last executing test programs: 7.770668313s ago: executing program 0 (id=31): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000980)={0x1c, &(0x7f0000000480)=ANY=[], 0x0, 0x0}) 7.010603402s ago: executing program 3 (id=38): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() syz_io_uring_submit(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x9b9, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90) 6.059035319s ago: executing program 3 (id=44): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000480), 0x100, 0x0) preadv2(r2, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0) 5.659093569s ago: executing program 0 (id=48): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) socket$kcm(0x29, 0x5, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000004, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0xffffffffffffffff, 0x9, 0x1000000000003, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.980806154s ago: executing program 0 (id=49): r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r0, 0x0, 0x34, 0x0, &(0x7f0000000180)) 4.925023315s ago: executing program 3 (id=51): r0 = timerfd_create(0x0, 0x0) syz_io_uring_setup(0x58f7, 0x0, &(0x7f0000000180)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x1a}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000340)="1400000023003517d25a806f8b6394f90324fc60", 0x14}], 0x1, 0x0, 0x0, 0x2000000}, 0x0) 4.924728763s ago: executing program 0 (id=52): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) munmap(&(0x7f000006d000/0x1000)=nil, 0x1000) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r1) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x80d02, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) close(r4) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) dup3(r2, r3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 3.975917811s ago: executing program 3 (id=57): syz_open_dev$dri(&(0x7f0000001180), 0x0, 0x8000) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa07, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r2 = io_uring_setup(0x6bd7, &(0x7f0000000040)={0x0, 0x15aa, 0x800, 0x2, 0x2ea}) io_uring_register$IORING_UNREGISTER_BUFFERS(r2, 0x1, 0x0, 0x0) syz_usb_connect(0x0, 0x41, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0}) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r4, 0x1, &(0x7f00000006c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x3, r3, &(0x7f0000000480)="e4b5eea546a2", 0x6, 0x494}]) r5 = syz_io_uring_setup(0x49c, &(0x7f0000000400)={0x0, 0x79af, 0x100, 0x7fff, 0x1aa}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000100)={0x0, 0x989680}, 0x1, 0x4, 0x1}) io_uring_enter(r5, 0x627, 0xc1040000, 0x43, 0x0, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000380)) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7e) listen(r8, 0x6) ioctl$EXT4_IOC_SWAP_BOOT(r8, 0x5411) socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x2d, 0x2, 0x0) connect$qrtr(r9, &(0x7f0000000000)={0x2d, 0xffffffffffffffff, 0x8000}, 0xc) 3.569269082s ago: executing program 1 (id=58): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r0, 0x3) r1 = socket$vsock_stream(0x28, 0x1, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x1000, &(0x7f0000000000)={0x100000, 0x70}, 0x20) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="e9a4ea8d246a02fb3d7b6d068c4bd0018e0400000000", 0x16}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001180)="2ebb203023d89132c1980796d3480bf302680bb6d94cc2ddc4b641c81144696a15b4d88e56d04ec393bf39b3774c70aa01f9aee0fc51897c613f9ed201e53a48b093ea3325ebab77c2d8afcdd9e30fec85fdb932aa067d0f6e891750cd952158d3288fc4cb3a551e6d8f828c6e02ef0e295cbf30390c4566dba8ff971c6d212f90", 0x81}], 0x1}}], 0x2, 0x44088) recvmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x5}, 0x0) 3.376781308s ago: executing program 1 (id=59): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$netlink(0x10, 0x3, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x5}, 0x0) add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'blake2b-256\x00'}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r3, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}], 0x1}}], 0x1, 0x0) 3.367706459s ago: executing program 0 (id=60): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x14048841) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x3f}]}}}]}, 0x40}}, 0x8c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000) shmget$private(0x0, 0x9000, 0x4, &(0x7f0000ff7000/0x9000)=nil) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x17, 0xcb}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(0xffffffffffffffff, 0x47f5, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000400)={@local, @random="f23b07487633", @void, {@canfd={0xd, {{0x4, 0x1, 0x1, 0x1}, 0x26, 0x3, 0x0, 0x0, "35ed665a3da809536be52e91a09b994b068cd75787864c21d11e3359855d63fc7897280c41bf748ef6f24aa8d59684e05c2f6b0bc8c017f77668ca328f7ffc5c"}}}}, &(0x7f0000000000)={0x1, 0x1, [0xa84, 0xe7a, 0x1ba, 0xcce]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.410428232s ago: executing program 2 (id=61): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x654a, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r3, &(0x7f00000029c0), 0x400006d, 0x20000004) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x24000090}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) syz_open_procfs(0xffffffffffffffff, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x4924b68, 0x0) 2.250533951s ago: executing program 1 (id=62): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_create_ruleset(&(0x7f0000000240)={0x20}, 0x18, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x8, 0xc1}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x238, 0x0, 0x11, 0x148, 0x0, 0x0, 0x290, 0x2a8, 0x2a8, 0x290, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x3, 0x1, 0x7, 0x2, 0x6, 0x4], 0x0, 0x6}, {0x3, [0x5, 0xc, 0x5, 0x0, 0x5, 0x1], 0x0, 0x6}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x5, 0xc, 0x1, 0x4, 0x5, 0x5], 0x3, 0x2}, {0x2, [0x4, 0x6, 0x0, 0x0, 0x0, 0x4], 0x4, 0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298) pipe(&(0x7f0000000000)) io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0) 2.098830737s ago: executing program 1 (id=63): r0 = socket(0x15, 0x5, 0x5) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r7 = socket$key(0xf, 0x3, 0x2) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xbe) sendmsg$key(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000020000000000000000006ed50d169fd1259a4008814b921f312bdff9490675285f56e698679723b433298a597a017f02c5d6ebed91840ceb992d34"], 0x10}}, 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0xba01}, 0x0) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(r8, 0x8904, &(0x7f00000000c0)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x0, 0xfffbfffd, 0x3, 0x4f, "0c41920887e8d2b791f19dd026d76d7fcb366b", 0x4, 0x200}) write(r1, &(0x7f0000000200)='G', 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x8) 1.730696843s ago: executing program 3 (id=64): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffff000, 0x101, &(0x7f0000000080)) syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, 0x0, 0x0) 1.470204713s ago: executing program 2 (id=65): r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x1ab801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x1, 