last executing test programs: 4.2064586s ago: executing program 1 (id=280): r0 = add_key$fscrypt_provisioning(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000000000"], 0x48, 0xfffffffffffffffe) prctl$PR_SET_MM(0x23, 0x9, &(0x7f00006b7000/0x2000)=nil) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', r2}, 0x14) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000040)={0x1d, r4, 0x8000000000000003}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000540)={'veth1_to_team\x00'}) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e0000000400000004000000030000000000"], 0x48) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) ioctl$TIOCL_SETSEL(r6, 0x541c, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000001}]}]}]}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r10, 0x0, 0x1a, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r11 = fanotify_init(0x8, 0x80000) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8fcfeff7e054464c}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x32}, @void, @void}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x9}, 0x9884) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000e80)=@nat={'nat\x00', 0x1b, 0x5, 0x5a8, 0x250, 0x3ac, 0xffffffff, 0x0, 0x3ac, 0x4e0, 0x4e0, 0xffffffff, 0x4e0, 0x4e0, 0x5, &(0x7f0000000180), {[{{@ipv6={@mcast2, @loopback, [0xff, 0x0, 0xffffff00, 0xff], [0xff000000, 0xff, 0xffffff00, 0xffffff], 'wg0\x00', 'netdevsim0\x00', {0xff}, {0xff}, 0x33, 0x9, 0x2, 0x20}, 0x0, 0xec, 0x134, 0x0, {}, [@common=@eui64={{0x24}}, @common=@hl={{0x24}, {0x1, 0x8}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x10, @ipv4=@multicast2, @ipv4=@rand_addr=0x64010100, @gre_key=0x6, @port=0x4e24}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x39}, [0x0, 0x0, 0x0, 0xffffff00], [0xff, 0xffffff00, 0xffffffff, 0xffffffff], 'bridge0\x00', 'vlan0\x00', {0xff}, {0xff}, 0x1d, 0x6, 0x0, 0x2}, 0x0, 0xd4, 0x11c, 0x0, {}, [@common=@frag={{0x30}, {[0x2, 0x6], 0x7, 0x2d, 0x1}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x12, @ipv6=@mcast2, @ipv4=@empty, @icmp_id=0x68, @port=0x4e21}}}, {{@uncond, 0x0, 0x114, 0x15c, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d5], 0x8, 0x7f, 0x1}}, @common=@unspec=@connlimit={{0x40}, {[0xffffff00, 0xffffff00, 0xff, 0xff000000], 0x9, 0x3}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x8, @ipv4=@empty, @ipv6=@private0, @icmp_id=0x68, @icmp_id=0x67}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x10}, @loopback, [0xffffffff, 0xffffffff, 0xff, 0xffffffff], [0xff, 0xff000000, 0x0, 0xff000000], 'vlan1\x00', 'pim6reg1\x00', {0xff}, {}, 0x16, 0x8, 0x6, 0x62}, 0x0, 0xec, 0x134, 0x0, {}, [@common=@dst={{0x48}, {0xffff, 0x3, 0x0, [0x2, 0xfffd, 0x51c9, 0x1, 0x0, 0x1, 0x1, 0x4, 0x0, 0x4, 0x4, 0x0, 0x4, 0xfff, 0x4, 0x8000], 0xd}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x2, @ipv6=@mcast2, @ipv4=@multicast2, @gre_key=0x80, @port=0x4e21}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x604) write$binfmt_elf64(r11, 0x0, 0x18) 4.129438538s ago: executing program 1 (id=283): r0 = socket$inet6(0xa, 0x1, 0xa) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r1) r2 = syz_io_uring_setup(0x21e5, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) futex(&(0x7f0000000080)=0x1, 0xd, 0x1, 0x0, 0x0, 0x1) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000540)={0x1f, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}}}}, 0x104) setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x108) close(r5) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9) r7 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r8, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 3.281598797s ago: executing program 2 (id=291): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f0000000100)='udf\x00', 0x0) syz_open_dev$video4linux(&(0x7f00000001c0), 0xff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0xce, &(0x7f0000000200)={0x0, 0x83ae, 0x800, 0x2}, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xc, 0xfe, 0x0, @SEQ_NOTEON=@special}) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0xa0202) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.221184854s ago: executing program 0 (id=292): mkdir(&(0x7f0000000300)='./bus\x00', 0x90) mount$9p_virtio(&(0x7f0000000440), &(0x7f0000000480)='./bus\x00', &(0x7f00000004c0), 0x100c0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x1}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x0, 0xfff2}) 3.22061546s ago: executing program 1 (id=293): timer_create(0x0, 0x0, &(0x7f0000000000)) openat$sw_sync_info(0xffffff9c, &(0x7f0000000100), 0x10800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) getpgrp(0xffffffffffffffff) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) lremovexattr(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=@known='com.apple.system.Security\x00') syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_REMOVE={0x7, 0x2}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00'}, 0x10) r4 = socket(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x40, 0x0, 0x0, 0x0, 0xfa, 0x0, 0x0, 0x0, 0x69, 0x0, 0x1684, 0x0, 0x0, 0x4d, 0x9, 0x3, 0x0, 0x2}}) 3.061052103s ago: executing program 2 (id=294): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003e40)=[{{0x0, 0x80fe, 0x0}}, {{&(0x7f0000000280)={0xa, 0x4e20, 0x748, @local, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000001700)=[@hoplimit_2292={{0x10, 0x29, 0x8, 0x6}}], 0x10}}], 0x2, 0x0) 2.911297558s ago: executing program 2 (id=295): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$vcsa(0xffffff9c, &(0x7f0000000000), 0x286e42, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='erofs_lookup\x00', r1}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x800000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d4", 0x15}], 0x1}}], 0x1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x2e80, 0x0) ioctl$TIOCPKT(r7, 0x5420, &(0x7f00000000c0)=0x1) ioctl$TCSETS(r7, 0x5402, 0x0) splice(r7, 0x0, r6, 0x0, 0x4, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[]) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) 2.760901634s ago: executing program 1 (id=296): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000001a00), 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000040)=ANY=[]) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000040)=0xc54, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x6d8c, &(0x7f0000000300)={0x0, 0x37b4, 0x10100, 0x0, 0x2da}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) io_uring_enter(r4, 0xf28, 0x4000, 0x0, 0x0, 0x0) userfaultfd(0x80801) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x100000000000000, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) 2.394541131s ago: executing program 3 (id=297): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x10f242) sendmmsg$sock(r0, &(0x7f0000007480)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="4b265198bec975a7fc72f47dbb621777df5b1ccac730dfdf0d645c534b5f945b88dbd8b758dba16f26321fb72093857c59903c2a10c3e428eb0fcc95ee4cd2e207d653914f60ab3bc4ff79c0f72357921a3022921cfff4dcc0822032ca96cc3091f292a8b3de3d9f85abfc939d250c462ecb8a9888e0af1ad872870bf96f00ea46f67f692d9695b6b75672143c346f29b23b8e4063a9c27c83fb0a9d182fccc2cea7a93d9b23c2fcadd5d65724ef713476f6979c2ba43668d95d14bd300f89c452d4b86b958a2e1442de13cf1f8af4b9", 0xd0}, {&(0x7f00000003c0)="ab9161507e9c8b48ac9f8dd96c40e1ee92fdb65f858b0a068a5337ae16d201c0b6f9d6f0875b1af1d19664ca8b4aef7bed11df2eefff75e31871c4bd782449a5de66ec843cea4a1d638bc4ca51d23829c890a97d77c881c80d4dfb1443d0770571489881a6687c8f6155121886fe4928d5a7352c48f16bbba25dea6c19425cff092efbab7af28302313ddf740de5cc1717dc0992989b8cd308197bbdd76af14eeb5a574ea6bed4f2126a43df23d5819e82abc0f216dbb5575bbc78e4385fe66222482a7d9d", 0xc5}, {&(0x7f00000004c0)="d35bba3320b910d48482a3f5fe6665251b4737f792b012694efbf1c255039bdf7bcc20dd1d314c1e89a8185ec0c7f1b57caf22602d305edbe20e19f3b9ed267b15608e2cc84c1b26a9325fccd1bc5277ca232f7a84ff2c2a961df227b28e267a4003db56256bfe63ba8dd92c35a4c44ab712f9acbe94c5cea16035f60eb98d88bc1e3edc6d2b4c9ceb8635f34f8fb830e557b517394baa65cb9050a0e265926afcf7a7631443f62b5642e6ab6015d8379768c00fb0f383c3f8199634f88f11a76a1771bbb74093f5bed3a4a3a7ede701be93555754690197de48bce8a0fdf8e01f68add645b242a9a6c6fbc674d9dd8c13a6f0bf39b411abaf458fe9de", 0xfd}, {&(0x7f00000005c0)="46a88f5bec0fb377b283f366419cd1e3f5f7b24c4e50dba2f0847680b5818698f0b21468888542ba1c2d39914800ff2e7ca1d9660be9bbe5a669573237334ffdaeecaf0da624b0c80978a3", 0x4b}], 0x4, &(0x7f0000000640)=[@mark={{0x10, 0x1, 0x24, 0xfffffff8}}], 0x10}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000007400)=[{&(0x7f00000072c0)="2336bb1e364cc6201c4600032b92291aa9c9e3f86aa644caf93e105f256cd902604b63fe343c43443687d4d98bf92d84cf25e9ef522e05de5b18f003099eb400cdf02d4db84f95e9410cf8127d4a8494e5d2b368aae5c6acec424d4fb53ab9910857f8f00d", 0x65}, {&(0x7f0000007340)="2c241854fa2b00e808d5a109790f8d06f597222946e98b127e695f9f74e27c720fafba946056898042405845149f271a6e592a7af2b670537465932eb3c5adefaadc338a420d19a0f4fa6dbb7bacc8f2b16133b43c0f559b41e5319aacc75d8ef04da5b158941682098208e61baef1879667659b35a77b9dabbe8aec4896c155377123372adf2c644407a494c7f0cc8f9cde0d47c2cebfdb5af7c2de8d30d50adf8d", 