last executing test programs: 5.757359189s ago: executing program 0 (id=198): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x20a00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r1, &(0x7f00000002c0)={&(0x7f0000000100)=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x4000000}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000340)="6d20f2fb3217aa659591e7376eaf341b7b4c9d91316587a5e853da090ade3cccdf4ecad64b6590d0a43200a571f121c3ab0dba00e7d7d8f5cd9b47796ca7713195eb75d7c0c023ac38c3791f0ac2db1386f25b2815a462c99ec6c1b10a168981c59ed1fba9f98a054cd2984f7e6cf2fab6b1c6813fb8781175e8fbb9f4660aab575ee60f9398941bbd5675790e9906", 0x8f}, {&(0x7f0000000480)="19877193e3281f2aa22a1e6e7d681eb8f93e0c1fc7c2a7c9e00001f1025d84b09663adb381244a4b994ce7ed2890656f700c28a74d0f6739234404bd68545ea3532e4b03dff4b6460a85105db1373791", 0x50}], 0x2}, 0x20000884) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0x82, &(0x7f0000000200)={0x7939, 0x5, 0x8000, 0x86, 0xe2, 0x0, 0xff, 0xb7}, &(0x7f0000000440)=0x20) ioctl$TCSETSF2(r0, 0x8910, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f00000000c0)={0x1, {{0xa, 0x4e22, 0x10000, @private0, 0x7}}, {{0xa, 0x4e20, 0x10001, @local, 0x7}}}, 0x108) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000001540)="aee3d8aa5cc43da5ccfc448e9c95e5c509146d3e0caa26c1dd0caa3b20c981c3f69b5a79f200a0863084644974459a7096153985b308ea6aed378ff62430ecf921dbc1c03cc9ea860d190996aeb69749a0d13c576798a614cbfae0c6984d4158072db0cfb75c44153872817bc76eead1ec35624af93f1f20a8e8c1c3f65b0419337fe4fdabe344265945cdb8da9f8b32c15e629648f8bc6c9c9a4c7c8673ab11c960dbcb37b75e97e59b18953d60a7f2f65cd4be6b87f49308a33081655a4afef612d03f4a518943d4349ab975f4c5bc37bd0181ccbe1af0ce92cc953666d0bc7138682732f667b12fc36b4170914645afc01d26bc7c7d9ad028b9796785bbb235f21a076e379c9831977f350b1c97ec00e277cd9e4b2e4e1f07fc91fdbb1f9ed78094922139b48f395078f28a5c009fbfd73bb0c1336695b65805a8f6ba02845eb85a713c997654f3668411f9c6d48dbd9fd6d9507a806eaae36671cb4315dd74cead502ac8e45bf8f0eeb5c3f9660a1fe4e6b18b71de919fbd5adf8b3f6e38188d30bfee3654845fba3042681b05f5871bd1e4532c4d9865ab5cbc0f41ee32526a28b058d6328ad80444c51f55025b16c7584fdaddcdb25c94188d23c366e9cda932ccc9e2d6c7855eb34fa92ea3a765c057552e35e74547c3be3fe3e7c1890b1b7be6ce843eab3a620ed4c21da390a9c1609538dfbeaa5ab1c63cc711c674b4ed95280697744cc9175622d8dae0c11d0dabcfff4ab0e89350e38277ed85c02338e0ee76b85f5b6b7d837c52326a0cd1e0de56a067283ae33288b6e4af0582bbd031594fc8d724c2281c96462224859c315bf0b23f7f7af9b49b7ca116d582709649329d8d204c6bef710206b1081ef2e10dbafa5189c168a22b0f7e44bd5da67a5ed8b22cf80e150306ce2526af054d5213e3c8d8a142bbefb15573541427d048db0ead3eb25ab16e410a72a68a8e048ec18f48feebfd85b9cadc1261ad0a88c6970fac1ef20625dd10e0fb0e95531e30f42b0be9027eaf4621a9aaad48d62749bd0339725c408b157b98df6f1a82e86db1c3df8bf0db4686df94486e2f6cf0858c984d9677a3457347049c6f04bdd189ab01affb2b7cf0f999bb7d23d9d7d4ed4df620888d841d2e0a59763ca9bc7d25b9acac90a82eee3712bae222eedb453a08104c071857fd4f74f9482bf5b443d9f7eed5cc62a84c7ca1831b02d55978b638c9274ed8b01178e9a6993902d565e864e77eccdc3f5367806fbe2650e09f86732ff3aee0c312e195b66b7ee47d34e12a1f0b18c2ae661aabfc8928aa0dbda7c44f7d3e2d95a84000ab1b47e1d2c6a6222c892ead5d3e18e00d4d8884ff5cb2deec582c5ae3ed736e8ed6796ccdee6f7722808aaf91c47fbd9b1f6a46aee04ef0e262606d6139e0898ac4afa3cff1f92e112f860bc1ece7d28adacda16ced101e099a1116c9df8a4cfeea4ac9453448d566761b49d3375e016ac70258d166045575e385c2b0daa34842e920ca3e972c427c2b08ced547db6eee4038c6b5d7f90b8831eb3ce390fc0cd5d786b2979da5d041f00ab27308c48b3c0a0ea0a9a1d801fe8549192bbfa29e7a5efcc3f26724863713d7376c01f4fa60941ef9260d45d7da9fdd2747bcd7e4d2a1293221c07ddc13961be8c3f69a9879667101a04e663a7ae7e33d84d683b0f21fadae463e1897768ffcb8264944bca2c1f1ca52690fd9bfb9a97a184caf1ae6be56a676e06a6cd83de1eec3851983edd394d613474c47294f7898c494ca4ee3c1ce6f9400f332b8bb04a22950eb35fcdfd9d67317cd07db50e1e1bd302ef14531645ba6fbaea06707850f9b82aa675e609854520bcb57818568226eb1473efc785c5676015b30605ee60471f7fc4cf3f032f7f288552f7bee88485aeac2734d5d5bbbae2388bdeb1321c682696f91544306f2a21c293e1dd867aef7e74fc927ab0ecb71324ddab1f9b1c60a25595e1b9d37d397dfb41aa7c0a15c549b0b4d719d3dda774bc7f2836a480b157ecf91c7f49005775cc98e291baf73e6126a94e0a55b25457945541047498b8a007806ccf4f40726fd77e1bfc567adca9f33eb56dbc3c72f3bcdf7578c95e8ce80cc1fd90d0e3645fc549a60861ea500a41ad0ef6cb8120bf4726c53421127ffdf40c7d70b6cdc2d3bc443aff7e8994b6951965144c1ac9d1a39f9900afd3e1fd5103b3fcdb663b858da9bf8936169fd0ef1393ed8cc6643c183eed70c35fae6ee6ee35d67be0a36c5f13d92c0cc483e52808711a39401e9ebb6665e02fa493441bd4d4d1affc7a8bf419258fd2aeaa60db66e7b9f0d4b27ebf190b438213be655e8ba902a03e0327588c3bd36bb61a1ad6d9c483c68766bc4213146b08e76a32f09f98eaa63f3b1705750236fa72b9c128ba4694da728a21d2c0a7e34cd237cab9ea69eef4604c71e7b44da5961754b2d9ff264c9b8e66f4a84aff597fcd4aebf9a947f74d4e9d47512a79735b3dca5a6649ec1023f30f7c2d968317c6fe19c9b3c9436606e5860722fed53368096fe839032e685bab21b46d33bd2acb00fe28f26f457420e1315acf4f9b33984168bcef0f7fa95732d4422c4b3d9da8224ee1792de0dd3aee0ad9009ad3e50a5fa8eb03c52a52cd6530b2af7aaf89763f59929877d66ea7a0818b6f392b640e3b77a6233027fb275a5c35760a899dd0cc56c517414ce14f46057f34273151d5a90ec2e94e432ed807ae18da5e921a33b2d589df9618d7a335afec0f39d1fcef8e86166a35757ea6512163a2e426445362a950ba3dfe86f404a45cb5c4ae2e6e2c50acc74c552adbab73714f82c3d8b1f6b9aa48bbb909c9d50c524652b6f96f3516fba0d0b31bd4e4c359c689612e041c95b74372b935107b78dc1510284e0f056f4072f1d3a9185b3d1a6c73f349cc10a9776895d27da8ce0af922793003a597bae167a7ccf1b0a3e4ee3a44c854822539657eec90409ccb92a99bd2539f78083c909e7814bc5e5bad420fc5cf04f77a5d9cf77135e1208048fcf6da7a1e130ae5eeac0d9c22897172252b0839db47f028c8a9e73cf35162efd9df2583cfb4609d35e8bb3ec9b7a3722dae21a7f4a17407e5b12f24cf1f8b740d2ca38aaedeb7a7fd9250b04217b1c46b526519f19182d2a1eb4f17256b10dd257cc863f8e30dd374b791f7ef6bb6735375b11820421c91bf28604f0558ded2dc0d7b663f9edc0180840d4f7f8120814e755abdbfe0c978079b39cb595b0ffbd8ced8c05ba0cdddce618a0783a79aad5bacccf3751046c0192adce0c80964cd14deaa19995120d383669ee26dfc0fb2b34411d2afd0e083a48aafaf0a405dfb3618b3b813925c7f9faf6afcc443ac37c0301eea1a9d91c1e069d1de1b91d452d040d4f9270e675286a025e9918c4234a620b405352f0133e85de171cd03cadc3174b63bd21ca0ad17d82980943635b51c250cb33bf203520663c98869b7b28c72b88206b2445a6f1baaeb71f234403e2377dc3d00de384a307578cf57e2994d33948dd9283d192905e2034a4e8fc7564330066644c539d2eac6048337256125b78aa712edd940ef7b0d7b9f271d06e7bd3a9f9599e27455e1269ce4e2a5211c80785747ad4e66efe24d10a861aa8c73aebcf51d13ce4a2e87fc60110b884be753204aeb519170e397558007bc738cd61ca79282db801acb1c3f2f98bc32f8620915fb0b31e4e7ec24854dcb73ff03a7b1cf79e1bc203813b31258900d4fcc784cd0685cf91ffcd234e23d7af676cefecf44342ec547b7decb1c7293826f974b672f60c7aadcd9f2ab902ae33260e8b906863d1acdf756061bf4787a1d5fc8df40ee78ac3b342ea3e08e7875d6b565048c3877870e2c91f7569ce0cca2727d3d350de1ea400bc416f64e019b48c954ce683bce59111855e1d2ed1f06aba16fa13568b3c61ab5627fbba604de4adaa78ed3d932abc451e136a09a223aaea281041460c53e74518a61f841d6eefca4798c7ef59248e9301118cb315436138287b1e06710fe001191cee629e45f7cc20baf5d14387b3d6e33201c07a485609b5658d3880dc221a7919b4f298e9f19dcc436e753d3baec0b5cff876e50a72683fadc769a8fc58279fdf6754d29ec47a7ed281519d3dd7d3fe0060d11c305845b43e3cd696dcd8fe61b3b455a0ee08f92225a8f78f200989b608e7d4b3f3533805c2ec1ca3e40ad2a66e5b586f13cbdb997990f6fc89349ccf61f0dc25c9407bb1835456131ae95657f18977c767258e4b7136de9032719514fac74e7bfde9f03a596332e77a075c1c56db9fc6db33cd1667bc6422bffb82e0778d3752e6e95fd572a3765efe4e01ec10cd18c1c146efed0a48be09dc61cacabcae761013ed185e1ad20fcdeba86025926fade7b92b5dad8cae1e6cd55b339e48c94eabd2b84ddf7c32a043726448e5dae2d8796cb9267830393732da7b4960d82c1dc0e61444af944bf3eab710952fb4f3c9816b251b2f799996ba7a383cca885e2d55e3574838f40486ff5257eee13776b8d198f790131508b6ffc495d9aa1377a64e2bb1388042b608a8433e580779513cb16a32437381dee3babfa70d53e1a080e170e8c8a31e46977bcb1a3469f3af14b3d430ad6b9d779898ff6e64d343a350a1008d1e0302e32cea0adf3e343eb3c9fcaf23f87bcac1c60393597cbc7d16222668b0305a0a75a4efe5723d6c1f7f75bfb0523fb01e352beecee0182061799c248be96ec3c05a27ddaedd1d0c39208f8fc4a08264459e8ef55ffd2dbe42c0419d51744157c1e33a5bce80b15b9902299c8f7f62c6ccb9c6caffb7835b4fe485fc2457e237b976468a191f93f0805c498cb0b15cdd7684a418794a12a7bb67080de2a44d964e7f0aa69a7c5259b8ebfd734caf78032ec6480db3293a21e2f7f00127a1acf6a14e889321df0ff35e050f9040c97d7beeb7f3445704f42700ef364724d372f13aea87e013e746edbb35721fa5ea669a246fe3d5529e1834c9c4cc450c1ae4eca8740d7570fed0188799443eaaf9b044abf9734df49395461c1366bd4fe728ba67e765ab0e6600eb17d58535f24349a9eb00722e2382429f5dfba43e002c03c205744945d824380aaad941044a1a35dff99fea594e43f117d3889c8c79b5dadcc8778509fdbb198499e2871cd11f8aa9142506f956506128e9d1550f85ef55d4694218c41901a3932967a547431344ed80787f22ece3e9509ef66d5c79c81077af865190c0d970a416694ec2384052da456debe001ce1a9a220796cf2b998ef436ce09ba72fc0e1504bb715dbb4e19dd2fd880630e6b3fe71f7cc6f6a4847812c6e1a1ab54ed33a81bc970a26c3f02eb8ad1a4011950b1cf4be98b5576ee235a9fab6f362d418050ab8296643d9c2dfaf45e74d20b4aa8e3902de770f0e27af2fab4a2b68c4d9b0e9758c4d1ef935baa994ba125521bb9e18c98b7f51ebae668f0837c3e4857eb364e72af796fad97a13a9d0d48b43cf77caefa7b4192681d37c2268af5388d772fcb9d844baf7230a59e8e7b19627a78979abc08efcd0179951eb914ec6c94bd80a75e900561c4a0730a9431e6a53222050dc68c3130b1d70547a7562eff09f023712d8631fdfc2d55153e7cb08ded97b3645806a0367a9713bd7fc8b961b22ab49d4ba3264f8d5f5baefc980972f5575df98ab895b49d85d35376639a82a25bc044690876a80162ef976bf91af66694ee0f24d75346bad6506b95773f7e6ba969ba495cd704eef15120e8b8225f686363479c83bd05ea92ce487d") r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x510, 0x0, 0x228, 0xffffffff, 0x2e8, 0x3d0, 0x478, 0x478, 0xffffffff, 0x478, 0x478, 0x5, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x228, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'bm\x00', "0d01d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x10}, [0xffffff00, 0xffffffff, 0x0, 0xffffff00], @ipv4=@dev={0xac, 0x14, 0x14, 0x29}, [0x0, 0xffffff00, 0xff000000], @ipv6=@local, [0xff000000, 0xff, 0x0, 0xff], @ipv4=@broadcast, [0xffffffff, 0xffffff00, 0xff], 0x7, 0x1, 0x5c, 0x4e20, 0x4e22, 0x4e24, 0x4e24, 0x804, 0x20c0}, 0x80, 0x2}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x2f, @rand_addr=0x64010100, @empty, @gre_key=0x1, @icmp_id=0x67}}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28}, {0x10, "89ce", 0x1}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x40}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30}, {0x890, 0x218, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x16, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@private1, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @rand_addr, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) syz_emit_ethernet(0xffffffffffffff01, &(0x7f0000002540)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa2c86dd68fcd9bb000021ff00000000000000000000000000000001fe8800000000000000000000000000014e204e2100e190786080977108ecab1032a5a337bee8ae32ca9229bfcac1d97a8850147e1297d83bba16290fa5c5d9fd950aa49c8854107fe88dea84a8744e5ada7507a5ce2274ef7ad39de5a23eb96b450a24ba960123ff8663ea52efa887cbbab6c43bcb8add3ea4808de5cf9feac586fd9c823a9b09087c094f1e4194f52a276450ea1e0b862b7947d1125f77232afecf57bcb27b68027a40c9f2e7c8500289925e82534cbb14ebaffaba80759bfecea0e8a46285959421742646d25763378b00067c60967c910a0436889223f79f0aab2418ff1c59beb375368506dcd8680300"/290], 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e21, @remote}}) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={'vlan1\x00', {0x2, 0x4e1b, @dev={0xac, 0x14, 0x14, 0x18}}}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r5) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000c80)=""/231, 0xd5, 0x0, 0x3, 0x2}}, 0x60) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r7, 0x7aa, &(0x7f0000000280)={{@host, 0xac}, 0x6, 0x6}) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r8 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f0000000040)={@remote, @local, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a", 0x4, 0x0, 0x0, 0x71}, 0x3c) setsockopt$MRT_ADD_MFC(r8, 0x0, 0xcc, &(0x7f0000000000)={@rand_addr=0x64010100, @multicast1, 0x1, "71549b0199aafca48fcaf7eeb52a0253f529b55de314278249b0e6108315f222", 0xd8, 0x10001, 0x7, 0x1}, 0x3c) 5.303535848s ago: executing program 0 (id=202): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000180)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x16}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x2c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x14}}, {0x4e20, 0x4e20, 0x18, 0x0, @gue={{0x1, 0x0, 0x0, 0xff, 0x100, @void}, "da2d723c95585d2439728553"}}}}, 0x3a) 4.922205984s ago: executing program 0 (id=206): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r3, r5, 0x25, 0x4, @val=@tcx={@void, @value=r3}}, 0x1c) syz_emit_ethernet(0x7a, &(0x7f0000000840)={@empty, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "7ce33c", 0x44, 0x2f, 0x1, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x3, {{0xa, 0x1, 0x3, 0x1, 0x0, 0x2, 0x3, 0x5}, 0x1, {0x4}}}, {0x8, 0x22eb, 0x3, {{0xc, 0x2, 0x4a, 0x2, 0x0, 0x3, 0x7}, 0x2, {0x3, 0x9, 0x1, 0x1a, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x1}}}}}}}, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0xfea7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x2, &(0x7f0000000140)=@raw=[@jmp={0x5, 0x1, 0x0, 0x0, 0x0, 0x20, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x7}], &(0x7f0000000340)='syzkaller\x00', 0x3}, 0x94) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x82}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0x0, 0x6}, {0x0, 0x1, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0x2, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 4.48123881s ago: executing program 0 (id=208): mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYRESDEC], 0x0, 0x2c, 0x0, 0x1, 0x40}, 0x28) r0 = socket$inet6(0xa, 0x2, 0x0) execve(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340)={[&(0x7f0000000040)='bridge0\x00', &(0x7f00000001c0)='/)]]\x00', &(0x7f0000000200)='bridge0\x00', &(0x7f0000000240)='\xcf.