last executing test programs: 1.608075706s ago: executing program 0 (id=96): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000000)={0x1, r1, 0x1, 0x9, 0xfffffff8, 0x3ff}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 1.538348027s ago: executing program 0 (id=97): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x3}}, 0x1c) (async) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x3}}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x6, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f00000000c0)={0xd, 0x1, 0x3, "872290ee01689bee266d8c7a6aa6995c1937025a4754aa9610c55ae1146141bb", 0x5ac79482}) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x98, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r5}}]}, {0x4, 0xa}, {0xc}, {0xc}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00'}) syz_open_dev$tty1(0xc, 0x4, 0x1) (async) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}}) (async) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}}) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0xfffe, 0x101}}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f00000001c0)="8469b66e", 0x1f, 0x4000084, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) (async) r8 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) (async) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r9) ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000340)={0x8, 0xb6, 0x401}) (async) ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000340)={0x8, 0xb6, 0x401}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r7, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {r9}}, './file0\x00'}) ioctl$KVM_GET_MP_STATE(r10, 0x8004ae98, &(0x7f0000000080)) (async) ioctl$KVM_GET_MP_STATE(r10, 0x8004ae98, &(0x7f0000000080)) mount(&(0x7f0000000180)=@sg0, &(0x7f00000000c0)='.\x00', &(0x7f0000000000)='ubifs\x00', 0x2000c2, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) (async) r12 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r12, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r12, &(0x7f00000000c0)={0x1d, r13}, 0x18) sendmsg$can_j1939(r12, &(0x7f0000000340)={&(0x7f0000000180)={0x1d, r13, 0x0, {0x0, 0x1, 0x1}, 0xff}, 0x18, &(0x7f0000000300)={&(0x7f00000002c0)}, 0x1, 0x0, 0x0, 0x20008980}, 0x40) mount$nfs4(&(0x7f0000000100)='ubifs\x00', &(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0), 0x45034, &(0x7f0000000200)={[{'/dev/sg0\x00'}, {']\\'}, {'('}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '*,.'}}, {@obj_type}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@euid_lt={'euid<', r11}}, {@obj_user={'obj_user', 0x3d, '/dev/sg0\x00'}}, {@smackfshat={'smackfshat', 0x3d, ')#'}}]}) (async) mount$nfs4(&(0x7f0000000100)='ubifs\x00', &(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0), 0x45034, &(0x7f0000000200)={[{'/dev/sg0\x00'}, {']\\'}, {'('}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '*,.'}}, {@obj_type}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@euid_lt={'euid<', r11}}, {@obj_user={'obj_user', 0x3d, '/dev/sg0\x00'}}, {@smackfshat={'smackfshat', 0x3d, ')#'}}]}) 1.538130522s ago: executing program 0 (id=98): r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x11, &(0x7f0000000080)=0x1, 0x4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/cgroup', 0x0, 0x0) flistxattr(r2, 0x0, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_pwait(r4, &(0x7f0000000440)=[{}], 0x1, 0x401, 0x0, 0x0) epoll_pwait(r4, &(0x7f0000000180)=[{}], 0x1, 0x2, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000d00)={0x11, 0x1c, r6, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x800) 1.259332589s ago: executing program 3 (id=103): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000005000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/12, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000050c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="3400000019000100000a56b018d36f122d"], 0x34}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r2}, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0xef3, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) getsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xe, 0x0, &(0x7f00000000c0)) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r6}, 0x10) r7 = dup(r5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[], [], 0x6b}}) 1.110069666s ago: executing program 3 (id=106): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e999000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000004e220000000000000a00"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000014"], 0x188}}, 0x40810) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @empty=0xe0000001}, {0x0, 0x17c1, 0x8}}}}}, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000040)=0x7ff, 0x4) 1.109383632s ago: executing program 3 (id=108): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$sock(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000080)="bac5eb6696634b8079857239d6f688a4759c98fc004b693b55504964c5b5f44c841a1c07b27712b09af5efb0f006ee9f017c82e83c50a15ba5b38ecbbf64e56d9a1d9833a00b5fac54", 0x49}, {&(0x7f0000000100)="bf2a8e4341306f07bb884ec2a0d8b437899f9d329550d2ad87965d7a54fefe705f4f24d961e8d9f1baeab676734b6d1fb689fd67195c4280303450d14466f72f74619d6f06c5b0689456a5e39d510a3ff0f11201941eb242e048b8af80fbe693ef9718f3d3ad2eaba8e69a9d88f1a082549e47266a47bc649112431b1d9488e36b35ed482f5c85b6edcc261e7fd2ef17ff918a8087d0e18d0b9195cba6286d99627e5e11236011c1b07915373e98b72656ddd2b91f713c61900d2d8f11764ea7bb1bbb1287c6ece2489f0ef064dd2647eba1", 0xd2}, {&(0x7f00000005c0)="b1d89a94a7d69ebdbb82d644bbcf67b03c08a282ea18072518ff5b8c4d2e263fc33ccf3734c5cba35b9cfa62ebc7f943d82e05da4651c092a5bdde151a1d21a2806e82d689b7ab7de14dd6339e6369cebfbf2a7ec3c2a1797331f5241bead6126b838d9522c4b00bc7d7e3a1d213ca90c7a0a53b3f33da4f99f6b4ac78561677698c7bab1abb55e05ea3fca2e9cd71629f1613102386bee9d20017ae96d3147cfa4b3744ae3742f6c36b2d3a3247667dd9099356725c195ec51cdeec28aba04d5596f3ec1af474c5002cfc033a8dc5826216f8b8741118caa365f4cd1c6ac9cbb24eae98df2025107fa708b437e3075e67bd11b154bc9c6f1d7a892a1ad39dacb9708cfd255fc6390f828cd987c141958ca0d4bd9d2ba4673bf99cf9d72ec76d0307faef8b6b7f3705c8af9e9671d06abe4fc856bc55d55364aa1c549e3481be2e3ec46925c6ca4504df93d49dbe93be3a7d6ece40c50cfcc745138b28eae884ebc671a190735c96682321fc12bbec529453c0de377d6a64999397478640ade829fb40b09beb8890166cb5de3bbb9747e7704804fadd5b2d94952d9c3f1c62c2344c9ea96e9ddabde8426066d37034fc55eb0522fa25aa8d63e322b7379a60c2bf5a3ac8a643a07f55f490408997b166fdbd2a4a92fd91c5d0401cee153b21e335a4f64071249214b036548ce6103e76fa5ef694337ca917b102fca6fc5d4d4f1acb4f24f46fd931f800e5bf186202f9316f5d582444df992827811d63084811771aac655269d1cdd5d55b1b58e952277fc5b87304c3a918ef2b1e8c704f9142a620e0d6844c674ca20c65370fb0bc47ab11866477162ba86c4bca35857b154496d51216a4df82c77e9d89cf5b909a258d8e485cba98987596c3b06f2a39fbaf8f648bf4a30321c60194f6820e7f8485162ed587025b7e2e4df482cffc5c5e17b56947d2bba65a3c7b6bc9cb00a9ea21815fcb616b0f174eeede677c51a9839f7fe38127e6ab3072654784f5ca022a2863649579fc81933a7509a10996a00f1bf279694505e8ddef69cde205bb879dc1fa48b51ac62f0e6415c8e5eb5ffa8d38c232a2a5cb75736d82de3d2eee62da2758ae22c1800ecd9f4ed6ec0e6bb9b05790255c784c980adfc6252abbab298aab276fd221766b337532caa3788521b505762d5d97942ad329c0f7e0567078aef800b8d2359321bb84c62c367f0bac5c75b7370eacc33e4f3a2bf82551f6c610a2e56b93af414847bec01a9761fd22fe9e2d877ed4c73ad09e3d456246e0fba3baff58bb484a785685701de894b68f3eb3c3db97fb4dcca0820de1c9208e8f1a999524388897c7a222828ff7f1b6e82dd6e8f2015cd4c8a57f7110da7a373dfc18f33fc1b8a5510fca05fd8e0a3577ea5424a31531658411aaa62be8dcc52de7f78c3b7d632261157285966a22211d49d20e99f223b7a0edf6a7752eb85c93f6e323c7549dca7603d750a59575c84e259a819276c905218d2294de1676a51d1fae15bb70ef75de5eda20e21340f7cc0dc0501eaf43450980e4ac87568989c498af636cc291143e41842bbc9ddcb3bdc7c8c44fdcc6a46c52b384abeb4fe10da68ee5159033f0a2d87762ac16895a3fd887bc91d0e61913161c931c35ef4b504a7d64e5fb83977052bfc95cd1d396713e49dadf2f4094b1c4f991d554f84573d6eac44a3f0f1179750dced7164e9ba4d3b16fa73adc681a8f20bf0c5e5281510dba65314ebbf46d3d3c43227f05b332ec8b7c7e3465bbc717105ffc7f9c8abafd0083fa2b178ce3b35f9e28fae43923459d60d40d380a7d9d91dd4e616acb0c3fca31dafa5e33ceefdbd40ef17f61df3376c6a5ef3b48fbe8691ed49a6078f37788ff170c724a995b032c35e7ad16b53812277e0076d753cec7a702e8cec7948e080905387673536d96ac9173b58316fd5ae106128e0787abc46369eb8b3f8ee41f76e6115dd4720ca18a71b95608926536b4428ddccbfa829e9c8c68c1b3e5eb00f68eb347524c8848e63794bb110055c0abc27d90ad6a9912b6aab2414b446a3f02ac14c2614f368b25c8555fa4a2e88e22d3f6034e60b4a005f4290d15ab46b91c02577c25afd8503b576e5c757ff03a42e30516f5c40b7b81a5685f0156ecebe438c67edd124d872d4790362cc86dc0db1bf579e42d66c0416748897353bcdbc1985da500ac9f2020d4401852f9e327bd3336cf26d94e60ebaf8929bc5df727b6885d958c57c6ee66acdfd0d862479c2c144871f75c43012e1412addafeacc54da4e222d7edc6535d11240aeb10679da1fb29f016604a150bda49cf497af9212135a3dd040b5ffb69f9deb3da652966b2edb0177e6295a080a1e85f7327407af1243103bb2ad5a281b0cc5f8ec0a53b1ea6d2f850d23034cf3dc01e7fa9b0b92d6d5392ceefefc5cf548666ff120c2e8edf73b92fb403ba361117376d4a30cea4b206e7a526d8164d1c7d844ded33024aede870903bcc6c6c7146b9acbffd54203d669c864884d5d75378fed140a0c7cb13795a2fa20cde5d8240d5a903b3320b1b2a07f2593a359858b6e42d47052b82fc75c5bf90cd5f2c7e27c26960b449580cee2a3c641591826bb43c5ba9e974a5eaed195ca46825eae5496a8ad563ca96572bd455abbce12a29f84bd0209b0d995addec9f747ea3a2bf7cf0172adb99779b595cbf063c1e23fd5aabae7df1c0c61171ecd8ec747dd0045956a752ed287ebe60fab0da65c1d6684eff15ac3967f9f19a095789f17ca56a7e93f41dc9ae41561c454cbe69dcc542f244347c0391bf3ffb5a1979b4532ebae0c5f4e4318315a03c482c3b568e2cf06720c9d281e510318fd2e228c575a2b5dd306938ed2991fe353bbd1884b3a3012d57ba027fa8169ecd1407205a3b7f8a95c3433c7fa274e0d5daaa652d31a7b2e2e4779291d506021e7968a6fa4029c265cb8f7300222dda789a7498e009b69adb9c42599bf62c5e22e4ef48e09637ebcbb6934894cdad6c69cb2ca92b956d7a1c7533f8963fe58cd01002bc6bfd4973b26b9f8cfb5da6f6ffde993f959f78e3d8cfe9fb5299ccad6b80350d6628cdad261708a6a4a74824a6fe439fdadb2ab0d431b9eeee1a3cc62f5756f3db94d6e91529fdc171860cdb1471f61ddc4f8eca746aa45bbb6aaa6a4633a696d374b70f123cbf2e9d25c7631cff6578751e4c0d6ebb2a1d4ae370c5b7bbaac1dcd62