last executing test programs: 4.515435989s ago: executing program 0 (id=147): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) (async) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) (async) r4 = userfaultfd(0x80801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) (async) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r5 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080)) ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x1ff, 0x0, 0x0, 0x8000000000000000, 0xb, 0x2, 0x0, 0x2}) (async) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x40086602, 0x0) (async) chown(0x0, 0x0, 0xffffffffffffffff) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x103383, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000240)={0x14, &(0x7f00000001c0)=ANY=[], 0x0}, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3800000010003904000000000000000000000010728b9ae898ffd9eb789e08d2e71706000000c20d34d768d4703105295b849194d1d81a00824ceb7cf46b0cd266ec9d810f6dfb515cec76fb6b5c2c6ce482644ad8a1035dd240a66a45f49f94b28561701135e4395bcdfffab83e7825ad3c28969bcc8d1097ef4f39f9854ac73dcd9c94a5ccc41109883bdd3dcacd79ea27f5c3847fb9968ff107ccd3d9ed3dc8496836328ef6913cb785871a0455c7bf1f95d14e8d540be7d89c6a4911ce427639586625c49db00a00"/213, @ANYRES32=r2, @ANYBLOB="01980000000000001800128008000100677265000c00028008000100", @ANYRES32=r2, @ANYBLOB], 0x38}}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gre={{0x8}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x34}}, 0x0) 4.452891816s ago: executing program 0 (id=150): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000b40d504010000000000000109022400010000000009"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x102) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000600)={0x0, 0xfffffffffffffe57, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000440)={r5, 0x0, 0x0, 0x0, 0x1, [0x0], [], [0x0, 0x0, 0x0, 0x3]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000100)={r6, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000800)={0x0, 0x0, r7}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f0000000300)={0x160001, 0x0, [0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0, 0x0, 0x29]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e066f30fa7c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 3.072858792s ago: executing program 0 (id=170): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000001e80)={0x0, 0x0, &(0x7f0000001e40)={&(0x7f00000003c0)={0x38, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) socket$kcm(0x2, 0x2, 0x73) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f000000c400)={0x2020}, 0x2020) write$FUSE_INIT(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000400)={0xa, 0x3, 0x7, {0x0, 0x0, 0x1003f, 0x5}}) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x8, 0x1, 'ttl\x00'}, @NFTA_MATCH_INFO={0x5, 0x3, 'z'}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0xf5ffffff, 0x0, 0x24004001}, 0x0) 3.070811918s ago: executing program 0 (id=171): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x600, 0x0) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f00000000c0)={0x30, 0x0, 0x1, 0x0, 0x8, 0x4186, 0xc58, 0x0}) socket(0xa, 0x3, 0x3a) syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000700)="97", 0x1}, {&(0x7f0000000640)="d3", 0x1}], 0x2) close(0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffeba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="96040f0000440200320012502fc2f6800b00010069703667726500000c000280", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x0) 1.7319825s ago: executing program 2 (id=187): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) io_uring_setup(0x31d0, &(0x7f0000000740)) socket$inet_tcp(0x2, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$caif_seqpacket(0x25, 0x5, 0x3) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, &(0x7f00000000c0)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00faff400005000000000000000000000000000000bc000000000000"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x28) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000800)={r1, &(0x7f0000000500)="ab30d7dc7e11f85beb3976f81df772d129eda59e42de630de2d98b9e6bd37d513aa254897384c4afec41f6a727db0492417e954eed4d6db0cbf70dddb39c841f18b84a1dd608a99ac92d49a98fc3087d7a50d7d5cdbae04245895e9f365ecc10fcb13473fe2941e62a16a748d5dfc58c5e2d68a61e29707cbe28c422f9f9fa4b3e6ac055354fe3a92e2b3a218af9d174ea1dc74b82cdd5baf8a7d48612284a7b88121d08691ecbe01cd163a5dd1de3b7bcf65b835904bf575094a68ee0f67e47daff72909213a7013dd24e74a7be803e34a746ec60557f20f63ea0bd827e38573305620dea709bb80d066052b776b8928be505ad1b5e1353498837504d6e7c6b", 0x0}, 0x20) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) epoll_create1(0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x275a, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={0x0}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000200)={r4, 0x4a, 0x5, 0x0, 0x81, 0x3}, &(0x7f0000000240)=0x14) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000280)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r6, &(0x7f0000000300)='cgroup.kill\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000002c0)=ANY=[@ANYRES8=r5], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0xf, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000004c0)='generic_add_lease\x00', r8}, 0x18) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) 