[%&{}]-\\/---*}},\x00', &(0x7f0000000280)='^@*,\x00', &(0x7f00000002c0)='bridge0\x00', &(0x7f0000000300)='bridge0\x00']}, &(0x7f0000000700)={[&(0x7f0000000680)='){-,}:)+\x00', &(0x7f00000006c0)='}@.\x00']}) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000080)=@ethtool_regs={0x12}}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001400)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x10, 0x1, @thr={0x0, 0x0}}, 0x0) ptrace(0x10, r2) ptrace$setregs(0x1a, r2, 0xc, &(0x7f0000000000)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000180)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2022012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 2.171071411s ago: executing program 0 (id=229): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async) lsetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x8, &(0x7f00000001c0)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@default_permissions}, {@nfs_export_on}, {@uuid_null}, {@volatile}, {@redirect_dir_nofollow}, {@default_permissions}, {@index_off}], [{@subj_role={'subj_role', 0x3d, 'overlay\x00'}}, {@obj_user={'obj_user', 0x3d, '#!'}}]}) (async) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80400, 0x30) (async, rerun: 32) mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0xc0ed0000, 0x0) (rerun: 32) mknodat(r0, &(0x7f0000000080)='./bus\x00', 0x40, 0xe683) (async) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async, rerun: 64) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) (rerun: 64) 1.869964297s ago: executing program 0 (id=232): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="abda988f60a2931fb796976f9030bff8b879d318ad627ee5dee000000000000000096afb2a5a020ae55deaf371e8ef"], 0x20}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) r3 = socket(0x1e, 0x4, 0x1) setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(r3, &(0x7f0000000100)={&(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x5}}, 0x10, &(0x7f0000000300)}, 0x4800) r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f00000007c0)={0x1e0, 0x140, 0x2000, 0x240, 0x74fc, 0x7, 0x2, 0x0, {0x6, 0x8}, {0x6, 0x401, 0x1}, {0x800, 0x40000000, 0x1}, {0x7, 0x75d00000}, 0x3, 0x1dd, 0x5, 0x1, 0x0, 0xffffffff, 0x5, 0xb, 0xff, 0x6, 0x1, 0x4, 0x3, 0x3e, 0x2, 0x462be122f10b40b4}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="1010000008000000140003006970366772e530000000000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r2, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, r5, 0x8, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x47}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x8001}, 0x4004) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write(r7, &(0x7f0000000240)="14000000140005b7ffccca38b9000000060860eb", 0x14) syz_usb_control_io(r6, 0x0, 0x0) r8 = syz_open_dev$sg(&(0x7f0000000000), 0x10000004000, 0x1) ioctl$SCSI_IOCTL_SEND_COMMAND(r8, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000100000a5b70000"]) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r9, &(0x7f0000000000)=""/74, 0x4a) read$char_usb(r9, &(0x7f0000000080)=""/26, 0x1a) r10 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfffff004}, {0x6}]}, 0x10) openat$nmem0(0xffffffffffffff9c, &(0x7f0000000100), 0x200800, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff) syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0x1380, &(0x7f0000000100)=ANY=[]) 1.142576532s ago: executing program 1 (id=237): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x5, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000100)=0x2, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x1e0) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0xb80c01, &(0x7f00000005c0)={[{@nfs_export_on}, {@xino_on}, {@upperdir}, {@verity_on}]}) r2 = syz_open_procfs(0x0, &(0x7f0000001400)='mounts\x00') read$FUSE(r2, &(0x7f0000004100)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd60) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYRES32=r0, @ANYRESDEC=r3, @ANYRESDEC=r3, @ANYRESDEC=0x0], 0x30}, 0x1, 0x0, 0x0, 0x4048814}, 0xc000) sendmmsg$inet6(r1, &(0x7f0000001ac0)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000300)}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=ANY=[], 0x11e0}}], 0x2, 0x14) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b30, &(0x7f0000000200)={'wlan1\x00', 0x0}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x15, 0x0, &(0x7f0000000480)="e3008067000600678387460884df784a4d66784390", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xc}, 0x50) r6 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x28101) r7 = fsopen(&(0x7f0000000000)='jfs\x00', 0x1) fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f0000000240)='resize', 0x0, r7) r8 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r8, &(0x7f00000001c0)={0x1d, r9}, 0x10) r10 = socket(0x15, 0x5, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000fffffffff0e00000000000000030000000400000003000000fdffffff00000000000000002e009d48423bcaee0ac056252b943d7b2e6f6cc8e0dfd692613dc9f66d03399c1efe087becdb11831de16826cf2405caad015dc423510b90a1348ffa83bf0d470c243f7f5f3d47be7e4b36d7c9653a352a3c13eea3c2260ae999c6d9a7fd5f5414fc8151b73c4a586016f849912f3d095076823aee4ac275c2b6d4b7d66320af2e8f331e12004151cec7c99dc512b3d2c24e2a206f", @ANYBLOB="0fabe34adec139588bf58d2610b5d52153043ad70cdc9a7f5b2a7a400171bca7d505ce1222f415ab07a1e02236c601949c509748eb6114646dab0a882b3b9d1360ac62c07486a46db2cc49bad7624a5afab5857b09e993e314efad63906017ed2ab5dcbb7b9762cbab3bcc46d2a44f4307bb2e2e49e7f7acb4c1ae841108fe", @ANYRESOCT, @ANYRES32=r5, @ANYRESDEC=r6], 0x0, 0x46, 0x0, 0x6}, 0xfe0c) getsockopt(r10, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000)) sendmsg$can_raw(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@can={{0x1, 0x1, 0x1, 0x1}, 0x4}, 0x10}, 0x1, 0x0, 0x0, 0x20000840}, 0x20000000) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r11, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r11, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r11, 0x4068aea3, &(0x7f0000000340)={0x74, 0x0, 0xa}) ioctl$FIBMAP(r6, 0x1, &(0x7f0000000040)=0x85) 951.377465ms ago: executing program 1 (id=239): r0 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="441f0803000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="20000000280001e5ff020000000000000e"], 0x20}], 0x1}, 0x20000040) 951.189714ms ago: executing program 2 (id=240): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setrlimit(0x7, &(0x7f0000000400)) shutdown(r0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x2, @broadcast}}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)="3417234d43aa08f48bc29e49de88301f1b9c24b40beb63f893aa3f04095da61cf3741e6bee9cccbcfdf874f6e1597bf5008dbce97be8ff265e6c79499ec72bbf6b9808692e024c49896be6e9962c7908e0ce69a6dba19f0817cf99478d46105fa8110aa388904052a72eba866b81c2977a6e08aaa72e1c5e455853f3900490bef581eb5fe3edbeea80d4c1ac859bcc01d062c8fa334078c079456c6e3a3b1faaa5e3c443e70e29b2b973e3b2420f92746f0846aebc8e939313", 0xb9}, {&(0x7f0000000240)="0c1b2c8fc4740e4ac144ce1af282f44c8d59e0d31741405b85d380fc4737c1bf0293b27d54fbb74428e8dd9829bdb6ba467f7e6a3e44410eb8b02994f30791a5376f55fdc0fc8b9a11026fcf983e2cbb59dca654980ccc70b9dafa3c943d03b77c59414ab727b9a7b47a9baf34cc8cf790fec79e7141", 0x76}, {&(0x7f0000000440)="a5176ea876ae581dbd273f44c1d905efdc2d64e551276938dd57359df0140755d744489168dd7de1fa70b12da9e59b2dca8f2cb05abc6ab1058da98373e63da5d712deb564840c2f363f26645d5d872b729c5fdd7b8f56ca0cebc8aaf0712beb77e89663b44a8d85aff193abf4c650c9349e9e96b3dac7fa7fadbe38ff0fb4009ffe2e18b755767cd715a056df47071d0eda4989dfc35739aa85c39f4a64a6dca070f6b8697a23bd79b7aa94ef756082705d61", 0xb3}], 0x3}, 0x40000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x8000100, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x986}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) 839.409153ms ago: executing program 1 (id=241): personality(0xfc6703a0ffffffff) (async) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f004, 0x2}) 839.082309ms ago: executing program 2 (id=242): capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000340)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x3c, r1, 0x2799f5eec7981083, 0x70bd28, 0x259fdbfc, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) 838.60063ms ago: executing program 3 (id=243): r0 = socket(0x10, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000500)={0x0, 0x48, 0xd, 0x1, 0xb87, 0x5, 0x9d, 0x7a0, 0x7, 0x5, 0x10001, 0xb, 0x4000001, 0xd8, 0xbdb, 0xaa, 0x101, 0x4, 0xb, 0x7, 0x5, 0x4, 0xfffffffffffffff7, 0x9, 0xfe, 0x5}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0xce22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0xfe1d, @loopback={0xe0}, 0x9371}, 0x1c) r3 = syz_open_dev$loop(&(0x7f0000000240), 0x40, 0x1c0862) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000003c0)={r4, 0x1000, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffe, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6abad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e0000000000000000000000000000000000ffff", "32d8cc26f7061a74df2cfc06c89f3d9a234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce6, 0xa]}}) dup3(r1, r2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x4}, 0x0, 0x8000}}) 724.704281ms ago: executing program 1 (id=244): r0 = gettid() syz_open_procfs$namespace(r0, &(0x7f0000000080)='ns/ipc\x00') 704.540974ms ago: executing program 2 (id=245): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/uevent_helper', 0x149a82, 0x24a) write$cgroup_int(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x140001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0) r5 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f0000000180)={0x4000, r4}, 0x0) landlock_restrict_self(r5, 0x2) landlock_restrict_self(r5, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab5979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab328ceabf6d2bab40bb1b219fbe95a8546f00ffea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb79367527953be17edcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208620b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"}) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000005c0)={"d43fd3e534a5248b054573fafdb6266bfdd486577cce1f476b0d629939092e73b365520359c1fea2e83420686cd380ba9ca068adac936594d7acecf8c434cb1436897aaf779a5a35d10e8f63a64baa685630a5f54f9e47f63e1fb2f85dde6e57d19b9d4e54ac58c6dba9e436cb54b1e5284fd96314fbfe394527795e6238e5d98dbd57803adeb8c988abc7971242a7552627ffae4e1bd852a7cf6b784cfa4de05a4b1488490db71737ae907de3b77b53e01f68de88be4ea21dd0ace6a455c9c07a37cbf9ae5d8c031c83016f73a664860ea0345992c8518f247ae111faf029ddd30f7b8080e77dfd0fae81c3d7c605b93e624209a89f1c58377e689fe4703cc7a0113a589feeed3dd0c8084cc20530be3e66f3b56ad6ab06b1947762a01e80b5cc98f555800b658f30cc2d5cfafd28011e6c83c2148c437373229f203f4496f178a37e63fe3d60b1115298807c8c270e0cd2f998df788b4815000f1f46a0110cefd276de1f4676c7505806110e76c408cdf70750ba947fe5b3b6630af3050e4564850a1155966df6474ca936439bb6ed426a60fee91e386b18c9a76e2aea9d28976f178293d77639a52995401d5e3dba75a1fb1cbee29fc47243a213cab7183c98bed21cbce9d04d6abef4bb7941ee921885605bf26041e0ff042ee2f6c2e2e2d44cf31d6012c721a124199870419ce909985ac0fdcdb99b2176707690d1f570883801699e113cf97f559d501b8e312ea525a416d523260a15bd151074bad850a9e0c232d2a47d18d83cc4d5e72ddca397977b265a8077cb585b93ac7eac60170e73a0925923ee024da9466ee5091d693d9e4ee147656491f94dafc2199077fb4edfb72e3d0303918d88fa0dd56d0b0ee07629f3ac3f8ee2d5b2f23f1a3de9786e20fa6012b8376719d41fcfde73bfabe6cd33b6a5ba2a44a333446e6a0eafec76bc19d8994453097aa72d4ebad453f4593d646620daceb5585722f21e8cb60e5513ef50c816a97a6d57796d687b9d408b7121e618bb221575e41d56f45e1a7b4f6f059a39ab2ac98bc69c41259d18080ad4fa413839646ff10d9d6693bd22f6341e20a3ceb4e5f04ab2f3542e0c24d68ff1168928ecb359c92b3c41a6e54eac65711e53746227438d172d88b7d841e7f1dd3a55fb2433a192ba4dbfc5110aafb21218fb0ed87d877ada1e6a7383659e79507d4832767b2680b6492ade22d1be7b78f7eed035a2345a019972c74a4fb56241942204e90ab42504ea9b2b5523d8a7d6cbaafe11cebfae020fed3d433f08e5f1e20fed552baa89b8f45f147465374f643132f3056c3c963cb3c0fa921dbcbf7055f951258c680a8ac674eecbe042c6cf1b84ad97a21e0d5e683169e39583065d63a9e547fb5c31d0616d7376c101c69583767d85b26a611f1a61f1ab4c5ce5b06eefb9711742933334c62cc3c6b0"}) sendfile(r0, r0, 