0xa2}], 0x2, &(0x7f0000007440)=[@txtime={{0x14, 0x1, 0x3d, 0x8}}], 0x14}}], 0x3, 0x24000044) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x7, 0xe, 0x0, 0x5, 0x1, 0xd043, 0xe}, &(0x7f0000000100)={0xfffffffffffffffe, 0xcb0, 0x8, 0x7, 0x9, 0x8000000000000000, 0x3, 0x1}, &(0x7f0000000140)={0x0, 0x40, 0xffff, 0x80000001, 0x2, 0x68e, 0x800, 0x4}, &(0x7f0000000180)={0x77359400}, &(0x7f0000000200)={&(0x7f00000001c0)={[0x800, 0x7ff]}, 0x8}) 2.340499112s ago: executing program 3 (id=298): syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) chmod(&(0x7f0000000180)='./file0\x00', 0x23f) socket$inet6(0xa, 0x4, 0x2) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYRES16, @ANYBLOB="14002bbd7000ffdbdf250400000014000600fe8000000000000000000000000000271400060000000000000000000000ffffffffffff08000c000100000006000b001100"], 0x78}, 0x1, 0x0, 0x0, 0x4000800}, 0x24000000) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) connect(r4, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYRES32=0x0, @ANYBLOB="01"], 0x9) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000180)=ANY=[], 0x3d) ioctl$EXT4_IOC_MIGRATE(r3, 0xff07) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r6}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) getpgid(0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x3f, &(0x7f0000006680)) r7 = gettid() r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r8, 0x400452c9, &(0x7f0000000100)) sched_getattr(r7, &(0x7f0000000000)={0x38}, 0x38, 0x0) io_uring_setup(0x13f5, &(0x7f0000000080)={0x0, 0x2590, 0x200, 0x3, 0x24, 0x0, r8}) 2.202044904s ago: executing program 3 (id=299): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8) (async) r1 = gettid() tkill(r1, 0x11) r2 = syz_open_dev$evdev(&(0x7f00000002c0), 0x7, 0x8100) (async, rerun: 64) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 64) ioctl$VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4}) (async) r4 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000010000001d04"]) (async) ioctl$EVIOCSFF(r2, 0x402c4580, &(0x7f0000000340)={0x55, 0x7fe6, 0x6, {0x7ff, 0x5}, {0x80, 0x6}, @period={0x5a, 0x7, 0xc5, 0x6, 0x9, {0x4, 0xf0cc, 0xfffc, 0x6}, 0x9, &(0x7f0000000300)=[0xfc, 0x8, 0x40, 0x0, 0x0, 0x9, 0xf, 0x5, 0x215a]}}) rt_sigaction(0x11, &(0x7f0000000100)={0x0, 0x10000006, 0x0, {[0x7fffffff]}}, 0x0, 0x8, &(0x7f0000000000)) (async) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$PTP_SYS_OFFSET(r5, 0x43403d05, &(0x7f0000000740)={0xf}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91, @void, @value}, 0x94) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81e8943c, &(0x7f00000004c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async, rerun: 64) r6 = socket$inet6(0x10, 0x3, 0x0) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r7}, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000c80)={'#! ', './file1/../file0', [{0x20, '\xb1-S\xfeI%]\x8d>\xb6UW\x9aS\x86lF\x03\x8e3\x12\xdf3\x9e_U\xda%\x81\x955r\xf7\xf4<\x1b\xc8\x11\xa4\xa8\n\xa7f\x19\a{\x80\x85\x17h\x1b/\xcfnS\xb0&\x823\\Lo\x14\x9f\x9b6\x13\x95l\x99\xfaR\x06\x13\x9c\xf0B\xbeH\xd4\xefir\xa4\x1f\xa7E\xba\xf8\x9c\x05\x8b\xb2\xa2\xd8pn,>\xc8Y\xa0:\xd9\xb2Y\xd4\x8fu~f\x11\xe5\xa4^o\x1c/\xa0\xe5z\xcd\x86F\xda\xd1\xb9'}, {0x20, '\x00\xd2D\xb2K\x94\xad\x14\xdf\\\t\x9d#\xefEYC^:\x91\x0f}\xa6\x9dn\x88\xc4\x14\xab\x92\x06\xb8l\x8crR\x9eK\"\x86\x97\x01\xa3\xa6>\xd38/\xea\xf9W\x11\xbd\x0e\xe6\xb8\x8d\x03\xca\xf0\x881\x7f\x04\xc5*`b3\xe8%5\xeexZ\bii\v\xea\t\xfd\xbc\xc2\xbf?g\x8d\xe05\xcd\x0e_\xf3\x03\x84`W\x85\x00\x10\xab\xd1W\xf0\xd0\x92\x86\x86\x8e\xd2\xeb\x12\xaa\xb1.n\xbf\xc8\xd1\xa5\r\xc7\x04O\xde\xd3w\xe1\xdd\x11g3\x15}\xe0\xc5V\xc3\x97J\x10\x17\xd9\x1c\xf9\xfc\xba>\x0ea\x81*\x15\x14\xfe\xec\x1d@~\x0f9\xce\xb0\xa5\xe3\x12\x04\xef\x12\xd2J$)7/R8\x0eS\xa7\x14\xfdz\x80g\xd5\x9d\x8e{\xeb\xc9\x19\xf4\xf3k\v\xd0;\x99\x00\x98\xd0\x87\x17\xd5\x9c\x9a\xd4\x05\x00\x00\x00\xd2\x8d3\x87\f\xe1\b\x00\x00\x00\x00\x00\x00\x00\x9c\xb8bs#\xf7*\x1c\xb4g\x9d\xaa,\x97\x9fy\x81\xe7\x90\x9c\x06\xbe[\xdbt\xb3\x84\x98\x87$\xbc\xf8?R\xdae\xa0\x10E\"U\x99\x9f\x92\r\x94&i\x13\xaao[\x06\t\x89+\xf5\xf5\xde\xeb\xe5_\':\x8eh`\xb4Q\x961\xb7\xe1[\xff\xab:\xdd#Q\xc7\x96\xe73\x03\x94\xd8\x85\xa9$\x18w\x16\xcf\xdd\xfe\x1b\xb8\bP\xb7\xe5\xbc\x01\xc4\xf6c\x9e\x96@9|\xb0fp\xdb\xdf)\x87\x7fT\x85f\xe0\xc2,\xa6\x96\xc2^\xfd\x8d\xfa\x8f\x8b\xded\x81\xe9\x82A^\xebi\x84r\x14\xf2N\xfb\xea\xbff5\n\x95\x8fZL\x90+j%\x81@\x1b\x93\xee\xae\x80\n\xbb\xa3\xb3'}, {0x20, '/dev/dri/card#\x00'}]}, 0x236) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f0000000140)=""/145, &(0x7f0000000040)=0x91) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c40)={0x6, 0x17, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x653, 0x0, 0x0, 0x0, 0x1}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xa0e}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @map_fd={0x18, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000b80)='syzkaller\x00', 0xfffffff7, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000bc0)={0x1, 0xc, 0x0, 0xd}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000c00), 0x0, 0x10, 0x3, @void, @value}, 0x94) sendto$inet6(r6, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) (async) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x9c, 0x0, 0x4, 0xf9ff}, {0x6}]}, 0x8) (async) r8 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, 0x0, 0x0) rt_sigaction(0x23, &(0x7f0000000240)={&(0x7f0000000180)="8fe834a27da6fdc4e2c9a71500000000dee8c4c19563e6660fda6a6695c4e255bf3ec4c125fba7b2ee00000faef30f1bf9", 0x40000003, &(0x7f00000001c0)="c4c33d4637a3c4c2a18e7b00fc3e0f755c7bcffa8fca78101ce4726b0000f267629a0000c4e1056db30db40000c4c1796d15ffefffff660f3822c8", {[0x6, 0xffff8001]}}, 0x0, 0x8, &(0x7f0000000280)) 2.148694513s ago: executing program 0 (id=300): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) inotify_init() mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) flock(0xffffffffffffffff, 0x2) flock(0xffffffffffffffff, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000400)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/139, 0x8b}], 0x1, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) set_mempolicy(0x4005, &(0x7f0000000040)=0x1001, 0x4) flock(0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x405e2, 0x10000, 0x2, 0x2d2}, 0x0, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') read$FUSE(r4, &(0x7f0000004300)={0x2020}, 0x2020) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab083f", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0, 0x1002, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) 2.141587899s ago: executing program 3 (id=301): r0 = socket$inet6(0xa, 0x1, 0xa) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r1) r2 = syz_io_uring_setup(0x21e5, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) futex(&(0x7f0000000080)=0x1, 0xd, 0x1, 0x0, 0x0, 0x1) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000540)={0x1f, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}}}}, 0x104) setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x108) close(r5) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9) r7 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r8, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.080080196s ago: executing program 2 (id=302): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x5}, &(0x7f0000000180)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x10, &(0x7f0000000480)=ANY=[@ANYRESDEC], &(0x7f0000000300)='syzkaller\x00', 0x8, 0xac, &(0x7f0000000140)=""/172, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x5d462ded1cef7b5b}, 0xc, &(0x7f00000005c0)={&(0x7f0000000440)={0x14, 0x0, 0x300, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x48490) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x81}, {0x6}]}, 0x8) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="0404190c4feefd25ad2983456cc952f1e6fc82"], 0xd) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x0, 0x2, 0x2, '\x00', 0xffffffffffffffe0}) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3, 0x1, 0x2, 0x0, 0x1cf, 0x4, 0x6, 0x1, 0x2, 0x9, 0x9, 0x4, 0x0, 0x7ff, 0x3, 0x3b, 0x2, 0x9, 0x1, '\x00', 0x81, 0x100000001}) ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f0000000040)={0x17, 0x0, 0x0}) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) io_uring_setup(0xf08, &(0x7f0000000000)={0x0, 0xe9ce, 0x400, 0x20001, 0x3}) 1.742022111s ago: executing program 1 (id=303): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) syz_clone(0x0, 0x0, 0x1100, 0x0, 0x0, 0x0) 1.021213765s ago: executing program 3 (id=304): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3, 0xffff}, {0x0, 0xffe0}}}, 0x24}}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x5}, 0x80) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c2b2b03043b0e0580a7b6070d63e286a5cefe", 0x5ac) 620.941255ms ago: executing program 3 (id=305): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x1, 0x70bd3d, 0xfffffffc, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0xdfffffe1) r0 = getpid() clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000340)=ANY=[@ANYRESHEX=r0], 0x0, 0x2c, 0x0, 0x0, 0xffffffff, 0x0, @void, @value}, 0x28) r3 = dup(r1) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c40000009000700000008000a400000000300"/80], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES16=r3, @ANYRES32=0x0, @ANYBLOB="10000000000000001c0012800b00010062726964676500000c00028008000200060000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4008051) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg$alg(r4, &(0x7f0000000180), 0x0, 0x0) dup(0xffffffffffffffff) socket(0x25, 0x80000, 0x0) socket(0x1e, 0x2, 0x0) symlink(&(0x7f0000000080)='.