T5205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.844891][ T5205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.873894][ T5197] team0: Port device team_slave_0 added [ 57.878510][ T5199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.904313][ T5205] team0: Port device team_slave_0 added [ 57.909364][ T5197] team0: Port device team_slave_1 added [ 57.915293][ T5199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.961280][ T5205] team0: Port device team_slave_1 added [ 58.049770][ T5199] team0: Port device team_slave_0 added [ 58.115747][ T5205] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.118826][ T5205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.129788][ T5205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.178596][ T5199] team0: Port device team_slave_1 added [ 58.181566][ T5206] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.184085][ T5206] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.186756][ T5206] bridge_slave_0: entered allmulticast mode [ 58.189598][ T5206] bridge_slave_0: entered promiscuous mode [ 58.193584][ T5205] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.196608][ T5205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.207530][ T5205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.213460][ T5197] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.216039][ T5197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.225484][ T5197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.279001][ T5206] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.282917][ T5206] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.285921][ T5206] bridge_slave_1: entered allmulticast mode [ 58.289732][ T5206] bridge_slave_1: entered promiscuous mode [ 58.323084][ T5197] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.325962][ T5197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.336652][ T5197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.342070][ T5199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.344571][ T5199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.354650][ T5199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.360100][ T5199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.362542][ T5199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.371395][ T5199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.405519][ T5206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.445311][ T5206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.573869][ T5205] hsr_slave_0: entered promiscuous mode [ 58.576434][ T5205] hsr_slave_1: entered promiscuous mode [ 58.610055][ T5206] team0: Port device team_slave_0 added [ 58.652382][ T5199] hsr_slave_0: entered promiscuous mode [ 58.655102][ T5199] hsr_slave_1: entered promiscuous mode [ 58.659592][ T5199] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.663229][ T5199] Cannot create hsr debugfs directory [ 58.669808][ T5206] team0: Port device team_slave_1 added [ 58.680781][ T5197] hsr_slave_0: entered promiscuous mode [ 58.684369][ T5197] hsr_slave_1: entered promiscuous mode [ 58.688505][ T5197] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.691637][ T5197] Cannot create hsr debugfs directory [ 58.767986][ T5209] Bluetooth: hci0: command tx timeout [ 58.769821][ T5206] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.773367][ T5206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.783653][ T5206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.788761][ T5206] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.791160][ T5206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.802799][ T5206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.846946][ T5209] Bluetooth: hci3: command tx timeout [ 58.856691][ T5209] Bluetooth: hci2: command tx timeout [ 58.856984][ T5204] Bluetooth: hci1: command tx timeout [ 59.021161][ T5206] hsr_slave_0: entered promiscuous mode [ 59.024776][ T5206] hsr_slave_1: entered promiscuous mode [ 59.029859][ T5206] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.032730][ T5206] Cannot create hsr debugfs directory [ 59.333734][ T5205] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.343879][ T5205] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.351629][ T5205] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.356245][ T5205] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.405753][ T5199] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.412052][ T5199] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.417422][ T5199] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 59.423692][ T5199] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 59.503078][ T5197] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.508548][ T5197] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.533653][ T5197] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.540510][ T5197] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.578977][ T5206] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.583901][ T5206] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.595599][ T5205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.610608][ T5206] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.616083][ T5206] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.637583][ T5199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.653983][ T5205] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.673012][ T1818] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.676045][ T1818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.695156][ T5199] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.708749][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.711410][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.727311][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.730348][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.735723][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.738371][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.864097][ T5197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.887552][ T5197] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.902812][ T5206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.911032][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.913772][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.931645][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.934678][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.945639][ T5206] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.961356][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.964170][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.969950][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.972708][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.044844][ T5199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.050929][ T5205] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.068256][ T5206] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.145374][ T5199] veth0_vlan: entered promiscuous mode [ 60.169779][ T5205] veth0_vlan: entered promiscuous mode [ 60.175371][ T5199] veth1_vlan: entered promiscuous mode [ 60.189968][ T5205] veth1_vlan: entered promiscuous mode [ 60.211013][ T5197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.217982][ T5206] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.226435][ T5199] veth0_macvtap: entered promiscuous mode [ 60.238894][ T5199] veth1_macvtap: entered promiscuous mode [ 60.274790][ T5199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.293918][ T5199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.303091][ T5205] veth0_macvtap: entered promiscuous mode [ 60.320321][ T5206] veth0_vlan: entered promiscuous mode [ 60.324190][ T5199] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.328043][ T5199] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.331505][ T5199] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.334889][ T5199] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.345725][ T5197] veth0_vlan: entered promiscuous mode [ 60.351962][ T5205] veth1_macvtap: entered promiscuous mode [ 60.379569][ T5206] veth1_vlan: entered promiscuous mode [ 60.391797][ T5197] veth1_vlan: entered promiscuous mode [ 60.400618][ T5205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.405061][ T5205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.411638][ T5205] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.417924][ T5205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.421404][ T5205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.425893][ T5205] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.459756][ T5205] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.459797][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.463449][ T5205] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.467816][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.470473][ T5205] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.477276][ T5205] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.513913][ T5206] veth0_macvtap: entered promiscuous mode [ 60.520039][ T5206] veth1_macvtap: entered promiscuous mode [ 60.540187][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.543994][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.561340][ T5197] veth0_macvtap: entered promiscuous mode [ 60.584446][ T5206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.588741][ T5206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.591952][ T5206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.595285][ T5206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.600164][ T5206] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.611018][ T3060] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.614542][ T3060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.622437][ T5197] veth1_macvtap: entered promiscuous mode [ 60.670949][ T5206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.675431][ T5206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.680348][ T5206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.684800][ T5206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.690399][ T5206] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.702005][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.703085][ T5197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.704629][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.712468][ T5197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.715735][ T5197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.719511][ T5197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.722779][ T5197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.727030][ T5197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.732051][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.736455][ T5206] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.740488][ T5206] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.743495][ T5206] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.747611][ T5206] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.769236][ T5197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.773701][ T5197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.778786][ T5197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.783101][ T5197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.790715][ T5197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.795439][ T5197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.802602][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.817768][ T5197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.821362][ T5197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.824928][ T5197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.829958][ T5197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.850564][ T5204] Bluetooth: hci0: command tx timeout [ 60.926999][ T5204] Bluetooth: hci2: command tx timeout [ 60.927226][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 60.928638][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.928654][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.929274][ T5204] Bluetooth: hci1: command tx timeout [ 60.932107][ T5209] Bluetooth: hci3: command tx timeout [ 61.005242][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.017916][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.054094][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 61.055802][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.066141][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.149628][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.156392][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.160122][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.167872][ T39] kauditd_printk_skb: 29 callbacks suppressed [ 61.167885][ T39] audit: type=1400 audit(1720344676.866:144): avc: denied { map_create } for pid=5268 comm="syz.3.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.169425][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.177111][ T39] audit: type=1400 audit(1720344676.866:145): avc: denied { create } for pid=5268 comm="syz.3.