0x0, 0x100000000) r6 = signalfd(r0, &(0x7f0000000000)={[0x101]}, 0x8) mkdirat$cgroup(r6, &(0x7f0000000040)='syz0\x00', 0x1ff) 616.032608ms ago: executing program 1 (id=246): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000080)="c4e27d9811c4c1fde69762ec7cd166baa000ed0f20e035200000000f22e0f2af0f78e50f01cbc4c1d9c27df20b26650fc71c583ef26c", 0x36}], 0x1, 0x59, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0xa00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x4000000e42, 0x9, 0xffffffffffffffff, 0x5, 0x10000, 0x3, 0x4002004c2, 0x100000007ff, 0x1, 0x0, 0x10000000000400, 0x8, 0x7, 0x0, 0x8, 0x8b], 0x58000, 0x240046}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 499.865258ms ago: executing program 3 (id=247): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000aa000000006"], 0xc8}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', 0x0}) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="5c0100001000130700000000ffdbdf25e0000001000000000000000000000000ff020000000000000000000000000101000400004e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc0280ffffff00000000000000000001000004d632000000fc020000000000000000000000000000050000000000000000000000000000000002000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000100000000000001000000000000000000000000000000000000002cbd7000053500000a000400500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000080000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r2], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014) 414.222918ms ago: executing program 3 (id=248): r0 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x228001, 0x0) io_uring_register$IORING_UNREGISTER_NAPI(r0, 0x1c, &(0x7f0000000040), 0x1) r1 = memfd_secret(0x80000) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000080)={0x100000000000000, 0x10000, 0xfffffffffffff4ce, 0x1b, 0xb}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x22200, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$HIDIOCGPHYS(r1, 0x80404812, &(0x7f0000000200)) ioctl$SIOCX25GCALLUSERDATA(r3, 0x89e4, &(0x7f0000000240)={0x22, "e89af0b2d6f56f14f50b598a9ec1e796688f7226225bbf71d6b4a59c44470b5f7ad828870316c6186987288ae02bc41d8b1cf15daa599e06752277afe5ff23e75257f7cafb8c24a7c272bf1a2c587358fa2df9352817d157e31e36a6b65191f1292f891f90562f22e851de9163fd3ce2431d076ed17d23de44410cb88ae12835"}) ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f0000000300)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x44}) accept4(r1, &(0x7f0000000340)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f00000003c0)=0x80, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbff}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) close_range(r0, r2, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r4, 0xc0044d18, &(0x7f0000000500)=0x5a) ioctl$SOUND_PCM_READ_CHANNELS(r3, 0x80045006, &(0x7f0000000540)) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl_fd$Q_GETFMT(r2, 0xffffffff80000402, r5, &(0x7f0000000640)) ioctl$FIONCLEX(r1, 0x5450) r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) ioctl$VIDIOC_S_FREQUENCY(r6, 0x402c5639, &(0x7f00000006c0)={0x6, 0x2, 0x81}) ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r0, 0xc008aec1, &(0x7f0000000700)={0x6, 0x0, [{0xb, 0x7, 0x0, 0x40, 0x9, 0x9, 0x9}, {0x80000000, 0xb0, 0x6, 0x40, 0xad0, 0x26a, 0x7}, {0x40000001, 0x2, 0x4, 0x2, 0xfffeffff, 0x2, 0x2}, {0xa, 0x3, 0x4, 0xe, 0xc, 0x8, 0xfffffff8}, {0xc0000001, 0xfffffff4, 0x3, 0x100, 0x1, 0xb25, 0x40}, {0xc0000000, 0xcc, 0x0, 0x2, 0xfffffe00, 0xc00000, 0x2}]}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000800)={0x1, 0xc, 0x3}) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000840)={0x0, 0xbed6}, &(0x7f0000000880)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f00000008c0)={r8, 0xdcf, 0xa1, "5f8e844e1d64049ab77e258659e318cfa52a3a1c95724c54ba901a556ab88843d30ed160ce6ef8e75249a66a407db2c12b90930068bcd3ea0a39538c3bb36535326a809ca530db0691330f2f7d854dbfacefbd832edd212308d3a8fbe6757c63ce7d18a6cd0cdd19cdb5b33ac8ea8151c9d7af5d37cd29bb0b956dc4e0a73ca3c5912018e007a1404bb836da2734e68c0122c9b26ada15bf4ee1477e932add81fb"}, 0xa9) ioctl$SG_GET_NUM_WAITING(r4, 0x227d, &(0x7f0000000980)) r9 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000009c0), 0x440000, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000a00)={0x0, 0x2bc1, 0x0, 0x1, 0x3, [0x0, 0x0, 0x0], [0x4, 0x6d, 0x8a, 0x3], [0x6, 0x8000, 0x30, 0x6], [0x401, 0x1, 0x0, 0xffffffffffffff26]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r9, 0xc06864b8, &(0x7f0000000ac0)={0x0, 0xfffff8b3, 0x2, 0xd86b, 0x2, [0x0, r10], [0x1, 0x4, 0x800, 0x6], [0x6, 0x8, 0x40, 0x4], [0x2, 0x5, 0x3d261cd8, 0x800]}) 414.014222ms ago: executing program 2 (id=249): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000007400)={&(0x7f0000000100)={0x50, 0x4a869cc0a2847a9c, 0x3, {0x7, 0x2b, 0x7, 0x82021, 0x7ff, 0x5, 0x0, 0x3, 0x0, 0x0, 0x8, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x2e, 0x9, 0x70bf27, 0x0, {0x4}, [@typed={0x8, 0x18, 0x0, 0x0, @binary="05ac0f00"}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r1 = socket$kcm(0x10, 0x5, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) 321.04432ms ago: executing program 3 (id=250): mkdir(&(0x7f0000000000)='./file0\x00', 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x8, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./bus\x00', 0x124) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r3 = getuid() mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@index_off}, {@redirect_dir_on}], [{@uid_gt={'uid>', r3}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@flag='dirsync'}]}) chdir(&(0x7f00000000c0)='./bus\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0000002e00090025bd7000000000000400000008001a"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 320.616125ms ago: executing program 1 (id=251): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000061113000000000004600feff000100009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0xffffff33}, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xffffffffffffff8a}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000180), &(0x7f0000000280)=0x8) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000d00)={0x80000000000001a}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r2], 0x24}}, 0x0) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x1, 0x0, 0x0, 0xb61, 0x5}) r3 = gettid() r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x60042, 0x0) r5 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r5, 0x84, 0x7d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) write$binfmt_elf64(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f000000000000020003"], 0x78) ioctl$SNDCTL_SEQ_SYNC(r4, 0x5101) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) r7 = syz_init_net_socket$ax25(0x3, 0x3, 0xcd) write(r7, 0x0, 0x0) timer_settime(r6, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) syz_open_pts(0xffffffffffffffff, 0x800) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x28602, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x1}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x400240, 0x0) close(r9) 256.331796ms ago: executing program 2 (id=252): syz_emit_ethernet(0x32, &(0x7f0000000000)={@link_local, @empty, @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x5}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xf, 0x1c, 0x0, 0x0, 0x80, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0xe8, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x2, 0xe}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0xb8, 0x2, [@TCA_FLOW_PERTURB={0x8, 0xc, 0x7}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x1}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0x0, 0xf}}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_EMATCHES={0x8c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x14, 0x2, 0x0, 0x0, {{0x18, 0x9, 0x200}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}]}}, @TCF_EM_META={0x18, 0x3, 0x0, 0x0, {{0xc, 0x4, 0x8f50}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0xd, 0x2}, {0x40, 0x4}}}]}}]}, @TCA_EMATCH_TREE_LIST={0x3c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x20, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x94ed}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x75c4, 0xf4, 0x1}, {0x8, 0xd8}}}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT=0x8]}]}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6c3, 0x1, 0x5}, {0x0, 0x7, 0x0, 0x6, 0xd, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x7}, {0x0, 0x3, 0x2}}}]}]}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) creat(&(0x7f0000000100)='./bus\x00', 0x100) mount$tmpfs(0x0, &(0x7f00000008c0)='./bus\x00', &(0x7f0000000ec0), 0x2010008, &(0x7f00000001c0)=ANY=[@ANYBLOB="6d706f6c3d7072656665723d7374617469633a2c000b1ff0de26968d34412b82dc32a7be42f4924fc7101afb4d77464f8c57e9e75acc5e7af68ff09fcae4688d8a5a846930fc9d4c94d1e857414af7cbf5bbefef5cadba9da884a97d42454dbfd9b566d2053ef91abacef242aed7812c218eb16133787b57186f125dcfa9acae5353043a52b44c32e769c1e9a24b45d4e1516e8c8dc1270f26b0c4bd2f980b9f65273d44f154c34a1995736996e8e469a90b9d8348213f4ff8433171d5f6045ac742fdd8e544ef010361b0ff92484efd8bc1b0cccbc9ca2cf2c3"]) 62.512545ms ago: executing program 3 (id=253): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000010400200000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="09000000000000002c0012800e00010069703667726574617000000018000280140007000000000000000000000000000000000108000d0006000020"], 0x54}}, 0x0) 432.032µs ago: executing program 2 (id=254): r0 = gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f0000000040)='\x00', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x48) syz_init_net_socket$ax25(0x3, 0x2, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000080)='ns/ipc\x00') 0s ago: executing program 3 (id=255): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x20) getegid() mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', &(0x7f00000004c0), 0x208017, &(0x7f0000000140)={'trans=virtio,', {[{@version_u}, {@cache_mmap}, {@noextend}]}}) lstat(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000000)) kernel console output (not intermixed with test programs): [ 103.130224][ T41] audit: type=1400 audit(1769603115.512:58): avc: denied { noatsecure } for pid=5855 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 103.140712][ T41] audit: type=1400 audit(1769603115.522:59): avc: denied { write } for pid=5855 comm="sh" path="pipe:[7355]" dev="pipefs" ino=7355 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 103.150502][ T41] audit: type=1400 audit(1769603115.522:60): avc: denied { rlimitinh } for pid=5855 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 103.158955][ T41] audit: type=1400 audit(1769603115.522:61): avc: denied { siginh } for pid=5855 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:46449' (ED25519) to the list of known hosts. [ 107.122244][ T41] audit: type=1400 audit(1769603119.532:62): avc: denied { name_bind } for pid=5917 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 107.201145][ T41] audit: type=1400 audit(1769603119.612:63): avc: denied { execute } for pid=5918 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 107.211955][ T41] audit: type=1400 audit(1769603119.622:64): avc: denied { execute_no_trans } for pid=5918 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 112.147623][ T41] audit: type=1400 audit(1769603124.562:65): avc: denied { mounton } for pid=5918 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 112.172767][ T5918] cgroup: Unknown subsys name 'net' [ 112.176353][ T41] audit: type=1400 audit(1769603124.582:66): avc: denied { mount } for pid=5918 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 112.218722][ T41] audit: type=1400 audit(1769603124.632:67): avc: denied { unmount } for pid=5918 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 112.418875][ T5918] cgroup: Unknown subsys name 'cpuset' [ 112.456766][ T5918] cgroup: Unknown subsys name 'rlimit' [ 112.784794][ T41] audit: type=1400 audit(1769603125.192:68): avc: denied { setattr } for pid=5918 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 112.854016][ T41] audit: type=1400 audit(1769603125.202:69): avc: denied { create } for pid=5918 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 112.878876][ T41] audit: type=1400 audit(1769603125.202:70): avc: denied { write } for pid=5918 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 112.887662][ T41] audit: type=1400 audit(1769603125.202:71): avc: denied { read } for pid=5918 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 112.906668][ T41] audit: type=1400 audit(1769603125.212:72): avc: denied { mounton } for pid=5918 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 112.919488][ T5931] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 112.935322][ T41] audit: type=1400 audit(1769603125.222:73): avc: denied { mount } for