\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)={0x40082, 0x0, 0x28}, 0x18) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r5, 0x29, 0x4b, 0x0, 0x0) mkdir(0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0xa4513f2520f6a866, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x307) r6 = openat$snapshot(0xffffff9c, &(0x7f0000000080), 0x44000, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r2, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x0, @time={0x350, 0xfffeffff}, {0x5}, {0x0, 0x3}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick=0x7, {}, {}, @result}, {0x10, 0x0, 0x0, 0x0, @time={0x4, 0x7}, {0x4, 0x2}, {0x0, 0x80}, @control={0x0, 0xffffffff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time}, {0xb7, 0x2, 0xb5, 0xd, @time={0xfffffbff, 0x6}, {0x9, 0xd}, {0x6, 0x4}, @control={0x1, 0x0, 0x4}}, {0x7, 0x19, 0x4, 0x0, @time={0x8, 0x673}, {0x1, 0x80}, {0x2b, 0x18}, @note={0x9, 0x4, 0x35, 0x7, 0xfffffff9}}, {0x7, 0x0, 0x7, 0x6, @time={0x968c, 0x5}, {0xe, 0x3}, {0x3f, 0x8}, @result={0x4, 0x7}}], 0xc4) ioctl$SNAPSHOT_FREE(r6, 0x3305) 620.680382ms ago: executing program 1 (id=306): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x150) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}, {@nfs_export_on}]}) ioctl$KVM_RUN(r4, 0xae80, 0x1f) 177.78731ms ago: executing program 0 (id=307): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)={@multicast2, @loopback}, 0x10) 177.307792ms ago: executing program 0 (id=308): r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x8, &(0x7f0000001e00)=""/102400, &(0x7f0000000040)=0x19000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c000900080000", @ANYRES32], 0x4c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 176.968578ms ago: executing program 2 (id=309): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x801, 0xf5, 0x0, {0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x804) 176.766445ms ago: executing program 2 (id=310): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002) fsopen(&(0x7f0000000200)='tracefs\x00', 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) userfaultfd(0x80801) socket$tipc(0x1e, 0x2, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$netlink(0x10, 0x3, 0x14) r5 = socket$kcm(0x10, 0x2, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x41}}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r6 = io_uring_setup(0x1d5d, &(0x7f0000000080)={0x0, 0xaa44, 0x818, 0x2, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240), 0x0}, 0x20) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) socket$packet(0x11, 0x2, 0x300) r7 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r7], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x62040200) 0s ago: executing program 0 (id=311): r0 = socket$kcm(0x21, 0x6, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[{0xc, 0x110, 0x1}], 0xc}, 0x40) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) symlink(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file1\x00') symlink(&(0x7f0000004500)='./file1/file0\x00', &(0x7f0000004540)='./file0\x00') r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x74}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000380)={0xffffffffffffffff, 0x2, 0x3, 0x2, 0x10}) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r9 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)={0xffffffffffffffff}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r9, 0x0, 0x0, 0x53, &(0x7f0000000240), &(0x7f0000000300)=""/83, 0x4, 0x0, 0x0, 0xb, 0x0, &(0x7f00000003c0)="e18a9f6cd302b557741642", 0x2, 0x0, 0xd}, 0x4c) r10 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$alg(r10, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x0) sendmsg$nl_route_sched_retired(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r10, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000580)=""/230, 0xe6}], 0x1}, 0x2000000}], 0x2, 0x0, 0x0) ioctl$sock_SIOCGIFBR(r7, 0x8940, &(0x7f0000000500)=@get={0x1, &(0x7f0000000480)=""/77, 0x6}) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f003, 0x6}) ioctl$SNDCTL_SEQ_OUTOFBAND(r1, 0x40085112, &(0x7f0000000080)=@generic={0x8}) r11 = openat$sndseq(0xffffff9c, &(0x7f0000000040), 0x800) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r11, 0xc05c5340, &(0x7f00000003c0)={0x4, 0x3ff, 0x4, {0x2149, 0x5}, 0x7, 0x5}) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:16105' (ED25519) to the list of known hosts. [ 42.006054][ T5930] cgroup: Unknown subsys name 'net' [ 42.148984][ T5930] cgroup: Unknown subsys name 'cpuset' [ 42.155781][ T5930] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.991051][ T5930] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.948811][ T5951] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.955388][ T5957] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.958042][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.960784][ T5957] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.963107][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.965632][ T5957] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.968295][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.970601][ T5957] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.974850][ T5960] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.977442][ T5960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.986452][ T5958] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.989784][ T5958] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.992484][ T5958] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.993828][ T5957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.997856][ T5957] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 46.002625][ T5951] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 46.007782][ T5958] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 46.011666][ T5958] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 46.015496][ T5958] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 46.021166][ T5958] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.208527][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 46.273877][ T5953] chnl_net:caif_netlink_parms(): no params data found [ 46.323176][ T5952] chnl_net:caif_netlink_parms(): no params data found [ 46.479302][ T5961] chnl_net:caif_netlink_parms(): no params data found [ 46.484318][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.486630][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.489008][ T5953] bridge_slave_0: entered allmulticast mode [ 46.491741][ T5953] bridge_slave_0: entered promiscuous mode [ 46.495277][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.497548][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.499849][ T5948] bridge_slave_0: entered allmulticast mode [ 46.503304][ T5948] bridge_slave_0: entered promiscuous mode [ 46.506846][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.509150][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.511596][ T5948] bridge_slave_1: entered allmulticast mode [ 46.514517][ T5948] bridge_slave_1: entered promiscuous mode [ 46.528291][ T5953] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.530604][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.532900][ T5953] bridge_slave_1: entered allmulticast mode [ 46.535906][ T5953] bridge_slave_1: entered promiscuous mode [ 46.642094][ T5953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.647404][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.669367][ T5953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.674447][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.677433][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.679683][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.681962][ T5952] bridge_slave_0: entered allmulticast mode [ 46.685350][ T5952] bridge_slave_0: entered promiscuous mode [ 46.688433][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.690702][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.692960][ T5952] bridge_slave_1: entered allmulticast mode [ 46.696051][ T5952] bridge_slave_1: entered promiscuous mode [ 46.802594][ T5948] team0: Port device team_slave_0 added [ 46.818705][ T5961] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.821018][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.823259][ T5961] bridge_slave_0: entered allmulticast mode [ 46.826040][ T5961] bridge_slave_0: entered promiscuous mode [ 46.830480][ T5953] team0: Port device team_slave_0 added [ 46.833512][ T5948] team0: Port device team_slave_1 added [ 