0x2, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4}, {0x2, 0x4, 0x20, 0x7}]}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000000)={0x9}) 1.263732075s ago: executing program 2 (id=66): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) preadv2(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000340)=""/205, 0xcd}], 0x1, 0x400, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f00000000c0)=0x41) pwritev(r2, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x26202) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x200) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) close(r3) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x42000) 1.150845876s ago: executing program 0 (id=67): syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 1.060185753s ago: executing program 1 (id=68): bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) pipe2(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4880) fcntl$setpipe(r0, 0x407, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x49e, &(0x7f0000000400)={0x0, 0xe7a8, 0x400, 0x3, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r6 = eventfd2(0xff, 0x80001) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000300)=r6, 0x1) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x2}) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0) fcntl$lock(r1, 0x5, &(0x7f0000000140)={0x2, 0x4, 0xc, 0x7}) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) io_uring_enter(r3, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000009000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) 940.382921ms ago: executing program 2 (id=69): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000000)) 870.456108ms ago: executing program 2 (id=70): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r0, 0xda90) r1 = accept4(r0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x4ff3913d, 0xca0, 0x9}, 0x10) 430.63037ms ago: executing program 3 (id=71): r0 = open(0x0, 0x80140, 0x0) fcntl$setsig(r0, 0xa, 0x21) fcntl$setlease(r0, 0x400, 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x73, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa12, 0xffffffff}, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(r3, 0x5404) waitid(0x2, 0xffffffffffffffff, 0x0, 0x2, 0x0) mlock(&(0x7f0000646000/0x3000)=nil, 0x3000) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r4 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=0x0) syz_open_procfs(r5, 0x0) r6 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r7 = syz_io_uring_setup(0xce, &(0x7f0000000480)={0x0, 0x1b69, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x3, 0x0}) io_uring_enter(r7, 0x47ba, 0x98f1, 0x20, 0x0, 0x0) mq_timedsend(r6, 0x0, 0x0, 0x6, 0x0) 148.41417ms ago: executing program 1 (id=72): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@quota}, {@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x33]}}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x22e02, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000900)={{r2, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000001c0)='%+9llu \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r3}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x16, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000007000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(r5, 0xc0106403, &(0x7f0000000380)={0x0, 0xffff, 0x4dc6, 0xbb70}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f00000002c0)="65420f09c744240098000000c744240200000080ff2c2466ba4000b070ee652e3e3e3e3e410ffa981100000065430f09c4e243f61266660f388230430f1816426a00c4827d342485bb02b0e0", 0x4c}], 0x1, 0x59, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x15a) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r8, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030302e75652804911ac580855dddc12b56b890b7700f6ad5c479d70ce21444cecd78a0cd84ba1d069cb3e384e0f7cc6f1273f8a33a2c4a21697a47aec10cee4d12633f817e4f21a11db8d12d14ce65e78c82468070fedc7226d5bb4390ecd61ab8477abc88b3f45e53d3ae42ce12c12beeb7a03e9c6e4ed015ab1048054e3d3e3c1c8d6e998e72abe265ade7c27b8b2b80899918829c7e6f3bb1d619ed858296608d42a61e95998b370ad5182723d5dcda13ac5044103a497bb6a91896f5fa4f991fa8a6"], 0x15) r9 = dup(r8) write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18) write$FUSE_INIT(r9, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x40040000, 0x80, 0x4, 0x0, 0x2, 0x0, 0x0, 0x20, 0x4}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[], [], 0x6b}}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000000)=0x204100) chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01) r10 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e22, 0x101, @dev={0xfe, 0x80, '\x00', 0x17}, 0x6}}, 0x7fff, 0xa}, &(0x7f0000000080)=0x90) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r10, 0x84, 0x78, &(0x7f0000000200)=r11, 0x4) 0s ago: executing program 2 (id=73): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffff"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$FBIOPUT_CON2FBMAP(r1, 0x4610, &(0x7f0000000180)={0x1}) ioctl$FBIOPUT_CON2FBMAP(r1, 0x4610, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) kernel console output (not intermixed with test programs): [ 43.683407][ T40] audit: type=1400 audit(1756437007.459:60): avc: denied { rlimitinh } for pid=5880 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.690736][ T40] audit: type=1400 audit(1756437007.459:61): avc: denied { siginh } for pid=5880 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:36257' (ED25519) to the list of known hosts. [ 45.868928][ T40] audit: type=1400 audit(1756437009.669:62): avc: denied { name_bind } for pid=5922 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 45.896219][ T40] audit: type=1400 audit(1756437009.699:63): avc: denied { write } for pid=5925 comm="sh" path="pipe:[6580]" dev="pipefs" ino=6580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 45.919588][ T40] audit: type=1400 audit(1756437009.719:64): avc: denied { execute } for pid=5925 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 45.926897][ T40] audit: type=1400 audit(1756437009.719:65): avc: denied { execute_no_trans } for pid=5925 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 48.085120][ T40] audit: type=1400 audit(1756437011.889:66): avc: denied { mounton } for pid=5925 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 48.087570][ T5925] cgroup: Unknown subsys name 'net' [ 48.274722][ T5925] cgroup: Unknown subsys name 'cpuset' [ 48.279033][ T5925] cgroup: Unknown subsys name 'rlimit' [ 48.479538][ T5962] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 49.226859][ T5925] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.664347][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 52.664361][ T40] audit: type=1400 audit(1756437016.459:80): avc: denied { execmem } for pid=5968 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.901925][ T40] audit: type=1400 audit(1756437016.699:81): avc: denied { create } for pid=5972 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.910117][ T40] audit: type=1400 audit(1756437016.699:82): avc: denied { read write } for pid=5972 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.922734][ T40] audit: type=1400 audit(1756437016.699:83): avc: denied { open } for pid=5972 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.929863][ T40] audit: type=1400 audit(1756437016.709:84): avc: denied { ioctl } for