last executing test programs: 1.051918855s ago: executing program 1 (id=190): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x40}}, 0x20048010) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000000)={0x0, 0x989680}, 0x0) syz_create_resource$binfmt(&(0x7f0000000140)='./file1\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pread64(r1, &(0x7f0000001b80)=""/4084, 0xff4, 0x0) 981.052314ms ago: executing program 1 (id=194): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x10c) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r1, &(0x7f0000000c40)="9d", 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1, 0x1}}, 0x40) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001003c00000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 701.675086ms ago: executing program 0 (id=202): r0 = io_uring_setup(0x7d2e, &(0x7f0000002380)={0x0, 0xffffffff, 0x1046}) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161) sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000380)}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="1400b5208ed8067efc000009000000000000001c00000000000000000f00fd08000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c0000000000000000078f0208000000", @ANYRES32=0x0, @ANYBLOB="a005000000000000000000004000000000000000000000000700000094040000442cd031ffffffff00000080ac1e0101fffffffce00000020000009c6401010100000001ffffffff00000008110000000000000000000000010000000400000000000000"], 0xb0}, 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) 701.030054ms ago: executing program 1 (id=204): openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async) r0 = socket$kcm(0x10, 0x5, 0x10) sendmsg$kcm(r0, 0x0, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) (async) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket(0x22, 0x2, 0x24) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) (async) r7 = socket$can_j1939(0x1d, 0x2, 0x7) r8 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xc, '\x00', r2, r8, 0x4, 0x2, 0x20003, 0x0, @void, @value, @void, @value}, 0x50) r10 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000200), 0x202, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0x20, &(0x7f00000007c0)={&(0x7f00000005c0)=""/200, 0xc8, 0x0, &(0x7f00000006c0)=""/249, 0xf9}}, 0x10) (async) r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000001000000000000000", @ANYRES32=0x1, @ANYBLOB="041000"/20, @ANYRES32=r6, @ANYRES32, @ANYBLOB="0500000004090fe914950000000300000000000000980057197e1500"], 0x50) r14 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000900)=@o_path={&(0x7f00000008c0)='./file0\x00', 0x0, 0x4000, r3}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x13, 0x20, &(0x7f0000000b00)=ANY=[@ANYBLOB="180000000500000000000000080000e8dab7ceed89cba2d0be930f26a2e9f40018110000", @ANYRES32=r8, @ANYRES16, @ANYRES32=r9, @ANYBLOB="00000000010000001850000005000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7020000000000008500000086000000c4d25000fcffffff1d05fefff0ffffff852000000500000085100000feffffff9500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x7, 0x15, &(0x7f00000004c0)=""/21, 0x41100, 0x0, '\x00', r6, @fallback=0x1, r11, 0x8, &(0x7f0000000540)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x4, 0x6, 0x8, 0x8001}, 0x10, r12, 0xffffffffffffffff, 0x4, &(0x7f0000000940)=[r13, r14], &(0x7f0000000980)=[{0x1, 0x2, 0x1, 0xc}, {0x8000001, 0x3, 0x8}, {0x3, 0x3, 0xe}, {0x5, 0x1, 0x6, 0x9}], 0x10, 0xc, @void, @value}, 0x94) (async) bind$can_j1939(r7, &(0x7f0000000080)={0x1d, r6, 0x0, {0x0, 0x0, 0x4}}, 0x18) (async) sendmsg$can_j1939(r7, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) (async) r16 = socket$nl_generic(0x10, 0x3, 0x10) r17 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r16, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r16, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, r17, 0x1, 0x70bd2b, 0x5, {{}, {@val={0x8, 0x3, r18}, @void}}, [@NL80211_ATTR_STA_VLAN={0x8}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}]}, 0x2c}}, 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2c, 0x0, {0x0, 0x0, 0x74, r15, {0x2, 0x4}, {0xa, 0x4}, {0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40804}, 0x0) r19 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r19, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="440000001000030c000000000000000000000000ae954548de89ce652925e6e3e54f2caf1f569edc6cecc3e2349e5028a1338a82f99515ac67f26987633602d6b5a8ce30124ff88763810a61cefcbbe0f2d532a310c835d194772c32d42990bdab12a0a0e7d3a703685abc60ef255a5ea3bcac2bc18e8cd11dba826de185234c0e8b5fcf75a99c3e848ceb20ca4303600fb4aec72bdca55950b6a5248434ffcdf30502742d180a25b3b52334bcb8bc01376f6dc01e6612958978c1bf1929955aa5fe246585d7e8bac18858115f4b5fa8569159826ba2b6c668949f76b4484090aa4b80f2ffce6d8c515aac5e6013c325987f9a65537b6e1fda5bd6a5647b18872b4d1a710d9b5f8e076ed524750ccca5b741b4a2ddadb77a7c77a020d1a8efd11739b3854b84570622fd70989c892231206c22261453ac8edda6d5ae35aef0", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010065727370616e0000140002800500160000000000080007007f000001"], 0x44}}, 0x0) 700.885607ms ago: executing program 2 (id=205): r0 = socket(0x2, 0x2, 0x1) r1 = socket(0x2, 0x2, 0x1) bind$unix(r1, &(0x7f0000000000)=@abs, 0x6e) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)={0x2c, r2, 0x1, 0x70bd2d, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x2c}, 0x1, 0xfffffffc}, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004000}, 0x24000080) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') preadv(r4, &(0x7f0000000940)=[{&(0x7f0000000880)=""/183, 0xb7}, {&(0x7f0000000280)=""/183, 0xb7}], 0x2, 0x2, 0x2081) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0xdc, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_USERDATA={0xc8, 0x6, "adbc64c02406e3f6c83ef82d13cd74e551a3bc730966e355b02aadaa6f77a47b7e9cca5858af833a971768271577b624d0a0fcbe4f7cbf7cdc01fcd65f37307d51a23d69695552b3bc0cbfe1720a3afaba42c704fedd1acb31ac7eb25bb73ee96acfb59427c67810ae16217340d7660681ac76cf0c113c3ffe235b247bc939a898648d329dde8d2ecce79aa0040249c9a25f7605d2cf772445cef06324a40b3eccedd3195f20e2ed7fafa9643b4f7257c6fe0a094397cbb4088bc6112ed486819cf19c4b"}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x94, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x68, 0x3, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x58, 0x7, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TARGET_INFO={0x30, 0x3, "b08c674515113085726709225a7547b6f14c1aa7a7202afc0811618e3b5a514fb651ff7360e7749fe5bee390"}, @NFTA_TARGET_NAME={0x9, 0x1, 'SNAT\x00'}]}}}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x1d4}}, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000440), r0) 610.530155ms ago: executing program 0 (id=207): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x1c1041) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000000040)) (async) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x97, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4, 0x0, @void, @value, @void, @value}, 0x50) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'ip6gre0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x29, 0xa, 0x5, 0x7, 0x40, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x40, 0x8000, 0x92, 0x8}}) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x6, [@var={0x5, 0x0, 0x0, 0xe, 0x3, 0x1}]}, {0x0, [0x30, 0x0, 0x2e, 0x30]}}, &(0x7f0000000300)=""/206, 0x2e, 0xce, 0x1, 0x0, 0x0, @void, @value}, 0x28) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x14, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000500)={0x0, 0x4}, 0xc) (async) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x4, 0x0, @void, @value, @void, @value}, 0x50) (async) r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000005c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x30000, 0x0, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@call={0x85, 0x0, 0x0, 0xb7}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x40, &(0x7f00000001c0)=""/64, 0x41000, 0x3, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000440)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[r0, r4, r5, r6, r7, r0, r8], 0x0, 0x10, 0x55, @void, @value}, 0x94) (async) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000007c0), 0x800, 0x0) r10 = fsmount(r9, 0x0, 0x7e) ioctl$SCSI_IOCTL_SEND_COMMAND(r10, 0x1, &(0x7f0000000800)={0xe1, 0xcc4, 0x0, "4f52f810de7c851cc6623e7fa8027538105a9907dc7a78f6eaec7fe4abece188b88a7f286fd2e2d2298ff6f1257b87920121ef2cb1470da1c73bc5adeb715988de96b9f76445c0d2e50811de936cfe48087f49deb31a22c5828672b8d8456a5b46fc0867d34bcb48193c1485f226a71f9ce9c77ce4972234a416c226c26420c047b9119ea90f233e68a5d7a614330465f458be83041bf9cf702657fb4a41a70fa582304a68dd70ea9192ee963ed91635901aca6895949dc955f55b4c5488efca875fdea50311c10d0c0b66ad84bec14e0aa22f6d735b505fdd84bff49bca962c9e"}) (async) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000940), r10) sendmsg$TIPC_NL_KEY_FLUSH(r11, &(0x7f0000000b80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000980)={0x18c, r12, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x54, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5a673543}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x4c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1ff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xb}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x513}]}, @TIPC_NLA_SOCK={0x9c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xde9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x200}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffff7fa}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xeb0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}]}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x8d1}, 0x4008000) bind$xdp(r9, &(0x7f0000000bc0)={0x2c, 0x9, r2, 0x8, r10}, 0x10) (async) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c40), r9) sendmsg$NL80211_CMD_GET_KEY(r10, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x28, r13, 0x10, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xd, 0x24}}}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x282c1b6cfcf38fec}]}, 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000e00)={r6, &(0x7f0000000d40)="3451f188ca9de4322d895d91d37d3113bade6fe2f0c50f7be84a58ad76b2851b6a21deeae31f1037f7360a638af219d8c980cdaac9756e04a3fda94c812659ae731736e3dabfc8c9329458bb15d91fde718e755365e9752b2e486d15b992154b13f674129283f58d738d90e1002a69cc2deb2f71f6d3ae8957a355949fbedce55e08e5622ef3c9d3f2bad7097b4f"}, 0x20) (async) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xe, 0x50, r11, 0x42fd8000) (async) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000e40)={'pim6reg0\x00'}) (async) mmap$xdp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x100010, r9, 0x100000000) (async) ioctl$DRM_IOCTL_GET_CLIENT(r10, 0xc0286405, &(0x7f0000000e80)={0x1, 0x5, {}, {0x0}, 0x8, 0x5}) setsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f0000000ec0)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@remote, 0x4e23, 0x1, 0x4e21, 0x7, 0xcb725d061d70a880, 0x0, 0xa0, 0x1d, 0x0, r14}, {0xff, 0x0, 0x7, 0x5, 0xfffffffffffffff9, 0x200, 0x44a8, 0x5}, {0x56f, 0x4, 0x9, 0x5}, 0x7, 0x6e6bb0, 0x0, 0x1, 0x3, 0x3}, {{@in6=@mcast2, 0x4d4, 0xff}, 0x2, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3501, 0x1, 0x1, 0x7, 0x7, 0x9, 0x80}}, 0xe8) (async) r15 = syz_genetlink_get_family_id$devlink(&(0x7f0000001000), r10) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r11, &(0x7f0000001280)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001240)={&(0x7f0000001040)={0x1c4, r15, 0x100, 0x70bd25, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0xffffff06}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x1c}, {0x8, 0x15, 0x7}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xbae}, {0x6}, {0x8, 0x15, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xb}, {0x6, 0x11, 0x4}, {0x8, 0x15, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x3}, {0x8, 0x15, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x384f}, {0x8, 0x15, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x72c}, {0x6, 0x11, 0xff}, {0x8, 0x15, 0x8d4}}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x1}, 0x4044484) (async) openat$tun(0xffffffffffffff9c, &(0x7f00000012c0), 0x2, 0x0) (async) sendmsg$nl_route(r9, &(0x7f00000013c0)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)=@ipmr_newroute={0x34, 0x18, 0x800, 0x70bd2c, 0x25dfdbff, {0x80, 0x14, 0x0, 0x7, 0xfc, 0x2, 0xff, 0x9, 0x800}, [@RTA_PRIORITY={0x8}, @RTA_OIF={0x8, 0x4, r2}, @RTA_SPORT={0x6, 0x1c, 0x4e20}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8041) 610.340724ms ago: executing program 1 (id=208): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/188, &(0x7f0000000180)=0xbc) dup(r0) 