46.840368][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.843458][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.845851][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.848116][ T5961] bridge_slave_1: entered allmulticast mode [ 46.850718][ T5961] bridge_slave_1: entered promiscuous mode [ 46.853972][ T5953] team0: Port device team_slave_1 added [ 46.870401][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.941385][ T5961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.959640][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.961900][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.970718][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.975534][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.977762][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.985792][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.003212][ T5961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.008504][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.010933][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.019295][ T5953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.028368][ T5952] team0: Port device team_slave_0 added [ 47.043137][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.045467][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.053377][ T5953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.062484][ T5952] team0: Port device team_slave_1 added [ 47.078931][ T5961] team0: Port device team_slave_0 added [ 47.082224][ T5961] team0: Port device team_slave_1 added [ 47.139958][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.142171][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.150143][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.170019][ T5948] hsr_slave_0: entered promiscuous mode [ 47.172326][ T5948] hsr_slave_1: entered promiscuous mode [ 47.189693][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.191896][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.201186][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.228771][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.231391][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.239487][ T5961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.261200][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.263409][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.271464][ T5961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.277350][ T5953] hsr_slave_0: entered promiscuous mode [ 47.279572][ T5953] hsr_slave_1: entered promiscuous mode [ 47.281710][ T5953] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.284298][ T5953] Cannot create hsr debugfs directory [ 47.349403][ T5952] hsr_slave_0: entered promiscuous mode [ 47.351672][ T5952] hsr_slave_1: entered promiscuous mode [ 47.355059][ T5952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.357458][ T5952] Cannot create hsr debugfs directory [ 47.407381][ T5961] hsr_slave_0: entered promiscuous mode [ 47.409773][ T5961] hsr_slave_1: entered promiscuous mode [ 47.411887][ T5961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.414344][ T5961] Cannot create hsr debugfs directory [ 47.680133][ T5948] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.687533][ T5948] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.697980][ T5948] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.703018][ T5948] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.724254][ T5953] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.728653][ T5953] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.733320][ T5953] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.739398][ T5953] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.772203][ T5952] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.777334][ T5952] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.781719][ T5952] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.787452][ T5952] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.826305][ T5961] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.831594][ T5961] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.836021][ T5961] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.841910][ T5961] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.897943][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.924269][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.940411][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.942823][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.948038][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.951192][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.958346][ T5953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.972470][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.996726][ T5952] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.003909][ T5953] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.010536][ T5961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.018181][ T90] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.020439][ T90] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.023663][ T90] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.026120][ T90] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.040776][ T90] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.043079][ T90] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.045551][ T5957] Bluetooth: hci3: command tx timeout [ 48.045555][ T5958] Bluetooth: hci0: command tx timeout [ 48.045834][ T5958] Bluetooth: hci1: command tx timeout [ 48.047599][ T90] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.053702][ T90] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.054741][ T5958] Bluetooth: hci2: command tx timeout [ 48.070832][ T5961] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.087760][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.090069][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.094613][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.096886][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.193927][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.216819][ T5953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.238376][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.250058][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.255696][ T5948] veth0_vlan: entered promiscuous mode [ 48.273914][ T5948] veth1_vlan: entered promiscuous mode [ 48.291498][ T5953] veth0_vlan: entered promiscuous mode [ 48.302084][ T5953] veth1_vlan: entered promiscuous mode [ 48.305812][ T5952] veth0_vlan: entered promiscuous mode [ 48.310737][ T5948] veth0_macvtap: entered promiscuous mode [ 48.321070][ T5948] veth1_macvtap: entered promiscuous mode [ 48.328398][ T5961] veth0_vlan: entered promiscuous mode [ 48.333437][ T5952] veth1_vlan: entered promiscuous mode [ 48.346621][ T5961] veth1_vlan: entered promiscuous mode [ 48.349736][ T5953] veth0_macvtap: entered promiscuous mode [ 48.353526][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.367372][ T5953] veth1_macvtap: entered promiscuous mode [ 48.370730][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.380905][ T5948] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.383721][ T5948] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.387826][ T5948] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.390601][ T5948] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.398856][ T5961] veth0_macvtap: entered promiscuous mode [ 48.403381][ T5961] veth1_macvtap: entered promiscuous mode [ 48.411511][ T5952] veth0_macvtap: entered promiscuous mode [ 48.421370][ T5953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.425049][ T5953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.428871][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.431502][ T5952] veth1_macvtap: entered promiscuous mode [ 48.443170][ T5953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.448036][ T5953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.452157][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.456201][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.459628][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.462653][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.467667][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.471534][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.481848][ T5953] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.485259][ T5953] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.488726][ T5953] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.491465][ T5953] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.497016][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.500649][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.503923][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.507652][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.511483][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.521084][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.525014][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.528037][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.531238][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.534859][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.538161][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.542023][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.547824][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.551177][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.554313][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.557598][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.560638][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.563863][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.567875][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.575421][ T5952] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.578218][ T5952] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.581535][ T5952] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.585178][ T5952] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.600905][ T5961] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.603711][ T5961] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.606631][ T5961] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.609413][ T5961] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.615355][ T1223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.617916][ T1223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.646411][ T1223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.649406][ T1223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.685771][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.688260][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.699888][ T5948] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.703382][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.709304][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.728728][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.731178][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.735391][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.738780][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.762611][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.763424][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.765624][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.769497][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.836118][ T6014] ======================================================= [ 48.836118][ T6014] WARNING: The mand mount option has been deprecated and [ 48.836118][ T6014] and is ignored by this kernel. Remove the mand [ 48.836118][ T6014] option from the mount to silence this warning. [ 48.836118][ T6014] ======================================================= [ 48.848554][ T6014] overlay: Unknown parameter '' [ 48.856993][ T6027] mmap: syz.0.1 (6027) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 48.886772][ T6032] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 48.890805][ T6032] x_tables: ip_tables: ah match: only valid for protocol 51 [ 48.919441][ T6036] syz.2.8 uses obsolete (PF_INET,SOCK_PACKET) [ 48.922659][ T6036] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8'. [ 48.933640][ T6036] netlink: 68 bytes leftover after parsing attributes in process `syz.2.8'. [ 48.937351][ T6036] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8'. [ 49.078589][ T6041] FAULT_INJECTION: forcing a failure. [ 49.078589][ T6041] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 49.082717][ T6041] CPU: 1 UID: 0 PID: 6041 Comm: syz.0.7 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 49.082743][ T6041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 49.082749][ T6041] Call Trace: [ 49.082754][ T6041] [ 49.082759][ T6041] dump_stack_lvl+0x16c/0x1f0 [ 49.082777][ T6041] should_fail_ex+0x512/0x640 [ 49.082792][ T6041] _copy_from_user+0x2e/0xd0 [ 49.082805][ T6041] get_compat_msghdr+0xa7/0x170 [ 49.082820][ T6041] ? __pfx_get_compat_msghdr+0x10/0x10 [ 49.082834][ T6041] ? __lock_acquire+0x5ca/0x1ba0 [ 49.082851][ T6041] ___sys_recvmsg+0x191/0x1a0 [ 49.082866][ T6041] ? __pfx____sys_recvmsg+0x10/0x10 [ 49.082885][ T6041] ? lock_acquire+0xd0/0x350 [ 49.082898][ T6041] ? __pfx___might_resched+0x10/0x10 [ 49.082913][ T6041] do_recvmmsg+0x568/0x740 [ 49.082928][ T6041] ? __pfx_do_recvmmsg+0x10/0x10 [ 49.082940][ T6041] ? trace_sched_exit_tp+0xde/0x130 [ 49.082962][ T6041] ? __pfx___schedule+0x10/0x10 [ 49.082974][ T6041] ? __fget_files+0x20e/0x3c0 [ 49.082986][ T6041] __sys_recvmmsg+0x21c/0x280 [ 49.083000][ T6041] ? __pfx___sys_recvmmsg+0x10/0x10 [ 49.083018][ T6041] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 49.083032][ T6041] ? lockdep_hardirqs_on+0x7c/0x110 [ 49.083045][ T6041] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 49.083060][ T6041] __do_fast_syscall_32+0x73/0x120 [ 49.083076][ T6041] do_fast_syscall_32+0x32/0x80 [ 49.083091][ T6041] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 49.083104][ T6041] RIP: 0023:0xf7fa7579 [ 49.083117][ T6041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 49.083127][ T6041] RSP: 002b:00000000f508455c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 49.083137][ T6041] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000b40 [ 49.083143][ T6041] RDX: 00000000000005df RSI: 0000000000000002 RDI: 0000000000000000 [ 49.083149][ T6041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 49.083154][ T6041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 49.083160][ T6041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.083172][ T6041] [ 49.834656][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.837539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.840592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.843757][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.914403][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.124134][ T5958] Bluetooth: hci3: command tx timeout [ 50.134383][ T5958] Bluetooth: hci2: command tx timeout [ 50.134438][ T5957] Bluetooth: hci1: command tx timeout [ 50.134509][ T5951] Bluetooth: hci0: command tx timeout [ 50.274237][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 50.549141][ T6064] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.624563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.628545][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.632135][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.635172][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 50.640978][ T6066] 9pnet_virtio: no channels available for device syz [ 50.813058][ T6066] ufs: You didn't specify the type of your ufs filesystem [ 50.813058][ T6066] [ 50.813058][ T6066] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 50.813058][ T6066] [ 50.813058][ T6066] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 50.822888][ T6066] ufs: failed to set blocksize [ 51.491974][ T6102] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 51.651256][ T40] audit: type=1800 audit(1745428849.710:2): pid=6105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.30" name="bus" dev="9p" ino=36831600 res=0 errno=0 [ 51.661263][ T6105] ufs: You didn't specify the type of your ufs filesystem [ 51.661263][ T6105] [ 51.661263][ T6105] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 51.661263][ T6105] [ 51.661263][ T6105] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 51.673590][ T6105] ufs: failed to set blocksize [ 51.796098][ T6116] netlink: 'syz.2.32': attribute type 4 has an invalid length. [ 52.204903][ T5957] Bluetooth: hci1: command tx timeout [ 52.204914][ T5958] Bluetooth: hci2: command tx timeout [ 52.214276][ T5957] Bluetooth: hci0: command tx timeout [ 52.214401][ T5958] Bluetooth: hci3: command tx timeout [ 52.215343][ T6141] Zero length message leads to an empty skb [ 52.271589][ T6145] netlink: 'syz.3.41': attribute type 4 has an invalid length. [ 53.113252][ T6167] 9p: Unknown Cache mode or invalid value reodahea¾ï~Ó§ÿÔVšÀ—$ [ 53.254617][ T90] Bluetooth: Error in BCSP hdr checksum [ 53.327130][ T6173] fuse: Unknown parameter 'rèzh?