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 61.244051][ T39] audit: type=1400 audit(1720344676.886:146): avc: denied { map_read map_write } for pid=5268 comm="syz.3.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 61.272250][ T39] audit: type=1400 audit(1720344676.906:147): avc: denied { read write } for pid=5278 comm="syz.1.2" name="event0" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 61.281987][ T39] audit: type=1400 audit(1720344676.906:148): avc: denied { open } for pid=5278 comm="syz.1.2" path="/dev/input/event0" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 61.282601][ T5282] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.306841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.362224][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.371006][ T39] audit: type=1400 audit(1720344677.056:149): avc: denied { read write } for pid=5278 comm="syz.1.2" name="swradio2" dev="devtmpfs" ino=926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 61.426221][ T39] audit: type=1400 audit(1720344677.056:150): avc: denied { open } for pid=5278 comm="syz.1.2" path="/dev/swradio2" dev="devtmpfs" ino=926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 61.668483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.727147][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.730740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.734228][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.117890][ T39] audit: type=1400 audit(1720344677.816:151): avc: denied { setopt } for pid=5284 comm="syz.0.1" lport=56 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.125986][ T39] audit: type=1400 audit(1720344677.816:152): avc: denied { connect } for pid=5284 comm="syz.0.1" lport=56 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.153367][ T39] audit: type=1400 audit(1720344677.846:153): avc: denied { ioctl } for pid=5290 comm="syz.3.7" path="/dev/raw-gadget" dev="devtmpfs" ino=761 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.155783][ T5287] Zero length message leads to an empty skb [ 62.437035][ T5271] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 62.616643][ T5271] usb 8-1: Using ep0 maxpacket: 8 [ 62.621603][ T5271] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 62.625016][ T5271] usb 8-1: config 179 has no interface number 0 [ 62.628296][ T5271] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 62.632843][ T5271] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 62.639454][ T5271] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 62.643992][ T5271] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 62.650240][ T5271] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 62.660218][ T5271] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 62.666276][ T5271] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.681206][ T5292] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 62.937085][ T5204] Bluetooth: hci0: command tx timeout [ 63.007134][ T5204] Bluetooth: hci3: command tx timeout [ 63.009857][ T65] Bluetooth: hci2: command tx timeout [ 63.017158][ T5204] Bluetooth: hci1: command tx timeout [ 63.436376][ T5303] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9'. [ 64.686887][ T5326] netlink: 'syz.2.18': attribute type 1 has an invalid length. [ 64.689829][ T5326] netlink: 9368 bytes leftover after parsing attributes in process `syz.2.18'. [ 64.692668][ T5326] netlink: 16 bytes leftover after parsing attributes in process `syz.2.18'. [ 64.839142][ T5334] netlink: 32 bytes leftover after parsing attributes in process `syz.1.22'. [ 65.007026][ T5204] Bluetooth: hci0: command tx timeout [ 65.087302][ T5204] Bluetooth: hci1: command tx timeout [ 65.089628][ T5204] Bluetooth: hci3: command tx timeout [ 65.092272][ T5204] Bluetooth: hci2: command tx timeout [ 65.187178][ C2] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 65.187214][ T58] usb 8-1: USB disconnect, device number 2 [ 65.190564][ C2] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 65.196807][ C2] ================================================================== [ 65.200177][ C2] BUG: KASAN: slab-use-after-free in register_lock_class+0x101f/0x1230 [ 65.203617][ C2] Read of size 1 at addr ffff888023031091 by task swapper/2/0 [ 65.208556][ C2] [ 65.209481][ C2] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 