f1550db47094d730a42354afdb7cb47256e156cf10e740ccf63f6860eed4d53f0641fad006abbac1669309c04f7e5299006f094d6506b0e82e79a048fae206442bfe94f2fa86036870de9c4a040bc485ca746b3b9c2764b0f164b08d641054d7bfc54875c3faebb3493faa92c741eb7eab0ea9cf6340f60e126c6986e38888917ad50c579e62ba15b1094c3693cf104550057dfb3a4b87e591bbcbf6e679ec11da0a5422f9d44aba5bad8a7e44b9ee99382e982c0f21a4a92363d03a2acc4c5c1731a5f061db98572689b850212d506bdce35e54999ce0be1eac8b4e675c17f0f0aba8c957ff4320603c70539e2b5f77212bac0b9b0ef6437394ff5ecdaf64622a664150e1846c8a2d0c068951083b33e7e14658881714665a44b8cd3ee3470b1a3020989babdb562eba9434477ca1396e3a9542a04fc7bec11c44a16b84a14e470cbe57808d380aebe2fc640e53c4d54aadfb222b18e716717e0cbec65b55ffd3ad8afeba7ec0749455208215af4a84ea8540e89dbe8c45a01a702c986af9e427f742dd975d78341b60171fe9b69303bfa92c8570bbb31a37989fc69647c1bc7bbcce753b3c6e659d2b630574e70545cf83de89bca937009c89ec8f0c4e1d6d55e387dca55c0c7b6fb0169acce41323fdde94e589d5c9f1143789d416e101f7a703ad47245f77502e0c861f37c143a63e7d9a387e719c0e07183fd13a00a83a49929c3665d583788dd379394c7b520f7f7d71d04fc33838fd228175b71a5599c53a71226fa077e217a1642a9b03ec23a260da66444256720a91f4fd918ec8222a91f6883c82ac4df08112ac38cd69722522cf603c3ec4446667ada881cbb6c62a58627bc6f2498b39c61dd83b7addacd12a7cabe60b4bc6b3fcb60f56faee40d6e5555794488fe2e8a9eabf9afb03fa432134a7d4483596bdbbb911f1f00acef2549c171b741433f8c3e2a3d26acd9c30d6e86a9c9fed6fda4db8c715c9ceb51b08099274986c7040471cb3d0f7ccb86bffb2eb1dab5a1ee7d946fa2355759df90a26334833eb7afa606e2da32736620d250ed792ac45090be9f37c8923d32da08290940cb93be7bb9196848b2899d058e1ce9b581a7eb6dc5e0d93f598c76941157de3abd82a6eb2b572b2a31786328d238f1acf505e868ea2efdb76b304dcdf4b2a32659772c6be7af58318e0f5e94dd69d819722c61fd2ffefe04b9d2f93d86673a0f498c8e1507ce10eb0cd0faea760a0ea82db58a3cff2934ccb7285e7ecf1b30857b1517a8148210d7c08245c7b6c37f5a75c07410f2d4b46444c494b06f178c5251c531189ba2fb765c6c5557cfd86c73ff29a85a1f582a90f385aa139bbd5a2d96d1471c4facfce76605ea94a5bf0975100ee0c9ab063b51ecadbe4bfaedd4a4885ef658efee930b0c6593537258fa6ef0b5e13139a27047564e3a21ecb9a3a140101d2347eff78639e6992b18f1c5d3d43c9c871a820a2d2a885ffb3e0be73e76495ee76f2f8da8818ccc547e5faf7b975d94e964c9989a3a51f2d363a6aa37a36a08c9314b2279cba59335a698398a3f1a589defe5c2f83b12b4f8bda1d03671a9b43f34c393c5badacaf115a46b3742cc1c603e1e298290666d4d92893109b0abd7045341d3e50a7a62848c768075aae236c0c7635c29c342a5eee71e464784399f7d211c97413bdbe6e6dc661a4f3e960c9892752b1832c8cffadef694db9797dc45bcfddce23dce53bdba667bbae1523c87e7afa26b954a1259e9fa384efe0e3c6a675700ea022c51f15e446a1827e1c9d213800eb20bb855b89d34cab2af34f56e6f64e097f42f11479073636d9f170dc1fed461532225384aabb1180f5a9b40a0f8e5bf19a9f60e1ef66dbdc1f41737db7bded1c2ffda6c5cf6e19432ba4f0c3af047a3cb0da071c4235120d4fbf4fbc6696914b5b7fe809c5eb0d8051dfe9512b7572d7482d9174214a65652de5d177a1f0e02ec51316edb48f4df29b9e9b847b76a485bfbf38f3f858335260f9914c13351f83e15584757362f9cd9edd64d1d701f95eb3922d68358bf37b873e636ce7c1f21511335196d4e177564dcccac1366a36137e82cb34604ed9fc29121d4db6ff0c9930a9b4c23d9ebebf6d0f8fa510af88762eeda12c91c6955ae0e731e2e3f1cbb44ae96ddc109eb97bcde59fa64740ef76a1f6110249109a7c9db588e15c79af4d31c9e43ad05eaa0f93ee7335c6efabbc7590db9dd09b527281d3b65eca73437acc76841090ccb114520ea6f26ca0feadd28932edeb5f14f84e89c8046dd618ef91948c25e7ec7f260e5181743b660ef4e9b5129988d2484ac41ba85b094c18557fce1d5554efbe4cd9b3c4486a9adb684781d85ed3bf87077864dd21d10500483aceec7f2e530bad8911762460d55cac4e4a88deeef70badbf345743d033217d1fded1a942429f5a96227256b910fe5db2bdd262f12ba4eb830f82dea319026f29d557a45cf35f64f6e6925281d42d6d40e6d20d899596196d906b9c1b566214aa593c9f9e762b0d9e8aef0404bd75df720957dba28243ad652eaf1", 0x1000}, {&(0x7f0000000200)="272a33ef5cee1b25e53e61b79e4b12a37c31a1705bfe1380a5824b7b6e1b0c106650126c66a3d8420425375aa6cd44a71f39d91959a04e77e33827e9bc83a7d8c2f5967d4ccb127fa3ffb8dd0befaabdf882292b8f52d1e1359278f2da151717b41173d49bd44aa634de48825b7d9554db2f4e0b00ccc30bbdd9e4d317c0657b70b65fe47a7cced02b2bc69387c364b31c12231eb2eb440604b6cd8ddecbaf", 0x9f}, {&(0x7f0000000300)="c26445ec9ec875d8d989582b9430a69aaa15302f3a7b7bd30679a1457994fc360c99b96f24f2e308a1e83fe4557aeb21e52c94ffc9045c05e8822a58791581eb2c55c5570836334f6c272429e14a515a6d7c1621b91f1a24bf1e7d6d5f6c28712c3a03ccd19d8817a2fffd57303cd61057e73560dbbae7776036930d3cdc3787cded", 0x82}, {&(0x7f00000003c0)="fe77767b46cc78139373542b2435820c2df013985589e5eaffeccdd0b6db638be533c191214e31929e43e157a7a1ddd5b9497e5747f2d2899f9015216dd8953c72da7379ab4f4810d2de0d1e2db1a58a71cf5119ae6e03b2cc01a2978f150c97d451ddc354f9e2cf4f5998498dc32f6d1e5513c746da6525f3ad365ae57c31b23767e9cee4d0942c9e70a6d3ecfdd2102275b7925f39edec1988a37b806a7f2b1f48170f4b004bf22f1975549286f56795696a557405503559fd980fad1f7a2f84ddee1c4bc838ae44da6594b944b5c7c2122794e064275cf91b4f4887103a4aaec97c4ce58a0e7c4448", 0xea}, {&(0x7f00000004c0)="6a15862056b80fcfe92fe8572e7465d12c0496d20955e0865eb04f12b045f5edc62d8f4b94517c350781de34de19e8f41e1de5bd07d8c18995d4bd48f70d634e700387c6bc86ac83ae29d0b9c877d0b395bc02", 0x53}], 0x7, &(0x7f0000001640)=[@timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0xb5}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @mark={{0x14, 0x1, 0x24, 0x665f}}], 0x78}, 0x10) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_SEQ_CTRLRATE(r2, 0xc0045103, &(0x7f0000000040)) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x60, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ctinfo={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) 1.049741797s ago: executing program 3 (id=109): r0 = socket(0x25, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'gretap0\x00', 0x0}) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f00000000c0)="f3660f3101dddd670f0f06a466b9c4090000f20f7c2c0f5f0abaf80c66efbafc0c66b8ffff000066ef8b5ee8f30f1ecc0fc71fd8f68ed80fb56455", 0x3b}], 0x1, 0xa, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x5, 0x4, 0x50565559, 0x2, 0x6, 0x46, 0x2, 0x3, 0x1, 0x7, 0x0, 0x7}}) r7 = open$dir(&(0x7f0000000000)='./file0\x00', 0x349442, 0x0) ioctl$KVM_GET_REGS(r6, 0x8090ae81, &(0x7f0000000440)) openat(r7, &(0x7f0000000240)='./file0\x00', 0x420280, 0x21) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000300)={0x114, 0x24, 0x1, 0x70bd2a, 0x25dfd3fe, {0x44}, [@nested={0x100, 0xe, 0x0, 0x1, [@nested={0xfc, 0x151, 0x0, 0x1, [@typed={0xc, 0x120, 0x0, 0x0, @u64}, @generic="cbe8b52bd450bb0590606f975e62abe7c2ad9bed6d0243c17221ce768223c9fa64abf616dd1ba344f55ecbbca761bbeb15e49ac5e4960b08a30fbff2cdc6ca49b001b337601bc6e5cc595dc75dc59be49f852b36e373a258fdf39a7bf84ef5470beec82b701278437d319e2b96b97278f53134e17c094474a97f0631b37404db3041e00c2c86b65edb9dc87928b649bc34c275d8ff84e0cc48931a993a61ecce275e18b2f2323eb21877b11250267ac976ccf198c5cbcaabf091cab7ce4e605de9", @generic="d5938376f408f47c06aa365b797aafe2660b18ee45e48284a3b4ef398bc2fb7185b7604d553c3361c77428"]}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r9 = socket$igmp(0x2, 0x3, 0x2) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000006c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r10, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="01002c9b705217ebe0414608ed842ead318f00fddbdf258300000008000300", @ANYRES32=r12, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x8000004) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x6, 0xb, 0x2}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4080) 949.40742ms ago: executing program 3 (id=111): r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000140)={0x0, 0xfec9, 0x8, 0x0, 0x20024c}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x9, &(0x7f00000004c0), 0x1, 0x40, 0x1}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x2, &(0x7f0000000200)=0x0) eventfd2(0x1, 0x0) io_submit(r5, 0x1, &(0x7f00000006c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0}]) io_getevents(r5, 0x2, 0x2, &(0x7f0000001340)=[{}, {}], 0x0) read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x12) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r8 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r8, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000000a0080202000", @ANYRES32=0x0, @ANYBLOB="000000000800020000000000140001"], 0x38}}, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68840}, 0x4) recvmmsg(r10, 0x0, 0x0, 0x2, 0x0) connect$bt_l2cap(r9, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1fd}, 0xe) writev(r9, &(0x7f0000000240)=[{&(0x7f0000002740)="1e", 0xfdef}], 0x33) r11 = accept4(r7, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000004dc0)={0x0, 0x0, &(0x7f0000004d80)={&(0x7f00000000c0)=@deltclass={0x40, 0x29, 0x400, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x540f7e52ffe194b3}, {0xfff2, 0xa}, {0xfff3, 0xc}}, [@tclass_kind_options=@c_cake={0x9}, @tclass_kind_options=@c_tbf={0x8}, @tclass_kind_options=@c_sfq={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4080) 749.732671ms ago: executing program 1 (id=116): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x3, 0x0, 0x1000000, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x58fe7ab67a988db6}, 0x0) 748.631896ms ago: executing program 1 (id=117): madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f0000000200)={0xc, r3}) (async, rerun: 64) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r2, 0x3b70, &(0x7f00000000c0)={0x18}) (async, rerun: 64) syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_rsp={{0x18, 0x5, 0xa}, {0x67, 0x8, 0xb, 0x8001, [0x1]}}}}, 0x17) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) (async) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) r5 = socket$qrtr(0x2a, 0x2, 0x0) (async) r6 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) ioctl$LOOP_CONFIGURE(r6, 0x127a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x7, 0x903, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3e06e00d960720810000000000000020e40d000000000000000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a03c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c55126540647f306003d8a0f4bd000000004d55f83800", [0x6, 0x200000000]}}) ioctl$sock_qrtr_SIOCGIFADDR(r5, 0x8915, &(0x7f0000001740)={'xfrm0\x00'}) 650.007398ms ago: executing program 1 (id=118): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000240)={0xdf, 