pid=5918 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 112.945117][ T41] audit: type=1400 audit(1769603125.242:74): avc: denied { read } for pid=5644 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 114.871385][ T5918] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 117.665698][ T842] cfg80211: failed to load regulatory.db [ 126.187165][ T41] kauditd_printk_skb: 7 callbacks suppressed [ 126.187180][ T41] audit: type=1400 audit(1769603138.582:82): avc: denied { execmem } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 126.708136][ T41] audit: type=1400 audit(1769603139.112:83): avc: denied { create } for pid=5949 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 126.737443][ T41] audit: type=1400 audit(1769603139.112:84): avc: denied { read write } for pid=5949 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 126.768221][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 126.775132][ T5954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 126.778319][ T41] audit: type=1400 audit(1769603139.112:85): avc: denied { open } for pid=5949 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 126.788530][ T41] audit: type=1400 audit(1769603139.112:86): avc: denied { ioctl } for pid=5949 comm="syz-executor" path="socket:[5857]" dev="sockfs" ino=5857 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 126.788691][ T5957] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 126.812193][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 126.815902][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 126.824302][ T5960] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 126.827929][ T5960] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 126.832465][ T5960] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 126.837490][ T5957] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 126.843035][ T5962] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 126.849673][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 126.854963][ T5957] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 126.857119][ T5962] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 126.857573][ T5961] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 126.858744][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 126.859808][ T5961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 126.860077][ T5961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 126.927117][ T5962] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 126.932124][ T5291] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 126.935395][ T5291] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.936279][ T41] audit: type=1400 audit(1769603139.322:87): avc: denied { read } for pid=5951 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 126.968223][ T41] audit: type=1400 audit(1769603139.322:88): avc: denied { open } for pid=5951 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 127.023814][ T41] audit: type=1400 audit(1769603139.322:89): avc: denied { mounton } for pid=5951 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 127.561537][ T41] audit: type=1400 audit(1769603139.972:90): avc: denied { module_request } for pid=5958 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 127.685823][ T5958] chnl_net:caif_netlink_parms(): no params data found [ 127.809501][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 127.824208][ T5955] chnl_net:caif_netlink_parms(): no params data found [ 127.909784][ T5958] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.912171][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.933887][ T5958] bridge_slave_0: entered allmulticast mode [ 127.938365][ T5958] bridge_slave_0: entered promiscuous mode [ 127.983182][ T5958] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.986760][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.990238][ T5958] bridge_slave_1: entered allmulticast mode [ 128.002385][ T5958] bridge_slave_1: entered promiscuous mode [ 128.150948][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 128.209645][ T5958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.234957][ T5958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.330712][ T5955] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.340502][ T5955] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.343745][ T5955] bridge_slave_0: entered allmulticast mode [ 128.349310][ T5955] bridge_slave_0: entered promiscuous mode [ 128.401862][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.405214][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.430214][ T5949] bridge_slave_0: entered allmulticast mode [ 128.447459][ T5949] bridge_slave_0: entered promiscuous mode [ 128.523547][ T5955] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.526303][ T5955] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.529164][ T5955] bridge_slave_1: entered allmulticast mode [ 128.533819][ T5955] bridge_slave_1: entered promiscuous mode [ 128.552376][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.555731][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.558893][ T5949] bridge_slave_1: entered allmulticast mode [ 128.562676][ T5949] bridge_slave_1: entered promiscuous mode [ 128.608502][ T5958] team0: Port device team_slave_0 added [ 128.613062][ T5958] team0: Port device team_slave_1 added [ 128.671568][ T5955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.765973][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.774560][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.837384][ T5955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.931113][ T5949] team0: Port device team_slave_0 added [ 128.940263][ T5952] Bluetooth: hci1: command tx timeout [ 128.961605][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.974700][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.978699][ T5951] bridge_slave_0: entered allmulticast mode [ 128.982910][ T5951] bridge_slave_0: entered promiscuous mode [ 129.002694][ T5958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.005419][ T5958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.008582][ T5962] Bluetooth: hci2: command tx timeout [ 129.031003][ T5952] Bluetooth: hci3: command tx timeout [ 129.033386][ T5958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.035619][ T5958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.035635][ T5958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.035656][ T5958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.037443][ T5949] team0: Port device team_slave_1 added [ 129.037657][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.037746][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.037840][ T5951] bridge_slave_1: entered allmulticast mode [ 129.038993][ T5951] bridge_slave_1: entered promiscuous mode [ 129.041653][ T5955] team0: Port device team_slave_0 added [ 129.093860][ T5952] Bluetooth: hci0: command tx timeout [ 129.136522][ T5955] team0: Port device team_slave_1 added [ 129.222764][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.239365][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.246075][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.272854][ T5955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.291451][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.294439][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.306810][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.320516][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.332629][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.359014][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.379515][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.403607][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.406762][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.416825][ T5955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.474239][ T5958] hsr_slave_0: entered promiscuous mode [ 129.479406][ T5958] hsr_slave_1: entered promiscuous mode [ 129.608425][ T5951] team0: Port device team_slave_0 added [ 129.632052][ T5949] hsr_slave_0: entered promiscuous mode [ 129.635751][ T5949] hsr_slave_1: entered promiscuous mode [ 129.672424][ T5949] debugfs: 'hsr0' already exists in 'hsr' [ 129.675110][ T5949] Cannot create hsr debugfs directory [ 129.689210][ T5951] team0: Port device team_slave_1 added [ 129.697009][ T5955] hsr_slave_0: entered promiscuous mode [ 129.699860][ T5955] hsr_slave_1: entered promiscuous mode [ 129.705046][ T5955] debugfs: 'hsr0' already exists in 'hsr' [ 129.707546][ T5955] Cannot create hsr debugfs directory [ 129.906536][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.909715][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.946297][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.955426][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.960212][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 129.976108][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.159047][ T5951] hsr_slave_0: entered promiscuous mode [ 130.164983][ T5951] hsr_slave_1: entered promiscuous mode [ 130.171361][ T5951] debugfs: 'hsr0' already exists in 'hsr' [ 130.198701][ T5951] Cannot create hsr debugfs directory [ 130.586198][ T5955] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 130.644550][ T5955] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 130.651155][ T5955] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 130.679749][ T5955] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 130.827266][ T5949] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 130.842618][ T5949] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 130.865979][ T5949] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 130.921482][ T5949] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 131.014590][ T5962] Bluetooth: hci1: command tx timeout [ 131.042505][ T5958] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 131.088267][ T5962] Bluetooth: hci3: command tx timeout [ 131.098714][ T5958] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 131.117563][ T5958] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 131.143727][ T5958] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 131.173400][ T5962] Bluetooth: hci2: command tx timeout [ 131.173422][ T5952] Bluetooth: hci0: command tx timeout [ 131.190517][ T5955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.257634][ T5955] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.308660][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.312050][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.344945][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.348119][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.461824][ T5951] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 131.515335][ T5951] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 131.559689][ T5955] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 131.586244][ T5955] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 131.642262][ T5951] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 131.721798][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.727475][ T5951] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 131.778541][ T41] audit: type=1400 audit(1769603144.192:91): avc: denied { sys_module } for pid=5955 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 131.894328][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.949331][ T1199] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.966152][ T1199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.989834][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.009582][ T1199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.039461][ T5958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.057619][ T5949] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 132.088887][ T5949] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 132.278262][ T5955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.310294][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.341765][ T5958] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.366444][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.381820][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.395404][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.429048][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.433954][ T1199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.450033][ T1199] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.466009][ T1199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.498855][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.502699][ T1199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.582485][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.653699][ T5951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 132.667172][ T5955] veth0_vlan: entered promiscuous mode [ 132.681900][ T5958] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 132.691258][ T5958] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 132.745627][ T5955] veth1_vlan: entered