610.139492ms ago: executing program 2 (id=209): mkdir(&(0x7f0000000300)='./bus\x00', 0x40) r0 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}, @broadcast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @multicast1, @loopback}, {0x1f, 0x0, 0x0, @multicast1}}}}}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) ioperm(0x0, 0x2, 0x2) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioperm(0x0, 0x6, 0x0) mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0) setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {}, [], {}, [{}, {}, {}, {0x8, 0x1}, {0x8, 0x1}], {0x10, 0x1}}, 0x4c, 0x3) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r0, 0x8982, &(0x7f0000000040)) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000140), &(0x7f0000000180)=0xc) 551.769832ms ago: executing program 0 (id=210): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", 0xffffffffffffffff}) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000040)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x87f}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x40020) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000006080)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {}, {0x4, 0x3}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x4d}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc004884}, 0x0) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45bebe3f5b53e0ca34dd02acecdc67c5e3126628168", r1, 0xffffffffffffffff}) r9 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) mkdir(&(0x7f0000000000)='./control\x00', 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./control\x00') ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x1, 0x7, 0x32315559, 0x8, 0x203, 0x2, 0x8, 0x6, 0x1, 0x2, 0x0, 0x1}}) r10 = syz_io_uring_setup(0xc55, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r11, r12, &(0x7f0000000540)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x7fffffffffffffff, &(0x7f0000000040)=[r10], 0x1}) io_uring_enter(r10, 0x5b43, 0x0, 0x0, 0x0, 0x12) r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r13}, 0xfd70) r14 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r14, 0x0) r15 = userfaultfd(0x80801) ioctl$UFFDIO_API(r15, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r15, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000779000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2000}) close(r2) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000280)=0x8000) ioctl$SYNC_IOC_MERGE(r8, 0x40103e05, &(0x7f0000000080)={"df000000000000000000000000000000000000002000a400", r8}) 550.717759ms ago: executing program 3 (id=211): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000140)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f903, 0x0, '\x00', @p_u16=&(0x7f0000000080)=0x4}}) 549.562754ms ago: executing program 1 (id=212): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x10c) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r1, &(0x7f0000000c40)="9d", 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1, 0x1}}, 0x40) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001008200000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 482.296042ms ago: executing program 3 (id=213): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000500)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r1) (async) r2 = dup(r1) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x490, 0x320, 0x6affffff, 0x3403000b, 0x320, 0x7, 0x3f8, 0x230, 0x230, 0x3f8, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00'}, 0x0, 0x2d8, 0x320, 0x0, {0x1000000}, [@common=@unspec=@bpf0={{0x230}, {0x1, [{0x6}]}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4f0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 482.026609ms ago: executing program 2 (id=214): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000004800050300000000010000000a008000", @ANYRES32=0x0, @ANYBLOB="00000000080002000400000014000100000000000000000000000000f1"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000440)=[@in6={0xa, 0x4e23, 0xfffffffe, @loopback}, @in6={0xa, 0x4e23, 0x10001, @mcast2, 0x7f}, @in6={0xa, 0x4e21, 0x10001, @loopback, 0x10}], 0x54) sendto$inet6(r3, &(0x7f0000000180)="41d4aa2af34aee8f20df", 0xa, 0x4004001, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000380)={0x0, 0xff, 0x3, 0x7d39, 0x6, 0x2a4, 0x4, 0x9, {0x0, @in={{0x2, 0x4e23, @private=0xa010100}}, 0x1, 0x80000000, 0xfffffff9, 0xf, 0xffffef4c}}, &(0x7f0000000240)=0xb0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYRES8=r0, @ANYRES32=r0], 0x108}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r2, @ANYRES32=r2, @ANYBLOB="deff0000000000001c00128009000100626f6e64000000000c00028008001e00fdffffff7fbf445405f4c715a8daba293007bca17d52fb9f"], 0x3c}, 0x1, 0x2000000000000000}, 0x4008040) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000001c0)={0x1, 0x0, 0x4, 0x7, r4}, &(0x7f0000000340)=0x10) 421.690922ms ago: executing program 0 (id=215): prctl$PR_SET_SECUREBITS(0x1c, 0x2c) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="080008005607000008000200ac1414bb"], 0x28}}, 0x4000004) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000006800010000000000000000000a000000000000000c0008800800030000000000060007000200000008000500", @ANYRES32=r6, @ANYBLOB="140006"], 0x48}}, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r8, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) mkdir(&(0x7f0000000500)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x800008, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r9, 0x402, 0x3d) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r10 = dup(r8) write$FUSE_BMAP(r10, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r10, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r10, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r10, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB="e90f030000"]) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) 421.460808ms ago: executing program 3 (id=216): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="54010000100013070000010000000000000000000000000077fb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040007"], 0x154}}, 0x0) 420.45938ms ago: executing program 3 (id=217): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) (async) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x4, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000300)=ANY=[@ANYBLOB="1803000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="00000004000000008500000000000000000000ffffffef0055e240d42dbceea278ddb73e4211cff99576d5be51565bcce92f72e98c35241f6f7c8216e4c2ffa9"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async, rerun: 32) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async, rerun: 32) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0xe4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0) ioctl$CDROM_TIMED_MEDIA_CHANGE(r4, 0x5396, &(0x7f00000001c0)={0x100000000, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) (async, rerun: 64) r7 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 64) bind$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) (async) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3, 0x24, 0x68, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) (async) syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x33f8, 0x10100, 0xffffffff, 0x0, 0x0, r6}, 0x0, 0x0) (async) inotify_init() (async, rerun: 32) openat$ptp0(0xffffff9c, &(0x7f0000000000), 0x500, 0x0) (rerun: 32) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) (async, rerun: 64) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r8}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10) (async) r9 = socket(0x10, 0x3, 0x0) (async, rerun: 64) r10 = socket$packet(0x11, 0x2, 0x300) (rerun: 64) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xfffff800}]}}]}, 0x3c}}, 0x400c4) 411.363063ms ago: executing program 0 (id=218): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000580)="2c385aa3", 0x4) r2 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x1d, &(0x7f00000008c0)=0x1, 0x4) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101) dup(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r7], 0x50}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r6, 0x0, 0x20008040) socket(0x1, 0x803, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fe", @ANYRES32=0x0, @ANYRES32], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) unlink(&(0x7f0000000440)='./file0\x00') sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r9}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000600000000000000001000008f6450000100000084c600000e000000588904000100000006f107000f00000018430000010000000000000000000000186900000200000000000000fcffffff18120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c0000000002000000000000181100001471c08b6610efe8676c75c799f0aa36f9c456c0239c86325821382f10cfebb5c6907973c21fd8589472c258581b9f1eceef689e138fa5d5df535ec94cdb2aebba84b79fe6e346c2087838f930dfbf842b0a7a1061f393ac244b5d18f68acc21ee6c7b8c1c314e5201a7b270358f90c3893a627fe212ceef58ec400a4001d8f29adaae6498", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x1ff, 0xf5, &(0x7f0000000100)=""/245, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0xf, 0x7fff, 0xfffffffe}, 0x10, 0x0, 0x0, 0x2, &(0x7f00000002c0)=[0x1, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, r0], &(0x7f0000000300)=[{0x5, 0x1, 0x0, 0x3}, {0x0, 0x1, 0x3, 0x8}], 0x10, 0x8, @void, @value}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000400)={0xffffffffffffffff, r10}) 329.649771ms ago: executing program 2 (id=219): clock_getres(0xfffffffffffffffe, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x44, r0, 0x101, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @NL80211_ATTR_SSID={0x16, 0x34, @random="d3a81a5adfe7215ccd99a8c3dce017b2099c"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}, 0x1, 0x0, 0x0, 0x8884}, 0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x14, r4, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000804) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r3) r5 = syz_io_uring_setup(0x6fba, &(0x7f0000000000)={0x0, 0x1, 0x10000, 0x1, 0x25c}, &(0x7f0000000080), &(0x7f00000000c0)) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x4, 0x0, 0x0, 'queue0\x00'}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8882) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x3}, 0xc}) read$FUSE(r6, &(0x7f00000005c0)={0x2020}, 0x2020) write$sndseq(r8, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32}], 0x1c) write$UHID_CREATE2(r6, &(0x7f0000000580)=ANY=[], 0x118) setsockopt(r6, 0x0, 0x9, &(0x7f0000000180)="439b001619e4a5f8d13a7ba8463fdbfbc67e0082cc000ebc9ac2ac442548f19f3df1c11a7fb2c6445962805cd9b08274bc77e5caf77437ac0ba2ed90576ec371c14abcc8f00bb54f4afa644d0f9ce2050f99bbfdb29ce73dc8da04be04020ab5d97706d919809eaf00670a9be571548795c87f3acb3e5122d1ff4e49252b428c1648d5197a70f3e04614684e58ab62072426", 0x92) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r5, 0x19, &(0x7f0000000140)={0x1dc0, 0x2, 0x8}, 0x0) 324.602178ms ago: executing program 3 (id=220): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000480)={0x0, "b500e2279c2996817bb959eb2b238deda525e1dbdeffafbf2500"}) 324.170658ms ago: executing program 3 (id=221): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x741000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f00000006c0)={0x480, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7acb}) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000240)="470ff5b90000000066b86c008ed0b9840500000f320f20d835200000000f22d836643e0f0866430f1132660fc7b00000010065364e0fc71bc74424000b000000c744240206000000c7442406000000000f011c24450f01cb", 0x58}], 0x1, 0x1f, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r6, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4) setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x4, 0x3f, 0x3202, @vifc_lcl_addr=@private=0xa010101, @private=0xa010101}, 0x10) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0) r8 = fanotify_init(0x200, 0x0) fanotify_mark(r8, 0x1, 0x40000032, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r9, &(0x7f0000000000)=[{&(0x7f0000000200)="d5", 0x1}], 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c0008"], 0x11) r10 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r10, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) getsockname$packet(r10, 0x0, &(0x7f0000001480)) r11 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 247.728936ms ago: executing program 1 (id=222): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800c3, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r2, &(0x7f0000000300)="ab", 0x1a000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x4e, 0x3}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x44000, 0x0) renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000100)='./bus\x00', 0x0) unlinkat(r1, &(0x7f0000000180)='./bus\x00', 0x0) 71.867063ms ago: executing program 2 (id=223): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) unshare(0x8000000) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 651.044µs ago: executing program 0 (id=224): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async, rerun: 64) lsetxattr$security_evm(&(0x7f0000000140)='.