0x0, 0x8000}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x58, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209"], 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, &(0x7f0000000500)="b9f70900000f3266ba2100ed8f4860cc170565a4c4c3791d70b55d0fa2b9c40800000f32f20f23670fd4520d66baf80cb8428eb980ef66bafc0cec", 0x3b}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1e, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) dup(r7) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1880001965ba917c62e1e69023000000000000003e09f4450ef8bf77a3988497aa18e49ec73980d9d76a7184da5f359cc6dedc72875633eea85517e0d146567c8696e41d0683f811116c37c116e807e045e4dba62db553750b468c26cd05d5c7db04eded34dc569a200a0d0f9f500fc945296f5c75f4ad1b", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYRES8=r2, @ANYBLOB="163a79bf2c8adddd907332ff4f9c64bd85f79829e4d79f016ce1d8588b6fd27f72f2241285cab502a8b5fb0406568f479abb9f4f9bf2c216b2e265341e6f827fd0c234f3699d13f53d0a44335a36a08a915e2e6793e86f601015079b0fd05a1d4f7a9c10049c4edb4f3309862d86b3be9bd7e0e7f5fffcd808838f16de8633518e568e3f516ad4c5e41f89e2c390fa0ae34f33a4b84149c3721b9b8a881b6c99ba875c3b64e6d955", @ANYRES16=0x0, @ANYRESHEX=r8, @ANYRESOCT=r3, @ANYRES32=r10, @ANYRES16=r5], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r11}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) 649.731909ms ago: executing program 0 (id=119): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xfff3, 0x4}, {0x0, 0xd}, {0xd, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0xc, 0x2, [@TCA_BPF_FD={0x8, 0x6, r1}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400c021}, 0x2004c8d4) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write(r4, &(0x7f0000000000)="14000000140005b7ffccca38b9000000010860eb", 0x14) 507.814883ms ago: executing program 0 (id=120): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) lseek(r0, 0x5, 0x4) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000080)={0x0, 0xf4, 0x2, 0x1, 0x687}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r1, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x24, 0x0, 0x95, 0x8002, 0x3, 0x3e, 0x101, 0x294, 0x40, 0x24d, 0xfffffff6, 0x0, 0x38, 0x1, 0xfffd, 0x7f, 0x8}, [{0x3, 0x4, 0x7, 0xa, 0x101, 0x6, 0x7, 0xffffffffffffff7f}]}, 0x78) close(r1) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 507.110443ms ago: executing program 0 (id=121): r0 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000000004002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$netlink(0x10, 0x3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0xb) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x20c480, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000100)) pselect6(0x40, &(0x7f0000000140)={0x2, 0x9, 0x9, 0xd, 0x5, 0x6f, 0x4, 0x8000000000000000}, &(0x7f0000000240)={0x8b, 0xf135, 0x7, 0x7a1, 0xffffffffffffa299, 0xe, 0xfffffffffffffffa, 0x1}, 0x0, 0x0, 0x0) r4 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x13) r5 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8993, &(0x7f0000000080)={'bond0\x00', &(0x7f0000000000)=@ethtool_dump={0x3e, 0x1, 0xd02f}}) r6 = syz_open_procfs(0x0, &(0x7f0000000340)='net/xfrm_stat\x00') preadv(r6, &(0x7f0000000b00)=[{&(0x7f0000000300)=""/30, 0x1e}], 0x1, 0x80000001, 0x0) r7 = socket(0x1e, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0xffb}, 0x10) write(r7, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) splice(r6, &(0x7f0000000100), r7, &(0x7f0000000140)=0x1, 0x1, 0x1) write$binfmt_aout(r4, 0x0, 0xffffffdb) 425.202158ms ago: executing program 1 (id=123): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x7) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000380)='/dev/bsg/2:0:0:0\x00', 0x100, 0x0) ioctl$BSG_IO(r3, 0x2285, &(0x7f0000000640)={0x51, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xad, 0xffffffff, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4c, &(0x7f0000000480)="0c1f59", &(0x7f0000000500)=""/76, 0x10, 0x30, 0x0, 0x1}) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_REGS(r5, 0xaece, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 424.775615ms ago: executing program 2 (id=124): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x35314152}}) r1 = socket$pppl2tp(0x18, 0x1, 0x1) (async) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) (async) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x325, 0x400, 0x0, {0x8}}, 0x14}}, 0x4800) (async) readlink(&(0x7f0000000040)='./file0/file0/file0/file0/file0\x00', 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@setlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="838b366a5190fe3827b79051e6705cdefce366d883d7bd99eb63c043c4e2a6da42b99c39b10e21c583a82d55a412e3318bfc83137dcde389bde48efcc23d1a502320ad2b1d5b2f46757c5be20c4778e9ee2d757e2c5312604f8daa3b77c62a685d171823427e838113e7813960dd5e027ea0883c41f3edd07cd9881ebf75f96cabf8f835ca6d3c56e315755310d8"], 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x2004c818) (async) r7 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000540)={0x200000, 0x42, 0x24}, 0x18) statx(r7, &(0x7f0000000580)='./file0/file0/file0/file0/file0\x00', 0x0, 0x20, &(0x7f0000000280)) mount$9p_unix(&(0x7f0000000080)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000400)='./file0/file0/file0/file0/file0\x00', &(0x7f00000000c0), 0x60, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=unix,cache=loose,debug=0x0000000000000008,cache=readahead,cache=none,msize=0xfffffffffffffff8,nodevmap,dfltgid=', @ANYRES64, @ANYBLOB="2c63616368653d6e6f6e652c001c1ea5808516dd9cab27394b320694a08ddf3ed27a357bdd3889572e40ef0bdd71ecf3685afbb50c09a54ee84a3d953b4174f2fdc34f458968b8380483b8ccc5064a26c72711bae49ae37d3afdaa55bf49457c9b10839fd77d418d41e91a161fe1f7cd92219a82e91d56bfe3cc"]) (async) pipe2$9p(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4080) write$P9_RREADLINK(r8, &(0x7f00000003c0)={0x28, 0x17, 0x2, {0x1f, './file0/file0/file0/file0/file0'}}, 0x28) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xc) 423.840289ms ago: executing program 2 (id=125): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x2c, 0x1, 0x1, "00000000bf2b000005000104000000e4f4ffff0000ea00000d00", 0x32344d59}) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000100)=0xfffffffffffff801) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000000)) 416.208794ms ago: executing program 2 (id=126): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x3, 0x0, 0x2000000, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x58fe7ab67a988db6}, 0x0) 359.407117ms ago: executing program 2 (id=127): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0) getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000240)={'vxcan1\x00', 0x0}) (async) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@delchain={0x2c, 0x65, 0x100, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0xc, 0x4}, {0xb}, {0x1, 0xc}}, [@TCA_CHAIN={0x8, 0xb, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) setreuid(0x0, r3) (async, rerun: 32) r5 = socket(0x2, 0x80805, 0x0) (rerun: 32) sendmmsg$inet(r5, &(0x7f0000002200)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="9a", 0x1}], 0x1}}], 0x1, 0x4000000) (async, rerun: 64) r6 = socket$inet_sctp(0x2, 0x1, 0x84) (rerun: 64) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000400)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000040)={0x9, 0xff, 0x2, 0x3, 0x1, 0x0, 0x3, 0x6, r7}, 0x20) r8 = inotify_init1(0x0) close(r8) 359.185414ms ago: executing program 1 (id=128): r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@ipv4_newnexthop={0x24, 0x68, 0x1, 0x70bd27, 0x25dfdbfb, {0x2, 0x0, 0x2}, [@NHA_FDB={0x4}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r5, &(0x7f00000009c0)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0xa0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x16de0}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) r8 = syz_clone3(&(0x7f0000000500)={0x30000, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000180), {0x7}, &(0x7f0000001300)=""/4096, 0x1000, &(0x7f0000002300)=""/4096, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0xffffffffffffffff], 0x4}, 0x58) sched_setattr(r8, &(0x7f0000000380)={0x38, 0x0, 0x82, 0x0, 0x8001, 0x80, 0x4, 0x100000001, 0x3a9e, 0x80}, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newchain={0x2c, 0x64, 0x1, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x5, 0x3}, {0xc, 0xc}, {0x9, 0x1a}}, [@TCA_CHAIN={0x8, 0xb, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x4000) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x52, &(0x7f0000000200)={&(0x7f00000005c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd27, 0x21dfdbfc, {0x0, 0x0, 0x0, r10, {0xd}, {0x0, 0xf}, {0x7}}, [@TCA_RATE={0x0, 0x5, {0x7, 0x9}}, @TCA_CHAIN={0x0, 0xb, 0x1ff}, @TCA_RATE={0x0, 0x5, {0x68, 0xd}}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20084084) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) 266.010884ms ago: executing program 2 (id=129): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0281, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000080)=0xf18a) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xac, r1, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'veth0_virt_wifi\x00'}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "31a090345e005c0e0056d4121e87068ffdf90e116b67da6f"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e1756c23ed8e991108bd9592abcbe871c9b5beedbb9fbac4"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "af685bf5c0c6c2e677438b1010431647bd190db6d1114aff"}]]}, 0xac}, 0x1, 0x0, 0x0, 0x24004000}, 0x4000000) prctl$PR_GET_NAME(0x10, &(0x7f0000000080)=""/48) prctl$PR_GET_NAME(0x10, &(0x7f0000000000)=""/19) 265.733094ms ago: executing program 2 (id=130): socket(0x1d, 0x2, 0x6) r0 = socket$alg(0x26, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0x40}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f0000000180), &(0x7f0000000000)=@udp6, 0x1}, 0x20) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x1, @remote}, 0xa}}, 0x26) rt_sigaction(0x15, &(0x7f0000001100)={0x0, 0x1, 