1.671158712s ago: executing program 2 (id=189): syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x450400) 1.66838155s ago: executing program 2 (id=190): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) (async) listxattr(0x0, 0x0, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, 0x0) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x28081, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) (async) sched_setaffinity(0x0, 0x0, 0x0) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='ext4_sync_fs\x00', r2}, 0x10) (async) sync() (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x0}, {0x4}, {0xffffffffffffff13}, {0xc}}}]}]}, 0x48}}, 0x0) (async) syz_80211_inject_frame(0x0, 0x0, 0x47) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) 1.069092235s ago: executing program 2 (id=193): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) syz_init_net_socket$netrom(0x6, 0x5, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000440)={&(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}) (async) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000440)={&(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, 0x0, 0xffffffffffffffff}) r5 = syz_create_resource$binfmt(&(0x7f0000000480)='./file0\x00') execveat$binfmt(r4, r5, &(0x7f0000000500)={[&(0x7f00000004c0)='geneve0\x00']}, &(0x7f00000005c0)={[&(0x7f0000000540)='wlan0\x00', &(0x7f0000000580)='\x00']}, 0x1000) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'geneve0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=r7, @ANYBLOB="0000000080010000280012800b00010067656e4276335e7fddb4c7eca96500001800028014000700ff02004000000000"], 0x48}, 0x1, 0x2, 0x0, 0x8000}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r6, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x3c, 0x0, 0x4, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x88f}, @NL80211_ATTR_CRIT_PROT_ID={0x6}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xdc8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r6, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x3c, 0x0, 0x4, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x88f}, @NL80211_ATTR_CRIT_PROT_ID={0x6}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xdc8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r9, 0x25, 0x0, @val=@netfilter}, 0x40) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0xffffffff, 0x0, {0x0, 0x0, 0x74, r9, {0x0, 0x7}, {0x0, 0x4}, {0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 939.404241ms ago: executing program 2 (id=197): r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) r1 = io_uring_setup(0x1397, &(0x7f00000000c0)={0x0, 0x47f, 0xef85869e598f7813, 0x2, 0x389, 0x0, r0}) r2 = syz_io_uring_setup(0x7e2b, &(0x7f0000000300)={0x0, 0x3, 0x800, 0x0, 0x1ba, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r0}) io_uring_enter(r2, 0x353, 0x3, 0x1, 0x0, 0x0) signalfd(r0, &(0x7f0000002340), 0x8) (async) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x9c) r6 = openat$binfmt_register(0xffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r6, &(0x7f0000000040)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x0, 0x3a, 'syz2', 0x3a, 'Y$*@', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x46]}, 0x32) 841.738451ms ago: executing program 2 (id=198): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) dup2(r1, r0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000002100)={0x1, 'netpci0\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'dummy0\x00'}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720a00fef8ffffff71a4f1ff0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffa0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 562.935533ms ago: executing program 1 (id=204): r0 = syz_io_uring_setup(0x5411, &(0x7f0000000300)={0x0, 0x6b7f, 0x1000, 0x2, 0x221}, &(0x7f0000000380), 0x0) syz_clone3(&(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000000)="6941c43b78eeda4918160798ef967cb9254c327158c51dc69eeda809ba0f") syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000dc0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0xd481e000) 482.990652ms ago: executing program 3 (id=205): openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000300)=[{0x0, 0x61}, {&(0x7f00000001c0)="5c8000000000000000ea45a1", 0x20000081}], 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x2, 0xc, &(0x7f00000013c0)=ANY=[@ANYBLOB="180200001000000000000000000000001801000020696c2500000000002020207b2af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000087000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xffffffff, 0xd2, &(0x7f0000000140)=""/210, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 482.360586ms ago: executing program 3 (id=206): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet(0x2, 0x6, 0x0) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, 0x0) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001800)=[@text64={0x40, &(0x7f0000001840)="f3470fbc06c74424000600007848b800280000000000000f23c00f21f835030004000f23f8c7442406000000000f0114246aa2450f0012124424001afa0000c744240216383d27c7442406000000000f011c2466b8f0000f00d0400f060f00e4c4a1c1edba2500000066baa00066b8000066ef66b82f008ed0", 0x79}], 0x1, 0x0, 0x0, 0x47) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='autofs\x00', 0x0, 0x0) (async) ioctl$KVM_NMI(r2, 0xae9a) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) 382.84895ms ago: executing