°$c’Ž\èLS¢a;§¿†Þ67bJÿ K ëp§ü ãŠDWõ׺Ž3Ý'òº'·çÒK®”ö%8Gªîó' [ 53.542017][ T65] Bluetooth: Error in BCSP hdr checksum [ 53.794499][ T12] Bluetooth: Error in BCSP hdr checksum [ 54.257924][ T6202] netlink: 'syz.3.53': attribute type 4 has an invalid length. [ 54.286951][ T5957] Bluetooth: hci0: command tx timeout [ 54.288713][ T5957] Bluetooth: hci1: command tx timeout [ 54.294167][ T5951] Bluetooth: hci3: command tx timeout [ 54.575921][ T6216] random: crng reseeded on system resumption [ 54.687605][ T6218] netlink: 'syz.2.58': attribute type 1 has an invalid length. [ 54.690450][ T6218] netlink: 224 bytes leftover after parsing attributes in process `syz.2.58'. [ 55.324185][ T5951] Bluetooth: hci4: command 0x1003 tx timeout [ 55.325034][ T5958] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 55.593631][ T6233] trusted_key: syz.2.63 sent an empty control message without MSG_MORE. [ 56.260202][ T6252] overlay: Unknown parameter '' [ 56.324655][ T5958] Bluetooth: unknown link type 108 [ 56.326340][ T5958] Bluetooth: hci3: connection err: -111 [ 56.547306][ T6264] 9pnet_virtio: no channels available for device syz [ 56.567783][ T6265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.70'. [ 56.572154][ T6265] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 56.855465][ T5958] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 56.859841][ T5958] Bluetooth: hci2: Injecting HCI hardware error event [ 56.863810][ T5958] Bluetooth: hci2: hardware error 0x00 [ 56.927546][ T6287] overlay: Unknown parameter '' [ 57.038435][ T6291] block device autoloading is deprecated and will be removed. [ 57.513156][ T6312] 9pnet_virtio: no channels available for device syz [ 57.657148][ T5951] Bluetooth: unknown link type 108 [ 57.658816][ T5951] Bluetooth: hci3: connection err: -111 [ 57.894167][ T6012] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 57.981050][ T6325] overlay: Unknown parameter '' [ 58.044149][ T6012] usb 7-1: Using ep0 maxpacket: 32 [ 58.049737][ T6012] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 58.056145][ T6012] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 58.059505][ T6012] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 58.062705][ T6012] usb 7-1: Product: syz [ 58.064517][ T6012] usb 7-1: Manufacturer: syz [ 58.066382][ T6012] usb 7-1: SerialNumber: syz [ 58.074363][ T6012] usb 7-1: config 0 descriptor?? [ 58.077750][ T6317] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 58.297870][ T1323] usb 7-1: USB disconnect, device number 2 [ 58.887916][ T6344] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3781544950 (3781544950 ns) > initial count (699260337 ns). Using initial count to start timer. [ 58.935218][ T5958] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 59.004200][ T6349] netlink: 'syz.0.91': attribute type 4 has an invalid length. [ 59.271059][ T5958] Bluetooth: unknown link type 108 [ 59.272686][ T5958] Bluetooth: hci3: connection err: -111 [ 59.367058][ T6373] Invalid source name [ 59.368652][ T6373] UBIFS error (pid: 6373): cannot open "usrquota", error -22 [ 60.156501][ T6413] CUSE: info not properly terminated [ 61.550029][ T6451] input: syz1 as /devices/virtual/input/input5 [ 61.690062][ T6462] overlay: Unknown parameter '' [ 62.288687][ T6480] tmpfs: Bad value for 'mpol' [ 62.471671][ T6484] netlink: 'syz.1.132': attribute type 4 has an invalid length. [ 62.484142][ T6484] netlink: 'syz.1.132': attribute type 4 has an invalid length. [ 62.608985][ T6489] netlink: 'syz.1.134': attribute type 1 has an invalid length. [ 62.611590][ T6489] netlink: 224 bytes leftover after parsing attributes in process `syz.1.134'. [ 62.754213][ T833] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 62.782398][ T6491] overlay: Unknown parameter '' [ 62.910762][ T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 62.914129][ T833] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 62.918325][ T833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.922947][ T833] usb 5-1: config 0 descriptor?? [ 62.935957][ T833] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 63.088588][ T6503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.139'. [ 63.145224][ T6503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.139'. [ 63.587809][ T6521] netlink: 'syz.2.142': attribute type 4 has an invalid length. [ 63.591537][ T6521] netlink: 'syz.2.142': attribute type 4 has an invalid length. [ 63.888046][ T6526] overlay: Unknown parameter '' [ 63.980006][ T6530] dvmrp0: entered allmulticast mode [ 63.986356][ T6531] netlink: 24 bytes leftover after parsing attributes in process `syz.2.146'. [ 64.011361][ T6536] nfs4: Bad value for 'source' [ 64.096900][ T6543] exFAT-fs (nullb0): invalid boot record signature [ 64.100279][ T6543] exFAT-fs (nullb0): failed to read boot sector [ 64.102990][ T6543] exFAT-fs (nullb0): failed to recognize exfat type [ 64.491696][ T6569] overlay: Unknown parameter '' [ 64.863103][ T29] hid-generic 00A0:0008:0005.0002: unknown main item tag 0x7 [ 64.867038][ T29] hid-generic 00A0:0008:0005.0002: unknown main item tag 0x3 [ 64.870532][ T29] hid-generic 00A0:0008:0005.0002: unknown main item tag 0x0 [ 64.872981][ T29] hid-generic 00A0:0008:0005.0002: unknown main item tag 0x0 [ 64.899062][ T29] hid-generic 00A0:0008:0005.0002: unknown main item tag 0x0 [ 64.924569][ T29] hid-generic 00A0:0008:0005.0002: hidraw1: HID v0.05 Device [syz0] on syz0 [ 65.379528][ T6624] netlink: 20 bytes leftover after parsing attributes in process `syz.1.162'. [ 65.563568][ T6628] overlay: Unknown parameter '' [ 65.589123][ T24] usb 5-1: USB disconnect, device number 2 [ 65.761294][ T5958] Bluetooth: unknown link type 108 [ 65.762973][ T5958] Bluetooth: hci3: connection err: -111 [ 66.315557][ T6653] overlay: Unknown parameter '' [ 66.361819][ T6659] bridge0: port 3(veth0_to_bridge) entered blocking state [ 66.366982][ T6659] bridge0: port 3(veth0_to_bridge) entered disabled state [ 66.369357][ T6659] veth0_to_bridge: entered allmulticast mode [ 66.372514][ T6659] veth0_to_bridge: entered promiscuous mode [ 66.375115][ T6659] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 66.379706][ T6659] bridge0: port 3(veth0_to_bridge) entered blocking state [ 66.382525][ T6659] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 66.614179][ T6675] kernel read not supported for file /eth0 (pid: 6675 comm: syz.2.179) [ 66.616917][ T40] audit: type=1800 audit(1745428864.680:3): pid=6675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.179" name="eth0" dev="mqueue" ino=13536 res=0 errno=0 [ 68.209759][ T40] audit: type=1326 audit(1745428867.276:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6753 comm="syz.3.205" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x0 [ 68.867949][ T5958] Bluetooth: unknown link type 108 [ 68.869620][ T5958] Bluetooth: hci0: connection err: -111 [ 69.769181][ T6813] netlink: 'syz.0.220': attribute type 4 has an invalid length. [ 69.885998][ T6819] overlay: Unknown parameter '' [ 70.067628][ T5958] Bluetooth: unknown link type 108 [ 70.069418][ T5958] Bluetooth: hci0: connection err: -111 [ 70.078846][ T6831] Bluetooth: MGMT ver 1.23 [ 70.130185][ T6833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.227'. [ 70.328767][ T40] audit: type=1804 audit(1745428869.396:5): pid=6840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.230" name="/newroot/63/file0" dev="tmpfs" ino=354 res=1 errno=0 [ 70.364557][ T6842] netlink: 'syz.0.231': attribute type 4 has an invalid length. [ 70.416539][ T6846] selection: kmalloc() failed [ 70.858849][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.861045][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.378819][ T6870] netlink: 'syz.3.240': attribute type 4 has an invalid length. [ 71.681969][ T6886] overlay: Unknown parameter '' [ 72.217560][ T6909] netlink: 'syz.0.251': attribute type 4 has an invalid length. [ 72.497071][ T6920] overlay: Unknown parameter '' [ 72.764396][ T6934] netlink: 48 bytes leftover after parsing attributes in process `syz.3.259'. [ 72.989436][ T6944] netlink: 'syz.3.260': attribute type 4 has an invalid length. [ 73.036849][ T6012] IPVS: starting estimator thread 0... [ 73.124217][ T6951] IPVS: using max 46 ests per chain, 110400 per kthread [ 73.166620][ T6950] IPVS: set_ctl: invalid protocol: 51 127.0.0.1:20002 [ 73.475371][ T6956] overlay: Unknown parameter '' [ 73.685735][ T40] audit: type=1326 audit(1745428872.756:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.1.269" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f03579 code=0x0 [ 73.736981][ T6974] netlink: 'syz.2.270': attribute type 4 has an invalid length. [ 73.825230][ T6981] FAULT_INJECTION: forcing a failure. [ 73.825230][ T6981] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 73.830554][ T6981] CPU: 1 UID: 0 PID: 6981 Comm: syz.2.272 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 73.830576][ T6981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.830586][ T6981] Call Trace: [ 73.830594][ T6981] [ 73.830602][ T6981] dump_stack_lvl+0x16c/0x1f0 [ 73.830627][ T6981] should_fail_ex+0x512/0x640 [ 73.830648][ T6981] _copy_from_user+0x2e/0xd0 [ 73.830668][ T6981] get_compat_msghdr+0xa7/0x170 [ 73.830692][ T6981] ? __pfx_get_compat_msghdr+0x10/0x10 [ 73.830722][ T6981] ___sys_sendmsg+0x1ae/0x1d0 [ 73.830744][ T6981] ? __pfx____sys_sendmsg+0x10/0x10 [ 73.830788][ T6981] __sys_sendmsg+0x16d/0x220 [ 73.830807][ T6981] ? __pfx___sys_sendmsg+0x10/0x10 [ 73.830837][ T6981] ? rcu_is_watching+0x12/0xc0 [ 73.830861][ T6981] __do_fast_syscall_32+0x73/0x120 [ 73.830884][ T6981] do_fast_syscall_32+0x32/0x80 [ 73.830905][ T6981] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 73.830922][ T6981] RIP: 0023:0xf703e579 [ 73.830934][ T6981] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 73.830952][ T6981] RSP: 002b:00000000f500d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 73.830967][ T6981] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000000 [ 73.830976][ T6981] RDX: 0000000004000084 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.830987][ T6981] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 73.830996][ T6981] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 73.831007][ T6981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 