65.213271][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.217806][ C2] Call Trace: [ 65.219218][ C2] [ 65.220463][ C2] dump_stack_lvl+0x116/0x1f0 [ 65.222515][ C2] print_report+0xc3/0x620 [ 65.224429][ C2] ? __virt_addr_valid+0x5e/0x580 [ 65.226591][ C2] ? __phys_addr+0xc6/0x150 [ 65.228536][ C2] kasan_report+0xd9/0x110 [ 65.230461][ C2] ? register_lock_class+0x101f/0x1230 [ 65.232461][ C2] ? register_lock_class+0x101f/0x1230 [ 65.234408][ C2] register_lock_class+0x101f/0x1230 [ 65.236543][ C2] ? __pfx_register_lock_class+0x10/0x10 [ 65.238511][ C2] ? __wake_up_klogd.part.0+0x99/0xf0 [ 65.240374][ C2] __lock_acquire+0x111/0x3b30 [ 65.242368][ C2] ? __pfx___lock_acquire+0x10/0x10 [ 65.244381][ C2] ? __pfx___lock_acquire+0x10/0x10 [ 65.246083][ C2] lock_acquire+0x1b1/0x560 [ 65.247619][ C2] ? __wake_up+0x1c/0x60 [ 65.249096][ C2] ? __pfx_lock_acquire+0x10/0x10 [ 65.251025][ C2] ? find_held_lock+0x2d/0x110 [ 65.252858][ C2] ? __usb_hcd_giveback_urb+0x466/0x6e0 [ 65.254769][ C2] ? __pfx_lock_release+0x10/0x10 [ 65.256548][ C2] ? do_raw_spin_unlock+0x172/0x230 [ 65.258912][ C2] _raw_spin_lock_irqsave+0x3a/0x60 [ 65.260750][ C2] ? __wake_up+0x1c/0x60 [ 65.262196][ C2] __wake_up+0x1c/0x60 [ 65.263564][ C2] usb_anchor_resume_wakeups+0xc2/0xe0 [ 65.265352][ C2] __usb_hcd_giveback_urb+0x3b7/0x6e0 [ 65.267149][ C2] usb_hcd_giveback_urb+0x396/0x450 [ 65.269254][ C2] dummy_timer+0x17f6/0x3900 [ 65.270829][ C2] ? __pfx___lock_acquire+0x10/0x10 [ 65.272582][ C2] ? __hrtimer_run_queues+0x5a7/0xcc0 [ 65.274409][ C2] ? __pfx_lock_release+0x10/0x10 [ 65.276176][ C2] ? __pfx_dummy_timer+0x10/0x10 [ 65.278235][ C2] ? timerqueue_del+0x83/0x150 [ 65.280347][ C2] ? __pfx_dummy_timer+0x10/0x10 [ 65.282426][ C2] __hrtimer_run_queues+0x20c/0xcc0 [ 65.284589][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 65.286873][ C2] ? ktime_get_update_offsets_now+0x201/0x310 [ 65.289000][ C2] hrtimer_interrupt+0x31b/0x800 [ 65.290708][ C2] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 65.292693][ C2] sysvec_apic_timer_interrupt+0x90/0xb0 [ 65.294758][ C2] [ 65.295996][ C2] [ 65.297033][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 65.299070][ C2] RIP: 0010:default_idle+0xf/0x20 [ 65.300710][ C2] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 13 3f 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 65.307857][ C2] RSP: 0018:ffffc90000197e08 EFLAGS: 00000246 [ 65.309874][ C2] RAX: 000000000005f993 RBX: 0000000000000002 RCX: ffffffff8ae767b9 [ 65.312450][ C2] RDX: 0000000000000000 RSI: ffffffff8b2caf00 RDI: ffffffff8b8ff680 [ 65.315146][ C2] RBP: ffffed1002fd9000 R08: 0000000000000001 R09: ffffed100d646fdd [ 65.318394][ C2] R10: ffff88806b237eeb R11: 0000000000000000 R12: 0000000000000002 [ 65.321670][ C2] R13: ffff888017ec8000 R14: ffffffff8fe43850 R15: 0000000000000000 [ 65.324716][ C2] ? ct_kernel_exit+0x139/0x190 [ 65.326877][ C2] default_idle_call+0x6d/0xb0 [ 65.328769][ C2] do_idle+0x32c/0x3f0 [ 65.330544][ C2] ? __pfx_do_idle+0x10/0x10 [ 65.332441][ C2] cpu_startup_entry+0x4f/0x60 [ 65.334059][ C2] start_secondary+0x220/0x2b0 [ 65.335647][ C2] ? __pfx_start_secondary+0x10/0x10 [ 65.337567][ C2] common_startup_64+0x13e/0x148 [ 65.339316][ C2] [ 65.340605][ C2] [ 65.341711][ C2] Allocated by task 5271: [ 65.343496][ C2] kasan_save_stack+0x33/0x60 [ 65.345144][ C2] kasan_save_track+0x14/0x30 [ 65.346753][ C2] __kasan_kmalloc+0xaa/0xb0 [ 65.348294][ C2] xpad_probe+0x27e/0x1f50 [ 65.349760][ C2] usb_probe_interface+0x309/0x9d0 [ 65.351455][ C2] really_probe+0x23e/0xa90 [ 65.352973][ C2] __driver_probe_device+0x1de/0x440 [ 65.354775][ C2] driver_probe_device+0x4c/0x1b0 [ 65.356472][ C2] __device_attach_driver+0x1df/0x310 [ 65.358268][ C2] bus_for_each_drv+0x157/0x1e0 [ 65.359856][ C2] __device_attach+0x1e8/0x4b0 [ 65.361392][ C2] bus_probe_device+0x17f/0x1c0 [ 65.363013][ C2] device_add+0x114b/0x1a70 [ 65.364544][ C2] usb_set_configuration+0x10cb/0x1c50 [ 65.366408][ C2] usb_generic_driver_probe+0xb1/0x110 [ 65.368210][ C2] usb_probe_device+0xec/0x3e0 [ 65.369818][ C2] really_probe+0x23e/0xa90 [ 65.371312][ C2] __driver_probe_device+0x1de/0x440 [ 65.373011][ C2] driver_probe_device+0x4c/0x1b0 [ 65.374635][ C2] __device_attach_driver+0x1df/0x310 [ 65.376452][ C2] bus_for_each_drv+0x157/0x1e0 [ 65.378523][ C2] __device_attach+0x1e8/0x4b0 [ 65.380582][ C2] bus_probe_device+0x17f/0x1c0 [ 65.382646][ C2] device_add+0x114b/0x1a70 [ 