\x00', &(0x7f00000003c0), &(0x7f0000000400)=ANY=[@ANYBLOB="040c9421a67f"], 0xc, 0x2) (rerun: 64) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040)={0x0, 0x0, 0xf88}) setxattr$security_capability(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1) (async) r2 = socket(0x10, 0x803, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x246542) (async, rerun: 32) r4 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x35, 0x0) (rerun: 32) mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x11, r4, 0x82000000) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x12, r5, 0x0) (async, rerun: 32) r6 = socket$rxrpc(0x21, 0x2, 0xa) (rerun: 32) setsockopt$RXRPC_SECURITY_KEY(r6, 0x110, 0x1, &(0x7f0000000240)='/dev/nbd', 0x8) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000011000100900051230000400007000000", @ANYRES32, @ANYBLOB="00000000000000001c001a801800058014000680080001"], 0x3c}}, 0x0) (async) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r2) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MCAST_RATE(r5, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x48, r9, 0x2, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x4, 0x6f}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x2000) r11 = socket(0x10, 0x80002, 0x0) (async, rerun: 64) r12 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) r13 = syz_io_uring_setup(0x16e, &(0x7f0000000b00)={0x0, 0xfffffffd, 0x10100, 0x0, 0x4}, &(0x7f0000001240)=0x0, &(0x7f0000001340)=0x0) syz_io_uring_submit(r14, r15, &(0x7f0000000300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r12, 0x0, &(0x7f0000000340)="40aa", 0xfffffffffffffebb, 0x102, 0x1}) io_uring_enter(r13, 0x567, 0x1e, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r12) (async) sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a000000000000000007000000", @ANYRES32=r8, @ANYBLOB="00000132ae57f60014001a80100005800c0005"], 0x34}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000040)=0x20b) (async) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRESOCT=r2, @ANYBLOB="0000000000000000400012800b000100697036677265000030000280060010004e20000006000e000000000014000700", @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0xc030) 0s ago: executing program 2 (id=225): r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0) ioctl$CDROM_CLEAR_OPTIONS(r0, 0x5321, 0x9) (async) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000040)=0x5, 0x4) (async) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f0000000080)={0x0, 0x8}) (async) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000140)={0x0, 0x1}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000180)={0x0, 0x0, r0}) ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f0000000200)={&(0x7f00000001c0)=[r1, r2, 0x0, r3, r4], 0x5}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000240)={0x28, 0x2, 0x0, {0x2, 0x100, 0x2}}, 0x28) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000000280)={0x5, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x1, "186d20228822ca"}) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000001280)={{r5, 0x0, 0xfffffffffffffff9, 0xfd, 0x1, 0x5, 0x7, 0x4, 0x9, 0x6, 0x9, 0x6, 0x9, 0x2, 0x80000000}}) (async) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000002280)) (async) r6 = syz_io_uring_setup(0x255, &(0x7f00000022c0)={0x0, 0xb6c1, 0x40, 0x2, 0x3cb}, &(0x7f0000002340), &(0x7f0000002380)) fstatfs(r6, &(0x7f00000023c0)=""/165) (async) r7 = openat$cgroup_ro(r0, &(0x7f0000002480)='memory.swap.current\x00', 0x0, 0x0) (async) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000024c0), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000003600)={0x3, 0x0, [{0x2, 0x11, &(0x7f0000002500)=""/17}, {0xeeef0000, 0x8c, &(0x7f0000002540)=""/140}, {0x8080000, 0x1000, &(0x7f0000002600)=""/4096}]}) (async) ioctl$CDROMPLAYTRKIND(r7, 0x5304, &(0x7f0000003680)={0x3, 0x5, 0x6, 0x8}) (async) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f00000036c0)={0xa}) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) (async) r9 = openat(r7, &(0x7f0000003700)='./file0\x00', 0x600400, 0x80) (async) ioctl$VHOST_SET_VRING_ERR(r8, 0x4008af22, &(0x7f0000003740)={0x3, r7}) (async) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000003780)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f00000037c0)={0x3, r10, 0xb, 0xde3, 0xd, 0x2, 0x8000}) (async) getdents(r0, &(0x7f0000003800)=""/21, 0x15) (async) socket(0x6, 0x2, 0xe727) (async) splice(r8, &(0x7f0000003840)=0x4, r9, &(0x7f0000003880)=0x2, 0xcaef, 0x1) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r7, 0xc0045520, &(0x7f00000038c0)=0x8) (async) inotify_add_watch(r7, &(0x7f0000003900)='./file1\x00', 0x400) kernel console output (not intermixed with test programs): [ 43.275146][ T39] audit: type=1400 audit(1740369002.444:81): avc: denied { rlimitinh } for pid=5859 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.283446][ T39] audit: type=1400 audit(1740369002.444:82): avc: denied { siginh } for pid=5859 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.880989][ T39] audit: type=1400 audit(1740369003.074:83): avc: denied { read } for pid=5338 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 43.888304][ T39] audit: type=1400 audit(1740369003.074:84): avc: denied { append } for pid=5338 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.897701][ T39] audit: type=1400 audit(1740369003.074:85): avc: denied { open } for pid=5338 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.903830][ T39] audit: type=1400 audit(1740369003.074:86): avc: denied { getattr } for pid=5338 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:28300' (ED25519) to the list of known hosts. [ 45.367642][ T39] audit: type=1400 audit(1740369004.554:87): avc: denied { name_bind } for pid=5905 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 47.574821][ T5917] cgroup: Unknown subsys name 'net' [ 47.725477][ T5917] cgroup: Unknown subsys name 'cpuset' [ 47.728896][ T5917] cgroup: Unknown subsys name 'rlimit' [ 47.936095][ T5929] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 48.794178][ T5917] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.346835][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 52.346853][ T39] audit: type=1400 audit(1740369011.534:105): avc: denied { execmem } for pid=5935 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.539340][ T39] audit: type=1400 audit(1740369011.724:106): avc: denied { create } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.583996][ T39] audit: type=1400 audit(1740369011.724:107): avc: denied { read write } for pid=5939 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.585245][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.595210][ T39] audit: type=1400 audit(1740369011.724:108): avc: denied { open } for pid=5939 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.605120][ T39] audit: type=1400 audit(1740369011.734:109): avc: denied { ioctl } for pid=5939 comm="syz-executor" path="socket:[4777]" dev="sockfs" ino=4777 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.611739][ T5953] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.615920][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.618986][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.623128][ T5955] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.627147][ T5955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.630296][ T5954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.634712][ T5947] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.636373][ T5954] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.637838][ T5947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.640806][ T5954] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.643178][ T5947] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.646432][ T5954] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.648223][ T5947] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.648399][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.649674][ T5956] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.652080][ T5954] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.653551][ T5947] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 52.658757][ T39] audit: type=1400 audit(1740369011.844:110): avc: denied { read } for pid=5939 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.661691][ T5955] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.662331][ T5295] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 52.664255][ T39] audit: type=1400 audit(1740369011.844:111): avc: denied { open } for pid=5939 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.664289][ T39] audit: type=1400 audit(1740369011.844:112): avc: denied { mounton } for pid=5939 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 52.664453][ T5954] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.673449][ T67] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.676159][ T5295] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.684244][ T67] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.852676][ T39] audit: type=1400 audit(1740369012.044:113): avc: denied { module_request } for pid=5939 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 52.912338][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 52.937567][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 53.103456][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 53.112895][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.115381][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.118045][ T5939] bridge_slave_0: entered allmulticast mode [ 53.120985][ T5939] bridge_slave_0: entered promiscuous mode [ 53.125023][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.127139][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.129190][ T5939] bridge_slave_1: entered allmulticast mode [ 53.132400][ T5939] bridge_slave_1: entered promiscuous mode [ 53.193802][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.196029][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.198344][ T5946] bridge_slave_0: entered allmulticast mode [ 53.200768][ T5946] bridge_slave_0: entered promiscuous mode [ 53.204695][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.206853][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.209018][ T5946] bridge_slave_1: entered allmulticast mode [ 53.211584][ T5946] bridge_slave_1: entered promiscuous mode [ 53.229482][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.233978][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 53.238712][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.279472][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.281853][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.283997][ T5943] bridge_slave_0: entered allmulticast mode [ 53.286276][ T5943] bridge_slave_0: entered promiscuous mode [ 53.310279][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.319687][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.323345][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.325917][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.328191][ T5943] bridge_slave_1: entered allmulticast mode [ 53.330525][ T5943] bridge_slave_1: entered promiscuous mode [ 53.346385][ T5939] team0: Port device team_slave_0 added [ 53.391560][ T5939] team0: Port device team_slave_1 added [ 53.401056][ T5946] team0: Port device team_slave_0 added [ 53.404397][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.428085][ T5946] team0: Port device team_slave_1 added [ 53.441592][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.453657][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.455706][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.464231][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.495817][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.497953][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.506057][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.519734][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.522183][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.524396][ T5948] bridge_slave_0: entered allmulticast mode [ 53.526801][ T5948] bridge_slave_0: entered promiscuous mode [ 53.530426][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.532431][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.540152][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.544545][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.546647][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.554269][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.569922][ T5943] team0: Port device team_slave_0 added [ 53.574065][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.576230][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.578427][ T5948] bridge_slave_1: entered allmulticast mode [ 53.580841][ T5948] bridge_slave_1: entered promiscuous mode [ 53.589494][ T5943] team0: Port device team_slave_1 added [ 53.673529][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.704459][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.706710][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.715825][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.721491][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.727518][ T5939] hsr_slave_0: entered promiscuous mode [ 53.731610][ T5939] hsr_slave_1: entered promiscuous mode [ 53.737581][ T5946] hsr_slave_0: entered promiscuous mode [ 53.740195][ T5946] hsr_slave_1: entered promiscuous mode [ 53.742766][ T5946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.745856][ T5946] Cannot create hsr debugfs directory [ 53.748498][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.752347][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.762331][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.788099][ T5948] team0: Port device team_slave_0 added [ 53.795927][ T5948] team0: Port device team_slave_1 added [ 53.818922][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.820999][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.828148][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.832474][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.834465][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.841904][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.938949][ T5943] hsr_slave_0: entered promiscuous mode [ 53.943146][ T5943] hsr_slave_1: entered promiscuous mode [ 53.945711][ T5943] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.948589][ T5943] Cannot create hsr debugfs directory [ 54.058333][ T5948] hsr_slave_0: entered promiscuous mode [ 54.061093][ T5948] hsr_slave_1: entered promiscuous mode [ 54.063774][ T5948] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.066747][ T5948] Cannot create hsr debugfs directory [ 54.223253][ T5946] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.230672][ T5946] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.240921][ T5946] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.246490][ T5946] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.269895][ T5939] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.274009][ T5939] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.277919][ T5939] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.283357][ T5939] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.314145][ T5943] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.318630][ T5943] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.323436][ T5943] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.329167][ T5943] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.364049][ T5948] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.369400][ T5948] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.374073][ T5948] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.378299][ T5948] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.448877][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.468345][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.479298][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.484109][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.497458][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.499466][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.507744][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.513401][ T106] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.515498][ T106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.519554][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.524435][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.531924][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.534055][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.538258][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.540451][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.544201][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.546329][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.557927][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.560577][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.584624][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.594576][ T1230] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.596763][ T1230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.601111][ T1230] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.603351][ T1230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.637112][ T5939] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.640150][ T5939] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.654575][ T39] audit: type=1400 audit(1740369013.844:114): avc: denied { sys_module } for pid=5946 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 54.671381][ T5942] Bluetooth: hci1: command tx timeout [ 54.672538][ T67] Bluetooth: hci0: command tx timeout [ 54.717405][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.738925][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.748991][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.751661][ T67] Bluetooth: hci3: command tx timeout [ 54.761343][ T67] Bluetooth: hci2: command tx timeout [ 54.772180][ T5943] veth0_vlan: entered promiscuous mode [ 54.783373][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.789013][ T5943] veth1_vlan: entered promiscuous mode [ 54.823520][ T5946] veth0_vlan: entered promiscuous mode [ 54.843584][ T5948] veth0_vlan: entered promiscuous mode [ 54.847317][ T5943] veth0_macvtap: entered promiscuous mode [ 54.850149][ T5946] veth1_vlan: entered promiscuous mode [ 54.859444][ T5948] veth1_vlan: entered promiscuous mode [ 54.865655][ T5943] veth1_macvtap: entered promiscuous mode [ 54.869748][ T5939] veth0_vlan: entered promiscuous mode [ 54.884762][ T5939] veth1_vlan: entered promiscuous mode [ 54.889241][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.895125][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.904203][ T5946] veth0_macvtap: entered promiscuous mode [ 54.908031][ T5943] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.911231][ T5943] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.914461][ T5943] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.917113][ T5943] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.937137][ T5946] veth1_macvtap: entered promiscuous mode [ 54.952475][ T5948] veth0_macvtap: entered promiscuous mode [ 54.959163][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 54.963441][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.967401][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.977584][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 54.981190][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 54.984534][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.992001][ T5948] veth1_macvtap: entered promiscuous mode [ 55.004836][ T5946] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.007539][ T5946] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.010007][ T5946] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.012698][ T5946] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.018425][ T5939] veth0_macvtap: entered promiscuous mode [ 55.031578][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.034869][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.041765][ T5939] veth1_macvtap: entered promiscuous mode [ 55.057654][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.061824][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.064628][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.068163][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.075456][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.080963][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 55.085641][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.088682][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 55.091794][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.095198][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.098347][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.101867][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.105119][ T5948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.108143][ T5948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.110709][ T5948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.113151][ T5948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.117048][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.120212][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.123327][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.126246][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.128951][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.132429][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.136603][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.147161][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 55.150154][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.154600][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 55.157653][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.160559][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 55.163508][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.166938][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.177674][ T5939] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.180132][ T5939] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.183340][ T5939] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.186700][ T5939] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.199945][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.206022][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.208464][ T5943] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.225973][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.228227][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.240153][ T1230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.244206][ T1230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.281631][ T1230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.284553][ T1230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.292759][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.295747][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.323043][ T1230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.325593][ T1230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.457524][ T6009] omfs: Invalid superblock (0) [ 55.530060][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.532290][ T5982] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 55.533870][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.537502][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.542722][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.545877][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.547740][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.550208][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.553435][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.555720][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.557918][ T6021] blackhole_netdev_xmit(): Dropping skb. [ 55.611889][ T6017] syz.2.6 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 55.696899][ T6031] dlm: no locking on control device [ 55.697770][ T6033] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.773722][ T6043] fuse: Bad value for 'fd' [ 55.824616][ T6043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13'. [ 55.829584][ T6043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13'. [ 55.835637][ T6043] Zero length message leads to an empty skb [ 56.627767][ T6052] syz.3.16 uses obsolete (PF_INET,SOCK_PACKET) [ 56.750917][ T5942] Bluetooth: hci1: command tx timeout [ 56.760632][ T5942] Bluetooth: hci0: command tx timeout [ 56.830685][ T5295] Bluetooth: hci3: command tx timeout [ 56.832802][ T5942] Bluetooth: hci2: command tx timeout [ 56.948104][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.20'. [ 57.110613][ T5982] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 57.249100][ T6085] netlink: 100 bytes leftover after parsing attributes in process `syz.3.23'. [ 57.260653][ T5982] usb 7-1: Invalid ep0 maxpacket: 64 [ 57.298183][ T6090] netlink: 20 bytes leftover after parsing attributes in process `syz.3.26'. [ 57.333969][ T6093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.27'. [ 57.354967][ T39] kauditd_printk_skb: 84 callbacks suppressed [ 57.354980][ T39] audit: type=1400 audit(1740369016.544:199): avc: denied { bind } for pid=6092 comm="syz.0.27" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.364129][ T39] audit: type=1400 audit(1740369016.554:200): avc: denied { write } for pid=6092 comm="syz.0.27" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.401235][ T5982] usb 7-1: new low-speed USB device number 3 using dummy_hcd [ 57.570494][ T5982] usb 7-1: Invalid ep0 maxpacket: 64 [ 57.573688][ T5982] usb usb7-port1: attempt power cycle [ 57.851374][ T39] audit: type=1400 audit(1740369017.044:201): avc: denied { read write } for pid=6103 comm="syz.1.31" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 57.859555][ T6104] program syz.1.31 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.859704][ T39] audit: type=1400 audit(1740369017.044:202): avc: denied { open } for pid=6103 comm="syz.1.31" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 57.875927][ T39] audit: type=1400 audit(1740369017.044:203): avc: denied { ioctl } for pid=6103 comm="syz.1.31" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 57.910572][ T5982] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 57.916519][ T39] audit: type=1400 audit(1740369017.104:204): avc: denied { connect } for pid=6105 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 57.931213][ T5982] usb 7-1: Invalid ep0 maxpacket: 64 [ 58.033815][ T39] audit: type=1400 audit(1740369017.224:205): avc: denied { ioctl } for pid=6105 comm="syz.1.32" path="socket:[11387]" dev="sockfs" ino=11387 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 58.060492][ T5982] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 58.091281][ T5982] usb 7-1: Invalid ep0 maxpacket: 64 [ 58.093768][ T5982] usb usb7-port1: unable to enumerate USB device [ 58.794565][ T39] audit: type=1400 audit(1740369017.984:206): avc: denied { mounton } for pid=6109 comm="syz.1.33" path="/10/file0" dev="tmpfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 58.799017][ T6112] netlink: 32 bytes leftover after parsing attributes in process `syz.3.34'. [ 58.805536][ T39] audit: type=1400 audit(1740369017.994:207): avc: denied { mount } for pid=6109 comm="syz.1.33" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 58.806667][ T6112] netlink: 32 bytes leftover after parsing attributes in process `syz.3.34'. [ 58.830519][ T39] audit: type=1400 audit(1740369018.014:208): avc: denied { unmount } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 58.830796][ T5295] Bluetooth: hci1: command tx timeout [ 58.840627][ T5942] Bluetooth: hci0: command tx timeout [ 58.911629][ T6120] ======================================================= [ 58.911629][ T6120] WARNING: The mand mount option has been deprecated and [ 58.911629][ T6120] and is ignored by this kernel. Remove the mand [ 58.911629][ T6120] option from the mount to silence this warning. [ 58.911629][ T6120] ======================================================= [ 58.921850][ T5942] Bluetooth: hci2: command 0x040f tx timeout [ 58.922018][ T5295] Bluetooth: hci3: command tx timeout [ 58.925347][ T6120] tmpfs: Cannot change global quota limit on remount [ 59.101839][ T6138] tmpfs: Unknown parameter 'mpolbind:0-1:1/3N' [ 59.109439][ T6137] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32 [ 59.196194][ T6141] xt_l2tp: missing protocol rule (udp|l2tpip) [ 59.406060][ T6145] FAULT_INJECTION: forcing a failure. [ 59.406060][ T6145] name failslab, interval 1, probability 0, space 0, times 1 [ 59.410074][ T6145] CPU: 2 UID: 3327 PID: 6145 Comm: syz.0.44 Not tainted 6.14.0-rc4-syzkaller #0 [ 59.410093][ T6145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.410101][ T6145] Call Trace: [ 59.410127][ T6145] [ 59.410134][ T6145] dump_stack_lvl+0x16c/0x1f0 [ 59.410328][ T6145] should_fail_ex+0x50a/0x650 [ 59.410487][ T6145] ? fs_reclaim_acquire+0xae/0x150 [ 59.410582][ T6145] should_failslab+0xc2/0x120 [ 59.410618][ T6145] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 59.410635][ T6145] ? getname_flags.part.0+0x4c/0x550 [ 59.410672][ T6145] ? vfs_write+0x306/0x1150 [ 59.410699][ T6145] getname_flags.part.0+0x4c/0x550 [ 59.410722][ T6145] getname+0x8d/0xe0 [ 59.410745][ T6145] do_sys_openat2+0x104/0x1e0 [ 59.410764][ T6145] ? __pfx_do_sys_openat2+0x10/0x10 [ 59.410785][ T6145] ? __fget_files+0x206/0x3a0 [ 59.410823][ T6145] __x64_sys_openat+0x175/0x210 [ 59.410841][ T6145] ? __pfx___x64_sys_openat+0x10/0x10 [ 59.410858][ T6145] ? ksys_write+0x1ba/0x250 [ 59.410889][ T6145] do_syscall_64+0xcd/0x250 [ 59.410910][ T6145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.410981][ T6145] RIP: 0033:0x7fa67f78d169 [ 59.410994][ T6145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.411008][ T6145] RSP: 002b:00007fa680544038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 59.411046][ T6145] RAX: ffffffffffffffda RBX: 00007fa67f9a5fa0 RCX: 00007fa67f78d169 [ 59.411056][ T6145] RDX: 0000000000020842 RSI: 000040000000c380 RDI: ffffffffffffff9c [ 59.411065][ T6145] RBP: 00007fa680544090 R08: 0000000000000000 R09: 0000000000000000 [ 59.411073][ T6145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.411082][ T6145] R13: 0000000000000000 R14: 00007fa67f9a5fa0 R15: 00007ffec09d19e8 [ 59.411101][ T6145] [ 59.555411][ T6147] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 59.779324][ T6155] fuse: Unknown parameter 'fuse' [ 59.897054][ T6164] netlink: 277 bytes leftover after parsing attributes in process `syz.2.50'. [ 60.000271][ T6174] FAULT_INJECTION: forcing a failure. [ 60.000271][ T6174] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 60.006003][ T6174] CPU: 0 UID: 3327 PID: 6174 Comm: syz.3.53 Not tainted 6.14.0-rc4-syzkaller #0 [ 60.006017][ T6174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.006023][ T6174] Call Trace: [ 60.006027][ T6174] [ 60.006031][ T6174] dump_stack_lvl+0x16c/0x1f0 [ 60.006050][ T6174] should_fail_ex+0x50a/0x650 [ 60.006069][ T6174] strncpy_from_user+0x3b/0x2d0 [ 60.006086][ T6174] getname_flags.part.0+0x8f/0x550 [ 60.006104][ T6174] getname+0x8d/0xe0 [ 60.006119][ T6174] do_sys_openat2+0x104/0x1e0 [ 60.006133][ T6174] ? __pfx_do_sys_openat2+0x10/0x10 [ 60.006147][ T6174] ? __fget_files+0x206/0x3a0 [ 60.006159][ T6174] __x64_sys_openat+0x175/0x210 [ 60.006172][ T6174] ? __pfx___x64_sys_openat+0x10/0x10 [ 60.006185][ T6174] ? ksys_write+0x1ba/0x250 [ 60.006204][ T6174] do_syscall_64+0xcd/0x250 [ 60.006218][ T6174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.006239][ T6174] RIP: 0033:0x7f9eaa38d169 [ 60.006248][ T6174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.006258][ T6174] RSP: 002b:00007f9eab2c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 60.006268][ T6174] RAX: ffffffffffffffda RBX: 00007f9eaa5a5fa0 RCX: 00007f9eaa38d169 [ 60.006274][ T6174] RDX: 0000000000020842 RSI: 000040000000c380 RDI: ffffffffffffff9c [ 60.006280][ T6174] RBP: 00007f9eab2c6090 R08: 0000000000000000 R09: 0000000000000000 [ 60.006286][ T6174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.006315][ T6174] R13: 0000000000000000 R14: 00007f9eaa5a5fa0 R15: 00007ffe0f478dd8 [ 60.006327][ T6174] [ 60.185893][ T6182] netlink: 20 bytes leftover after parsing attributes in process `syz.3.55'. [ 60.368227][ T6190] program syz.1.57 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 60.562345][ T6206] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 60.662554][ T6214] FAULT_INJECTION: forcing a failure. [ 60.662554][ T6214] name failslab, interval 1, probability 0, space 0, times 0 [ 60.667168][ T6214] CPU: 2 UID: 3327 PID: 6214 Comm: syz.3.63 Not tainted 6.14.0-rc4-syzkaller #0 [ 60.667182][ T6214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.667188][ T6214] Call Trace: [ 60.667192][ T6214] [ 60.667197][ T6214] dump_stack_lvl+0x16c/0x1f0 [ 60.667216][ T6214] should_fail_ex+0x50a/0x650 [ 60.667235][ T6214] ? fs_reclaim_acquire+0xae/0x150 [ 60.667256][ T6214] should_failslab+0xc2/0x120 [ 60.667274][ T6214] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 60.667292][ T6214] ? alloc_empty_file+0x73/0x1e0 [ 60.667314][ T6214] alloc_empty_file+0x73/0x1e0 [ 60.667334][ T6214] path_openat+0xe1/0x2d80 [ 60.667348][ T6214] ? hlock_class+0x4e/0x130 [ 60.667390][ T6214] ? __lock_acquire+0x15a9/0x3c40 [ 60.667410][ T6214] ? __pfx_path_openat+0x10/0x10 [ 60.667420][ T6214] ? __pfx___lock_acquire+0x10/0x10 [ 60.667433][ T6214] ? lock_acquire.part.0+0x11b/0x380 [ 60.667448][ T6214] ? find_held_lock+0x2d/0x110 [ 60.667460][ T6214] do_filp_open+0x20c/0x470 [ 60.667470][ T6214] ? __pfx_do_filp_open+0x10/0x10 [ 60.667483][ T6214] ? find_held_lock+0x2d/0x110 [ 60.667501][ T6214] ? alloc_fd+0x41f/0x760 [ 60.667515][ T6214] do_sys_openat2+0x17a/0x1e0 [ 60.667528][ T6214] ? __pfx_do_sys_openat2+0x10/0x10 [ 60.667543][ T6214] ? __fget_files+0x206/0x3a0 [ 60.667554][ T6214] __x64_sys_openat+0x175/0x210 [ 60.667567][ T6214] ? __pfx___x64_sys_openat+0x10/0x10 [ 60.667579][ T6214] ? ksys_write+0x1ba/0x250 [ 60.667599][ T6214] do_syscall_64+0xcd/0x250 [ 60.667613][ T6214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.667629][ T6214] RIP: 0033:0x7f9eaa38d169 [ 60.667639][ T6214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.667649][ T6214] RSP: 002b:00007f9eab2c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 60.667659][ T6214] RAX: ffffffffffffffda RBX: 00007f9eaa5a5fa0 RCX: 00007f9eaa38d169 [ 60.667665][ T6214] RDX: 0000000000020842 RSI: 000040000000c380 RDI: ffffffffffffff9c [ 60.667671][ T6214] RBP: 00007f9eab2c6090 R08: 0000000000000000 R09: 0000000000000000 [ 60.667677][ T6214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.667682][ T6214] R13: 0000000000000000 R14: 00007f9eaa5a5fa0 R15: 00007ffe0f478dd8 [ 60.667693][ T6214] [ 60.846582][ T6218] netlink: 'syz.3.64': attribute type 10 has an invalid length. [ 60.854358][ T6218] team0: Device hsr_slave_0 failed to register rx_handler [ 60.911044][ T67] Bluetooth: hci1: command tx timeout [ 60.921737][ T67] Bluetooth: hci0: command tx timeout [ 61.001311][ T67] Bluetooth: hci2: command 0x040f tx timeout [ 61.001594][ T5295] Bluetooth: hci3: command tx timeout [ 61.068679][ T6231] xfs: Unknown parameter 'norecovery#' [ 61.087846][ T6242] __nla_validate_parse: 1 callbacks suppressed [ 61.087863][ T6242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.71'. [ 61.093861][ T6242] netlink: 12 bytes leftover after parsing attributes in process `syz.3.71'. [ 61.165935][ T6247] FAULT_INJECTION: forcing a failure. [ 61.165935][ T6247] name failslab, interval 1, probability 0, space 0, times 0 [ 61.169654][ T6247] CPU: 0 UID: 3327 PID: 6247 Comm: syz.0.73 Not tainted 6.14.0-rc4-syzkaller #0 [ 61.169667][ T6247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.169675][ T6247] Call Trace: [ 61.169680][ T6247] [ 61.169687][ T6247] dump_stack_lvl+0x16c/0x1f0 [ 61.169713][ T6247] should_fail_ex+0x50a/0x650 [ 61.169738][ T6247] ? fs_reclaim_acquire+0xae/0x150 [ 61.169762][ T6247] should_failslab+0xc2/0x120 [ 61.169781][ T6247] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 61.169799][ T6247] ? security_file_alloc+0x34/0x2b0 [ 61.169845][ T6247] security_file_alloc+0x34/0x2b0 [ 61.169860][ T6247] init_file+0x93/0x4c0 [ 61.169873][ T6247] alloc_empty_file+0x91/0x1e0 [ 61.169886][ T6247] path_openat+0xe1/0x2d80 [ 61.169896][ T6247] ? hlock_class+0x4e/0x130 [ 61.169908][ T6247] ? __lock_acquire+0x15a9/0x3c40 [ 61.169926][ T6247] ? __pfx_path_openat+0x10/0x10 [ 61.169936][ T6247] ? __pfx___lock_acquire+0x10/0x10 [ 61.169949][ T6247] ? lock_acquire.part.0+0x11b/0x380 [ 61.169964][ T6247] ? find_held_lock+0x2d/0x110 [ 61.169975][ T6247] do_filp_open+0x20c/0x470 [ 61.169985][ T6247] ? __pfx_do_filp_open+0x10/0x10 [ 61.169994][ T6247] ? find_held_lock+0x2d/0x110 [ 61.170012][ T6247] ? alloc_fd+0x41f/0x760 [ 61.170025][ T6247] do_sys_openat2+0x17a/0x1e0 [ 61.170038][ T6247] ? __pfx_do_sys_openat2+0x10/0x10 [ 61.170052][ T6247] ? __fget_files+0x206/0x3a0 [ 61.170064][ T6247] __x64_sys_openat+0x175/0x210 [ 61.170076][ T6247] ? __pfx___x64_sys_openat+0x10/0x10 [ 61.170089][ T6247] ? ksys_write+0x1ba/0x250 [ 61.170108][ T6247] do_syscall_64+0xcd/0x250 [ 61.170123][ T6247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.170139][ T6247] RIP: 0033:0x7fa67f78d169 [ 61.170148][ T6247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.170158][ T6247] RSP: 002b:00007fa680544038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.170168][ T6247] RAX: ffffffffffffffda RBX: 00007fa67f9a5fa0 RCX: 00007fa67f78d169 [ 61.170174][ T6247] RDX: 0000000000020842 RSI: 000040000000c380 RDI: ffffffffffffff9c [ 61.170181][ T6247] RBP: 00007fa680544090 R08: 0000000000000000 R09: 0000000000000000 [ 61.170187][ T6247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.170192][ T6247] R13: 0000000000000000 R14: 00007fa67f9a5fa0 R15: 00007ffec09d19e8 [ 61.170203][ T6247] [ 61.313185][ T6249] futex_wake_op: syz.1.76 tries to shift op by 32; fix this program [ 61.318071][ T6249] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6249 comm=syz.1.76 [ 61.323358][ T6249] netlink: 'syz.1.76': attribute type 1 has an invalid length. [ 61.367094][ T6251] input: syz0 as /devices/virtual/input/input6 [ 61.389602][ T6253] bridge1: entered promiscuous mode [ 61.395837][ T6254] vlan2: entered promiscuous mode [ 61.398007][ T6254] netdevsim netdevsim1 netdevsim1: entered promiscuous mode [ 61.407318][ T6254] vlan2: entered allmulticast mode [ 61.409619][ T6254] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 61.463660][ T6261] netlink: 'syz.1.79': attribute type 1 has an invalid length. [ 61.529339][ T6268] netlink: 4 bytes leftover after parsing attributes in process `syz.3.77'. [ 61.610909][ T6272] loop6: detected capacity change from 0 to 1 [ 61.615734][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.616198][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.618361][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.618379][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.618502][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.618521][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.635895][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.635927][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.637823][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.647809][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.647841][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.647900][ T6272] ldm_validate_partition_table(): Disk read failed. [ 61.648276][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.648299][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.648433][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.648456][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.648578][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.648601][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.648772][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 61.648795][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.648911][ T6272] Dev loop6: unable to read RDB block 0 [ 61.649002][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 61.649407][ T6272] loop6: unable to read partition table [ 61.649542][ T6272] loop6: partition table beyond EOD, truncated [ 61.649560][ T6272] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 62.272181][ T6321] netlink: 'syz.0.101': attribute type 28 has an invalid length. [ 62.274796][ T6321] netlink: 'syz.0.101': attribute type 3 has an invalid length. [ 62.277005][ T6321] netlink: 132 bytes leftover after parsing attributes in process `syz.0.101'. [ 62.385850][ T39] kauditd_printk_skb: 141 callbacks suppressed [ 62.385876][ T39] audit: type=1400 audit(1740369021.574:350): avc: denied { create } for pid=6322 comm="syz.1.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 62.397330][ T39] audit: type=1400 audit(1740369021.574:351): avc: denied { setattr } for pid=6324 comm="syz.3.103" name="vcs" dev="devtmpfs" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 62.514522][ T39] audit: type=1400 audit(1740369021.704:352): avc: denied { setopt } for pid=6326 comm="syz.0.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.526442][ T39] audit: type=1400 audit(1740369021.704:353): avc: denied { map } for pid=6337 comm="syz.3.105" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 62.539037][ T39] audit: type=1400 audit(1740369021.714:354): avc: denied { accept } for pid=6337 comm="syz.3.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.545312][ T39] audit: type=1400 audit(1740369021.734:355): avc: denied { write } for pid=6337 comm="syz.3.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.612800][ T39] audit: type=1400 audit(1740369021.804:356): avc: denied { create } for pid=6349 comm="syz.1.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 62.621553][ T39] audit: type=1400 audit(1740369021.804:357): avc: denied { bind } for pid=6349 comm="syz.1.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 62.709640][ T39] audit: type=1326 audit(1740369021.894:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6350 comm="syz.3.108" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eaa38d169 code=0x7fc00000 [ 62.723170][ T39] audit: type=1400 audit(1740369021.894:359): avc: denied { create } for pid=6350 comm="syz.3.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 62.728603][ T6353] --map-set only usable from mangle table [ 63.070623][ T5295] Bluetooth: hci2: command 0x040f tx timeout [ 63.610759][ T834] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 63.766651][ T834] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 63.770239][ T834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.773491][ T834] usb 6-1: Product: syz [ 63.775180][ T834] usb 6-1: Manufacturer: syz [ 63.777040][ T834] usb 6-1: SerialNumber: syz [ 63.790310][ T6390] syz.3.119: attempt to access beyond end of device [ 63.790310][ T6390] nbd3: rw=0, sector=16, nr_sectors = 1 limit=0 [ 63.791857][ T834] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 63.798195][ T6390] qnx6: unable to read the first superblock [ 63.805291][ T6390] syz.3.119: attempt to access beyond end of device [ 63.805291][ T6390] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 63.809057][ T6390] qnx6: unable to read the first superblock [ 63.811970][ T6390] qnx6: unable to read the first superblock [ 63.841227][ T834] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 63.861918][ T6392] Cannot find set identified by id 65534 to match [ 63.926084][ T6394] netlink: 68 bytes leftover after parsing attributes in process `syz.3.124'. [ 64.049314][ T6375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.051052][ T6400] xt_ecn: cannot match TCP bits for non-tcp packets [ 64.054729][ T6375] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.111726][ T6405] mmap: syz.3.130 (6405) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 64.164470][ T6413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.132'. [ 64.195522][ T6413] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'. [ 64.212808][ T6418] netlink: 28 bytes leftover after parsing attributes in process `syz.3.133'. [ 64.215687][ T6418] netlink: 28 bytes leftover after parsing attributes in process `syz.3.133'. [ 64.239364][ T6418] netlink: 28 bytes leftover after parsing attributes in process `syz.3.133'. [ 64.281634][ T6423] mkiss: ax0: crc mode is auto. [ 64.290864][ T6423] netlink: 'syz.0.134': attribute type 5 has an invalid length. [ 64.374252][ T6428] netlink: 'syz.2.136': attribute type 13 has an invalid length. [ 64.418588][ T6430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.421417][ T6430] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.424664][ T6430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.427237][ T6430] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.563520][ T6436] net_ratelimit: 595 callbacks suppressed [ 64.563530][ T6436] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 64.920685][ T834] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 64.924324][ T834] ath9k_htc: Failed to initialize the device [ 64.952748][ T834] usb 6-1: ath9k_htc: USB layer deinitialized [ 64.979798][ T6450] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.108736][ T6454] FAULT_INJECTION: forcing a failure. [ 65.108736][ T6454] name failslab, interval 1, probability 0, space 0, times 0 [ 65.114646][ T6454] CPU: 1 UID: 0 PID: 6454 Comm: syz.2.145 Not tainted 6.14.0-rc4-syzkaller #0 [ 65.114667][ T6454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.114678][ T6454] Call Trace: [ 65.114702][ T6454] [ 65.114708][ T6454] dump_stack_lvl+0x16c/0x1f0 [ 65.114876][ T6454] should_fail_ex+0x50a/0x650 [ 65.114992][ T6454] ? fs_reclaim_acquire+0xae/0x150 [ 65.115083][ T6454] ? tomoyo_realpath_from_path+0xb9/0x720 [ 65.115124][ T6454] should_failslab+0xc2/0x120 [ 65.115174][ T6454] __kmalloc_noprof+0xcb/0x510 [ 65.115193][ T6454] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 65.115281][ T6454] tomoyo_realpath_from_path+0xb9/0x720 [ 65.115304][ T6454] ? tomoyo_path_number_perm+0x235/0x590 [ 65.115325][ T6454] ? tomoyo_path_number_perm+0x235/0x590 [ 65.115349][ T6454] tomoyo_path_number_perm+0x248/0x590 [ 65.115368][ T6454] ? tomoyo_path_number_perm+0x235/0x590 [ 65.115392][ T6454] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 65.115432][ T6454] ? __pfx_lock_release+0x10/0x10 [ 65.115454][ T6454] ? trace_lock_acquire+0x14e/0x1f0 [ 65.115477][ T6454] ? lock_acquire+0x2f/0xb0 [ 65.115505][ T6454] ? __fget_files+0x40/0x3a0 [ 65.115546][ T6454] ? __fget_files+0x206/0x3a0 [ 65.115566][ T6454] security_file_ioctl+0x9b/0x240 [ 65.115592][ T6454] __x64_sys_ioctl+0xb7/0x200 [ 65.115635][ T6454] do_syscall_64+0xcd/0x250 [ 65.115659][ T6454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.115698][ T6454] RIP: 0033:0x7f9a8318d169 [ 65.115714][ T6454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.115731][ T6454] RSP: 002b:00007f9a840b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.115765][ T6454] RAX: ffffffffffffffda RBX: 00007f9a833a5fa0 RCX: 00007f9a8318d169 [ 65.115776][ T6454] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 65.115786][ T6454] RBP: 00007f9a840b2090 R08: 0000000000000000 R09: 0000000000000000 [ 65.115796][ T6454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.115806][ T6454] R13: 0000000000000000 R14: 00007f9a833a5fa0 R15: 00007ffdb8ba90d8 [ 65.115828][ T6454] [ 65.115836][ T6454] ERROR: Out of memory at tomoyo_realpath_from_path. [ 65.150642][ T5295] Bluetooth: hci2: command 0x040f tx timeout [ 65.169087][ T1901] usb 6-1: USB disconnect, device number 2 [ 65.329860][ T6458] netlink: 'syz.3.146': attribute type 9 has an invalid length. [ 65.875763][ T6469] sp0: Synchronizing with TNC [ 65.878703][ T6471] warning: `syz.0.152' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 66.180148][ T6460] syz.3.147 (6460): drop_caches: 2 [ 66.292048][ T6486] __nla_validate_parse: 69 callbacks suppressed [ 66.292064][ T6486] netlink: 24 bytes leftover after parsing attributes in process `syz.0.156'. [ 66.297787][ T6489] 9pnet: p9_errstr2errno: server reported unknown error l0&I0(|9QM-ttVKr-j":a)tG,mu4W [ 66.303595][ T6487] netlink: 24 bytes leftover after parsing attributes in process `syz.0.156'. [ 66.499821][ T6498] netlink: 40 bytes leftover after parsing attributes in process `syz.0.160'. [ 66.537247][ T6507] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 66.751725][ T6516] openvswitch: netlink: Duplicate or invalid key (type 0). [ 66.755041][ T6516] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 66.758841][ T6516] openvswitch: netlink: Duplicate or invalid key (type 0). [ 66.765469][ T6516] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 66.770830][ T6516] openvswitch: netlink: Duplicate or invalid key (type 0). [ 66.777306][ T6516] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 66.789930][ T6516] openvswitch: netlink: Duplicate or invalid key (type 0). [ 66.797591][ T6516] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 66.974608][ T6540] netfs: Couldn't get user pages (rc=-14) [ 67.081689][ T5295] Bluetooth: hci2: ACL packet too small [ 67.180510][ T834] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 67.230708][ T5295] Bluetooth: hci2: command 0x040f tx timeout [ 67.340628][ T834] usb 5-1: Using ep0 maxpacket: 8 [ 67.345596][ T834] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 67.349379][ T834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 67.353850][ T834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 67.356830][ T834] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 67.362432][ T834] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 67.365283][ T834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.507793][ T6552] netlink: 