pid=5972 comm="syz-executor" path="socket:[6604]" dev="sockfs" ino=6604 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.941141][ T5974] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.960020][ T5982] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.962834][ T5982] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.965452][ T5982] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.969116][ T5988] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.971932][ T5988] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.974686][ T5988] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.977604][ T5988] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.980180][ T5988] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.980509][ T5979] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.987749][ T5979] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.990415][ T40] audit: type=1400 audit(1756437016.789:85): avc: denied { read } for pid=5985 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.993888][ T5984] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.995228][ T5983] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.996908][ T5983] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.997613][ T5988] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.998023][ T5988] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.998374][ T5988] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.998862][ T40] audit: type=1400 audit(1756437016.789:86): avc: denied { open } for pid=5985 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.998888][ T40] audit: type=1400 audit(1756437016.789:87): avc: denied { mounton } for pid=5985 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 53.036379][ T5983] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.043925][ T5983] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.047365][ T5983] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.228281][ T40] audit: type=1400 audit(1756437017.029:88): avc: denied { module_request } for pid=5985 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 53.313706][ T5985] chnl_net:caif_netlink_parms(): no params data found [ 53.409089][ T5972] chnl_net:caif_netlink_parms(): no params data found [ 53.467983][ T5976] chnl_net:caif_netlink_parms(): no params data found [ 53.483953][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.487616][ T5985] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.490912][ T5985] bridge_slave_0: entered allmulticast mode [ 53.495550][ T5985] bridge_slave_0: entered promiscuous mode [ 53.513215][ T5977] chnl_net:caif_netlink_parms(): no params data found [ 53.554550][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.557699][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.560716][ T5985] bridge_slave_1: entered allmulticast mode [ 53.564789][ T5985] bridge_slave_1: entered promiscuous mode [ 53.710355][ T5985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.767587][ T5985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.779361][ T5976] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.783020][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.786103][ T5976] bridge_slave_0: entered allmulticast mode [ 53.789740][ T5976] bridge_slave_0: entered promiscuous mode [ 53.864864][ T5976] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.867161][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.869398][ T5976] bridge_slave_1: entered allmulticast mode [ 53.872869][ T5976] bridge_slave_1: entered promiscuous mode [ 53.902146][ T5972] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.905466][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.908947][ T5972] bridge_slave_0: entered allmulticast mode [ 53.912075][ T5972] bridge_slave_0: entered promiscuous mode [ 53.916274][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.918477][ T5977] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.920972][ T5977] bridge_slave_0: entered allmulticast mode [ 53.926846][ T5977] bridge_slave_0: entered promiscuous mode [ 53.930359][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.932772][ T5977] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.935037][ T5977] bridge_slave_1: entered allmulticast mode [ 53.937797][ T5977] bridge_slave_1: entered promiscuous mode [ 53.965307][ T5985] team0: Port device team_slave_0 added [ 53.968241][ T5972] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.970906][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.974166][ T5972] bridge_slave_1: entered allmulticast mode [ 53.978846][ T5972] bridge_slave_1: entered promiscuous mode [ 54.058225][ T5976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.063244][ T5985] team0: Port device team_slave_1 added [ 54.092720][ T5977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.099268][ T5976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.149433][ T5972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.155490][ T5977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.210422][ T5972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.231634][ T5976] team0: Port device team_slave_0 added [ 54.235211][ T5985] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.237914][ T5985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.248179][ T5985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.311188][ T5976] team0: Port device team_slave_1 added [ 54.315250][ T5985] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.318123][ T5985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.328773][ T5985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.358526][ T5977] team0: Port device team_slave_0 added [ 54.412885][ T5972] team0: Port device team_slave_0 added [ 54.416582][ T5977] team0: Port device team_slave_1 added [ 54.419632][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.422785][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.433279][ T5976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.439403][ T5972] team0: Port device team_slave_1 added [ 54.509538][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.512078][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.520969][ T5976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.539622][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.541923][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.550002][ T5972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.598920][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.601610][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.611512][ T5972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.616700][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.619356][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.631119][ T5977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.637436][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.640224][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.650330][ T5977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.657718][ T5985] hsr_slave_0: entered promiscuous mode [ 54.660553][ T5985] hsr_slave_1: entered promiscuous mode [ 54.765034][ T5976] hsr_slave_0: entered promiscuous mode [ 54.767704][ T5976] hsr_slave_1: entered promiscuous mode [ 54.770630][ T5976] debugfs: 'hsr0' already exists in 'hsr' [ 54.775654][ T5976] Cannot create hsr debugfs directory [ 