0x0, {[0x4]}}, &(0x7f00000011c0)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000001200)) sendmmsg$inet(r3, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x44}], 0x1}}], 0x4000000000001ce, 0x8040) accept4(r3, &(0x7f0000000000)=@rc={0x1f, @none}, &(0x7f0000000080)=0x80, 0x800) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x6a, 0x4, 0x20000002, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x95942e82ab32c08f}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_PHYS_SWITCH_ID={0x7, 0x24, "db5efa"}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x54}, 0x1, 0x0, 0x0, 0x600}, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x6, &(0x7f00000000c0)=[{0xb6d, 0x9, 0x7, 0xffffffff}, {0x6, 0x51, 0x81}, {0x40, 0x7, 0x68, 0x7a3}, {0x8, 0x3, 0x40}, {0x3ff, 0x8, 0x1, 0x7}, {0xb09, 0xf, 0xa4, 0x40}]}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/asound/timers\x00', 0x0, 0x0) preadv(r7, &(0x7f0000004ec0)=[{&(0x7f0000000180)=""/79, 0x4f}], 0x1, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r7, 0xc0305615, &(0x7f0000000180)={0x0, {0x1, 0x67}}) rt_sigsuspend(&(0x7f0000000140)={[0x7]}, 0x8) 160.043216ms ago: executing program 1 (id=131): r0 = socket$inet6(0xa, 0x1, 0x1fc) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3282b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8, 0xb, r2}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}}, 0x0) getsockopt$inet6_int(r0, 0x29, 0xb, 0x0, &(0x7f0000000080)) r3 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x700, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r6, @ANYBLOB="200001"], 0x38}, 0x1, 0x0, 0x0, 0xfe0f}, 0x0) ioctl$FBIOPUT_CON2FBMAP(r3, 0x4610, &(0x7f0000000180)={0x1}) 0s ago: executing program 3 (id=132): r0 = io_uring_setup(0x367d, &(0x7f0000000000)={0x0, 0x4a65, 0x800, 0x0, 0x121}) io_uring_register$IORING_UNREGISTER_NAPI(r0, 0x1c, &(0x7f0000000080), 0x1) (async) r1 = accept(0xffffffffffffffff, &(0x7f00000000c0)=@nfc, &(0x7f0000000140)=0x80) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) clock_nanosleep(0x4, 0x1, &(0x7f0000000200)={r3, r4+60000000}, &(0x7f0000000240)) (async) fcntl$setstatus(r1, 0x4, 0x800) (async, rerun: 64) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x9}}, './file0\x00'}) (rerun: 64) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0xa, 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0, 0x2420}, {r1, 0x80}, {r5, 0x1000}, {r5, 0x100}], 0x4, &(0x7f0000000300)={0x77359400}, &(0x7f0000000340)={[0x68]}, 0x8) statx(r5, &(0x7f00000003c0)='./file0\x00', 0x1000, 0x80, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route(r1, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)=@ipv6_newroute={0x6c, 0x18, 0x20, 0x70bd25, 0x25dfdbfc, {0xa, 0x80, 0x14, 0xdc, 0x0, 0x0, 0xfe, 0x5, 0x3e00}, [@RTA_MULTIPATH={0xc, 0x9, {0xa, 0x8, 0x7, r2}}, @RTA_PREF={0x5, 0x14, 0xe}, @RTA_IIF={0x8, 0x3, r2}, @RTA_EXPIRES={0x8, 0x17, 0x9}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x6}, @RTA_PRIORITY={0x8, 0x6, 0x10}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_TOS={0x5, 0x5, 0x6}}, @RTA_UID={0x8, 0x19, r6}, @RTA_OIF={0x8, 0x4, r2}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8006) (async) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000640), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1806080}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, r7, 0x400, 0x70bd27, 0x25dfdbfe, {{}, {}, {0x18, 0x17, {0xd, 0x7, @udp='udp:syz2\x00'}}}, ["", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x44800}, 0x4001) (async) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000740)={'bond0\x00', {0x2, 0x0, @initdev}}) io_uring_enter(r5, 0x7, 0x80b8, 0x61, &(0x7f0000000780)={[0x5]}, 0x8) (async) connect$unix(r5, &(0x7f00000007c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) (async) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x3c, 0x0, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x4, 0x39}}}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x81}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x35}], @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240080a1}, 0x80c4) r8 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000940), 0x282080, 0x0) close_range(r8, r5, 0x0) (async) ioctl$CDROM_DISC_STATUS(r5, 0x5327) (async) sendmsg$nl_route_sched(r5, &(0x7f0000000b00)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000ac0)={&(0x7f00000009c0)=@newqdisc={0xc4, 0x24, 0x18, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xe}, {0x10, 0xa}, {0xfff3, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x2f, 0x10, 0xf, 0x0, 0x6, 0x8}}, {0x4}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}, @TCA_RATE={0x6, 0x5, {0x2, 0x80}}, @TCA_RATE={0x6, 0x5, {0x6, 0x3}}, @qdisc_kind_options=@q_htb={{0x8}, {0x44, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x101}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x100}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xffff}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x10000}}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20000084}, 0x24000000) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000002, 0x30, r5, 0x0) (async) read$FUSE(r5, &(0x7f0000000b40)={0x2020}, 0x2020) pselect6(0x40, &(0x7f0000002b80)={0x7, 0x0, 0x0, 0x3, 0xff, 0x7, 0x0, 0xfffffffffffff03d}, &(0x7f0000002bc0)={0x6, 0x8, 0x4, 0x7, 0x0, 0xea, 0x7fff, 0xff}, &(0x7f0000002c00)={0xfffffffffffffffe, 0xd, 0x4, 0x5, 0x5, 0x9, 0x7, 0xfffffffffffff800}, &(0x7f0000002c40)={0x0, 0x989680}, &(0x7f0000002cc0)={&(0x7f0000002c80), 0x8}) (async, rerun: 64) socket$pppoe(0x18, 0x1, 0x0) (rerun: 64) r9 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) close_range(r9, r8, 0x2) (async) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4) (async, rerun: 64) sendmsg$nl_route_sched(r5, &(0x7f0000002e00)={&(0x7f0000002d00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000002dc0)={&(0x7f0000002d40)=@delqdisc={0x60, 0x25, 0x10, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xd, 0xffff}, {0xffff, 0x5}, {0xf, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8001}, @qdisc_kind_options=@q_pfifo_fast={0xf}, @qdisc_kind_options=@q_htb={{0x8}, {0x14, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xa2c5}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x2}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) (rerun: 64) kernel console output (not intermixed with test programs): [ 38.137829][ T40] audit: type=1400 audit(1750908343.056:59): avc: denied { write } for pid=5839 comm="sh" path="pipe:[3844]" dev="pipefs" ino=3844 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 38.145926][ T40] audit: type=1400 audit(1750908343.056:60): avc: denied { rlimitinh } for pid=5839 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.153399][ T40] audit: type=1400 audit(1750908343.056:61): avc: denied { siginh } for pid=5839 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:10553' (ED25519) to the list of known hosts. [ 39.033131][ T40] audit: type=1400 audit(1750908343.966:62): avc: denied { name_bind } for pid=5846 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.050213][ T40] audit: type=1400 audit(1750908343.986:63): avc: denied { write } for pid=5847 comm="sh" path="pipe:[3859]" dev="pipefs" ino=3859 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 39.069691][ T40] audit: type=1400 audit(1750908344.006:64): avc: denied { execute } for pid=5847 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 39.076503][ T40] audit: type=1400 audit(1750908344.006:65): avc: denied { execute_no_trans } for pid=5847 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 41.033916][ T40] audit: type=1400 audit(1750908345.966:66): avc: denied { mounton } for pid=5847 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 41.037027][ T5847] cgroup: Unknown subsys name 'net' [ 41.206735][ T5847] cgroup: Unknown subsys name 'cpuset' [ 41.211272][ T5847] cgroup: Unknown subsys name 'rlimit' [ 41.454949][ T5912] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.094419][ T5847] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.134140][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 45.134151][ T40] audit: type=1400 audit(1750908350.066:80): avc: denied { execmem } for pid=5927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.350683][ T40] audit: type=1400 audit(1750908350.286:81): avc: denied { create } for pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.378406][ T40] audit: type=1400 audit(1750908350.286:82): avc: denied { read write } for pid=5931 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.379295][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.387918][ T40] audit: type=1400 audit(1750908350.286:83): avc: denied { open } for pid=5931 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.387961][ T40] audit: type=1400 audit(1750908350.286:84): avc: denied { ioctl } for pid=5931 comm="syz-executor" path="socket:[3896]" dev="sockfs" ino=3896 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.411493][ T5943] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.413988][ T5943] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.416601][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.419526][ T5943] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.421971][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.425403][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.428728][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.431729][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.433287][ T5945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.437038][ T5937] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.437265][ T5945] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.442254][ T40] audit: type=1400 audit(1750908350.376:85): avc: denied { read } for pid=5942 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.442675][ T5945] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.444508][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.447581][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.449453][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.449800][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.450989][ T40] audit: type=1400 audit(1750908350.376:86): avc: denied { open } for pid=5942 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.454204][ T5945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.455814][ T40] audit: type=1400 audit(1750908350.376:87): avc: denied { mounton } for pid=5942 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.459461][ T5295] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.484421][ T5295] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.633386][ T40] audit: type=1400 audit(1750908350.566:88): avc: denied { module_request } for pid=5942 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.663794][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 45.796212][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 45.803023][ T5931] chnl_net:caif_netlink_parms(): no params data found [ 45.824935][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.827616][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.830005][ T5942] bridge_slave_0: entered allmulticast mode [ 45.833334][ T5942] bridge_slave_0: entered promiscuous mode [ 45.840990][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.844948][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.848011][ T5942] bridge_slave_1: entered allmulticast mode [ 45.851846][ T5942] bridge_slave_1: entered promiscuous mode [ 45.911981][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.942090][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.012806][ T5942] team0: Port device team_slave_0 added [ 46.049753][ T5942] team0: Port device team_slave_1 added [ 46.070402][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.072887][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.075567][ T5931] bridge_slave_0: entered allmulticast mode [ 46.079569][ T5931] bridge_slave_0: entered promiscuous mode [ 46.111733][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 46.116598][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.119626][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.121901][ T5938] bridge_slave_0: entered allmulticast mode [ 46.124567][ T5938] bridge_slave_0: entered promiscuous mode [ 46.140976][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.144382][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.147434][ T5931] bridge_slave_1: entered allmulticast mode [ 46.151331][ T5931] bridge_slave_1: entered promiscuous mode [ 46.164237][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.167225][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.169947][ T5938] bridge_slave_1: entered allmulticast mode [ 46.173351][ T5938] bridge_slave_1: entered promiscuous mode [ 46.176584][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.178797][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.186829][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.252474][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.254866][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.263929][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.292014][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.314697][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.322313][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.332762][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.389336][ T5931] team0: Port device team_slave_0 added [ 46.434675][ T5931] team0: Port device team_slave_1 added [ 46.438305][ T5938] team0: Port device team_slave_0 added [ 46.456353][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.458959][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.461246][ T5935] bridge_slave_0: entered allmulticast mode [ 46.463838][ T5935] bridge_slave_0: entered promiscuous mode [ 46.507558][ T5938] team0: Port device team_slave_1 added [ 46.509676][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.511943][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.514314][ T5935] bridge_slave_1: entered allmulticast mode [ 46.516877][ T5935] bridge_slave_1: entered promiscuous mode [ 46.522218][ T5942] hsr_slave_0: entered promiscuous mode [ 46.525257][ T5942] hsr_slave_1: entered promiscuous mode [ 46.528062][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.530255][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.539143][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.599939][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.602233][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.610372][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.614397][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.616945][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.625188][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.631142][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.639045][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.657284][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.659518][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.668118][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.788372][ T5935] team0: Port device team_slave_0 added [ 46.792727][ T5935] team0: Port device team_slave_1 added [ 46.798344][ T5931] hsr_slave_0: entered promiscuous mode [ 46.800659][ T5931] hsr_slave_1: entered promiscuous mode [ 46.802747][ T5931] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.805362][ T5931] Cannot create hsr debugfs directory [ 46.905598][ T5938] hsr_slave_0: entered promiscuous mode [ 46.907842][ T5938] hsr_slave_1: entered promiscuous mode [ 46.909913][ T5938] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.912292][ T5938] Cannot create hsr debugfs directory [ 46.921044][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.923969][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.934721][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.962412][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.965655][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.976349][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.117448][ T5935] hsr_slave_0: entered promiscuous mode [ 47.119706][ T5935] hsr_slave_1: entered promiscuous mode [ 47.122270][ T5935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.125136][ T5935] Cannot create hsr debugfs directory [ 47.311780][ T5942] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.338508][ T5942] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.355028][ T5942] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.363500][ T5942] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.400750][ T5931] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.407360][ T5931] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.411662][ T5931] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.415941][ T5931] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.463226][ T5938] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.474127][ T5938] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.478366][ T5938] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.483436][ T5938] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.515198][ T5933] Bluetooth: hci0: command tx timeout [ 47.515202][ T5295] Bluetooth: hci3: command tx timeout [ 47.524271][ T5295] Bluetooth: hci1: command tx timeout [ 47.524448][ T5933] Bluetooth: hci2: command tx timeout [ 47.529939][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.533934][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.543467][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.547921][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.595144][ T5931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.608451][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.621385][ T5931] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.656854][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.661981][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.664167][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.669891][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.671924][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.686186][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.695470][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.697781][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.709641][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.711906][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.724585][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.744103][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.748576][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.771642][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.774840][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.779719][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.781757][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.784854][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.786873][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.796084][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.798135][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.831757][ T40] audit: type=1400 audit(1750908352.766:89): avc: denied { sys_module } for pid=5931 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 47.862026][ T5938] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.866221][ T5938] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.912214][ T5931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.950302][ T5931] veth0_vlan: entered promiscuous mode [ 47.963035][ T5931] veth1_vlan: entered promiscuous mode [ 47.967144][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.976510][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.995816][ T5931] veth0_macvtap: entered promiscuous mode [ 48.005188][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.010752][ T5931] veth1_macvtap: entered promiscuous mode [ 48.024966][ T5935] veth0_vlan: entered promiscuous mode [ 48.033669][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.038906][ T5935] veth1_vlan: entered promiscuous mode [ 48.046464][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.052130][ T5942] veth0_vlan: entered promiscuous mode [ 48.062827][ T5931] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.066462][ T5931] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.069163][ T5931] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.071864][ T5931] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.079602][ T5942] veth1_vlan: entered promiscuous mode [ 48.095846][ T5938] veth0_vlan: entered promiscuous mode [ 48.104959][ T5935] veth0_macvtap: entered promiscuous mode [ 48.109057][ T5938] veth1_vlan: entered promiscuous mode [ 48.114061][ T5935] veth1_macvtap: entered promiscuous mode [ 48.144813][ T5942] veth0_macvtap: entered promiscuous mode [ 48.152116][ T5942] veth1_macvtap: entered promiscuous mode [ 48.155032][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.158347][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.171750][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.187879][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.188657][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.191175][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.195175][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.203548][ T5938] veth0_macvtap: entered promiscuous mode [ 48.209488][ T5935] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.212224][ T5935] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.215932][ T5935] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.218722][ T5935] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.230423][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.233265][ T5938] veth1_macvtap: entered promiscuous mode [ 48.249322][ T5942] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.252108][ T5942] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.255246][ T5942] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.258069][ T5942] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.267971][ T5931] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.285833][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.307903][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.311104][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.317376][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.331121][ T5938] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.331328][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.333932][ T5938] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.336893][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.339600][ T5938] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.344464][ T5938] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.370778][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.370797][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.396857][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.399561][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.421024][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.425789][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.442107][ T6023] Invalid logical block size (1) [ 48.447313][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.450012][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.515097][ T6032] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7'. [ 48.559198][ T6037] ALSA: mixer_oss: invalid OSS volume '' [ 48.561520][ T6037] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8'. [ 48.764279][ T5750] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 48.854313][ T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 48.925388][ T5750] usb 6-1: Using ep0 maxpacket: 8 [ 48.929776][ T5750] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 48.933559][ T5750] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 48.938111][ T5750] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 48.942319][ T5750] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 48.947934][ T5750] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 48.951689][ T5750] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.984228][ T10] usb 7-1: device descriptor read/64, error -71 [ 49.165408][ T5750] usb 6-1: usb_control_msg returned -32 [ 49.167708][ T5750] usbtmc 6-1:16.0: can't read capabilities [ 49.224094][ T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 49.354245][ T10] usb 7-1: device descriptor read/64, error -71 [ 49.465490][ T10] usb usb7-port1: attempt power cycle [ 49.540970][ T6052] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 49.594639][ T5933] Bluetooth: hci1: command tx timeout [ 49.594695][ T5295] Bluetooth: hci2: command tx timeout [ 49.594731][ T5945] Bluetooth: hci3: command tx timeout [ 49.594758][ T5945] Bluetooth: hci0: command tx timeout [ 49.753343][ T6064] netlink: 28 bytes leftover after parsing attributes in process `syz.3.17'. [ 49.805389][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 49.824538][ T10] usb 7-1: device descriptor read/8, error -71 [ 50.074369][ T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 50.101190][ T10] usb 7-1: device descriptor read/8, error -71 [ 50.106137][ T6081] fuse: Unknown parameter '00000000000000000000fd' [ 50.161011][ T40] kauditd_printk_skb: 88 callbacks suppressed [ 50.161022][ T40] audit: type=1400 audit(1750908355.096:178): avc: denied { ioctl } for pid=6080 comm="syz.0.24" path="/dev/input/mouse0" dev="devtmpfs" ino=946 ioctlcmd=0x127b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 50.161357][ T6081] bpf: Bad value for 'mode' [ 50.176084][ T40] audit: type=1400 audit(1750908355.116:179): avc: denied { execute } for pid=6080 comm="syz.0.24" name="file0" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 50.176238][ T6081] process 'syz.0.24' launched './file0' with NULL argv: empty string added [ 50.186133][ T40] audit: type=1400 audit(1750908355.126:180): avc: denied { execute_no_trans } for pid=6080 comm="syz.0.24" path="/4/file0" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 50.204309][ T10] usb usb7-port1: unable to enumerate USB device [ 50.217498][ T40] audit: type=1400 audit(1750908355.156:181): avc: denied { create } for pid=6084 comm="syz.0.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 50.259864][ T6091] netlink: 28 bytes leftover after parsing attributes in process `syz.0.26'. [ 50.273557][ T40] audit: type=1400 audit(1750908355.206:182): avc: denied { mount } for pid=6092 comm="syz.3.27" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.303147][ T40] audit: type=1400 audit(1750908355.236:183): avc: denied { create } for pid=6097 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 50.310538][ T40] audit: type=1400 audit(1750908355.236:184): avc: denied { ioctl } for pid=6097 comm="syz.3.29" path="socket:[8685]" dev="sockfs" ino=8685 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 50.339414][ T6099] warning: `syz.3.29' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 50.442389][ T40] audit: type=1400 audit(1750908355.376:185): avc: denied { read write } for pid=6106 comm="syz.3.33" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 50.450781][ T40] audit: type=1400 audit(1750908355.376:186): avc: denied { open } for pid=6106 comm="syz.3.33" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 50.464286][ T40] audit: type=1400 audit(1750908355.396:187): avc: denied { map } for pid=6106 comm="syz.3.33" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 50.684815][ T5933] Bluetooth: Unknown LE signaling command 0x22 [ 50.687137][ T5933] Bluetooth: Wrong link type (-22) [ 51.191852][ T6115] syz.0.36 uses obsolete (PF_INET,SOCK_PACKET) [ 51.199730][ T6115] syzkaller1: entered promiscuous mode [ 51.201507][ T6115] syzkaller1: entered allmulticast mode [ 51.403893][ T61] hid (null): global environment stack underflow [ 51.409923][ T61] hid (null): unknown global tag 0xe [ 51.412225][ T61] hid (null): unknown global tag 0xc [ 51.417582][ T61] hid (null): unknown global tag 0xe [ 51.421417][ T61] hid (null): unknown global tag 0xe [ 51.423186][ T61] hid (null): unknown global tag 0xd [ 51.425615][ T61] hid (null): invalid report_size 57933 [ 51.427726][ T61] hid (null): unknown global tag 0xd [ 51.429442][ T61] hid (null): report_id 1768462985 is invalid [ 51.431398][ T61] hid (null): invalid report_size 6133 [ 51.433141][ T61] hid (null): report_id 0 is invalid [ 51.435438][ T61] hid (null): report_id 2691218384 is invalid [ 51.437457][ T61] hid (null): unknown global tag 0xc [ 51.439152][ T61] hid (null): unknown global tag 0x12 [ 51.440926][ T61] hid (null): invalid report_size 17674 [ 51.442683][ T61] hid (null): report_id 16133 is invalid [ 51.444710][ T61] hid (null): invalid report_size 46246 [ 51.446487][ T61] hid (null): invalid report_size -76397845 [ 51.448362][ T61] hid (null): unknown global tag 0xc [ 51.450075][ T61] hid (null): unknown global tag 0xd [ 51.451777][ T61] hid (null): invalid report_size -373596093 [ 51.453706][ T61] hid (null): bogus close delimiter [ 51.456504][ T61] hid (null): invalid report_count -163710001 [ 51.458455][ T61] hid (null): unknown global tag 0xc [ 51.460649][ T61] hid (null): unknown global tag 0xd [ 51.462340][ T61] hid (null): unknown global tag 0xd [ 51.464140][ T61] hid (null): unknown global tag 0xc [ 51.466293][ T61] hid (null): usage index exceeded [ 51.467969][ T61] hid (null): report_id 53035 is invalid [ 51.469770][ T61] hid (null): unknown global tag 0xc [ 51.471928][ T61] hid (null): unknown global tag 0xc [ 51.473649][ T61] hid (null): unknown global tag 0xe [ 51.475972][ T61] hid (null): unknown global tag 0xd [ 51.478097][ T61] hid (null): unknown global tag 0x26 [ 51.479825][ T61] hid (null): unknown global tag 0x78 [ 51.481565][ T61] hid (null): unknown global tag 0x11 [ 51.483273][ T61] hid (null): unknown global tag 0xd [ 51.485227][ T61] hid (null): unknown global tag 0xd [ 51.489406][ T61] hid-generic 04E3:0001:0FFF.0002: global environment stack underflow [ 51.492057][ T61] hid-generic 04E3:0001:0FFF.0002: item 0 0 1 11 parsing failed [ 51.495073][ T61] hid-generic 04E3:0001:0FFF.0002: probe with driver hid-generic failed with error -22 [ 51.519034][ T6119] netlink: 28 bytes leftover after parsing attributes in