'syz.3.178': attribute type 9 has an invalid length. [ 67.516370][ T6552] tmpfs: Unknown parameter 'ta' [ 67.627798][ T834] usb 5-1: GET_CAPABILITIES returned 0 [ 67.630076][ T834] usbtmc 5-1:16.0: can't read capabilities [ 67.804720][ T6579] ip6t_rpfilter: unknown options [ 67.809326][ T6580] ip6t_rpfilter: unknown options [ 67.837482][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.840703][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.843572][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.846025][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.848854][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.851935][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.854883][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.857578][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.861882][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.864728][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.867099][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.869436][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.871808][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.874236][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.876616][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.880019][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 67.908291][ T834] usb 5-1: USB disconnect, device number 2 [ 68.099882][ T6585] netlink: 'syz.1.185': attribute type 3 has an invalid length. [ 68.102718][ T6585] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.185'. [ 68.147210][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.186'. [ 68.189325][ T39] kauditd_printk_skb: 48 callbacks suppressed [ 68.189337][ T39] audit: type=1400 audit(1740369027.374:408): avc: denied { execute } for pid=6589 comm="syz.1.187" path="/52/file0" dev="tmpfs" ino=298 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 68.196524][ T6590] btrfs: Unknown parameter 'discardcKD}Nd7uNM(\gq)gnx' [ 68.197834][ T39] audit: type=1804 audit(1740369027.384:409): pid=6590 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.187" name="/newroot/52/file0" dev="tmpfs" ino=298 res=1 errno=0 [ 68.246717][ T39] audit: type=1400 audit(1740369027.434:410): avc: denied { remount } for pid=6591 comm="syz.1.188" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 68.396489][ T39] audit: type=1400 audit(1740369027.584:411): avc: denied { wake_alarm } for pid=6601 comm="syz.1.190" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 68.409944][ T6603] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 68.443546][ T39] audit: type=1400 audit(1740369027.624:412): avc: denied { mount } for pid=6605 comm="syz.3.192" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 68.526489][ T6617] ufs: You didn't specify the type of your ufs filesystem [ 68.526489][ T6617] [ 68.526489][ T6617] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 68.526489][ T6617] [ 68.526489][ T6617] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 68.530682][ T39] audit: type=1400 audit(1740369027.724:413): avc: denied { write } for pid=6615 comm="syz.3.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 68.536892][ T6617] ufs: failed to set blocksize [ 68.547116][ T39] audit: type=1400 audit(1740369027.734:414): avc: denied { write } for pid=6615 comm="syz.3.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 68.554097][ T6617] netlink: 28 bytes leftover after parsing attributes in process `syz.0.196'. [ 68.631137][ T39] audit: type=1400 audit(1740369027.824:415): avc: denied { getattr } for pid=6621 comm="syz.2.198" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=12038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 68.639312][ T39] audit: type=1400 audit(1740369027.824:416): avc: denied { create } for pid=6621 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 68.648074][ T39] audit: type=1400 audit(1740369027.824:417): avc: denied { write } for pid=6621 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 68.785458][ T6636] input input7: cannot allocate more than FF_MAX_EFFECTS effects [ 68.855507][ T6650] IPVS: length: 188 != 24 [ 68.981867][ T6663] xt_time: unknown flags 0xc [ 69.038175][ T6669] 9pnet_fd: Insufficient options for proto=fd [ 69.115006][ T6678] vlan3: entered promiscuous mode [ 69.124548][ T6678] vlan3: entered allmulticast mode [ 69.126118][ T6678] hsr_slave_1: entered allmulticast mode [ 69.135358][ T6678] netlink: 4 bytes leftover after parsing attributes in process `syz.0.218'. [ 69.318192][ T6678] hsr_slave_1 (unregistering): left allmulticast mode [ 69.334511][ T6678] hsr_slave_1 (unregistering): left promiscuous mode [ 69.343970][ T6684] pimreg3: entered allmulticast mode [ 69.407225][ T6693] nbd: must specify at least one socket [ 69.509084][ T6699] fuse: Bad value for 'fd' [ 69.511660][ T6699] program syz.0.224 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 70.047516][ T6691] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 70.050675][ T6691] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 70.061018][ T6691] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 70.066564][ T6691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 70.069062][ T6691] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 70.073524][ T6691] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 70.078476][ T6691] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 70.081145][ T6691] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 70.084347][ T6691] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 70.087542][ T6691] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 70.090101][ T6691] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 70.095497][ T6691] ================================================================== [ 70.098803][ T6691] BUG: KASAN: slab-out-of-bounds in sco_conn_put+0x471/0x4c0 [ 70.101755][ T6691] Write of size 8 at addr ffff88804e2bf5a0 by task syz.1.222/6691 [ 70.105295][ T6691] [ 70.106697][ T6691] CPU: 0 UID: 0 PID: 6691 Comm: syz.1.222 Not tainted 6.14.0-rc4-syzkaller #0 [ 70.106713][ T6691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.106736][ T6691] Call Trace: [ 70.106760][ T6691] [ 70.106766][ T6691] dump_stack_lvl+0x116/0x1f0 [ 70.106825][ T6691] print_report+0xc3/0x670 [ 70.106952][ T6691] ? __virt_addr_valid+0x5e/0x590 [ 70.107026][ T6691] ? __phys_addr+0xc6/0x150 [ 70.107051][ T6691] kasan_report+0xd9/0x110 [ 70.107065][ T6691] ? sco_conn_put+0x471/0x4c0 [ 70.107095][ T6691] ? sco_conn_put+0x471/0x4c0 [ 70.107113][ T6691] sco_conn_put+0x471/0x4c0 [ 70.107142][ T6691] sco_conn_del+0x26f/0x2e0 [ 70.107157][ T6691] ? __pfx_sco_connect_cfm+0x10/0x10 [ 70.107186][ T6691] sco_connect_cfm+0x1d4/0xc00 [ 70.107206][ T6691] ? __pfx_sco_connect_cfm+0x10/0x10 [ 70.107237][ T6691] ? hci_cb_lookup+0x319/0x4e0 [ 70.107267][ T6691] ? __pfx_sco_connect_cfm+0x10/0x10 [ 70.107286][ T6691] hci_conn_failed+0x225/0x3e0 [ 70.107311][ T6691] ? __pfx_hci_conn_failed+0x10/0x10 [ 70.107325][ T6691] hci_conn_unlink+0x71e/0x9f0 [ 70.107338][ T6691] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 70.107368][ T6691] hci_conn_del+0x61/0xdb0 [ 70.107380][ T6691] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 70.107409][ T6691] hci_conn_failed+0x2a6/0x3e0 [ 70.107422][ T6691] ? __pfx_hci_conn_failed+0x10/0x10 [ 70.107447][ T6691] ? lock_acquire+0x2f/0xb0 [ 70.107491][ T6691] ? hci_abort_conn_sync+0x170/0xfe0 [ 70.107527][ T6691] hci_abort_conn_sync+0x91c/0xfe0 [ 70.107563][ T6691] ? __pfx_hci_abort_conn_sync+0x10/0x10 [ 70.107596][ T6691] ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0 [ 70.107618][ T6691] ? __pfx_lock_release+0x10/0x10 [ 70.107648][ T6691] ? trace_lock_acquire+0x14e/0x1f0 [ 70.107679][ T6691] ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0 [ 70.107699][ T6691] hci_disconnect_all_sync.constprop.0+0x104/0x3c0 [ 70.107736][ T6691] hci_suspend_sync+0x772/0xab0 [ 70.107763][ T6691] ? __pfx_hci_suspend_sync+0x10/0x10 [ 70.107777][ T6691] ? hci_send_monitor_ctrl_event+0x5a0/0x5b0 [ 70.107810][ T6691] ? __pfx_mgmt_suspending+0x10/0x10 [ 70.107827][ T6691] hci_suspend_dev+0x30a/0x510 [ 70.107859][ T6691] ? __pfx_hci_suspend_dev+0x10/0x10 [ 70.107887][ T6691] ? rcu_barrier+0x344/0x700 [ 70.107940][ T6691] ? kobject_get+0xbb/0x150 [ 70.108009][ T6691] hci_suspend_notifier+0x28d/0x2f0 [ 70.108028][ T6691] notifier_call_chain+0xb7/0x410 [ 70.108070][ T6691] ? __pfx_hci_suspend_notifier+0x10/0x10 [ 70.108106][ T6691] blocking_notifier_call_chain_robust+0xc9/0x170 [ 70.108123][ T6691] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 70.108152][ T6691] pm_notifier_call_chain_robust+0x27/0x60 [ 70.108172][ T6691] snapshot_open+0x189/0x2b0 [ 70.108203][ T6691] ? __pfx_snapshot_open+0x10/0x10 [ 70.108231][ T6691] misc_open+0x35a/0x420 [ 70.108310][ T6691] ? __pfx_misc_open+0x10/0x10 [ 70.108343][ T6691] chrdev_open+0x237/0x6a0 [ 70.108372][ T6691] ? __pfx_chrdev_open+0x10/0x10 [ 70.108400][ T6691] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 70.108464][ T6691] do_dentry_open+0x735/0x1c40 [ 70.108477][ T6691] ? __pfx_chrdev_open+0x10/0x10 [ 70.108491][ T6691] vfs_open+0x82/0x3f0 [ 70.108520][ T6691] ? may_open+0x1f2/0x400 [ 70.108538][ T6691] path_openat+0x1e88/0x2d80 [ 70.108567][ T6691] ? __pfx_path_openat+0x10/0x10 [ 70.108578][ T6691] ? __pfx___lock_acquire+0x10/0x10 [ 70.108608][ T6691] ? lock_acquire.part.0+0x11b/0x380 [ 70.108625][ T6691] ? find_held_lock+0x2d/0x110 [ 70.108651][ T6691] do_filp_open+0x20c/0x470 [ 70.108662][ T6691] ? __pfx_do_filp_open+0x10/0x10 [ 70.108686][ T6691] ? find_held_lock+0x2d/0x110 [ 70.108703][ T6691] ? alloc_fd+0x41f/0x760 [ 70.108727][ T6691] do_sys_openat2+0x17a/0x1e0 [ 70.108743][ T6691] ? __pfx_do_sys_openat2+0x10/0x10 [ 70.108771][ T6691] __x64_sys_openat+0x175/0x210 [ 70.108788][ T6691] ? __pfx___x64_sys_openat+0x10/0x10 [ 70.108818][ T6691] do_syscall_64+0xcd/0x250 [ 70.108835][ T6691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.108870][ T6691] RIP: 0033:0x7f4cc918d169 [ 70.108881][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.108909][ T6691] RSP: 002b:00007f4cca061038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 70.108935][ T6691] RAX: ffffffffffffffda RBX: 00007f4cc93a6080 RCX: 00007f4cc918d169 [ 70.108944][ T6691] RDX: 0000000000044000 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 70.108952][ T6691] RBP: 00007f4cc920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 70.108972][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.108980][ T6691] R13: 0000000000000000 R14: 00007f4cc93a6080 R15: 00007ffd1be33018 [ 70.108991][ T6691] [ 70.108995][ T6691] [ 70.252245][ T6691] Allocated by task 5356: [ 70.253645][ T6691] kasan_save_stack+0x33/0x60 [ 70.255077][ T6691] kasan_save_track+0x14/0x30 [ 70.256553][ T6691] __kasan_kmalloc+0xaa/0xb0 [ 70.257962][ T6691] __kmalloc_noprof+0x21c/0x510 [ 70.259458][ T6691] tomoyo_realpath_from_path+0xb9/0x720 [ 70.261247][ T6691] tomoyo_path_perm+0x276/0x460 [ 70.262921][ T6691] security_inode_getattr+0x116/0x290 [ 70.264618][ T6691] vfs_fstat+0x4b/0xd0 [ 70.265908][ T6691] vfs_fstatat+0xbc/0xf0 [ 70.267160][ T6691] __do_sys_newfstatat+0xa2/0x130 [ 70.268696][ T6691] do_syscall_64+0xcd/0x250 [ 70.270117][ T6691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.271950][ T6691] [ 70.272755][ T6691] Freed by task 5356: [ 70.273944][ T6691] kasan_save_stack+0x33/0x60 [ 70.275348][ T6691] kasan_save_track+0x14/0x30 [ 70.276741][ T6691] kasan_save_free_info+0x3b/0x60 [ 70.278446][ T6691] __kasan_slab_free+0x51/0x70 [ 70.279874][ T6691] kfree+0x2c4/0x4d0 [ 70.281195][ T6691] tomoyo_realpath_from_path+0x1ad/0x720 [ 70.283468][ T6691] tomoyo_path_perm+0x276/0x460 [ 70.285368][ T6691] security_inode_getattr+0x116/0x290 [ 70.287051][ T6691] vfs_fstat+0x4b/0xd0 [ 70.288359][ T6691] vfs_fstatat+0xbc/0xf0 [ 70.289646][ T6691] __do_sys_newfstatat+0xa2/0x130 [ 70.291177][ T6691] do_syscall_64+0xcd/0x250 [ 70.292553][ T6691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.294311][ T6691] [ 70.295074][ T6691] The buggy address belongs to the object at ffff88804e2be000 [ 70.295074][ T6691] which belongs to the cache kmalloc-4k of size 4096 [ 70.299304][ T6691] The buggy address is located 1440 bytes to the right of [ 70.299304][ T6691] allocated 4096-byte region [ffff88804e2be000, ffff88804e2bf000) [ 70.304762][ T6691] [ 70.305694][ T6691] The buggy address belongs to the physical page: [ 70.308090][ T6691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4e2b8 [ 70.311375][ T6691] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 70.314490][ T6691] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 70.317289][ T6691] page_type: f5(slab) [ 