54.840949][ T5972] hsr_slave_0: entered promiscuous mode [ 54.844226][ T5972] hsr_slave_1: entered promiscuous mode [ 54.847047][ T5972] debugfs: 'hsr0' already exists in 'hsr' [ 54.849388][ T5972] Cannot create hsr debugfs directory [ 54.975792][ T5977] hsr_slave_0: entered promiscuous mode [ 54.978131][ T5977] hsr_slave_1: entered promiscuous mode [ 54.980161][ T5977] debugfs: 'hsr0' already exists in 'hsr' [ 54.982042][ T5977] Cannot create hsr debugfs directory [ 55.022886][ T5983] Bluetooth: hci1: command tx timeout [ 55.022894][ T63] Bluetooth: hci3: command tx timeout [ 55.031980][ T5983] Bluetooth: hci0: command tx timeout [ 55.101947][ T5983] Bluetooth: hci2: command tx timeout [ 55.388087][ T5985] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.396316][ T5985] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.400782][ T5985] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.405328][ T5985] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.438461][ T5976] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.442982][ T5976] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.452739][ T5976] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.467823][ T5976] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.517171][ T5972] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.521043][ T5972] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.525845][ T5972] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.532282][ T5972] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.612346][ T5977] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.620528][ T5977] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.629836][ T5977] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.636198][ T5977] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.688448][ T5985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.725067][ T5985] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.746659][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.749837][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.758913][ T5976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.775274][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.780228][ T1259] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.783375][ T1259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.805851][ T5976] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.823338][ T1259] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.826385][ T1259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.831170][ T1259] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.834296][ T1259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.854874][ T5972] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.878419][ T1259] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.881975][ T1259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.900793][ T5977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.904752][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.907699][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.946799][ T5977] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.971519][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.974291][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.975552][ T40] audit: type=1400 audit(1756437019.779:89): avc: denied { sys_module } for pid=5985 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.999382][ T5972] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.003980][ T5972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.018867][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.021879][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.116180][ T5985] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.171636][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.177781][ T5976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.187698][ T5985] veth0_vlan: entered promiscuous mode [ 56.204412][ T5985] veth1_vlan: entered promiscuous mode [ 56.211533][ T5977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.241464][ T5976] veth0_vlan: entered promiscuous mode [ 56.255528][ T5976] veth1_vlan: entered promiscuous mode [ 56.275784][ T5972] veth0_vlan: entered promiscuous mode [ 56.278761][ T5985] veth0_macvtap: entered promiscuous mode [ 56.287642][ T5985] veth1_macvtap: entered promiscuous mode [ 56.302837][ T5977] veth0_vlan: entered promiscuous mode [ 56.307057][ T5972] veth1_vlan: entered promiscuous mode [ 56.315985][ T5976] veth0_macvtap: entered promiscuous mode [ 56.324706][ T5985] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.330555][ T5976] veth1_macvtap: entered promiscuous mode [ 56.337574][ T5985] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.345573][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.348864][ T5977] veth1_vlan: entered promiscuous mode [ 56.362084][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.365113][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.373566][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.397806][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.412595][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.426536][ T5977] veth0_macvtap: entered promiscuous mode [ 56.437205][ T5972] veth0_macvtap: entered promiscuous mode [ 56.444048][ T1144] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.452993][ T5977] veth1_macvtap: entered promiscuous mode [ 56.467317][ T1144] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.470753][ T1144] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.476587][ T5972] veth1_macvtap: entered promiscuous mode [ 56.488837][ T1144] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.496987][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.501013][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.523245][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.534409][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.539178][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.543158][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.545956][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.549899][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.573242][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.576611][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.587669][ T1144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.591605][ T1144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.606652][ T1144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.609663][ T5985] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.610335][ T1144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.635460][ T1144] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.638986][ T1144] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.646297][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.649190][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.655721][ T1144] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.659948][ T1144] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.704295][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.707609][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.744753][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.747211][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.777090][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.780490][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.805439][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.808785][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.892055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.912040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.914860][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.918727][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.934730][ T6074] ptrace attach of "/syz-executor exec"[5977] was attempted by "/syz-executor exec"[6074] [ 57.059933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.102751][ T63] Bluetooth: hci0: command tx timeout [ 57.102779][ T5974] Bluetooth: hci1: command tx timeout [ 57.107382][ T5983] Bluetooth: hci3: command tx timeout [ 57.171928][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 57.192463][ T63] Bluetooth: hci2: command tx timeout [ 57.367225][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.469588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.470479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.771727][ T40] kauditd_printk_skb: 36 callbacks suppressed [ 57.771738][ T40] audit: type=1400 audit(1756437021.569:126): avc: denied { read write } for pid=6082 comm="syz.3.7" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.781225][ T40] audit: type=1400 audit(1756437021.569:127): avc: denied { open } for pid=6082 comm="syz.3.7" path="/dev/raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.790842][ T40] audit: type=1400 audit(1756437021.569:128): avc: denied { ioctl } for pid=6082 comm="syz.3.7" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 57.805223][ T40] audit: type=1400 audit(1756437021.609:129): avc: denied { lock } for pid=6078 comm="syz.2.6" path="socket:[9418]" dev="sockfs" ino=9418 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 57.812010][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.813947][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.923170][ T6068] kexec: Could not allocate control_code_buffer [ 57.956185][ T40] audit: type=1400 audit(1756437021.759:130): avc: denied { read write } for pid=6084 comm="syz.1.8" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 57.965627][ T40] audit: type=1400 audit(1756437021.759:131): avc: denied { open } for pid=6084 comm="syz.1.8" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 58.031902][ T6060] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 58.051870][ T40] audit: type=1400 audit(1756437021.849:132): avc: denied { unmount } for pid=5976 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 58.168988][ T40] audit: type=1400 audit(1756437021.969:133): avc: denied { create } for pid=6087 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 58.179280][ T40] audit: type=1400 audit(1756437021.969:134): avc: denied { bind } for pid=6087 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 58.185583][ T40] audit: type=1400 audit(1756437021.979:135): avc: denied { setopt } for pid=6087 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 58.437002][ T6060] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 58.455620][ T6060] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.459137][ T6060] usb 8-1: Product: syz [ 58.461407][ T6060] usb 8-1: Manufacturer: syz [ 58.463939][ T6060] usb 8-1: SerialNumber: syz [ 58.507516][ T6060] usb 8-1: config 0 descriptor?? [ 58.727299][ T6060] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 59.182106][ T63] Bluetooth: hci0: command tx timeout [ 59.182420][ T5983] Bluetooth: hci1: command tx timeout [ 59.184133][ T5974] Bluetooth: hci3: command tx timeout [ 59.261883][ T5983] Bluetooth: hci2: command tx timeout [ 60.007048][ T6101] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14'. [ 60.011420][ T6101] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14'. [ 60.162703][ T6060] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 60.169084][ T6060] usb 8-1: USB disconnect, device number 2 [ 60.736019][ T6119] comedi comedi2: comedi_config --init_data is deprecated [ 60.739578][ T6119] comedi comedi2: comedi_config --init_data is deprecated [ 61.262856][ T5983] Bluetooth: hci1: command tx timeout [ 61.271908][ T5983] Bluetooth: hci0: command tx timeout [ 61.271929][ T63] Bluetooth: hci3: command tx timeout [ 61.351891][ T63] Bluetooth: hci2: command tx timeout [ 63.190754][ T40] kauditd_printk_skb: 62 callbacks suppressed [ 63.190766][ T40] audit: type=1400 audit(1756437026.989:198): avc: denied { accept } for pid=6166 comm="syz.1.33" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 63.190885][ T63] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 63.202551][ T6060] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 63.206264][ T63] CPU: 3 UID: 0 PID: 63 Comm: kworker/u33:0 Not tainted syzkaller #0 PREEMPT(full) [ 63.206289][ T63] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.206302][ T63] Workqueue: hci1 hci_rx_work [ 63.206324][ T63] Call Trace: [ 63.206331][ T63] [ 63.206338][ T63] dump_stack_lvl+0x16c/0x1f0 [ 63.206363][ T63] sysfs_warn_dup+0x7f/0xa0 [ 63.206389][ T63] sysfs_create_dir_ns+0x24b/0x2b0 [ 63.206411][ T63] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 63.206429][ T63] ? find_held_lock+0x2b/0x80 [ 63.206454][ T63] ? do_raw_spin_unlock+0x172/0x230 [ 63.206474][ T63] kobject_add_internal+0x2c4/0x9b0 [ 63.206501][ T63] kobject_add+0x16e/0x240 [ 63.206523][ T63] ? __pfx_kobject_add+0x10/0x10 [ 63.206546][ T63] ? do_raw_spin_unlock+0x172/0x230 [ 63.206565][ T63] ? kobject_put+0xab/0x5a0 [ 63.206593][ T63] device_add+0x288/0x1aa0 [ 63.206625][ T63] ? __pfx_dev_set_name+0x10/0x10 [ 63.206651][ T63] ? __pfx_device_add+0x10/0x10 [ 63.206674][ T63] ? mgmt_send_event_skb+0x2fb/0x460 [ 63.206708][ T63] hci_conn_add_sysfs+0x17e/0x230 [ 63.206729][ T63] le_conn_complete_evt+0x1075/0x1d70 [ 63.206756][ T63] ? preempt_count_sub+0xe0/0x160 [ 63.206784][ T63] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 63.206808][ T63] ? hci_event_packet+0x459/0x11c0 [ 63.206840][ T63] hci_le_conn_complete_evt+0x23c/0x370 [ 63.206873][ T63] hci_le_meta_evt+0x357/0x5e0 [ 63.206891][ T63] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 63.206921][ T63] hci_event_packet+0x682/0x11c0 [ 63.206948][ T63] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 63.206965][ T63] ? __pfx_hci_event_packet+0x10/0x10 [ 63.206995][ T63] ? kcov_remote_start+0x3c9/0x6d0 [ 63.207015][ T63] ? lockdep_hardirqs_on+0x7c/0x110 [ 63.207040][ T63] hci_rx_work+0x2c5/0x16b0 [ 63.207060][ T63] ? rcu_is_watching+0x12/0xc0 [ 63.207086][ T63] process_one_work+0x9cf/0x1b70 [ 63.207115][ T63] ? __pfx_process_one_work+0x10/0x10 [ 63.207141][ T63] ? assign_work+0x1a0/0x250 [ 63.207161][ T63] worker_thread+0x6c8/0xf10 [ 63.207193][ T63] ? __pfx_worker_thread+0x10/0x10 [ 63.207212][ T63] kthread+0x3c5/0x780 [ 63.207230][ T63] ? __pfx_kthread+0x10/0x10 [ 63.207250][ T63] ? rcu_is_watching+0x12/0xc0 [ 63.207271][ T63] ? __pfx_kthread+0x10/0x10 [ 63.207290][ T63] ret_from_fork+0x5d7/0x6f0 [ 63.207307][ T63] ? __pfx_kthread+0x10/0x10 [ 63.207327][ T63] ret_from_fork_asm+0x1a/0x30 [ 63.207360][ T63] [ 63.207385][ T63] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 63.319550][ T63] Bluetooth: hci1: failed to register connection device [ 63.373863][ T6060] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 63.382260][ T6060] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 