65.384596][ C2] usb_new_device+0xd90/0x1a10 [ 65.386657][ C2] hub_event+0x2db0/0x4e20 [ 65.388559][ C2] process_one_work+0x9c5/0x1b40 [ 65.390673][ C2] worker_thread+0x6c8/0xf30 [ 65.392650][ C2] kthread+0x2c1/0x3a0 [ 65.394431][ C2] ret_from_fork+0x45/0x80 [ 65.396298][ C2] ret_from_fork_asm+0x1a/0x30 [ 65.398302][ C2] [ 65.399358][ C2] Freed by task 58: [ 65.400975][ C2] kasan_save_stack+0x33/0x60 [ 65.402958][ C2] kasan_save_track+0x14/0x30 [ 65.404983][ C2] kasan_save_free_info+0x3b/0x60 [ 65.407113][ C2] poison_slab_object+0xf7/0x160 [ 65.409164][ C2] __kasan_slab_free+0x32/0x50 [ 65.411264][ C2] kfree+0x12a/0x3b0 [ 65.412943][ C2] xpad_disconnect+0x1cf/0x580 [ 65.415011][ C2] usb_unbind_interface+0x1e8/0x970 [ 65.417187][ C2] device_remove+0x122/0x170 [ 65.419196][ C2] device_release_driver_internal+0x44a/0x610 [ 65.421811][ C2] bus_remove_device+0x22f/0x420 [ 65.423914][ C2] device_del+0x396/0x9f0 [ 65.425764][ C2] usb_disable_device+0x36c/0x7f0 [ 65.427822][ C2] usb_disconnect+0x2e1/0x920 [ 65.429796][ C2] hub_event+0x1dbb/0x4e20 [ 65.431616][ C2] process_one_work+0x9c5/0x1b40 [ 65.433658][ C2] worker_thread+0x6c8/0xf30 [ 65.435565][ C2] kthread+0x2c1/0x3a0 [ 65.437224][ C2] ret_from_fork+0x45/0x80 [ 65.439014][ C2] ret_from_fork_asm+0x1a/0x30 [ 65.440940][ C2] [ 65.441728][ C2] The buggy address belongs to the object at ffff888023031000 [ 65.441728][ C2] which belongs to the cache kmalloc-1k of size 1024 [ 65.446826][ C2] The buggy address is located 145 bytes inside of [ 65.446826][ C2] freed 1024-byte region [ffff888023031000, ffff888023031400) [ 65.451920][ C2] [ 65.452729][ C2] The buggy address belongs to the physical page: [ 65.454798][ C2] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23030 [ 65.457896][ C2] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.460745][ C2] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 65.463313][ C2] page_type: 0xffffefff(slab) [ 65.464988][ C2] raw: 00fff00000000040 ffff888015442dc0 dead000000000122 0000000000000000 [ 65.468299][ C2] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 65.471617][ C2] head: 00fff00000000040 ffff888015442dc0 dead000000000122 0000000000000000 [ 65.475117][ C2] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 65.478597][ C2] head: 00fff00000000003 ffffea00008c0c01 ffffffffffffffff 0000000000000000 [ 65.482190][ C2] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 65.485794][ C2] page dumped because: kasan: bad access detected [ 65.488501][ C2] page_owner tracks the page as allocated [ 65.490901][ C2] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5286, tgid 5284 (syz.0.1), ts 62692627486, free_ts 62649822403 [ 65.498590][ C2] post_alloc_hook+0x2d1/0x350 [ 65.500142][ C2] get_page_from_freelist+0x1353/0x2e50 [ 65.502110][ C2] __alloc_pages_noprof+0x22b/0x2460 [ 65.504271][ C2] alloc_slab_page+0x56/0x110 [ 65.506227][ C2] new_slab+0x84/0x260 [ 65.507558][ C2] ___slab_alloc+0xdac/0x1870 [ 65.509495][ C2] __slab_alloc.constprop.0+0x56/0xb0 [ 65.511322][ C2] __kmalloc_noprof+0x36d/0x410 [ 65.513015][ C2] ieee802_11_parse_elems_full+0xea/0x15d0 [ 65.514903][ C2] ieee80211_inform_bss+0xfd/0x1140 [ 65.516693][ C2] cfg80211_inform_single_bss_data+0x87d/0x2080 [ 65.518796][ C2] cfg80211_inform_bss_data+0x205/0x39d0 [ 65.520569][ C2] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 65.522516][ C2] ieee80211_bss_info_update+0x311/0xab0 [ 65.524300][ C2] ieee80211_scan_rx+0x47c/0xad0 [ 65.525912][ C2] ieee80211_rx_list+0x1be1/0x2e90 [ 65.527694][ C2] page last free pid 4678 tgid 4678 stack trace: [ 65.529718][ C2] free_unref_page+0x64a/0xe40 [ 65.531371][ C2] __put_partials+0x14c/0x170 [ 65.532999][ C2] qlist_free_all+0x4e/0x140 [ 65.534627][ C2] kasan_quarantine_reduce+0x192/0x1e0 [ 65.536416][ C2] __kasan_slab_alloc+0x69/0x90 [ 65.538066][ C2] kmem_cache_alloc_node_noprof+0x153/0x310 [ 65.540131][ C2] __alloc_skb+0x2b1/0x380 [ 65.541873][ C2] alloc_skb_with_frags+0xe4/0x710 [ 65.544038][ C2] sock_alloc_send_pskb+0x7f1/0x980 [ 65.546201][ C2] unix_dgram_sendmsg+0x4b8/0x1a60 [ 65.547976][ C2] __sys_sendto+0x47f/0x4e0 [ 65.549831][ C2] __x64_sys_sendto+0xe0/0x1c0 [ 65.551599][ C2] do_syscall_64+0xcd/0x250 [ 65.553510][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.556028][ C2] [ 65.557067][ C2] Memory state around the buggy address: [ 65.559437][ C2] ffff888023030f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.562609][ C2] ffff888023031000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.565405][ C2] >ffff888023031080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.568095][ C2] ^ [ 65.569675][ C2] ffff888023031100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.572418][ C2] ffff888023031180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.575107][ C2] ================================================================== [ 65.577632][ C2] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 65.579797][ C2] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 6.10.0-rc6-syzkaller-00215-g22f902dfc51e #0 [ 65.582979][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.586914][ C2] Call Trace: [ 65.588257][ C2] [ 65.589439][ C2] dump_stack_lvl+0x3d/0x1f0 [ 65.591026][ C2] panic+0x6f5/0x7a0 [ 65.592366][ C2] ? __pfx_panic+0x10/0x10 [ 65.593934][ C2] ? rcu_is_watching+0x12/0xc0 [ 65.595544][ C2] ? __pfx_lock_release+0x10/0x10 [ 65.597333][ C2] ? check_panic_on_warn+0x1f/0xb0 [ 65.599072][ C2] check_panic_on_warn+0xab/0xb0 [ 65.600908][ C2] end_report+0x117/0x180 [ 65.602442][ C2] kasan_report+0xe9/0x110 [ 65.604218][ C2] ? register_lock_class+0x101f/0x1230 [ 65.606056][ C2] ? register_lock_class+0x101f/0x1230 [ 65.607860][ C2] register_lock_class+0x101f/0x1230 [ 65.609671][ C2] ? __pfx_register_lock_class+0x10/0x10 [ 65.611568][ C2] ? __wake_up_klogd.part.0+0x99/0xf0 [ 65.613793][ C2] __lock_acquire+0x111/0x3b30 [ 65.615746][ C2] ? __pfx___lock_acquire+0x10/0x10 [ 65.617699][ C2] ? __pfx___lock_acquire+0x10/0x10 [ 65.619624][ C2] lock_acquire+0x1b1/0x560 [ 65.621067][ C2] ? __wake_up+0x1c/0x60 [ 65.622448][ C2] ? __pfx_lock_acquire+0x10/0x10 [ 65.624156][ C2] ? find_held_lock+0x2d/0x110 [ 65.625727][ C2] ? __usb_hcd_giveback_urb+0x466/0x6e0 [ 65.627581][ C2] ? __pfx_lock_release+0x10/0x10 [ 65.629240][ C2] ? do_raw_spin_unlock+0x172/0x230 [ 65.631218][ C2] _raw_spin_lock_irqsave+0x3a/0x60 [ 65.633397][ C2] ? __wake_up+0x1c/0x60 [ 65.635208][ C2] __wake_up+0x1c/0x60 [ 65.636713][ C2] usb_anchor_resume_wakeups+0xc2/0xe0 [ 65.639032][ C2] __usb_hcd_giveback_urb+0x3b7/0x6e0 [ 65.640814][ C2] usb_hcd_giveback_urb+0x396/0x450 [ 65.642553][ C2] dummy_timer+0x17f6/0x3900 [ 65.644096][ C2] ? __pfx___lock_acquire+0x10/0x10 [ 65.645776][ C2] ? __hrtimer_run_queues+0x5a7/0xcc0 [ 65.647837][ C2] ? __pfx_lock_release+0x10/0x10 [ 65.649833][ C2] ? __pfx_dummy_timer+0x10/0x10 [ 65.651509][ C2] ? timerqueue_del+0x83/0x150 [ 65.653144][ C2] ? __pfx_dummy_timer+0x10/0x10 [ 65.654816][ C2] __hrtimer_run_queues+0x20c/0xcc0 [ 65.656672][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 65.658609][ C2] ? ktime_get_update_offsets_now+0x201/0x310 [ 65.660644][ C2] hrtimer_interrupt+0x31b/0x800 [ 65.662296][ C2] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 65.664760][ C2] sysvec_apic_timer_interrupt+0x90/0xb0 [ 65.667132][ C2] [ 65.668391][ C2] [ 65.669671][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 65.672194][ C2] RIP: 0010:default_idle+0xf/0x20 [ 65.674331][ C2] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 13 3f 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 65.680800][ C2] RSP: 0018:ffffc90000197e08 EFLAGS: 00000246 [ 65.682797][ C2] RAX: 000000000005f993 RBX: 0000000000000002 RCX: ffffffff8ae767b9 [ 65.685651][ C2] RDX: 0000000000000000 RSI: ffffffff8b2caf00 RDI: ffffffff8b8ff680 [ 65.688228][ C2] RBP: ffffed1002fd9000 R08: 0000000000000001 R09: ffffed100d646fdd [ 65.691096][ C2] R10: ffff88806b237eeb R11: 0000000000000000 R12: 0000000000000002 [ 65.693781][ C2] R13: ffff888017ec8000 R14: ffffffff8fe43850 R15: 0000000000000000 [ 65.696384][ C2] ? ct_kernel_exit+0x139/0x190 [ 65.698164][ C2] default_idle_call+0x6d/0xb0 [ 65.700106][ C2] do_idle+0x32c/0x3f0 [ 65.701780][ C2] ? __pfx_do_idle+0x10/0x10 [ 65.703581][ C2] cpu_startup_entry+0x4f/0x60 [ 65.705511][ C2] start_secondary+0x220/0x2b0 [ 65.707508][ C2] ? __pfx_start_secondary+0x10/0x10 [ 65.709565][ C2] common_startup_64+0x13e/0x148 [ 65.711454][ C2] [ 66.796950][ C2] Shutting down cpus with NMI [ 66.799158][ C2] Kernel Offset: disabled [ 66.800593][ C2] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:31:21 Registers: info registers vcpu 0 CPU#0 RAX=000000000003ffff RBX=0000000000000000 RCX=ffffc900058a3000 RDX=0000000000040000 RSI=ffffffff8987f9eb RDI=0000000000000005 RBP=ffff8880408c5000 RSP=ffffc9000393f808 