73.831029][ T6981] [ 74.558630][ T6988] overlay: Unknown parameter '' [ 74.636038][ T6995] netlink: 12 bytes leftover after parsing attributes in process `syz.2.276'. [ 74.658829][ T6992] netlink: 56 bytes leftover after parsing attributes in process `syz.1.275'. [ 74.813164][ T7010] netlink: 'syz.0.281': attribute type 4 has an invalid length. [ 74.837377][ T7006] netlink: 14 bytes leftover after parsing attributes in process `syz.1.280'. [ 74.842981][ T7006] capability: warning: `syz.1.280' uses deprecated v2 capabilities in a way that may be insecure [ 75.203980][ T7030] vivid-007: disconnect [ 75.632150][ T7040] xt_ecn: cannot match TCP bits for non-tcp packets [ 75.661715][ T7043] netlink: 'syz.2.290': attribute type 4 has an invalid length. [ 75.682475][ T7012] vivid-007: reconnect [ 75.838890][ T7051] netlink: 12 bytes leftover after parsing attributes in process `syz.1.293'. [ 75.965185][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.969573][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.973403][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.977448][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.981386][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.985420][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.989575][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.993654][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 75.997698][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 76.001599][ C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:fe:23:70:59:54:d7, vlan:0) [ 76.376883][ T7060] 9pnet_virtio: no channels available for device syz [ 76.818490][ T7072] program syz.3.299 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 78.467442][ T7108] netlink: 'syz.0.307': attribute type 4 has an invalid length. [ 78.665764][ T7109] overlayfs: conflicting options: nfs_export=on,index=off [ 79.107218][ T7103] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 79.109853][ T7103] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 79.149308][ T7103] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 79.187814][ T7103] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 79.196885][ T7103] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 79.235590][ T7103] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 79.290717][ T3535] ================================================================== [ 79.293377][ T3535] BUG: KASAN: slab-use-after-free in bt_accept_dequeue+0x582/0x600 [ 79.296637][ T3535] Read of size 8 at addr ffff888025fdb558 by task krfcommd/3535 [ 79.300877][ T3535] [ 79.302143][ T3535] CPU: 1 UID: 0 PID: 3535 Comm: krfcommd Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 79.302157][ T3535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.302163][ T3535] Call Trace: [ 79.302167][ T3535] [ 79.302172][ T3535] dump_stack_lvl+0x116/0x1f0 [ 79.302189][ T3535] print_report+0xc3/0x670 [ 79.302203][ T3535] ? __virt_addr_valid+0x5e/0x590 [ 79.302217][ T3535] ? __phys_addr+0xc6/0x150 [ 79.302230][ T3535] ? bt_accept_dequeue+0x582/0x600 [ 79.302241][ T3535] kasan_report+0xe0/0x110 [ 79.302254][ T3535] ? bt_accept_dequeue+0x582/0x600 [ 79.302264][ T3535] bt_accept_dequeue+0x582/0x600 [ 79.302275][ T3535] l2cap_sock_accept+0x2c7/0x650 [ 79.302289][ T3535] ? __pfx_l2cap_sock_accept+0x10/0x10 [ 79.302301][ T3535] ? __pfx_woken_wake_function+0x10/0x10 [ 79.302312][ T3535] ? bpf_lsm_socket_post_create+0x9/0x10 [ 79.302328][ T3535] ? security_socket_post_create+0x21d/0x260 [ 79.302340][ T3535] ? __pfx_l2cap_sock_accept+0x10/0x10 [ 79.302353][ T3535] kernel_accept+0x1cf/0x380 [ 79.302369][ T3535] ? __pfx_kernel_accept+0x10/0x10 [ 79.302385][ T3535] rfcomm_run+0x3a7/0x5220 [ 79.302395][ T3535] ? __lock_acquire+0xaa4/0x1ba0 [ 79.302414][ T3535] ? __pfx_rfcomm_run+0x10/0x10 [ 79.302424][ T3535] ? __pfx_woken_wake_function+0x10/0x10 [ 79.302434][ T3535] ? find_held_lock+0x2b/0x80 [ 79.302445][ T3535] ? rcu_is_watching+0x12/0xc0 [ 79.302455][ T3535] ? lockdep_hardirqs_on+0x7c/0x110 [ 79.302469][ T3535] ? __kthread_parkme+0x19e/0x250 [ 79.302482][ T3535] ? __pfx_rfcomm_run+0x10/0x10 [ 79.302491][ T3535] kthread+0x3c2/0x780 [ 79.302506][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.302520][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.302534][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.302548][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.302562][ T3535] ? rcu_is_watching+0x12/0xc0 [ 79.302571][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.302586][ T3535] ret_from_fork+0x45/0x80 [ 79.302596][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.302610][ T3535] ret_from_fork_asm+0x1a/0x30 [ 79.302628][ T3535] [ 79.302635][ T3535] [ 79.315974][ T7103] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 79.316399][ T3535] Allocated by task 5958: [ 79.318556][ T7103] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 79.319606][ T3535] kasan_save_stack+0x33/0x60 [ 79.392244][ T3535] kasan_save_track+0x14/0x30 [ 79.393857][ T3535] __kasan_kmalloc+0xaa/0xb0 [ 79.395637][ T3535] __kmalloc_noprof+0x223/0x510 [ 79.397372][ T3535] sk_prot_alloc+0x1a8/0x2a0 [ 79.398957][ T3535] sk_alloc+0x36/0xc20 [ 79.400330][ T3535] bt_sock_alloc+0x3b/0x3a0 [ 79.401881][ T3535] l2cap_sock_alloc.constprop.0+0x33/0x1d0 [ 79.403797][ T3535] l2cap_sock_new_connection_cb+0x101/0x240 [ 79.406011][ T3535] l2cap_connect.constprop.0+0x78a/0x1240 [ 79.407883][ T3535] l2cap_recv_frame+0xe24/0x9510 [ 79.409563][ T3535] l2cap_recv_acldata+0xae4/0xd30 [ 79.411210][ T3535] hci_rx_work+0xa80/0x16b0 [ 79.412746][ T3535] process_one_work+0x9cc/0x1b70 [ 79.414366][ T3535] worker_thread+0x6c8/0xf10 [ 79.416049][ T3535] kthread+0x3c2/0x780 [ 79.417747][ T3535] ret_from_fork+0x45/0x80 [ 79.419478][ T3535] ret_from_fork_asm+0x1a/0x30 [ 79.421061][ T3535] [ 79.421830][ T3535] Freed by task 7103: [ 79.423220][ T3535] kasan_save_stack+0x33/0x60 [ 79.424842][ T3535] kasan_save_track+0x14/0x30 [ 79.426591][ T3535] kasan_save_free_info+0x3b/0x60 [ 79.428653][ T3535] __kasan_slab_free+0x51/0x70 [ 79.430216][ T3535] kfree+0x2b6/0x4d0 [ 79.431531][ T3535] __sk_destruct+0x740/0x980 [ 79.433175][ T3535] sk_destruct+0xc2/0xf0 [ 79.434618][ T3535] __sk_free+0xf4/0x3e0 [ 79.436006][ T3535] sk_free+0x6a/0x90 [ 79.437563][ T3535] l2cap_sock_kill+0x171/0x2d0 [ 79.439429][ T3535] l2cap_sock_close_cb+0x44/0x60 [ 79.441126][ T3535] l2cap_conn_del+0x3b9/0x730 [ 79.442732][ T3535] l2cap_connect_cfm+0x9e1/0xf80 [ 79.444388][ T3535] hci_conn_failed+0x1ba/0x330 [ 79.446032][ T3535] hci_abort_conn_sync+0x740/0xb40 [ 79.447885][ T3535] hci_disconnect_all_sync.constprop.0+0x104/0x3c0 [ 79.450220][ T3535] hci_suspend_sync+0x770/0xab0 [ 79.451857][ T3535] hci_suspend_dev+0x308/0x500 [ 79.453503][ T3535] hci_suspend_notifier+0x28d/0x2f0 [ 79.455233][ T3535] notifier_call_chain+0xb9/0x410 [ 79.456954][ T3535] blocking_notifier_call_chain_robust+0xc8/0x160 [ 79.459114][ T3535] pm_notifier_call_chain_robust+0x27/0x60 [ 79.461051][ T3535] snapshot_open+0x189/0x2b0 [ 79.462611][ T3535] misc_open+0x35a/0x420 [ 79.464000][ T3535] chrdev_open+0x231/0x6a0 [ 79.465557][ T3535] do_dentry_open+0x741/0x1c10 [ 79.467262][ T3535] vfs_open+0x82/0x3f0 [ 79.468668][ T3535] path_openat+0x1e5e/0x2d40 [ 79.470615][ T3535] do_filp_open+0x20b/0x470 [ 79.472472][ T3535] do_sys_openat2+0x11b/0x1d0 [ 79.474501][ T3535] __ia32_compat_sys_openat+0x16d/0x210 [ 79.476851][ T3535] __do_fast_syscall_32+0x73/0x120 [ 79.478959][ T3535] do_fast_syscall_32+0x32/0x80 [ 79.481002][ T3535] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 79.483621][ T3535] [ 79.484664][ T3535] The buggy address belongs to the object at ffff888025fdb000 [ 79.484664][ T3535] which belongs to the cache kmalloc-2k of size 2048 [ 79.489729][ T3535] The buggy address is located 1368 bytes inside of [ 79.489729][ T3535] freed 2048-byte region [ffff888025fdb000, ffff888025fdb800) [ 79.494284][ T3535] [ 79.495089][ T3535] The buggy address belongs to the physical page: [ 79.497264][ T3535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25fd8 [ 79.500160][ T3535] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 79.503471][ T3535] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 79.506111][ T3535] page_type: f5(slab) [ 79.507494][ T3535] raw: 00fff00000000040 ffff88801b442f00 0000000000000000 dead000000000001 [ 79.510407][ T3535] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 79.513488][ T3535] head: 00fff00000000040 ffff88801b442f00 0000000000000000 dead000000000001 [ 79.516727][ T3535] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 79.519931][ T3535] head: 00fff00000000003 ffffea000097f601 00000000ffffffff 00000000ffffffff [ 79.523095][ T3535] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 79.526867][ T3535] page dumped because: kasan: bad access detected [ 79.529184][ T3535] page_owner tracks the page as allocated [ 79.531266][ T3535] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 15307516071, free_ts 15256767393 [ 79.538727][ T3535] post_alloc_hook+0x181/0x1b0 [ 79.540371][ T3535] get_page_from_freelist+0x135c/0x3920 [ 79.542208][ T3535] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 79.544285][ T3535] alloc_pages_mpol+0x1fb/0x550 [ 79.546349][ T3535] new_slab+0x244/0x340 [ 79.547924][ T3535] ___slab_alloc+0xd9c/0x1940 [ 79.549796][ T3535] __slab_alloc.constprop.0+0x56/0xb0 [ 79.552039][ T3535] __kvmalloc_node_noprof+0x3a6/0x600 [ 79.554297][ T3535] v4l2_ctrl_new+0x17f4/0x2180 [ 79.556293][ T3535] v4l2_ctrl_new_custom+0x413/0xaa0 [ 79.558506][ T3535] vivid_create_controls+0x926/0x3df0 [ 79.560760][ T3535] vivid_probe+0x515f/0xb890 [ 79.562816][ T3535] platform_probe+0xff/0x1f0 [ 79.565337][ T3535] really_probe+0x23e/0xa90 [ 79.567448][ T3535] __driver_probe_device+0x1de/0x440 [ 79.569670][ T3535] driver_probe_device+0x4c/0x1b0 [ 79.571727][ T3535] page last free pid 36 tgid 36 stack trace: [ 79.574215][ T3535] __free_frozen_pages+0x69d/0xff0 [ 79.576297][ T3535] __put_partials+0x16d/0x1c0 [ 79.578007][ T3535] qlist_free_all+0x4e/0x120 [ 79.579561][ T3535] kasan_quarantine_reduce+0x195/0x1e0 [ 79.581367][ T3535] __kasan_slab_alloc+0x69/0x90 [ 79.583008][ T3535] kmem_cache_alloc_lru_noprof+0x1d0/0x3b0 [ 79.585136][ T3535] shmem_alloc_inode+0x25/0x50 [ 79.586793][ T3535] alloc_inode+0x61/0x240 [ 79.588255][ T3535] new_inode+0x22/0x1c0 [ 79.589653][ T3535] shmem_get_inode+0x19a/0xfb0 [ 79.591505][ T3535] shmem_mknod+0x1a8/0x450 [ 79.593385][ T3535] vfs_mknod+0x5d7/0x8e0 [ 79.595178][ T3535] devtmpfs_work_loop+0x1c8/0x900 [ 79.597427][ T3535] devtmpfsd+0x4c/0x50 [ 79.598768][ T3535] kthread+0x3c2/0x780 [ 79.600125][ T3535] ret_from_fork+0x45/0x80 [ 79.601587][ T3535] [ 79.602383][ T3535] Memory state around the buggy address: [ 79.604410][ T3535] ffff888025fdb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.607800][ T3535] ffff888025fdb480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.611047][ T3535] >ffff888025fdb500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.614225][ T3535] ^ [ 79.616492][ T3535] ffff888025fdb580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.619229][ T3535] ffff888025fdb600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.622444][ T3535] ================================================================== [ 79.631695][ T3535] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 79.634790][ T3535] CPU: 1 UID: 0 PID: 3535 Comm: krfcommd Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 79.639433][ T3535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.643860][ T3535] Call Trace: [ 79.645331][ T3535] [ 79.646317][ T3535] dump_stack_lvl+0x3d/0x1f0 [ 79.647861][ T3535] panic+0x71c/0x800 [ 79.649172][ T3535] ? __pfx_panic+0x10/0x10 [ 79.650846][ T3535] ? mark_held_locks+0x49/0x80 [ 79.652583][ T3535] ? preempt_schedule_thunk+0x16/0x30 [ 79.654375][ T3535] ? bt_accept_dequeue+0x582/0x600 [ 79.656045][ T3535] ? preempt_schedule_common+0x44/0xc0 [ 79.657897][ T3535] ? check_panic_on_warn+0x1f/0xb0 [ 79.659587][ T3535] ? bt_accept_dequeue+0x582/0x600 [ 79.661625][ T3535] check_panic_on_warn+0xab/0xb0 [ 79.663706][ T3535] end_report+0x107/0x170 [ 79.665298][ T3535] kasan_report+0xee/0x110 [ 79.666838][ T3535] ? bt_accept_dequeue+0x582/0x600 [ 79.668487][ T3535] bt_accept_dequeue+0x582/0x600 [ 79.670109][ T3535] l2cap_sock_accept+0x2c7/0x650 [ 79.671742][ T3535] ? __pfx_l2cap_sock_accept+0x10/0x10 [ 79.673586][ T3535] ? __pfx_woken_wake_function+0x10/0x10 [ 79.675385][ T3535] ? bpf_lsm_socket_post_create+0x9/0x10 [ 79.677364][ T3535] ? security_socket_post_create+0x21d/0x260 [ 79.679402][ T3535] ? __pfx_l2cap_sock_accept+0x10/0x10 [ 79.681221][ T3535] kernel_accept+0x1cf/0x380 [ 79.682852][ T3535] ? __pfx_kernel_accept+0x10/0x10 [ 79.684831][ T3535] rfcomm_run+0x3a7/0x5220 [ 79.686303][ T3535] ? __lock_acquire+0xaa4/0x1ba0 [ 79.687973][ T3535] ? __pfx_rfcomm_run+0x10/0x10 [ 79.689596][ T3535] ? __pfx_woken_wake_function+0x10/0x10 [ 79.691438][ T3535] ? find_held_lock+0x2b/0x80 [ 79.693129][ T3535] ? rcu_is_watching+0x12/0xc0 [ 79.694784][ T3535] ? lockdep_hardirqs_on+0x7c/0x110 [ 79.696491][ T3535] ? __kthread_parkme+0x19e/0x250 [ 79.698203][ T3535] ? __pfx_rfcomm_run+0x10/0x10 [ 79.699778][ T3535] kthread+0x3c2/0x780 [ 79.701235][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.702772][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.704305][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.705865][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.707387][ T3535] ? rcu_is_watching+0x12/0xc0 [ 79.709151][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.710821][ T3535] ret_from_fork+0x45/0x80 [ 79.712284][ T3535] ? __pfx_kthread+0x10/0x10 [ 79.713849][ T3535] ret_from_fork_asm+0x1a/0x30 [ 79.715471][ T3535] [ 79.717218][ T3535] Kernel Offset: disabled [ 79.718590][ T3535] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:21:17 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffffff8e3bf440 RCX=ffffc90006608001 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8dcda8e9 RBP=0000000000000001 RSP=ffffc90006606f80 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=00000000000084a3 R12=ffffffff81699d14 R13=0000000000000206 R14=ffff888022158000 R15=ffffc90006607074 RIP=ffffffff8b6f1c90 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3f6ad0 CR3=0000000065dd4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854afb75 RDI=ffffffff9ae0cb80 RBP=ffffffff9ae0cb40 RSP=ffffc9002773f520 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000035 R14=ffffffff9ae0cb40 R15=ffffffff854afb10 RIP=ffffffff854afb9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000803eb000 CR3=000000006a3b0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000007 RBX=0000000000000003 RCX=0000000000000020 RDX=0000000000000020 RSI=0000000000000001 RDI=ffff888021c3afa8 RBP=ffff888021c3af30 RSP=ffffc900005379b8 R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000000 R11=ffffffff8e3bf440 R12=0000000000000003 R13=0000000000000001 R14=ffff888021c3a440 R15=0000000000000000 RIP=ffffffff819737c3 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7133820 CR3=000000004c42c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2b3c3857009c784c 035e26170e775ac4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f63caed0edade29 12057398485a6550 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d573c54eba7f3a4e 332f246cc510cd5f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c9e9f8dea5dfb9a c79d2ce1294d6f84 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1e91b4ecf4c62c0d 5c5c5c5c5c5c5c5c ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e943f4f5c5c5c5c 5c5c5c5c5c5c5c5c ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c96d02e7f15f1d0c 13c0b24fd72bbf58 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c5c5c5c5c5c5c5c 5c5c5c5c2f4e3c1b ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856b08e647 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000001 RBX=0000000000000002 RCX=ffffc900005e9000 RDX=ffffc900005e8f01 RSI=ffffc900005e8f38 RDI=ffffc900005e7d28 RBP=ffffc900005e8f38 RSP=ffffc900005e7c88 R8 =ffffffff91aadf28 R9 =0000000000000000 R10=0000000000000004 R11=000000000008494a R12=0000000000000008 R13=ffffc900005e7d38 R14=ffffc900005e7d30 R15=ffffc900005e1000 RIP=ffffffff81699876 RFL=00000292 [--S-A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097abf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fff701e4078 CR3=0000000048fd0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000044000001 Opmask01=0000000000000000 Opmask02=000000007ffeffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 579c0ce92c2f1105 35fb6bdf864e6a52 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cfa88765b04137fc 31c6b06b95299e40 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 93d9135542dd7363 daab93700f7a1002 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ef30107ca4b9363d 8e663b1c0ed86be8 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003700 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e89800009a120000 0030496a00304c9b ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e6a80000298c0000 85d1eb70fb3444c5 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 82fe000000000069 0030491000000004 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 563a0080f5a7fceb 0100000000304909 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 23e51f8bf347d94e 521d35046a60defd ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6747f8e613cea549 c1570ea1b5731553 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d25203a7325206b 6e696c6d79732065 7461657263206f74 2064656c69614600 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4800051f5600054e 4b4c49485c560540 5144405746054a51 054140494c444600 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000221 0000000000000000 30706f6f6c2f6b63 6f6c622f6c617574 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005351 0000000000000030 2d78742f73657565 75712f326e616c77 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7b27697a787c7a30 23333a3a38263342 4943213f395b2249 5a6e786b6e646b7e ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a263b383a3a263a 383a3a26493b3a3a 26483b3a3a264b3b 3a0a00307f617930 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000