63.387704][ T6060] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.408556][ T6060] usb 5-1: config 0 descriptor?? [ 63.415066][ T6060] pwc: Askey VC010 type 2 USB webcam detected. [ 63.454649][ T40] audit: type=1400 audit(1756437027.249:199): avc: denied { write } for pid=6172 comm="syz.2.36" lport=17 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 63.563474][ T6183] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 63.586535][ T40] audit: type=1400 audit(1756437027.389:200): avc: denied { unmount } for pid=5985 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 63.615900][ T6187] capability: warning: `syz.2.42' uses 32-bit capabilities (legacy support in use) [ 63.650209][ T40] audit: type=1400 audit(1756437027.449:201): avc: denied { write } for pid=6178 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 63.850002][ T6195] mmap: syz.2.43 (6195) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 63.943963][ T6060] pwc: recv_control_msg error -32 req 02 val 2b00 [ 63.947677][ T6060] pwc: recv_control_msg error -32 req 02 val 2700 [ 63.954207][ T6060] pwc: recv_control_msg error -32 req 02 val 2c00 [ 63.957750][ T6060] pwc: recv_control_msg error -32 req 04 val 1000 [ 63.964730][ T6060] pwc: recv_control_msg error -32 req 04 val 1300 [ 63.967510][ T6060] pwc: recv_control_msg error -32 req 04 val 1400 [ 63.970366][ T6060] pwc: recv_control_msg error -32 req 02 val 2000 [ 63.974171][ T6060] pwc: recv_control_msg error -32 req 02 val 2100 [ 63.977439][ T6060] pwc: recv_control_msg error -32 req 04 val 1500 [ 63.981003][ T6060] pwc: recv_control_msg error -32 req 02 val 2500 [ 63.984315][ T6060] pwc: recv_control_msg error -32 req 02 val 2400 [ 63.987531][ T6060] pwc: recv_control_msg error -32 req 02 val 2600 [ 63.991171][ T6060] pwc: recv_control_msg error -32 req 02 val 2900 [ 64.195592][ T6060] pwc: recv_control_msg error -71 req 04 val 1100 [ 64.200651][ T6060] pwc: recv_control_msg error -71 req 04 val 1200 [ 64.208933][ T6060] pwc: Registered as video103. [ 64.214500][ T6060] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/input/input6 [ 64.274115][ T40] audit: type=1400 audit(1756437028.081:202): avc: denied { read } for pid=5366 comm="acpid" name="event4" dev="devtmpfs" ino=2848 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 64.284752][ T40] audit: type=1400 audit(1756437028.081:203): avc: denied { open } for pid=5366 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2848 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 64.294500][ T40] audit: type=1400 audit(1756437028.081:204): avc: denied { ioctl } for pid=5366 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2848 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 64.410045][ T6060] usb 5-1: USB disconnect, device number 2 [ 64.736819][ T40] audit: type=1400 audit(1756437028.541:205): avc: denied { write } for pid=6211 comm="syz.2.47" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 64.809523][ T40] audit: type=1400 audit(1756437028.611:206): avc: denied { create } for pid=6204 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 64.863502][ T40] audit: type=1400 audit(1756437028.621:207): avc: denied { write } for pid=6204 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.704845][ T6234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.53'. [ 65.716956][ T6234] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.721011][ T6234] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.399638][ T6248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.56'. [ 66.841542][ C3] hrtimer: interrupt took 47411 ns [ 68.199586][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 68.199599][ T40] audit: type=1400 audit(1756437032.001:226): avc: denied { unlink } for pid=5976 comm="syz-executor" name="file0" dev="tmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 68.342944][ T6302] capability: warning: `syz.0.60' uses deprecated v2 capabilities in a way that may be insecure [ 68.371738][ T40] audit: type=1400 audit(1756437032.171:227): avc: denied { create } for pid=6306 comm="syz.1.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 68.565369][ T40] audit: type=1400 audit(1756437032.361:228): avc: denied { ioctl } for pid=6306 comm="syz.1.63" path="socket:[10771]" dev="sockfs" ino=10771 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.982023][ T1346] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 68.996958][ T40] audit: type=1400 audit(1756437032.801:229): avc: denied { write } for pid=6314 comm="syz.2.65" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 69.144546][ T1346] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 69.147678][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 69.152492][ T1346] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 69.161868][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 69.165267][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 69.170218][ T1346] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 69.172758][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 69.176073][ T1346] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 69.179651][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 69.183596][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 69.196556][ T1346] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 69.198890][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 69.205131][ T1346] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 69.209300][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 69.214932][ T1346] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 69.215558][ T40] audit: type=1400 audit(1756437033.021:230): avc: denied { read write } for pid=6317 comm="syz.2.66" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 69.230284][ T40] audit: type=1400 audit(1756437033.021:231): avc: denied { open } for pid=6317 comm="syz.2.66" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 69.237597][ T40] audit: type=1400 audit(1756437033.021:232): avc: denied { ioctl } for pid=6317 comm="syz.2.66" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 69.238329][ T1346] usb 8-1: string descriptor 0 read error: -22 [ 69.249943][ T1346] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 69.252871][ T1346] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.269221][ T1346] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 69.393646][ T6060] Process accounting resumed [ 69.422000][ T63] Bluetooth: hci1: command 0x0406 tx timeout [ 69.468339][ T6016] usb 8-1: USB disconnect, device number 3 [ 69.483821][ T6317] block nbd2: shutting down sockets [ 69.541901][ T1346] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 69.593146][ T40] audit: type=1400 audit(1756437033.401:233): avc: denied { name_connect } for pid=6329 comm="syz.2.70" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 69.644348][ T40] audit: type=1400 audit(1756437033.451:234): avc: denied { listen } for pid=6329 comm="syz.2.70" lport=52463 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.695920][ T40] audit: type=1400 audit(1756437033.501:235): avc: denied { accept } for pid=6329 comm="syz.2.70" lport=52463 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.702447][ T1346] usb 5-1: Using ep0 maxpacket: 8 [ 69.709333][ T1346] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 69.714719][ T1346] usb 5-1: config 