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000002 R14=ffffffff8f914980 R15=0000000000000002 RIP=ffffffff818de4d8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fab1abde6c0 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fab1abddfa8 CR3=000000002ec82000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b1e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b1e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b1e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b1e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b1e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b1e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b2d4488 00007fab1b2d4480 00007fab1b2d4478 00007fab1b2d4450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1be3d100 00007fab1b2d4440 00007fab1b2d4458 00007fab1b2d44a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fab1b2d4498 00007fab1b2d4490 00007fab1b2d4488 00007fab1b2d4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000005cf89 RBX=0000000000000001 RCX=ffffffff8ae767b9 RDX=0000000000000000 RSI=ffffffff8b2caf00 RDI=ffffffff8b8ff680 RBP=ffffed1002fd6910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d626fdd R10=ffff88806b137eeb R11=0000000000000000 R12=0000000000000001 R13=ffff888017eb4880 R14=ffffffff8fe43850 R15=0000000000000000 RIP=ffffffff8ae77baf RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055b6bde2b8e8 CR3=000000001b88e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=aa37f304aa37f304 aa37f304aa37f304 aa37f304aa37f304 aa37f304aa37f304 aa37f304aa37f304 aa37f304aa37f304 aa37f304aa37f304 aa37f304aa37f304 ZMM22=2fc2424e2fc2424e 2fc2424e2fc2424e 2fc2424e2fc2424e 2fc2424e2fc2424e 2fc2424e2fc2424e 2fc2424e2fc2424e 2fc2424e2fc2424e 2fc2424e2fc2424e ZMM23=20a20cd820a20cd8 20a20cd820a20cd8 20a20cd820a20cd8 20a20cd820a20cd8 20a20cd820a20cd8 20a20cd820a20cd8 20a20cd820a20cd8 20a20cd820a20cd8 ZMM24=726af527726af527 726af527726af527 726af527726af527 726af527726af527 726af527726af527 726af527726af527 726af527726af527 726af527726af527 ZMM25=e812badee812bade e812badee812bade e812badee812bade e812badee812bade e812badee812bade e812badee812bade e812badee812bade e812badee812bade ZMM26=0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b 0eb9fc3b0eb9fc3b ZMM27=800e6676800e6676 800e6676800e6676 800e6676800e6676 800e6676800e6676 800e6676800e6676 800e6676800e6676 800e6676800e6676 800e6676800e6676 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=1f0300001f030000 1f0300001f030000 1f0300001f030000 1f0300001f030000 1f0300001f030000 1f0300001f030000 1f0300001f030000 1f0300001f030000 info registers vcpu 2 CPU#2 RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fd2cc5 RDI=ffffffff94dd71a0 RBP=ffffffff94dd7160 RSP=ffffc900008582d8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000033 R14=ffffffff84fd2c60 R15=0000000000000000 RIP=ffffffff84fd2cef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f287ccd0ab8 CR3=000000003c470000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc6f1d7410 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f40e8de4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f40e8de4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f40e8de432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f40e8de4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f40e8de43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f40e8de44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff813c34de RDX=ffff88801679a440 RSI=ffffffff813c34fb RDI=0000000000000000 RBP=ffffffff94b018e0 RSP=ffffc90000aa7338 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000005 R12=0000000000000003 R13=0000000000000003 R14=ffff88806b33fa40 R15=fffffbfff296031c RIP=ffffffff813c34fc RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555566b65808 CR3=000000001f3f4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd8944bc0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7a9c9e4325 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7a9c9e4332 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7a9c9e432c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7a9c9e4340 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7a9c9e43c6 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7a9c9e44a4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 00000000000000a0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000