process `syz.3.38'. [ 51.623805][ T6123] syz.3.40 (6123) used obsolete PPPIOCDETACH ioctl [ 51.636054][ T59] usb 6-1: USB disconnect, device number 2 [ 51.675557][ T5948] Bluetooth: hci1: command tx timeout [ 51.676240][ T5945] Bluetooth: hci0: command tx timeout [ 51.677933][ T5948] Bluetooth: hci3: command tx timeout [ 51.678040][ T5933] Bluetooth: hci2: command tx timeout [ 51.753324][ T6135] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 51.761375][ T6135] veth0_vlan: mtu less than device minimum [ 51.841602][ T6143] netlink: 28 bytes leftover after parsing attributes in process `syz.3.48'. [ 51.845354][ T5295] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 51.848832][ T6141] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 52.019770][ T6163] block device autoloading is deprecated and will be removed. [ 52.093556][ T6184] netlink: 28 bytes leftover after parsing attributes in process `syz.0.59'. [ 52.129863][ T6190] netlink: 112 bytes leftover after parsing attributes in process `syz.0.61'. [ 52.153560][ T6193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.62'. [ 52.161699][ T6193] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.164079][ T837] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 52.205397][ T6193] bridge_slave_1 (unregistering): left allmulticast mode [ 52.208190][ T6193] bridge_slave_1 (unregistering): left promiscuous mode [ 52.210980][ T6193] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.294098][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 52.315671][ T6131] capability: warning: `syz.2.43' uses deprecated v2 capabilities in a way that may be insecure [ 52.319679][ T6203] openvswitch: netlink: Key type 179 is out of range max 32 [ 52.320923][ T837] usb 7-1: unable to get BOS descriptor or descriptor too short [ 52.325808][ T837] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 52.328253][ T837] usb 7-1: can't read configurations, error -71 [ 52.468912][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 52.471960][ T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 52.476250][ T10] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 52.479263][ T10] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 52.485960][ T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 52.488790][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.492461][ T10] usb 8-1: Product: syz [ 52.493876][ T10] usb 8-1: Manufacturer: syz [ 52.496471][ T10] usb 8-1: SerialNumber: syz [ 52.545599][ T6219] netlink: 'syz.1.66': attribute type 1 has an invalid length. [ 52.599908][ T6219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'. [ 52.715316][ T10] cdc_ncm 8-1:1.0: bind() failure [ 52.719460][ T10] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found [ 52.721605][ T10] cdc_ncm 8-1:1.1: bind() failure [ 52.727560][ T10] usb 8-1: USB disconnect, device number 2 [ 52.744783][ T6223] binder: 6222:6223 ioctl c0306201 2000000003c0 returned -14 [ 52.947931][ T6241] xt_hashlimit: size too large, truncated to 1048576 [ 53.057207][ T6241] overlay: Unknown parameter '//' [ 53.336080][ T6279] 9pnet_virtio: no channels available for device syz [ 53.338457][ T6279] 9pnet_virtio: no channels available for device syz [ 53.340803][ T6279] 9pnet_virtio: no channels available for device syz [ 53.343109][ T6279] 9pnet_virtio: no channels available for device syz [ 53.345874][ T6279] 9pnet_virtio: no channels available for device syz [ 53.348186][ T6279] 9pnet_virtio: no channels available for device syz [ 53.350495][ T6279] 9pnet_virtio: no channels available for device syz [ 53.352860][ T6279] 9pnet_virtio: no channels available for device syz [ 53.355785][ T6279] 9pnet_virtio: no channels available for device syz [ 53.358176][ T6279] 9pnet_virtio: no channels available for device syz [ 53.360453][ T6279] 9pnet_virtio: no channels available for device syz [ 53.362703][ T6279] 9pnet_virtio: no channels available for device syz [ 53.365217][ T6279] 9pnet_virtio: no channels available for device syz [ 53.367466][ T6279] 9pnet_virtio: no channels available for device syz [ 53.369696][ T6279] 9pnet_virtio: no channels available for device syz [ 53.371943][ T6279] 9pnet_virtio: no channels available for device syz [ 53.374247][ T6279] 9pnet_virtio: no channels available for device syz [ 53.376542][ T6279] 9pnet_virtio: no channels available for device syz [ 53.378776][ T6279] 9pnet_virtio: no channels available for device syz [ 53.381181][ T6279] 9pnet_virtio: no channels available for device øÐ0ˆyëX’Õ»¡h7óà½ä%ù±‡ŠMþG²L½’-Íôá,·G|ì"¢«ö„àÏ1šY»†OÌ:8 [ 53.381181][ T6279] îAS]² [ 53.531188][ T6290] binder: binder_mmap: 6289 200000000000-200000003000 bad vm_flags failed -1 [ 53.635023][ T6292] __nla_validate_parse: 11 callbacks suppressed [ 53.635034][ T6292] netlink: 28 bytes leftover after parsing attributes in process `syz.0.92'. [ 53.755378][ T5933] Bluetooth: hci3: command 0x0419 tx timeout [ 53.755417][ T63] Bluetooth: hci1: command tx timeout [ 53.757938][ T5295] Bluetooth: hci2: command tx timeout [ 53.764217][ T5295] Bluetooth: hci0: command tx timeout [ 53.799500][ T6308] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.072780][ T6320] netlink: 28 bytes leftover after parsing attributes in process `syz.3.101'. [ 54.121209][ T6325] netlink: 24 bytes leftover after parsing attributes in process `syz.3.103'. [ 54.135906][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.100'. [ 54.290298][ T6343] netlink: 'syz.1.107': attribute type 12 has an invalid length. [ 54.292817][ T6343] netlink: 132 bytes leftover after parsing attributes in process `syz.1.107'. [ 54.336827][ T6347] netlink: 'syz.1.110': attribute type 32 has an invalid length. [ 54.343119][ T6347] netlink: 24 bytes leftover after parsing attributes in process `syz.1.110'. [ 54.347492][ T6347] netlink: 264 bytes leftover after parsing attributes in process `syz.1.110'. [ 54.351281][ T6347] netlink: 56 bytes leftover after parsing attributes in process `syz.1.110'. [ 54.427831][ T6354] netlink: 28 bytes leftover after parsing attributes in process `syz.1.113'. [ 54.459773][ T6356] overlayfs: missing 'lowerdir' [ 54.464519][ T6357] netlink: 'syz.3.111': attribute type 1 has an invalid length. [ 54.880784][ T6383] netlink: 28 bytes leftover after parsing attributes in process `syz.2.122'. [ 54.917695][ T6388] BIDI support in bsg has been removed. [ 54.988544][ T6396] Zero length message leads to an empty skb [ 55.104434][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.134140][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.351026][ T40] kauditd_printk_skb: 199 callbacks suppressed [ 55.351038][ T40] audit: type=1400 audit(1750908360.286:387): avc: denied { read } for pid=6407 comm="syz.1.131" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 55.360323][ T40] audit: type=1400 audit(1750908360.286:388): avc: denied { open } for pid=6407 comm="syz.1.131" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 55.375132][ T40] audit: type=1400 audit(1750908360.316:389): avc: denied { ioctl } for pid=6407 comm="syz.1.131" path="/dev/fb1" dev="devtmpfs" ino=640 ioctlcmd=0x4610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 55.424636][ T6417] netlink: 'syz.3.133': attribute type 64 has an invalid length. [ 55.424649][ T6417] netlink: 'syz.3.133': attribute type 4 has an invalid length. [ 55.424772][ T40] audit: type=1400 audit(1750908360.356:390): avc: denied { compute_member } for pid=6414 comm="syz.3.133" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 55.441702][ T6408] ================================================================== [ 55.441712][ T6408] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 55.441728][ T6408] Write of size 8 at addr ffffc90005261000 by task syz.1.131/6408 [ 55.441737][ T6408] [ 55.441743][ T6408] CPU: 0 UID: 0 PID: 6408 Comm: syz.1.131 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 55.441757][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.441764][ T6408] Call Trace: [ 55.441768][ T6408] [ 55.441772][ T6408] dump_stack_lvl+0x116/0x1f0 [ 55.441788][ T6408] print_report+0xcd/0x680 [ 55.441803][ T6408] ? __virt_addr_valid+0x81/0x610 [ 55.441816][ T6408] ? sys_imageblit+0x1a6f/0x1e60 [ 55.441826][ T6408] kasan_report+0xe0/0x110 [ 55.441842][ T6408] ? sys_imageblit+0x1a6f/0x1e60 [ 55.441854][ T6408] sys_imageblit+0x1a6f/0x1e60 [ 55.441865][ T6408] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 55.441880][ T6408] ? __pfx_sys_imageblit+0x10/0x10 [ 55.441891][ T6408] ? find_held_lock+0x2b/0x80 [ 55.441904][ T6408] ? __queue_work+0x431/0x10f0 [ 55.441915][ T6408] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 55.441929][ T6408] ? queue_work_on+0x12a/0x1f0 [ 55.441939][ T6408] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.441953][ T6408] ? queue_work_on+0x8b/0x1f0 [ 55.441963][ T6408] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 55.441975][ T6408] bit_putcs+0x90f/0xde0 [ 55.441992][ T6408] ? __pfx_bit_putcs+0x10/0x10 [ 55.442007][ T6408] ? fb_get_color_depth+0x120/0x250 [ 55.442021][ T6408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.442033][ T6408] ? __pfx_bit_putcs+0x10/0x10 [ 55.442047][ T6408] fbcon_putcs+0x383/0x4a0 [ 55.442060][ T6408] do_update_region+0x2e6/0x3f0 [ 55.442071][ T6408] invert_screen+0x1e4/0x590 [ 55.442084][ T6408] ? __pfx_invert_screen+0x10/0x10 [ 55.442097][ T6408] ? __pfx_complement_pos+0x10/0x10 [ 55.442111][ T6408] ? vc_do_resize+0x24d/0x10e0 [ 55.442123][ T6408] ? __vmalloc_node_noprof+0xad/0xf0 [ 55.442134][ T6408] clear_selection+0x59/0x70 [ 55.442146][ T6408] vc_do_resize+0xd9b/0x10e0 [ 55.442160][ T6408] ? __pfx_vc_do_resize+0x10/0x10 [ 55.442174][ T6408] fbcon_set_disp+0x7ad/0xe40 [ 55.442187][ T6408] set_con2fb_map+0x703/0x1060 [ 55.442201][ T6408] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 55.442216][ T6408] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 55.442232][ T6408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.442261][ T6408] do_fb_ioctl+0x328/0x7e0 [ 55.442272][ T6408] ? __pfx_do_fb_ioctl+0x10/0x10 [ 55.442284][ T6408] ? do_vfs_ioctl+0x523/0x1a60 [ 