0 has no interface number 0 [ 69.717927][ T1346] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 69.726473][ T1346] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 69.731561][ T1346] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 69.737381][ T1346] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 69.743585][ T1346] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 69.751593][ T1346] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 69.756042][ T1346] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.770314][ T1346] usb 5-1: config 0 descriptor?? [ 69.795529][ T1346] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 69.977812][ T6321] ldusb 5-1:0.55: Couldn't submit interrupt_in_urb -90 [ 69.982913][ T6016] usb 5-1: USB disconnect, device number 3 [ 69.988021][ T6016] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 70.490922][ T6346] ================================================================== [ 70.490936][ T6346] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 70.490970][ T6346] Write of size 8 at addr ffffc90005281020 by task syz.2.73/6346 [ 70.490985][ T6346] [ 70.490994][ T6346] CPU: 1 UID: 0 PID: 6346 Comm: syz.2.73 Not tainted syzkaller #0 PREEMPT(full) [ 70.491015][ T6346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.491041][ T6346] Call Trace: [ 70.491050][ T6346] [ 70.491056][ T6346] dump_stack_lvl+0x116/0x1f0 [ 70.491079][ T6346] print_report+0xcd/0x630 [ 70.491099][ T6346] ? __virt_addr_valid+0x81/0x610 [ 70.491127][ T6346] ? sys_imageblit+0x1a6f/0x1e60 [ 70.491149][ T6346] kasan_report+0xe0/0x110 [ 70.491184][ T6346] ? sys_imageblit+0x1a6f/0x1e60 [ 70.491210][ T6346] sys_imageblit+0x1a6f/0x1e60 [ 70.491236][ T6346] ? get_page_from_freelist+0x1b34/0x38e0 [ 70.491255][ T6346] ? __pfx_sys_imageblit+0x10/0x10 [ 70.491283][ T6346] ? rcu_is_watching+0x12/0xc0 [ 70.491306][ T6346] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 70.491324][ T6346] ? kasan_save_track+0x14/0x30 [ 70.491347][ T6346] ? __kasan_slab_free+0x60/0x70 [ 70.491369][ T6346] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 70.491390][ T6346] bit_putcs+0x90f/0xde0 [ 70.491415][ T6346] ? __pfx_bit_putcs+0x10/0x10 [ 70.491437][ T6346] ? fb_get_color_depth+0x120/0x250 [ 70.491454][ T6346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.491477][ T6346] ? __pfx_bit_putcs+0x10/0x10 [ 70.491495][ T6346] fbcon_putcs+0x384/0x4a0 [ 70.491524][ T6346] do_update_region+0x2e6/0x3f0 [ 70.491550][ T6346] invert_screen+0x1e4/0x590 [ 70.491568][ T6346] ? __pfx_invert_screen+0x10/0x10 [ 70.491585][ T6346] ? __pfx_complement_pos+0x10/0x10 [ 70.491602][ T6346] ? trace_kmalloc+0x2b/0xd0 [ 70.491624][ T6346] ? __kmalloc_noprof.cold+0x5c/0x61 [ 70.491649][ T6346] ? find_held_lock+0x2b/0x80 [ 70.491673][ T6346] clear_selection+0x59/0x70 [ 70.491700][ T6346] vc_do_resize+0xd9b/0x10e0 [ 70.491721][ T6346] ? __pfx_vc_do_resize+0x10/0x10 [ 70.491742][ T6346] fbcon_set_disp+0x7ad/0xe50 [ 70.491770][ T6346] set_con2fb_map+0x703/0x1080 [ 70.491789][ T6346] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 70.491810][ T6346] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 70.491831][ T6346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.491851][ T6346] do_fb_ioctl+0x328/0x7e0 [ 70.491873][ T6346] ? __pfx_do_fb_ioctl+0x10/0x10 [ 70.491899][ T6346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.491929][ T6346] ? selinux_file_ioctl+0x180/0x270 [ 70.491957][ T6346] fb_ioctl+0xe5/0x150 [ 70.491977][ T6346] ? __pfx_fb_ioctl+0x10/0x10 [ 70.491998][ T6346] __x64_sys_ioctl+0x18b/0x210 [ 70.492026][ T6346] do_syscall_64+0xcd/0x4c0 [ 70.492048][ T6346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.492066][ T6346] RIP: 0033:0x7f27ca18ebe9 [ 70.492082][ T6346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.492100][ T6346] RSP: 002b:00007f27c83f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.492119][ T6346] RAX: ffffffffffffffda RBX: 00007f27ca3b5fa0 RCX: 00007f27ca18ebe9 [ 70.492132][ T6346] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000004 [ 70.492144][ T6346] RBP: 00007f27ca211e19 R08: 0000000000000000 R09: 0000000000000000 [ 70.492155][ T6346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.492166][ T6346] R13: 00007f27ca3b6038 R14: 00007f27ca3b5fa0 R15: 00007fffea57a9c8 [ 70.492184][ T6346] [ 70.492190][ T6346] [ 70.492195][ T6346] The buggy address belongs to a vmalloc virtual mapping [ 70.492208][ T6346] Memory state around the buggy address: [ 70.492217][ T6346] ffffc90005280f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 70.492230][ T6346] ffffc90005280f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 70.492243][ T6346] >ffffc90005281000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 70.492253][ T6346] ^ [ 70.492263][ T6346] ffffc90005281080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 70.492276][ T6346] ffffc90005281100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 70.492287][ T6346] ================================================================== [ 70.494055][ T6346] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.494072][ T6346] CPU: 1 UID: 0 PID: 6346 Comm: syz.2.73 Not tainted syzkaller #0 PREEMPT(full) [ 70.494118][ T6346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.494131][ T6346] Call Trace: [ 70.494138][ T6346] [ 70.494146][ T6346] dump_stack_lvl+0x3d/0x1f0 [ 70.494184][ T6346] vpanic+0x6e8/0x7a0 [ 70.494214][ T6346] ? __pfx_vpanic+0x10/0x10 [ 70.494261][ T6346] ? sys_imageblit+0x1a6f/0x1e60 [ 70.494287][ T6346] panic+0xca/0xd0 [ 70.494315][ T6346] ? __pfx_panic+0x10/0x10 [ 70.494347][ T6346] ? sys_imageblit+0x1a6f/0x1e60 [ 70.494372][ T6346] ? preempt_schedule_common+0x44/0xc0 [ 70.494393][ T6346] ? preempt_schedule_thunk+0x16/0x30 [ 70.494420][ T6346] check_panic_on_warn+0xab/0xb0 [ 70.494437][ T6346] end_report+0x107/0x170 [ 70.494456][ T6346] kasan_report+0xee/0x110 [ 70.494476][ T6346] ? sys_imageblit+0x1a6f/0x1e60 [ 70.494502][ T6346] sys_imageblit+0x1a6f/0x1e60 [ 70.494528][ T6346] ? get_page_from_freelist+0x1b34/0x38e0 [ 70.494547][ T6346] ? __pfx_sys_imageblit+0x10/0x10 [ 70.494575][ T6346] ? rcu_is_watching+0x12/0xc0 [ 70.494598][ T6346] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 70.494616][ T6346] ? kasan_save_track+0x14/0x30 [ 70.494633][ T6346] ? __kasan_slab_free+0x60/0x70 [ 70.494653][ T6346] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 70.494674][ T6346] bit_putcs+0x90f/0xde0 [ 70.494698][ T6346] ? __pfx_bit_putcs+0x10/0x10 [ 70.494719][ T6346] ? fb_get_color_depth+0x120/0x250 [ 70.494736][ T6346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.494759][ T6346] ? __pfx_bit_putcs+0x10/0x10 [ 70.494778][ T6346] fbcon_putcs+0x384/0x4a0 [ 70.494807][ T6346] do_update_region+0x2e6/0x3f0 [ 70.494834][ T6346] invert_screen+0x1e4/0x590 [ 70.494853][ T6346] ? __pfx_invert_screen+0x10/0x10 [ 70.494870][ T6346] ? __pfx_complement_pos+0x10/0x10 [ 70.494888][ T6346] ? trace_kmalloc+0x2b/0xd0 [ 70.494909][ T6346] ? __kmalloc_noprof.cold+0x5c/0x61 [ 70.494933][ T6346] ? find_held_lock+0x2b/0x80 [ 70.494956][ T6346] clear_selection+0x59/0x70 [ 70.494978][ T6346] vc_do_resize+0xd9b/0x10e0 [ 70.494998][ T6346] ? __pfx_vc_do_resize+0x10/0x10 [ 70.495037][ T6346] fbcon_set_disp+0x7ad/0xe50 [ 70.495065][ T6346] set_con2fb_map+0x703/0x1080 [ 70.495086][ T6346] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 