70.318772][ T6691] raw: 00fff00000000040 ffff88801b043040 dead000000000100 dead000000000122 [ 70.321981][ T6691] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 70.324988][ T6691] head: 00fff00000000040 ffff88801b043040 dead000000000100 dead000000000122 [ 70.328196][ T6691] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 70.331419][ T6691] head: 00fff00000000003 ffffea000138ae01 ffffffffffffffff 0000000000000000 [ 70.334660][ T6691] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 70.337863][ T6691] page dumped because: kasan: bad access detected [ 70.340292][ T6691] page_owner tracks the page as allocated [ 70.342440][ T6691] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u32:1), ts 64700831847, free_ts 64351380360 [ 70.349627][ T6691] post_alloc_hook+0x181/0x1b0 [ 70.351064][ T6691] get_page_from_freelist+0xfce/0x2f80 [ 70.352641][ T6691] __alloc_frozen_pages_noprof+0x221/0x2470 [ 70.354394][ T6691] alloc_pages_mpol+0x1fc/0x540 [ 70.355820][ T6691] new_slab+0x23d/0x330 [ 70.357040][ T6691] ___slab_alloc+0xc5d/0x1720 [ 70.358448][ T6691] __slab_alloc.constprop.0+0x56/0xb0 [ 70.360037][ T6691] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 70.361889][ T6691] kmalloc_reserve+0xef/0x2c0 [ 70.363324][ T6691] __alloc_skb+0x164/0x380 [ 70.364651][ T6691] nsim_dev_trap_report_work+0x2af/0xd00 [ 70.366322][ T6691] process_one_work+0x9c5/0x1ba0 [ 70.367788][ T6691] worker_thread+0x6c8/0xf00 [ 70.369160][ T6691] kthread+0x3af/0x750 [ 70.370516][ T6691] ret_from_fork+0x45/0x80 [ 70.372206][ T6691] ret_from_fork_asm+0x1a/0x30 [ 70.374020][ T6691] page last free pid 5356 tgid 5356 stack trace: [ 70.376354][ T6691] free_frozen_pages+0x6db/0xfb0 [ 70.378209][ T6691] __put_partials+0x14c/0x170 [ 70.379980][ T6691] qlist_free_all+0x4e/0x120 [ 70.381776][ T6691] kasan_quarantine_reduce+0x195/0x1e0 [ 70.383804][ T6691] __kasan_slab_alloc+0x69/0x90 [ 70.385623][ T6691] __kmalloc_cache_noprof+0x243/0x410 [ 70.387612][ T6691] kernfs_fop_open+0x28b/0xdb0 [ 70.389439][ T6691] do_dentry_open+0x735/0x1c40 [ 70.391309][ T6691] vfs_open+0x82/0x3f0 [ 70.392842][ T6691] path_openat+0x1e88/0x2d80 [ 70.394585][ T6691] do_filp_open+0x20c/0x470 [ 70.396270][ T6691] do_sys_openat2+0x17a/0x1e0 [ 70.398065][ T6691] __x64_sys_openat+0x175/0x210 [ 70.399878][ T6691] do_syscall_64+0xcd/0x250 [ 70.401656][ T6691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.403868][ T6691] [ 70.404782][ T6691] Memory state around the buggy address: [ 70.406867][ T6691] ffff88804e2bf480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.409881][ T6691] ffff88804e2bf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.412876][ T6691] >ffff88804e2bf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.415831][ T6691] ^ [ 70.417727][ T6691] ffff88804e2bf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.420673][ T6691] ffff88804e2bf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.423661][ T6691] ================================================================== [ 70.428298][ T6691] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.431122][ T6691] CPU: 1 UID: 0 PID: 6691 Comm: syz.1.222 Not tainted 6.14.0-rc4-syzkaller #0 [ 70.434570][ T6691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.438664][ T6691] Call Trace: [ 70.440008][ T6691] [ 70.440982][ T6691] dump_stack_lvl+0x3d/0x1f0 [ 70.442354][ T6691] panic+0x71d/0x800 [ 70.443503][ T6691] ? __pfx_panic+0x10/0x10 [ 70.444868][ T6691] ? preempt_schedule_thunk+0x1a/0x30 [ 70.446957][ T6691] ? preempt_schedule_common+0x44/0xc0 [ 70.449197][ T6691] check_panic_on_warn+0xab/0xb0 [ 70.451235][ T6691] end_report+0x117/0x180 [ 70.453017][ T6691] kasan_report+0xe9/0x110 [ 70.454846][ T6691] ? sco_conn_put+0x471/0x4c0 [ 70.456615][ T6691] ? sco_conn_put+0x471/0x4c0 [ 70.458551][ T6691] sco_conn_put+0x471/0x4c0 [ 70.460413][ T6691] sco_conn_del+0x26f/0x2e0 [ 70.462310][ T6691] ? __pfx_sco_connect_cfm+0x10/0x10 [ 70.464477][ T6691] sco_connect_cfm+0x1d4/0xc00 [ 70.466440][ T6691] ? __pfx_sco_connect_cfm+0x10/0x10 [ 70.468566][ T6691] ? hci_cb_lookup+0x319/0x4e0 [ 70.470539][ T6691] ? __pfx_sco_connect_cfm+0x10/0x10 [ 70.472676][ T6691] hci_conn_failed+0x225/0x3e0 [ 70.474678][ T6691] ? __pfx_hci_conn_failed+0x10/0x10 [ 70.476820][ T6691] hci_conn_unlink+0x71e/0x9f0 [ 70.478789][ T6691] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 70.480978][ T6691] hci_conn_del+0x61/0xdb0 [ 70.482758][ T6691] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 70.484940][ T6691] hci_conn_failed+0x2a6/0x3e0 [ 70.486716][ T6691] ? __pfx_hci_conn_failed+0x10/0x10 [ 70.488257][ T6691] ? lock_acquire+0x2f/0xb0 [ 70.490096][ T6691] ? hci_abort_conn_sync+0x170/0xfe0 [ 70.492199][ T6691] hci_abort_conn_sync+0x91c/0xfe0 [ 70.494127][ T6691] ? __pfx_hci_abort_conn_sync+0x10/0x10 [ 70.496088][ T6691] ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0 [ 70.498051][ T6691] ? __pfx_lock_release+0x10/0x10 [ 70.499820][ T6691] ? trace_lock_acquire+0x14e/0x1f0 [ 70.501898][ T6691] ? hci_disconnect_all_sync.constprop.0+0x77/0x3c0 [ 70.503852][ T6691] hci_disconnect_all_sync.constprop.0+0x104/0x3c0 [ 70.506108][ T6691] hci_suspend_sync+0x772/0xab0 [ 70.508085][ T6691] ? __pfx_hci_suspend_sync+0x10/0x10 [ 70.510288][ T6691] ? hci_send_monitor_ctrl_event+0x5a0/0x5b0 [ 70.512423][ T6691] ? __pfx_mgmt_suspending+0x10/0x10 [ 70.513976][ T6691] hci_suspend_dev+0x30a/0x510 [ 70.515862][ T6691] ? __pfx_hci_suspend_dev+0x10/0x10 [ 70.518007][ T6691] ? rcu_barrier+0x344/0x700 [ 70.519939][ T6691] ? kobject_get+0xbb/0x150 [ 70.521853][ T6691] hci_suspend_notifier+0x28d/0x2f0 [ 70.523906][ T6691] notifier_call_chain+0xb7/0x410 [ 70.525971][ T6691] ? __pfx_hci_suspend_notifier+0x10/0x10 [ 70.528274][ T6691] blocking_notifier_call_chain_robust+0xc9/0x170 [ 70.530868][ T6691] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 70.533463][ T6691] pm_notifier_call_chain_robust+0x27/0x60 [ 70.535744][ T6691] snapshot_open+0x189/0x2b0 [ 70.537666][ T6691] ? __pfx_snapshot_open+0x10/0x10 [ 70.539703][ T6691] misc_open+0x35a/0x420 [ 70.541400][ T6691] ? __pfx_misc_open+0x10/0x10 [ 70.543343][ T6691] chrdev_open+0x237/0x6a0 [ 70.545094][ T6691] ? __pfx_chrdev_open+0x10/0x10 [ 70.547106][ T6691] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 70.549855][ T6691] do_dentry_open+0x735/0x1c40 [ 70.551840][ T6691] ? __pfx_chrdev_open+0x10/0x10 [ 70.553787][ T6691] vfs_open+0x82/0x3f0 [ 70.555426][ T6691] ? may_open+0x1f2/0x400 [ 70.557206][ T6691] path_openat+0x1e88/0x2d80 [ 70.559075][ T6691] ? __pfx_path_openat+0x10/0x10 [ 70.561112][ T6691] ? __pfx___lock_acquire+0x10/0x10 [ 70.563234][ T6691] ? lock_acquire.part.0+0x11b/0x380 [ 70.565343][ T6691] ? find_held_lock+0x2d/0x110 [ 70.567161][ T6691] do_filp_open+0x20c/0x470 [ 70.568897][ T6691] ? __pfx_do_filp_open+0x10/0x10 [ 70.570939][ T6691] ? find_held_lock+0x2d/0x110 [ 70.572882][ T6691] ? alloc_fd+0x41f/0x760 [ 70.574698][ T6691] do_sys_openat2+0x17a/0x1e0 [ 70.576607][ T6691] ? __pfx_do_sys_openat2+0x10/0x10 [ 70.578685][ T6691] __x64_sys_openat+0x175/0x210 [ 70.580685][ T6691] ? __pfx___x64_sys_openat+0x10/0x10 [ 70.582793][ T6691] do_syscall_64+0xcd/0x250 [ 70.584523][ T6691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.586787][ T6691] RIP: 0033:0x7f4cc918d169 [ 70.588469][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.595907][ T6691] RSP: 002b:00007f4cca061038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 70.599108][ T6691] RAX: ffffffffffffffda RBX: 00007f4cc93a6080 RCX: 00007f4cc918d169 [ 70.602143][ T6691] RDX: 0000000000044000 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 70.605051][ T6691] RBP: 00007f4cc920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 70.607991][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.610949][ T6691] R13: 0000000000000000 R14: 00007f4cc93a6080 R15: 00007ffd1be33018 [ 70.613871][ T6691] [ 70.615732][ T6691] Kernel Offset: disabled [ 70.617360][ T6691] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:50:29 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85407335 RDI=ffffffff9ab80780 RBP=ffffffff9ab80740 RSP=ffffc90003f86be8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=0000000000000074 R14=ffffffff9ab80740 R15=0000000000000000 RIP=ffffffff8540735f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f4cca0616c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f9a8406ff98 CR3=00000000305c2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa40f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa40f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa40f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa40f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa40f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa40f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa57c488 00007f9eaa57c480 00007f9eaa57c478 00007f9eaa57c450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eab0dd100 00007f9eaa57c440 00007f9eaa570004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9eaa57c498 00007f9eaa57c490 00007f9eaa57c488 00007f9eaa57c480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000006cdb9 RBX=0000000000000001 RCX=ffffffff8b574469 RDX=0000000000000000 RSI=ffffffff8b6cec80 RDI=ffffffff8bd35640 RBP=ffffed10039de910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d4e6f85 R10=ffff88806a737c2b R11=0000000000000000 R12=0000000000000001 R13=ffff88801cef4880 R14=ffffffff90625610 R15=0000000000000000 RIP=ffffffff8b57584f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000400000000240 CR3=000000003418e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000001df8a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556744be22 000055556744b990 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555567458680 0000555567458620 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100000008060601 108c000200070004 0040818008000004 01c7100008004780 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0040000000000000 0000600852030100 000410ae06240300 00080007000c0008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000e00060000 204e001000068002 0030000065726736 70690001000b8012 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030010000ac00302 10000ab00301d010 0003900301080001 b203000700140000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010680e010000a80 0401000004080606 0164ee20a008000a e0030010000ad003 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0010000ac0030210 000ab00301d01000 03900301080001b2 0300070014000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000e0006000020 4e00100006800200 3000006572673670 690001000b801200 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4000000000000000 0060085203010000 0410ae062403000c a400000300040380 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000551eb RBX=0000000000000002 RCX=ffffffff8b574469 RDX=0000000000000000 RSI=ffffffff8b6cec80 RDI=ffffffff8bd35640 RBP=ffffed1003ad1000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d506f85 R10=ffff88806a837c2b R11=0000000000000000 R12=0000000000000002 R13=ffff88801d688000 R14=ffffffff90625610 R15=0000000000000000 RIP=ffffffff8b57584f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c38298f CR3=000000003379e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd1be333a0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4cc920f282 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4cc920f28f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4cc920f289 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4cc920f29d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4cc920f323 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4cc920f401 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000001c0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000051c9f RBX=0000000000000003 RCX=ffffffff8b574469 RDX=0000000000000000 RSI=ffffffff8b6cec80 RDI=ffffffff8bd35640 RBP=ffffed1003ad1488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d526f85 R10=ffff88806a937c2b R11=0000000000000000 R12=0000000000000003 R13=ffff88801d68a440 R14=ffffffff90625610 R15=0000000000000000 RIP=ffffffff8b57584f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000400000000240 CR3=000000002a77c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000001000 Opmask01=00000000ffffffff Opmask02=00000000fff80000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffe5513140 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c5f5f0045544156 4952505f4342494c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000042494c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f6e3a6d5e007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4b1f485e005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000