55.442303][ T6408] ? selinux_file_ioctl+0x180/0x270 [ 55.442319][ T6408] fb_ioctl+0xe5/0x150 [ 55.442328][ T6408] ? __pfx_fb_ioctl+0x10/0x10 [ 55.442337][ T6408] __x64_sys_ioctl+0x18e/0x210 [ 55.442349][ T6408] do_syscall_64+0xcd/0x4c0 [ 55.442365][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.442375][ T6408] RIP: 0033:0x7f5917d8e929 [ 55.442384][ T6408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.442394][ T6408] RSP: 002b:00007f5918c24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.442404][ T6408] RAX: ffffffffffffffda RBX: 00007f5917fb5fa0 RCX: 00007f5917d8e929 [ 55.442411][ T6408] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000004 [ 55.442417][ T6408] RBP: 00007f5917e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 55.442423][ T6408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.442429][ T6408] R13: 0000000000000000 R14: 00007f5917fb5fa0 R15: 00007ffefd60e9a8 [ 55.442438][ T6408] [ 55.442442][ T6408] [ 55.442447][ T6408] The buggy address belongs to the virtual mapping at [ 55.442447][ T6408] [ffffc90004f61000, ffffc90005262000) created by: [ 55.442447][ T6408] drm_gem_shmem_vmap_locked+0x4bc/0x720 [ 55.442461][ T6408] [ 55.442464][ T6408] Memory state around the buggy address: [ 55.442469][ T6408] ffffc90005260f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.442476][ T6408] ffffc90005260f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.442483][ T6408] >ffffc90005261000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 55.442489][ T6408] ^ [ 55.442494][ T6408] ffffc90005261080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 55.442506][ T6408] ffffc90005261100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 55.442512][ T6408] ================================================================== [ 55.443445][ T6408] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.443465][ T6408] CPU: 0 UID: 0 PID: 6408 Comm: syz.1.131 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 55.443480][ T6408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.443486][ T6408] Call Trace: [ 55.443490][ T6408] [ 55.443495][ T6408] dump_stack_lvl+0x3d/0x1f0 [ 55.443516][ T6408] panic+0x71c/0x800 [ 55.443533][ T6408] ? __pfx_panic+0x10/0x10 [ 55.443548][ T6408] ? irqentry_exit+0x3b/0x90 [ 55.443563][ T6408] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.443578][ T6408] ? preempt_schedule_thunk+0x16/0x30 [ 55.443592][ T6408] ? sys_imageblit+0x1a6f/0x1e60 [ 55.443602][ T6408] ? preempt_schedule_common+0x44/0xc0 [ 55.443617][ T6408] ? sys_imageblit+0x1a6f/0x1e60 [ 55.443627][ T6408] check_panic_on_warn+0xab/0xb0 [ 55.443643][ T6408] end_report+0x107/0x170 [ 55.443657][ T6408] kasan_report+0xee/0x110 [ 55.443672][ T6408] ? sys_imageblit+0x1a6f/0x1e60 [ 55.443683][ T6408] sys_imageblit+0x1a6f/0x1e60 [ 55.443694][ T6408] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 55.443709][ T6408] ? __pfx_sys_imageblit+0x10/0x10 [ 55.443732][ T6408] ? find_held_lock+0x2b/0x80 [ 55.443745][ T6408] ? __queue_work+0x431/0x10f0 [ 55.443755][ T6408] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 55.443769][ T6408] ? queue_work_on+0x12a/0x1f0 [ 55.443779][ T6408] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.443793][ T6408] ? queue_work_on+0x8b/0x1f0 [ 55.443803][ T6408] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 55.443815][ T6408] bit_putcs+0x90f/0xde0 [ 55.443832][ T6408] ? __pfx_bit_putcs+0x10/0x10 [ 55.443847][ T6408] ? fb_get_color_depth+0x120/0x250 [ 55.443860][ T6408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.443873][ T6408] ? __pfx_bit_putcs+0x10/0x10 [ 55.443887][ T6408] fbcon_putcs+0x383/0x4a0 [ 55.443900][ T6408] do_update_region+0x2e6/0x3f0 [ 55.443911][ T6408] invert_screen+0x1e4/0x590 [ 55.443924][ T6408] ? __pfx_invert_screen+0x10/0x10 [ 55.443937][ T6408] ? __pfx_complement_pos+0x10/0x10 [ 55.443951][ T6408] ? vc_do_resize+0x24d/0x10e0 [ 55.443963][ T6408] ? __vmalloc_node_noprof+0xad/0xf0 [ 55.443974][ T6408] clear_selection+0x59/0x70 [ 55.443985][ T6408] vc_do_resize+0xd9b/0x10e0 [ 55.444000][ T6408] ? __pfx_vc_do_resize+0x10/0x10 [ 55.444015][ T6408] fbcon_set_disp+0x7ad/0xe40 [ 55.444028][ T6408] set_con2fb_map+0x703/0x1060 [ 55.444042][ T6408] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 55.444057][ T6408] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 55.444072][ T6408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.444084][ T6408] do_fb_ioctl+0x328/0x7e0 [ 55.444093][ T6408] ? __pfx_do_fb_ioctl+0x10/0x10 [ 55.444103][ T6408] ? do_vfs_ioctl+0x523/0x1a60 [ 55.444120][ T6408] ? selinux_file_ioctl+0x180/0x270 [ 55.444134][ T6408] fb_ioctl+0xe5/0x150 [ 55.444142][ T6408] ? __pfx_fb_ioctl+0x10/0x10 [ 55.444151][ T6408] __x64_sys_ioctl+0x18e/0x210 [ 55.444162][ T6408] do_syscall_64+0xcd/0x4c0 [ 55.444177][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.444187][ T6408] RIP: 0033:0x7f5917d8e929 [ 55.444195][ T6408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.444205][ T6408] RSP: 002b:00007f5918c24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.444215][ T6408] RAX: ffffffffffffffda RBX: 00007f5917fb5fa0 RCX: 00007f5917d8e929 [ 55.444222][ T6408] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000004 [ 55.444228][ T6408] RBP: 00007f5917e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 55.444234][ T6408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.444240][ T6408] R13: 0000000000000000 R14: 00007f5917fb5fa0 R15: 00007ffefd60e9a8 [ 55.444249][ T6408] [ 55.444810][ T6408] Kernel Offset: disabled VM DIAGNOSIS: 03:26:00 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855ba755 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc900062a6f88 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=0000000000000073 R14=ffffffff9b0882e0 R15=ffffffff855ba6f0 RIP=ffffffff855ba77f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f5918c246c0 ffffffff 00c00000 GS =0000 ffff8880d6752000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2c82ef CR3=0000000059988000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000700000000 00000002032f0055 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917f84488 00007f5917f84480 00007f5917f84478 00007f5917f84450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5918aed100 00007f5917f84440 00007f5917f80004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917f84498 00007f5917f84490 00007f5917f84488 00007f5917f84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff888022352440 RSI=ffffffff81607d78 RDI=ffffffff93d20080 RBP=0000000000000001 RSP=ffffc900006a0fd0 R8 =0000000000000001 R9 =fffffbfff27a4010 R10=ffffffff93d20087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6852000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000200000002d85 CR3=000000005698b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001ec 000000000000003d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=2dad332344cf08a0 b9bb11418508280a 2dad332344cf08a0 b9bb11418508280a 2dad332344cf08a0 b9bb11418508280a 2dad332344cf08a0 b9bb11418508280a ZMM18=073c449b06f65e3b 60d382f5c3b7cca1 073c449b06f65e3b 60d382f5c3b7cca1 073c449b06f65e3b 60d382f5c3b7cca1 073c449b06f65e3b 60d382f5c3b7cca1 ZMM19=9a03000000000000 000000000000000b 9a03000000000000 000000000000000a 9a03000000000000 0000000000000009 9a03000000000000 0000000000000008 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300000000000006 0007000800060300 0000000900000008 00040009000a0008 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 07000000ffffffe6 0300000000000009 000000080004000b 000c000803000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffca03000000 0000005fffffffec 0300000000000009 ffffffe003000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000009ffffffd4 0300000000000016 ffffffc803000000 00000009ffffffbc ZMM25=07d4b8fd07d4b8fd 07d4b8fd07d4b8fd 07d4b8fd07d4b8fd 07d4b8fd07d4b8fd 07d4b8fd07d4b8fd 07d4b8fd07d4b8fd 07d4b8fd07d4b8fd 07d4b8fd07d4b8fd ZMM26=7c41debe7c41debe 7c41debe7c41debe 7c41debe7c41debe 7c41debe7c41debe 7c41debe7c41debe 7c41debe7c41debe 7c41debe7c41debe 7c41debe7c41debe ZMM27=9f1a580a9f1a580a 9f1a580a9f1a580a 9f1a580a9f1a580a 9f1a580a9f1a580a 9f1a580a9f1a580a 9f1a580a9f1a580a 9f1a580a9f1a580a 9f1a580a9f1a580a ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=b1010000b1010000 b1010000b1010000 b1010000b1010000 b1010000b1010000 b1010000b1010000 b1010000b1010000 b1010000b1010000 b1010000b1010000 info registers vcpu 2 CPU#2 RAX=0000000080010002 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff88802b540000 RSI=ffffffff81607d78 RDI=ffffffff93d20080 RBP=0000000000000002 RSP=ffffc90000648fd0 R8 =0000000000000001 R9 =fffffbfff27a4010 R10=ffffffff93d20087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00005555756d0500 ffffffff 00c00000 GS =0000 ffff8880d6952000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8ac80e56c0 CR3=000000005047e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 007372656d69742f 646e756f73612f63 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7211b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7211b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7211b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7211b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7211bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7211c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7eed100 00007f77f7384440 00007f77f7380004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f77f7384498 00007f77f7384490 00007f77f7384488 00007f77f7384480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81607d30 RDX=ffff88801dec8000 RSI=ffffffff81607d78 RDI=ffffffff93d20080 RBP=0000000000000003 RSP=ffffc900006f8fd0 R8 =0000000000000001 R9 =fffffbfff27a4010 R10=ffffffff93d20087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81607d79 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a52000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8ac8160d58 CR3=00000000513f4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffefd60ed30 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5917e11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000