70.495105][ T6346] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 70.495125][ T6346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.495146][ T6346] do_fb_ioctl+0x328/0x7e0 [ 70.495168][ T6346] ? __pfx_do_fb_ioctl+0x10/0x10 [ 70.495194][ T6346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 70.495223][ T6346] ? selinux_file_ioctl+0x180/0x270 [ 70.495249][ T6346] fb_ioctl+0xe5/0x150 [ 70.495270][ T6346] ? __pfx_fb_ioctl+0x10/0x10 [ 70.495292][ T6346] __x64_sys_ioctl+0x18b/0x210 [ 70.495321][ T6346] do_syscall_64+0xcd/0x4c0 [ 70.495349][ T6346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.495368][ T6346] RIP: 0033:0x7f27ca18ebe9 [ 70.495384][ T6346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.495403][ T6346] RSP: 002b:00007f27c83f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.495421][ T6346] RAX: ffffffffffffffda RBX: 00007f27ca3b5fa0 RCX: 00007f27ca18ebe9 [ 70.495434][ T6346] RDX: 0000200000000180 RSI: 0000000000004610 RDI: 0000000000000004 [ 70.495446][ T6346] RBP: 00007f27ca211e19 R08: 0000000000000000 R09: 0000000000000000 [ 70.495457][ T6346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.495467][ T6346] R13: 00007f27ca3b6038 R14: 00007f27ca3b5fa0 R15: 00007fffea57a9c8 [ 70.495485][ T6346] [ 70.496186][ T6346] Kernel Offset: disabled VM DIAGNOSIS: 03:10:34 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81608c60 RDX=ffff88802fbf4880 RSI=ffffffff81608ca8 RDI=ffffffff93db8fe0 RBP=0000000000000000 RSP=ffffc90000007fd0 R8 =0000000000000001 R9 =fffffbfff27b71fc R10=ffffffff93db8fe7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81608ca9 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f8ba221dc80 ffffffff 00c00000 GS =0000 ffff8880d66b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f27c83f5f98 CR3=00000000290ab000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000f0000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055e2d40b2600 000055e2d40b2600 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc6b555ae0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f76656462665f6d 726420205d363433 3654205b5d393633 3139342e30372020 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343130322f31302f 343020312b32316f 70627e322d332e36 312e312d6e616962 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65642d332e36312e 3120534f4942202c 2939303032202c39 484349202b203533 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5128204350206472 61646e6174532055 4d4551203a656d61 6e20657261776472 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6148205d36343336 54205b5d35313031 39342e3037202020 5b203a6c656e7265 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85643cf5 RDI=ffffffff9b1110a0 RBP=ffffffff9b111060 RSP=ffffc9000527ef30 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=0000000000000061 R14=ffffffff9b111060 R15=ffffffff85643c90 RIP=ffffffff85643d1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f27c83f66c0 ffffffff 00c00000 GS =0000 ffff8880d67b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000110c328152 CR3=00000000627d8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=7a36af96d9cd06c6 d88117c447cfe521 7a36af96d9cd06c6 d88117c447cfe521 7a36af96d9cd06c6 d88117c447cfe521 7a36af96d9cd06c6 d88117c447cfe521 ZMM18=71c7783e544735fd 61424b701af73580 71c7783e544735fd 61424b701af73580 71c7783e544735fd 61424b701af73580 71c7783e544735fd 61424b701af73580 ZMM19=8703000000000000 0000000000000005 8703000000000000 0000000000000004 8703000000000000 0000000000000003 8703000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008ffffffce0000 0000030000000000 00160000000cffff ff9e000000000100 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000260000 000cffffff8a0000 03e6000000080004 0000000800080000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0028000000400000 0064000000580000 00240000008c0000 00ac000000070000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300000000000008 ffffffce00000000 0300000000000016 0000000cffffff9e ZMM25=61424b7061424b70 61424b7061424b70 61424b7061424b70 61424b7061424b70 61424b7061424b70 61424b7061424b70 61424b7061424b70 61424b7061424b70 ZMM26=544735fd544735fd 544735fd544735fd 544735fd544735fd 544735fd544735fd 544735fd544735fd 544735fd544735fd 544735fd544735fd 544735fd544735fd ZMM27=71c7783e71c7783e 71c7783e71c7783e 71c7783e71c7783e 71c7783e71c7783e 71c7783e71c7783e 71c7783e71c7783e 71c7783e71c7783e 71c7783e71c7783e ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=8403000084030000 8403000084030000 8403000084030000 8403000084030000 8403000084030000 8403000084030000 8403000084030000 8403000084030000 info registers vcpu 2 CPU#2 RAX=0000000080010002 RBX=0000000000000000 RCX=ffffffff81608c60 RDX=ffff888035430000 RSI=ffffffff81608ca8 RDI=ffffffff93db8fe0 RBP=0000000000000002 RSP=ffffc90000648fd0 R8 =0000000000000001 R9 =fffffbfff27b71fc R10=ffffffff93db8fe7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81608ca9 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68b9000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005555915b65c8 CR3=000000004d6a9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000020080810 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc08665d00 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc08665e86 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc08665e86 00007ffc08665e8c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8b94212e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8b94212e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8b94212e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8b94212e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8b94212ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8b94212fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81608c60 RDX=ffff888034cdc880 RSI=ffffffff81608ca8 RDI=ffffffff93db8fe0 RBP=0000000000000003 RSP=ffffc900006f8fd0 R8 =0000000000000001 R9 =fffffbfff27b71fc R10=ffffffff93db8fe7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81608ca9 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c01300 GS =0000 ffff8880d69b9000 ffffffff 00c01300 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c461e4b CR3=0000000052cd6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000560cecd999c0 0000560cecd999c0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 00007ffe9ebd8720 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f32f4bf1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff0000000000ff ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a524f4e4443 05191a1b454f4e43 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c05525f4443461e 454f4e435c051a04 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 0000000000000000 00007ffe9ebd8720 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000560cecd98f50 0000560cecd8fec0 0000560cecd81490 0000560cecb46bb0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000560cecd85c40 0000560cecd7fe70 0000560cecd7fc50 0000560cecb46c10 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000560cecd92360 0000560cecd84730 0000560cecd81150 0000560cecd994b0 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000560cecd94e30 0000560cecd8cca0 0000560cecd84e30 0000560cecd811b0 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000014100 000000000000303d 44440045525f5346 0054242044492065 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000