promiscuous mode [ 132.886877][ T5955] veth0_macvtap: entered promiscuous mode [ 132.914942][ T5955] veth1_macvtap: entered promiscuous mode [ 132.955172][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 132.987611][ T5949] veth0_vlan: entered promiscuous mode [ 133.019173][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.045684][ T5949] veth1_vlan: entered promiscuous mode [ 133.117269][ T5952] Bluetooth: hci1: command tx timeout [ 133.177151][ T5952] Bluetooth: hci3: command tx timeout [ 133.258674][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.261579][ T5952] Bluetooth: hci0: command tx timeout [ 133.261649][ T5962] Bluetooth: hci2: command tx timeout [ 133.268299][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.317923][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.333363][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.377479][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.389577][ T5949] veth0_macvtap: entered promiscuous mode [ 133.420758][ T5949] veth1_macvtap: entered promiscuous mode [ 133.486146][ T5958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.498788][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.501920][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.503149][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.574847][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.586095][ T5951] veth0_vlan: entered promiscuous mode [ 133.611044][ T1146] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.616373][ T1146] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.669841][ T1146] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.674213][ T1146] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.701529][ T5951] veth1_vlan: entered promiscuous mode [ 133.814598][ T1174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.818738][ T1174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.942873][ T5958] veth0_vlan: entered promiscuous mode [ 133.948190][ T41] audit: type=1400 audit(1769603146.332:92): avc: denied { mount } for pid=5955 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 133.999680][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.003560][ T41] audit: type=1400 audit(1769603146.332:93): avc: denied { mounton } for pid=5955 comm="syz-executor" path="/syzkaller.rvsjTu/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 134.014246][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.025166][ T41] audit: type=1400 audit(1769603146.352:94): avc: denied { mount } for pid=5955 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 134.035777][ T5958] veth1_vlan: entered promiscuous mode [ 134.100149][ T41] audit: type=1400 audit(1769603146.352:95): avc: denied { mounton } for pid=5955 comm="syz-executor" path="/syzkaller.rvsjTu/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 134.104758][ T5951] veth0_macvtap: entered promiscuous mode [ 134.136402][ T41] audit: type=1400 audit(1769603146.352:96): avc: denied { mounton } for pid=5955 comm="syz-executor" path="/syzkaller.rvsjTu/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7782 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 134.144763][ T5951] veth1_macvtap: entered promiscuous mode [ 134.171210][ T41] audit: type=1400 audit(1769603146.382:97): avc: denied { unmount } for pid=5955 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 134.179793][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.209501][ T41] audit: type=1400 audit(1769603146.422:98): avc: denied { mounton } for pid=5955 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 134.209542][ T41] audit: type=1400 audit(1769603146.422:99): avc: denied { mount } for pid=5955 comm="syz-executor" name="/" dev="gadgetfs" ino=7789 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 134.209575][ T41] audit: type=1400 audit(1769603146.422:100): avc: denied { mount } for pid=5955 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 134.278778][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.347990][ T5958] veth0_macvtap: entered promiscuous mode [ 134.361924][ T5955] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 134.491640][ T5958] veth1_macvtap: entered promiscuous mode [ 134.528146][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.610904][ T5958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.666448][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.668380][ T6040] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3'. [ 134.703816][ T6038] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 134.715010][ T5958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.738307][ T1146] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.748962][ T1146] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.765667][ T1146] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.785986][ T1146] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.844998][ T1146] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.858181][ T1146] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.977846][ T1146] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.985487][ T1146] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.986825][ T6044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5'. [ 135.023910][ T6044] block nbd0: Unsupported socket: should be TCP or UNIX. [ 135.193831][ T5952] Bluetooth: hci1: command tx timeout [ 135.244507][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.248756][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.252960][ T5952] Bluetooth: hci3: command tx timeout [ 135.349304][ T5952] Bluetooth: hci0: command tx timeout [ 135.353200][ T20] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.355422][ T5952] Bluetooth: hci2: command tx timeout [ 135.387862][ T20] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.450308][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.508348][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.514895][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.528242][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.944198][ T6059] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.097627][ T6070] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.10'. [ 136.230812][ T6078] ipt_REJECT: ECHOREPLY no longer supported. [ 136.415373][ T6086] Zero length message leads to an empty skb [ 136.620789][ T6098] netlink: 32 bytes leftover after parsing attributes in process `syz.0.18'. [ 136.669477][ T842] IPVS: starting estimator thread 0... [ 136.784513][ T41] kauditd_printk_skb: 49 callbacks suppressed [ 136.784531][ T41] audit: type=1400 audit(1769603149.192:150): avc: denied { getopt } for pid=6103 comm="syz.3.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 136.788252][ T6102] netlink: 'syz.1.19': attribute type 8 has an invalid length. [ 136.793799][ T6100] IPVS: using max 26 ests per chain, 62400 per kthread [ 136.842167][ T41] audit: type=1400 audit(1769603149.252:151): avc: denied { read write } for pid=6103 comm="syz.3.20" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 136.861342][ T6104] ADFS-fs (nbd3): error: unable to read block 3, try 0 [ 136.862790][ T41] audit: type=1400 audit(1769603149.272:152): avc: denied { open } for pid=6103 comm="syz.3.20" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 136.881487][ T41] audit: type=1400 audit(1769603149.272:153): avc: denied { mounton } for pid=6103 comm="syz.3.20" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 136.881559][ T6102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19'. [ 136.978496][ T6107] xt_l2tp: missing protocol rule (udp|l2tpip) [ 136.982537][ T6102] bond0: entered promiscuous mode [ 137.004908][ T41] audit: type=1400 audit(1769603149.302:154): avc: denied { map } for pid=6105 comm="syz.0.21" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 137.004952][ T41] audit: type=1400 audit(1769603149.302:155): avc: denied { ioctl } for pid=6105 comm="syz.0.21" path="/dev/nullb0" dev="devtmpfs" ino=707 ioctlcmd=0x7b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 137.004992][ T41] audit: type=1400 audit(1769603149.392:156): avc: denied { setopt } for pid=6105 comm="syz.0.21" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 137.044548][ T6102] bond_slave_0: entered promiscuous mode [ 137.046982][ T6102] bond_slave_1: entered promiscuous mode [ 137.051796][ T6102] gretap0: entered promiscuous mode [ 137.055219][ T6102] veth0: entered promiscuous mode [ 137.058682][ T6102] hsr1: entered promiscuous mode [ 137.082333][ T41] audit: type=1400 audit(1769603149.442:157): avc: denied { unmount } for pid=5951 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 137.207518][ T41] audit: type=1400 audit(1769603149.612:158): avc: denied { read write } for pid=6113 comm="syz.3.22" name="ubi_ctrl" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 137.289425][ T41] audit: type=1400 audit(1769603149.612:159): avc: denied { open } for pid=6113 comm="syz.3.22" path="/dev/ubi_ctrl" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 137.496784][ T6117] o2cb: This node has not been configured. [ 137.533516][ T6117] o2cb: Cluster check failed. Fix errors before retrying. [ 137.554380][ T6117] (syz.2.26,6117,1):user_dlm_register:674 ERROR: status = -22 [ 137.558225][ T6117] (syz.2.26,6117,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 137.721644][ T6129] Bluetooth: MGMT ver 1.23 [ 137.909426][ T6135] netlink: 36 bytes leftover after parsing attributes in process `syz.2.31'. [ 137.914249][ T6135] tc_dump_action: action bad kind [ 137.917856][ T6135] ======================================================= [ 137.917856][ T6135] WARNING: The mand mount option has been deprecated and [ 137.917856][ T6135] and is ignored by this kernel. Remove the mand [ 137.917856][ T6135] option from the mount to silence this warning. [ 137.917856][ T6135] ======================================================= [ 137.993088][ T6135] vfat: Unknown parameter 'discardm' [ 138.054983][ T6140] netlink: 64 bytes leftover after parsing attributes in process `syz.3.33'. [ 138.706839][ T6159] netlink: zone id is out of range [ 138.732740][ T6159] netlink: zone id is out of range [ 138.735087][ T6159] netlink: zone id is out of range [ 138.737000][ T6159] netlink: zone id is out of range [ 138.739042][ T6159] netlink: zone id is out of range [ 138.751687][ T6159] netlink: zone id is out of range [ 138.754353][ T6159] netlink: zone id is out of range [ 138.757056][ T6159] netlink: zone id is out of range [ 138.759508][ T6159] netlink: zone id is out of range [ 138.762192][ T6159] netlink: zone id is out of range [ 139.483095][ T6192] capability: warning: `syz.2.41' uses 32-bit capabilities (legacy support in use) [ 139.507274][ T6192] process 'syz.2.41' launched './file0' with NULL argv: empty string added [ 139.735762][ T6196] netlink: 64 bytes leftover after parsing attributes in process `syz.3.42'. [ 139.804252][ T5962] Bluetooth: hci0: command 0x1407 tx timeout [ 139.808539][ T5952] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 140.202389][ T6223] netlink: 48 bytes leftover after parsing attributes in process `syz.2.49'. [ 140.288069][ T6213] netlink: 7 bytes leftover after parsing attributes in process `syz.1.48'. [ 140.291586][ T6222] binder: 6221:6222 ioctl 4020ae76 200000000180 returned -22 [ 140.333670][ T6213] netlink: 7 bytes leftover after parsing attributes in process `syz.1.48'. [ 140.388003][ T6227] xt_cgroup: xt_cgroup: no path or classid specified [ 140.495586][ T30] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 140.634136][ T6231] binder: 6224:6231 ioctl c0306201 200000000540 returned -22 [ 140.683826][ T30] usb 7-1: Using ep0 maxpacket: 8 [ 140.693012][ T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 140.712267][ T30] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 140.724577][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.735810][ T30] usb 7-1: config 0 descriptor?? [ 140.961404][ T30] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 141.157057][ T6220] program syz.2.49 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.227635][ T6227] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 141.230492][ T6227] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 141.401352][ T6227] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 141.410138][ T6227] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 141.485608][ T6227] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 141.487932][ T6227] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 141.571150][ T30] usb 7-1: USB disconnect, device number 2 [ 141.825357][ T6227] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 141.827636][ T6227] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 141.942787][ T41] kauditd_printk_skb: 62 callbacks suppressed [ 141.942806][ T41] audit: type=1400 audit(1769603154.352:222): avc: denied { setattr } for pid=6282 comm="syz.1.63" name="/" dev="configfs" ino=1077 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 142.090916][ T6289] warning: `syz.3.64' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 142.102453][ T6289] capability: warning: `syz.3.64' uses deprecated v2 capabilities in a way that may be insecure [ 142.464517][ T41] audit: type=1400 audit(1769603154.842:223): avc: denied { map } for pid=6293 comm="syz.3.66" path="/dev/iommu" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 142.593389][ T41] audit: type=1400 audit(1769603154.932:224): avc: denied { read append } for pid=6298 comm="syz.2.67" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 142.626866][ T41] audit: type=1400 audit(1769603154.932:225): avc: denied { ioctl open } for pid=6298 comm="syz.2.67" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 142.658658][ T6299] XFS (nullb0): Invalid superblock magic number [ 142.677346][ T41] audit: type=1400 audit(1769603154.932:226): avc: denied { search } for pid=6294 comm="rm" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.698958][ T41] audit: type=1400 audit(1769603154.932:227): avc: denied { search } for pid=6294 comm="rm" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.720851][ T41] audit: type=1400 audit(1769603154.932:228): avc: denied { search } for pid=6294 comm="rm" name="hook-state" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.790073][ T41] audit: type=1400 audit(1769603155.202:229): avc: denied { ioctl } for pid=6309 comm="syz.3.68" path="socket:[10896]" dev="sockfs" ino=10896 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 142.887822][ T41] audit: type=1400 audit(1769603155.202:230): avc: denied { write } for pid=6309 comm="syz.3.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 142.922379][ T41] audit: type=1400 audit(1769603155.202:231): avc: denied { connect } for pid=6309 comm="syz.3.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 143.144312][ T6325] netlink: 64 bytes leftover after parsing attributes in process `syz.1.72'. [ 143.460220][ T6329] syzkaller1: entered promiscuous mode [ 143.462612][ T6329] syzkaller1: entered allmulticast mode [ 143.920280][ T6347] netlink: 'syz.1.78': attribute type 1 has an invalid length. [ 143.945004][ T6347] netlink: 'syz.1.78': attribute type 4 has an invalid length. [ 143.948253][ T6347] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.78'. [ 143.966737][ T6347] netlink: 'syz.1.78': attribute type 1 has an invalid length. [ 143.995446][ T6347] netlink: 'syz.1.78': attribute type 4 has an invalid length. [ 143.999476][ T6347] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.78'. [ 144.646610][ T6400] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR [ 144.880221][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.93'. [ 144.953386][ T35] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 145.123328][ T35] usb 7-1: Using ep0 maxpacket: 8 [ 145.143375][ T35] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 145.147640][ T35] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 145.151350][ T35] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 145.173395][ T35] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 145.208571][ T35] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.226423][ T35] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 145.247314][ T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.336162][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.1.97'. [ 145.527551][ T6437] netlink: 12 bytes leftover after parsing attributes in process `syz.3.100'. [ 145.611155][ T6001] usb 7-1: USB disconnect, device number 3 [ 145.905534][ T6444] bridge: RTM_NEWNEIGH with invalid ether address [ 145.914349][ T6444] bridge: RTM_NEWNEIGH with invalid ether address [ 145.940301][ T6444] bridge: RTM_NEWNEIGH with invalid ether address [ 145.964128][ T6450] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.103'. [ 145.974036][ T6446] bridge: RTM_NEWNEIGH with invalid ether address [ 146.099403][ T6457] netlink: 48 bytes leftover after parsing attributes in process `syz.0.104'. [ 146.240227][ T6464] input: syz1 as /devices/virtual/input/input5 [ 146.414826][ T6001] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 146.589244][ T6001] usb 5-1: Using ep0 maxpacket: 8 [ 146.594529][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 146.620243][ T6001] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 146.632241][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.659322][ T6001] usb 5-1: config 0 descriptor?? [ 146.886361][ T6001] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 147.021000][ T41] kauditd_printk_skb: 37 callbacks suppressed [ 147.021015][ T41] audit: type=1400 audit(1769603159.442:269): avc: denied { watch watch_reads } for pid=6478 comm="syz.2.113" path="/30" dev="tmpfs" ino=170 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 147.058857][ T6479] netlink: 32 bytes leftover after parsing attributes in process `syz.2.113'. [ 147.083973][ T6452] program syz.0.104 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 147.207467][ T41] audit: type=1400 audit(1769603159.612:270): avc: denied { mount } for pid=6483 comm="syz.2.114" name="/" dev="ramfs" ino=11519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 147.324307][ T41] audit: type=1400 audit(1769603159.732:271): avc: denied { bind } for pid=6487 comm="syz.1.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 147.441239][ T6496] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 147.551070][ T35] usb 5-1: USB disconnect, device number 2 [ 147.616647][ T41] audit: type=1400 audit(1769603160.012:272): avc: denied { write } for pid=6498 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 147.715451][ T6507] 8021q: adding VLAN 0 to HW filter on device bond1 [ 147.730595][ T6507] bond0: (slave bond1): Enslaving as an active interface with an up link [ 147.767929][ T41] audit: type=1400 audit(1769603160.172:273): avc: denied { read } for pid=6513 comm="syz.1.122" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 147.787327][ T41] audit: type=1400 audit(1769603160.172:274): avc: denied { open } for pid=6513 comm="syz.1.122" path="/dev/dri/card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 147.810384][ T6515] loop2: detected capacity change from 0 to 7 [ 147.821071][ T41] audit: type=1400 audit(1769603160.222:275): avc: denied { ioctl } for pid=6513 comm="syz.1.122" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 147.927372][ T6515] Dev loop2: unable to read RDB block 7 [ 147.935114][ T6515] loop2: AHDI p1 p2 [ 147.949118][ T6515] loop2: partition table partially beyond EOD, truncated [ 147.977904][ T6515] loop2: p1 start 1700753509 is beyond EOD, truncated [ 148.300409][ T41] audit: type=1400 audit(1769603160.712:276): avc: denied { bind } for pid=6533 comm="syz.0.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 148.374676][ T41] audit: type=1400 audit(1769603160.712:277): avc: denied { name_bind } for pid=6533 comm="syz.0.127" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 148.384428][ T41] audit: type=1400 audit(1769603160.712:278): avc: denied { node_bind } for pid=6533 comm="syz.0.127" saddr=fe80::aa src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 148.471789][ T6548] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 148.503407][ T6542] netlink: 'syz.1.129': attribute type 1 has an invalid length. [ 148.519634][ T6543] netlink: 'syz.1.129': attribute type 1 has an invalid length. [ 148.666236][ T6543] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 148.674440][ T6542] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 148.686721][ T6554] fuse: Unknown parameter 'zN90x0000000000000006' [ 148.936448][ T6568] trusted_key: syz.1.135 sent an empty control message without MSG_MORE. [ 148.966059][ T6565] netlink: 48 bytes leftover after parsing attributes in process `syz.0.133'. [ 149.248001][ T25] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 149.448028][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 149.455850][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 149.464456][ T25] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 149.468885][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.512148][ T25] usb 5-1: config 0 descriptor?? [ 149.676099][ T6584] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 149.752526][ T25] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 149.949996][ T6565] program syz.0.133 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.173799][ T6591] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 150.176733][ T6591] overlayfs: failed to set xattr on upper [ 150.178875][ T6591] overlayfs: ...falling back to redirect_dir=nofollow. [ 150.212285][ T6591] overlayfs: ...falling back to metacopy=off. [ 150.228916][ T6591] overlayfs: ...falling back to index=off. [ 150.253739][ T6591] overlayfs: ...falling back to uuid=null. [ 150.533634][ T842] usb 5-1: USB disconnect, device number 3 [ 150.757342][ T6601] Bluetooth: MGMT ver 1.23 [ 151.227317][ T6617] netlink: 56 bytes leftover after parsing attributes in process `syz.0.148'. [ 151.261197][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.148'. [ 151.928871][ T6630] netlink: 64 bytes leftover after parsing attributes in process `syz.0.152'. [ 152.232942][ T41] kauditd_printk_skb: 11 callbacks suppressed [ 152.232959][ T41] audit: type=1400 audit(1769603164.642:290): avc: denied { read write } for pid=6628 comm="syz.3.153" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 152.273363][ T41] audit: type=1400 audit(1769603164.672:291): avc: denied { open } for pid=6628 comm="syz.3.153" path="/43/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 152.612392][ T41] audit: type=1400 audit(1769603165.022:292): avc: denied { create } for pid=6637 comm="syz.0.155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 152.662228][ T41] audit: type=1400 audit(1769603165.022:293): avc: denied { bind } for pid=6637 comm="syz.0.155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 152.727793][ T41] audit: type=1400 audit(1769603165.132:294): avc: denied { map } for pid=6641 comm="syz.0.158" path="/dev/video4" dev="devtmpfs" ino=961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 152.825268][ T41] audit: type=1400 audit(1769603165.242:295): avc: denied { remount } for pid=6641 comm="syz.0.158" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 152.834211][ T41] audit: type=1400 audit(1769603165.242:296): avc: denied { mount } for pid=6641 comm="syz.0.158" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 152.867740][ T6649] ufs: You didn't specify the type of your ufs filesystem [ 152.867740][ T6649] [ 152.867740][ T6649] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 152.867740][ T6649] [ 152.867740][ T6649] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 152.867816][ T6649] ufs: failed to set blocksize [ 152.878921][ T41] audit: type=1400 audit(1769603165.292:297): avc: denied { create } for pid=6648 comm="syz.1.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 152.879486][ T41] audit: type=1400 audit(1769603165.292:298): avc: denied { bind } for pid=6648 comm="syz.1.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 152.889253][ T6657] netlink: 48 bytes leftover after parsing attributes in process `syz.3.156'. [ 152.935990][ T41] audit: type=1400 audit(1769603165.352:299): avc: denied { wake_alarm } for pid=6648 comm="syz.1.159" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 153.105342][ T6661] netlink: 'syz.1.161': attribute type 11 has an invalid length. [ 153.263389][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 153.453340][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 153.456672][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 153.461013][ T10] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 153.466078][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.492289][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 153.495369][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 153.504310][ T10] usb 8-1: config 0 descriptor?? [ 153.772993][ T10] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 153.980755][ T6651] program syz.3.156 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.143107][ T6686] netlink: 'syz.2.166': attribute type 15 has an invalid length. [ 154.357826][ T25] usb 8-1: USB disconnect, device number 2 [ 154.637710][ T6706] netlink: 'syz.1.172': attribute type 1 has an invalid length. [ 154.641417][ T6705] syz.2.170 uses obsolete (PF_INET,SOCK_PACKET) [ 154.658490][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.172'. [ 155.313399][ T6008] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 155.524055][ T6008] usb 8-1: device descriptor read/64, error -71 [ 155.702000][ T25] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 155.778212][ T6008] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 155.843450][ T25] usb 6-1: Using ep0 maxpacket: 16 [ 155.848156][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.852258][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.864375][ T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 155.869337][ T25] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 155.895897][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.901423][ T25] usb 6-1: config 0 descriptor?? [ 155.944837][ T6008] usb 8-1: device descriptor read/64, error -71 [ 156.045662][ T6752] netlink: 48 bytes leftover after parsing attributes in process `syz.0.186'. [ 156.064611][ T6008] usb usb8-port1: attempt power cycle [ 156.308115][ T6045] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 156.423667][ T6008] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 156.474570][ T6008] usb 8-1: device descriptor read/8, error -71 [ 156.499164][ T6045] usb 5-1: Using ep0 maxpacket: 8 [ 156.520753][ T6045] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 156.536232][ T6045] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 156.539803][ T6045] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.554157][ T6732] netlink: 4 bytes leftover after parsing attributes in process `syz.1.181'. [ 156.592400][ T6045] usb 5-1: config 0 descriptor?? [ 156.635251][ T6732] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 156.731630][ T6008] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 156.733764][ T6759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.181'. [ 156.784202][ T6008] usb 8-1: device descriptor read/8, error -71 [ 156.867063][ T6759] bridge_slave_1: left allmulticast mode [ 156.869403][ T6759] bridge_slave_1: left promiscuous mode [ 156.869688][ T6045] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 156.875343][ T6759] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.894407][ T6008] usb usb8-port1: unable to enumerate USB device [ 156.901808][ T6763] tmpfs: Bad value for 'mpol' [ 156.937443][ T6759] bridge_slave_0: left allmulticast mode [ 156.948903][ T6759] bridge_slave_0: left promiscuous mode [ 156.951648][ T6759] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.021852][ T6751] program syz.0.186 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.385649][ T5620] usb 5-1: USB disconnect, device number 4 [ 157.560117][ T6772] netlink: 4 bytes leftover after parsing attributes in process `syz.2.193'. [ 157.563569][ T41] kauditd_printk_skb: 30 callbacks suppressed [ 157.563586][ T41] audit: type=1400 audit(1769603169.972:330): avc: denied { allowed } for pid=6771 comm="syz.2.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 157.584240][ T6772] netlink: 12 bytes leftover after parsing attributes in process `syz.2.193'. [ 157.793562][ T41] audit: type=1804 audit(1769603170.202:331): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.194" name="/newroot/53/file0" dev="tmpfs" ino=297 res=1 errno=0 [ 157.793702][ T6780] ref_ctr increment failed for inode: 0x129 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88802c029880 [ 157.974718][ T6776] uprobe: syz.2.194:6776 failed to unregister, leaking uprobe [ 158.299964][ T41] audit: type=1400 audit(1769603170.702:332): avc: denied { write } for pid=6786 comm="syz.3.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 158.306573][ T6789] netlink: 'syz.2.197': attribute type 10 has an invalid length. [ 158.309921][ T6789] netlink: 228 bytes leftover after parsing attributes in process `syz.2.197'. [ 158.314286][ T6791] sp0: Synchronizing with TNC [ 158.391386][ T41] audit: type=1400 audit(1769603170.802:333): avc: denied { write } for pid=6790 comm="syz.0.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 158.466194][ T6791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.198'. [ 158.585244][ T25] usbhid 6-1:0.0: can't add hid device: -71 [ 158.593433][ T25] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 158.644616][ T25] usb 6-1: USB disconnect, device number 2 [ 158.834330][ T6803] netlink: 64 bytes leftover after parsing attributes in process `syz.0.202'. [ 158.913810][ T6808] netlink: 12 bytes leftover after parsing attributes in process `syz.2.204'. [ 159.217061][ T6800] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 159.221225][ T6800] overlayfs: overlapping lowerdir path [ 159.233540][ T6821] Illegal XDP return value 8 on prog (id 19) dev syz_tun, expect packet loss! [ 159.254153][ T41] audit: type=1400 audit(1769603171.642:334): avc: denied { ioctl } for pid=6816 comm="syz.0.206" path="socket:[12866]" dev="sockfs" ino=12866 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 159.308886][ T41] audit: type=1400 audit(1769603171.712:335): avc: denied { append } for pid=6798 comm="syz.3.201" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 159.448199][ T6008] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 159.631910][ T6008] usb 6-1: Using ep0 maxpacket: 8 [ 159.667094][ T41] audit: type=1400 audit(1769603172.072:336): avc: denied { append } for pid=6829 comm="syz.3.209" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 159.667133][ T6008] usb 6-1: config 0 has no interfaces? [ 159.687337][ T6008] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 159.693867][ T6008] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.746949][ T6008] usb 6-1: config 0 descriptor?? [ 159.992671][ T6008] usb 6-1: USB disconnect, device number 3 [ 160.082818][ T41] audit: type=1400 audit(1769603172.492:337): avc: denied { read write } for pid=6846 comm="syz.3.213" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 160.126333][ T41] audit: type=1400 audit(1769603172.522:338): avc: denied { open } for pid=6846 comm="syz.3.213" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 160.308224][ T41] audit: type=1326 audit(1769603172.722:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6853 comm="syz.2.216" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f051919aeb9 code=0x0 [ 161.682811][ T6888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.226'. [ 161.723921][ T5962] Bluetooth: hci4: command 0x1003 tx timeout [ 161.724656][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 161.934419][ T6898] overlay: Unknown parameter 'subj_role' [ 162.310353][ T6910] netlink: 28 bytes leftover after parsing attributes in process `syz.0.232'. [ 162.607880][ T6045] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 162.629948][ T6914] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 162.666009][ T6914] overlayfs: missing 'lowerdir' [ 162.802591][ T6920] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6920 comm=syz.2.236 [ 162.803440][ T6045] usb 5-1: Using ep0 maxpacket: 8 [ 162.811651][ T6920] netlink: 'syz.2.236': attribute type 1 has an invalid length. [ 162.824979][ T6045] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 162.829857][ T6045] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 162.833205][ T6045] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.845396][ T6920] PKCS7: Unknown OID: [4] 5.25.43183(bad) [ 162.873421][ T6920] PKCS7: Only support pkcs7_signedData type [ 162.881871][ T6045] usb 5-1: config 0 descriptor?? [ 162.918088][ T6923] program syz.1.237 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 162.942591][ T41] kauditd_printk_skb: 11 callbacks suppressed [ 162.942713][ T41] audit: type=1400 audit(1769603175.312:351): avc: denied { write } for pid=6922 comm="syz.1.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 163.216824][ T6045] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 163.271245][ T6937] loop4: detected capacity change from 0 to 7 [ 163.275479][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.278897][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.297301][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.307768][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.311754][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.383465][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.387008][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.390288][ T6937] ldm_validate_partition_table(): Disk read failed. [ 163.392965][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.399712][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.420005][ T6937] Buffer I/O error on dev loop4, logical block 0, async page read [ 163.423479][ T6937] Dev loop4: unable to read RDB block 0 [ 163.425729][ T6937] loop4: unable to read partition table [ 163.428515][ T6937] loop4: partition table beyond EOD, truncated [ 163.433913][ T6937] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 163.441126][ T6909] program syz.0.232 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 163.726121][ T6956] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 163.776095][ T56] usb 5-1: USB disconnect, device number 5 [ 163.842486][ T6958] tmpfs: Bad value for 'mpol' [ 163.923064][ T41] audit: type=1400 audit(1769603176.332:352): avc: denied { write } for pid=6959 comm="syz.1.251" path="socket:[15417]" dev="sockfs" ino=15417 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 164.006123][ T6965] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 164.053832][ T41] audit: type=1326 audit(1769603176.472:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6966 comm="syz.2.254" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f051919aeb9 code=0x0 [ 164.054293][ C3] ================================================================== [ 164.083072][ C3] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60 [ 164.089368][ C3] Read of size 1 at addr ffff888033e5b818 by task swapper/3/0 [ 164.092200][ C3] [ 164.093105][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted syzkaller #0 PREEMPT(full) [ 164.093124][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.093133][ C3] Call Trace: [ 164.093140][ C3] [ 164.093146][ C3] dump_stack_lvl+0x100/0x190 [ 164.093169][ C3] print_report+0x156/0x4c9 [ 164.093187][ C3] ? __virt_addr_valid+0x81/0x620 [ 164.093201][ C3] ? __phys_addr+0xe8/0x180 [ 164.093337][ C3] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 164.093357][ C3] kasan_report+0xdf/0x1a0 [ 164.093459][ C3] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 164.093483][ C3] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 164.093506][ C3] __kasan_check_byte+0x36/0x50 [ 164.093524][ C3] lock_acquire+0xf5/0x330 [ 164.093542][ C3] _raw_spin_lock_irqsave+0x3a/0x60 [ 164.093565][ C3] ? p9_req_put+0xaf/0x250 [ 164.093582][ C3] p9_req_put+0xaf/0x250 [ 164.093599][ C3] req_done+0x1dc/0x2e0 [ 164.093614][ C3] ? __pfx_req_done+0x10/0x10 [ 164.093626][ C3] ? __lock_acquire+0x4a5/0x2630 [ 164.093639][ C3] ? sched_ttwu_pending+0x388/0x660 [ 164.093654][ C3] ? __pfx_req_done+0x10/0x10 [ 164.093667][ C3] vring_interrupt+0x33b/0x430 [ 164.093697][ C3] ? __pfx_vring_interrupt+0x10/0x10 [ 164.093711][ C3] __handle_irq_event_percpu+0x232/0x800 [ 164.093735][ C3] handle_irq_event+0xab/0x1e0 [ 164.093756][ C3] handle_edge_irq+0x375/0x970 [ 164.093779][ C3] __common_interrupt+0xd8/0x2f0 [ 164.093885][ C3] common_interrupt+0xb9/0xe0 [ 164.093909][ C3] [ 164.093914][ C3] [ 164.093920][ C3] asm_common_interrupt+0x26/0x40 [ 164.093938][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 164.093961][ C3] Code: 66 78 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 bc 14 00 fb f4 fc 31 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 164.093976][ C3] RSP: 0018:ffffc900001a7df0 EFLAGS: 00000202 [ 164.093990][ C3] RAX: 00000000000554df RBX: ffff88801e2ca4c0 RCX: ffffffff8b76c4b5 [ 164.094001][ C3] RDX: 0000000000000000 RSI: ffffffff8dc454ef RDI: ffffffff8bfa35a0 [ 164.094011][ C3] RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed100d4e673d [ 164.094021][ C3] R10: ffff88806a7339eb R11: 0000000000000000 R12: ffffed1003c59498 [ 164.094031][ C3] R13: 0000000000000003 R14: ffffffff90b74bd0 R15: 0000000000000000 [ 164.094044][ C3] ? ct_kernel_exit+0x125/0x180 [ 164.094063][ C3] default_idle+0x9/0x10 [ 164.094082][ C3] default_idle_call+0x6c/0xb0 [ 164.094099][ C3] do_idle+0x35b/0x4b0 [ 164.094120][ C3] ? __pfx_do_idle+0x10/0x10 [ 164.094138][ C3] ? rcu_is_watching+0x12/0xc0 [ 164.094156][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 164.094171][ C3] ? lockdep_hardirqs_on+0x78/0x100 [ 164.094189][ C3] cpu_startup_entry+0x4f/0x60 [ 164.094211][ C3] start_secondary+0x21d/0x2d0 [ 164.094230][ C3] ? __pfx_start_secondary+0x10/0x10 [ 164.094249][ C3] common_startup_64+0x13e/0x148 [ 164.094276][ C3] [ 164.094282][ C3] [ 164.453619][ C3] Allocated by task 6969: [ 164.455816][ C3] kasan_save_stack+0x30/0x50 [ 164.458301][ C3] kasan_save_track+0x14/0x30 [ 164.474133][ C3] __kasan_kmalloc+0xaa/0xb0 [ 164.476635][ C3] p9_client_create+0xaf/0xd40 [ 164.479194][ C3] v9fs_session_init+0x40/0xce0 [ 164.492133][ C3] v9fs_get_tree+0xb8/0xb50 [ 164.494271][ C3] vfs_get_tree+0x92/0x320 [ 164.496251][ C3] path_mount+0x7d0/0x23c0 [ 164.505489][ C3] __x64_sys_mount+0x293/0x310 [ 164.511078][ C3] do_syscall_64+0xc9/0xf80 [ 164.519526][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.524074][ C3] [ 164.525135][ C3] Freed by task 6969: [ 164.528959][ C3] kasan_save_stack+0x30/0x50 [ 164.533058][ C3] kasan_save_track+0x14/0x30 [ 164.540289][ C3] kasan_save_free_info+0x3b/0x70 [ 164.544740][ C3] __kasan_slab_free+0x5f/0x80 [ 164.547257][ C3] kfree+0x1c7/0x690 [ 164.552809][ C3] p9_client_create+0x72d/0xd40 [ 164.556048][ C3] v9fs_session_init+0x40/0xce0 [ 164.558897][ C3] v9fs_get_tree+0xb8/0xb50 [ 164.585146][ C3] vfs_get_tree+0x92/0x320 [ 164.587117][ C3] path_mount+0x7d0/0x23c0 [ 164.595135][ C3] __x64_sys_mount+0x293/0x310 [ 164.597613][ C3] do_syscall_64+0xc9/0xf80 [ 164.600062][ C3] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.605435][ C3] [ 164.611190][ C3] The buggy address belongs to the object at ffff888033e5b800 [ 164.611190][ C3] which belongs to the cache kmalloc-512 of size 512 [ 164.622766][ C3] The buggy address is located 24 bytes inside of [ 164.622766][ C3] freed 512-byte region [ffff888033e5b800, ffff888033e5ba00) [ 164.630523][ C3] [ 164.631698][ C3] The buggy address belongs to the physical page: [ 164.635946][ C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033e5b400 pfn:0x33e58 [ 164.648156][ C3] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.656858][ C3] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 164.664813][ C3] page_type: f5(slab) [ 164.666186][ C3] raw: 00fff00000000040 ffff88801b842c80 0000000000000000 dead000000000001 [ 164.669326][ C3] raw: ffff888033e5b400 000000008010000e 00000000f5000000 0000000000000000 [ 164.672942][ C3] head: 00fff00000000040 ffff88801b842c80 0000000000000000 dead000000000001 [ 164.676200][ C3] head: ffff888033e5b400 000000008010000e 00000000f5000000 0000000000000000 [ 164.679315][ C3] head: 00fff00000000002 ffffea0000cf9601 00000000ffffffff 00000000ffffffff [ 164.682604][ C3] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 164.688316][ C3] page dumped because: kasan: bad access detected [ 164.690676][ C3] page_owner tracks the page as allocated [ 164.735052][ C3] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5955, tgid 5955 (syz-executor), ts 133288021278, free_ts 133194462116 [ 164.754008][ C3] post_alloc_hook+0x1e1/0x250 [ 164.755811][ C3] get_page_from_freelist+0xe3d/0x2e10 [ 164.757391][ C3] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 164.759215][ C3] alloc_pages_mpol+0x1fb/0x550 [ 164.761256][ C3] new_slab+0x2c4/0x440 [ 164.762904][ C3] ___slab_alloc+0xda3/0x1ca0 [ 164.779386][ C3] __slab_alloc.isra.0+0x63/0x110 [ 164.782631][ C3] __kmalloc_noprof+0x618/0x9c0 [ 164.795155][ C3] fib6_info_alloc+0x40/0x160 [ 164.817332][ C3] ip6_route_info_create+0x14c/0xad0 [ 164.819265][ C3] ip6_route_add+0x4b/0x1d0 [ 164.821181][ C3] addrconf_prefix_route+0x2fb/0x510 [ 164.833532][ C3] addrconf_notify+0x13f0/0x19c0 [ 164.835682][ C3] notifier_call_chain+0x99/0x3b0 [ 164.837961][ C3] call_netdevice_notifiers_info+0xbe/0x110 [ 164.840913][ C3] __dev_notify_flags+0x12c/0x2e0 [ 164.843571][ C3] page last free pid 1469 tgid 1469 stack trace: [ 164.879873][ C3] __free_frozen_pages+0x822/0x1130 [ 164.882273][ C3] __put_partials+0x127/0x160 [ 164.884406][ C3] qlist_free_all+0x47/0xe0 [ 164.886450][ C3] kasan_quarantine_reduce+0x1a0/0x1f0 [ 164.888993][ C3] __kasan_slab_alloc+0x69/0x90 [ 164.891132][ C3] kmem_cache_alloc_node_noprof+0x303/0x880 [ 164.893878][ C3] __alloc_skb+0x156/0x410 [ 164.895874][ C3] mld_newpack.isra.0+0x18e/0xa20 [ 164.898172][ C3] add_grhead+0x299/0x340 [ 164.900136][ C3] add_grec+0x1380/0x1920 [ 164.902374][ C3] mld_ifc_work+0x3c5/0xc10 [ 164.904537][ C3] process_one_work+0x9c2/0x1840 [ 164.907314][ C3] worker_thread+0x5da/0xe40 [ 164.909995][ C3] kthread+0x3b3/0x730 [ 164.912356][ C3] ret_from_fork+0x754/0xaf0 [ 164.914948][ C3] ret_from_fork_asm+0x1a/0x30 [ 164.917619][ C3] [ 164.918963][ C3] Memory state around the buggy address: [ 164.922172][ C3] ffff888033e5b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.926346][ C3] ffff888033e5b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.930769][ C3] >ffff888033e5b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.935239][ C3] ^ [ 164.937611][ C3] ffff888033e5b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.942707][ C3] ffff888033e5b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.947279][ C3] ================================================================== [ 164.953586][ C3] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 164.956346][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted syzkaller #0 PREEMPT(full) [ 164.959751][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.963598][ C3] Call Trace: [ 164.972561][ C3] [ 164.974203][ C3] dump_stack_lvl+0x100/0x190 [ 164.976860][ C3] vpanic+0x20d/0x630 [ 164.979153][ C3] panic+0xd1/0xd1 [ 164.982929][ C3] ? __pfx_panic+0x10/0x10 [ 164.992942][ C3] ? end_report.part.0+0x23/0x90 [ 164.995251][ C3] ? rcu_is_watching+0x12/0xc0 [ 164.997961][ C3] ? end_report.part.0+0x23/0x90 [ 165.002191][ C3] ? check_panic_on_warn+0x1f/0x90 [ 165.012217][ C3] check_panic_on_warn.cold+0x19/0x34 [ 165.016432][ C3] end_report.part.0+0x3a/0x90 [ 165.019543][ C3] kasan_report.cold+0xe/0x18 [ 165.021796][ C3] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 165.024408][ C3] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 165.026924][ C3] __kasan_check_byte+0x36/0x50 [ 165.029268][ C3] lock_acquire+0xf5/0x330 [ 165.032339][ C3] _raw_spin_lock_irqsave+0x3a/0x60 [ 165.036195][ C3] ? p9_req_put+0xaf/0x250 [ 165.038719][ C3] p9_req_put+0xaf/0x250 [ 165.042447][ C3] req_done+0x1dc/0x2e0 [ 165.045831][ C3] ? __pfx_req_done+0x10/0x10 [ 165.049411][ C3] ? __lock_acquire+0x4a5/0x2630 [ 165.052029][ C3] ? sched_ttwu_pending+0x388/0x660 [ 165.055040][ C3] ? __pfx_req_done+0x10/0x10 [ 165.057694][ C3] vring_interrupt+0x33b/0x430 [ 165.060402][ C3] ? __pfx_vring_interrupt+0x10/0x10 [ 165.064026][ C3] __handle_irq_event_percpu+0x232/0x800 [ 165.066707][ C3] handle_irq_event+0xab/0x1e0 [ 165.069073][ C3] handle_edge_irq+0x375/0x970 [ 165.071269][ C3] __common_interrupt+0xd8/0x2f0 [ 165.073277][ C3] common_interrupt+0xb9/0xe0 [ 165.075075][ C3] [ 165.076226][ C3] [ 165.077370][ C3] asm_common_interrupt+0x26/0x40 [ 165.079290][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 165.082829][ C3] Code: 66 78 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 bc 14 00 fb f4 fc 31 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 165.099355][ C3] RSP: 0018:ffffc900001a7df0 EFLAGS: 00000202 [ 165.102652][ C3] RAX: 00000000000554df RBX: ffff88801e2ca4c0 RCX: ffffffff8b76c4b5 [ 165.106610][ C3] RDX: 0000000000000000 RSI: ffffffff8dc454ef RDI: ffffffff8bfa35a0 [ 165.113240][ C3] RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed100d4e673d [ 165.123255][ C3] R10: ffff88806a7339eb R11: 0000000000000000 R12: ffffed1003c59498 [ 165.130801][ C3] R13: 0000000000000003 R14: ffffffff90b74bd0 R15: 0000000000000000 [ 165.133525][ C3] ? ct_kernel_exit+0x125/0x180 [ 165.135376][ C3] default_idle+0x9/0x10 [ 165.137049][ C3] default_idle_call+0x6c/0xb0 [ 165.138871][ C3] do_idle+0x35b/0x4b0 [ 165.140447][ C3] ? __pfx_do_idle+0x10/0x10 [ 165.159248][ C3] ? rcu_is_watching+0x12/0xc0 [ 165.164498][ C3] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 165.185170][ C3] ? lockdep_hardirqs_on+0x78/0x100 [ 165.188001][ C3] cpu_startup_entry+0x4f/0x60 [ 165.193730][ C3] start_secondary+0x21d/0x2d0 [ 165.198141][ C3] ? __pfx_start_secondary+0x10/0x10 [ 165.204921][ C3] common_startup_64+0x13e/0x148 [ 165.207928][ C3] [ 165.210891][ C3] Kernel Offset: disabled [ 165.212847][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:26:17 Registers: info registers vcpu 0 CPU#0 RAX=00000000000db77f RBX=ffffffff8e297ac0 RCX=ffffffff8b76c4b5 RDX=0000000000000000 RSI=ffffffff8dc454ef RDI=ffffffff8bfa35a0 RBP=0000000000000000 RSP=ffffffff8e207e00 R8 =0000000000000001 R9 =ffffed100d48673d R10=ffff88806a4339eb R11=0000000000000000 R12=fffffbfff1c52f58 R13=0000000000000000 R14=ffffffff90b74bd0 R15=0000000000000000 RIP=ffffffff8b76ae1f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d65db000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f0519f4da08 CR3=0000000025332000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003072 656c6c616b7a7973 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe14bf7c46 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe14bf7c46 00007ffe14bf7c4c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4441408704 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4441408750 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44414086c4 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4441408742 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44415e44a0 00007f44415e4480 00007f44415e4488 00007f44415e44b8 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44415e4498 00007f44415e4468 00007f44415e44a0 00007f44415e4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000000795df RBX=ffff88801e2a4980 RCX=ffffffff8b76c4b5 RDX=0000000000000000 RSI=ffffffff8dc454ef RDI=ffffffff8bfa35a0 RBP=0000000000000001 RSP=ffffc90000187df0 R8 =0000000000000001 R9 =ffffed100d4a673d R10=ffff88806a5339eb R11=0000000000000000 R12=ffffed1003c54930 R13=0000000000000001 R14=ffffffff90b74bd0 R15=0000000000000000 RIP=ffffffff8b76ae1f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 000fffff 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 000fffff 00000000 FS =0000 0000000000000000 000fffff 00000000 GS =0000 ffff8880d66db000 000fffff 00000000 LDT=0000 0000000000000000 000fffff 00000000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c326e12 CR3=000000005636a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0519f4d560 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff9ef2c6d6 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff9ef2c6d6 00007fff9ef2c6dc ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0519208704 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0519208750 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05192086c4 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0519208742 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05193e44a0 00007f05193e4480 00007f05193e4488 00007f05193e44b8 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05193e4498 00007f05193e4468 00007f05193e44a0 00007f05193e4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 0000000000000000 0000000000000000 0000000000000244 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000078069 RBX=ffff88801e2c8000 RCX=ffffffff8b76c4b5 RDX=0000000000000000 RSI=ffffffff8dc454ef RDI=ffffffff8bfa35a0 RBP=0000000000000002 RSP=ffffc90000197df0 R8 =0000000000000001 R9 =ffffed100d4c673d R10=ffff88806a6339eb R11=0000000000000000 R12=ffffed1003c59000 R13=0000000000000002 R14=ffffffff90b74bd0 R15=0000000000000000 RIP=ffffffff8b76ae1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67db000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000001000 CR3=000000002ab3c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fefffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb923de4d20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb923de4d20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555578d0ef38 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0b8003007a797301 ffffffffffffffff f708078003000107 fa40100001818004 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff f908138003003065 6c69662f2e01ffff ffffffffffffef08 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 032c6f6974726976 3d736e61727401ff ffffffffffffffe5 0805800300703901 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 05ba03752e303030 3270393d6e6f6973 72657601ffffffff ffffffffdf08059a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100040480040401 40cc0030656c6966 2f30656c69662f2e 01ffffffffffffff ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffe3080480030580 04028480ae100013 80040b8004078004 0a0142c000020005 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e40358020005e203 646e657478656f6e 01ffffffffffffff ffef0805d2035802 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0005d00370616d6d 3d656863616301ff ffffffffffffffeb 0805bc0358020005 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8569ad25 RDI=ffffffff9b207c00 RBP=ffffffff9b207bc0 RSP=ffffc90000708710 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6572617764726148 R12=0000000000000000 R13=000000000000005b R14=0000000000000010 R15=ffffffff8569acc0 RIP=ffffffff8569ad4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68db000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb05c8708c0 CR3=0000000053f93000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 752e303030327039 3d6e6f6973726576 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc610ffdf6 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc610ffdf6 00007ffc610ffdfc ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb05ca08704 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb05ca08750 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb05ca086c4 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb05ca08742 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb05cbe44a0 00007fb05cbe4480 00007fb05cbe4488 00007fb05cbe44b8 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb05cbe4498 00007fb05cbe4468 00007fb05cbe44a0 00007fb05cbe4480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000