program 1 (id=207): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r3) sendmsg$IEEE802154_DISASSOCIATE_REQ(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r5, 0x1}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r7}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r7, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10) bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r6, 0x0, r7}, 0x60) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x38}}, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x4aa841, 0x0) 382.655796ms ago: executing program 3 (id=208): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r1, 0xff, 0x1, 0x0, &(0x7f0000000000)) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000040)=0x9, 0x4) sendmsg$tipc(r0, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) 312.507753ms ago: executing program 1 (id=209): r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000340), 0x8) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008a04"]) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r5, 0x0, 0x1, 0x0, 0x0) mmap$snddsp_status(&(0x7f0000ffc000/0x4000)=nil, 0x1000, 0x200000d, 0x30, r0, 0x82000000) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x100102, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x200, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0x7}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008880}, 0x8004) ioctl$KVM_NMI(r4, 0xae9a) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) bind$bt_sco(r3, &(0x7f0000000340), 0x8) (async) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008a04"]) (async) socket$inet_mptcp(0x2, 0x1, 0x106) (async) setsockopt$inet_int(r5, 0x0, 0x1, 0x0, 0x0) (async) mmap$snddsp_status(&(0x7f0000ffc000/0x4000)=nil, 0x1000, 0x200000d, 0x30, r0, 0x82000000) (async) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x100102, 0x0) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00'}) (async) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x200, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0x7}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008880}, 0x8004) (async) ioctl$KVM_NMI(r4, 0xae9a) (async) 312.303794ms ago: executing program 3 (id=210): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000040)="cca3fcf58d8fb8739ab092390ff73d843e5982972b842ab7b9a9b8948618f7de1185b56070fa0b2011c0c80d348fbbf00389a0144fc941ec995f3acade2e6339a5cdfd03b31658a6781404055c7faa203af4cbd30c89c9de87da3439a3d54d50d0cbd1c3a10735873d4b5fdd848dfc316db8bdbd5b1e62f593be65fc8e5f0a643ef0938976c9f8dc7a4f29f29112615581b3ec916f3d5e79d9c0efbb16b025b24891", 0xa2}], 0x1) ioctl$IMDELTIMER(r0, 0x80044941, &(0x7f0000000200)=0x1) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000040)="cca3fcf58d8fb8739ab092390ff73d843e5982972b842ab7b9a9b8948618f7de1185b56070fa0b2011c0c80d348fbbf00389a0144fc941ec995f3acade2e6339a5cdfd03b31658a6781404055c7faa203af4cbd30c89c9de87da3439a3d54d50d0cbd1c3a10735873d4b5fdd848dfc316db8bdbd5b1e62f593be65fc8e5f0a643ef0938976c9f8dc7a4f29f29112615581b3ec916f3d5e79d9c0efbb16b025b24891", 0xa2}], 0x1) (async) ioctl$IMDELTIMER(r0, 0x80044941, &(0x7f0000000200)=0x1) (async) 312.171003ms ago: executing program 3 (id=211): r0 = socket$inet6(0xa, 0x5, 0x0) recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}, 0xdc}], 0x1, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d0505040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 252.439815ms ago: executing program 3 (id=212): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3) fcntl$setsig(r2, 0xa, 0x12) syz_io_uring_setup(0x5411, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000040), 0x8) listen(r4, 0x0) r5 = dup2(r4, r4) accept4$bt_l2cap(r5, 0x0, 0x0, 0x0) dup2(r2, r3) fcntl$setown(r2, 0x8, r1) tkill(r1, 0x13) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000140)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r0, 0xc00864c0, &(0x7f0000000400)={r6}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000000201030000000000000003000000000000000280aa2eb0f65a672019dd421400018008000100ac14144808000200e0000001060012400001000008000c4000000003"], 0x3c}}, 0x4) sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000130a03000000000000000000020000000900020073797a310000000008000340"], 0x34}}, 0x0) 250.957998ms ago: executing program 1 (id=213): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x80002, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x78, 0x30, 0x1, 0x3, 0x0, {}, [{0x64, 0x1, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x2, 0x20000000, 0xfffffff3, 0x5}, 0xb}}, @TCA_SKBMOD_SMAC={0xa}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}]}]}, 0x78}}, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0x11, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x2, 0x2, 0x801, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x24004094) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="50000000210000082bbd7000ffdbdf25022014430200000000000000080017004e224e240c000c4000800000000009680800f2000a01010108000100e0000002080002000000000008001000d54a00004e5303fd1982be57b5728d6e99be2b5856a2c955f61850d5e9bfe473bc9398c38a83d76ca1b5aab8b66b8bec6578191ed65542920ad192daebdba317b6c089a32a91e692dff08d4713b173f19e"], 0x50}}, 0x0) 202.714616ms ago: executing program 1 (id=214): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f00000002c0)=ANY=[@ANYBLOB="85000000b800000000000000000000000631624e4138822c72b162876a01a6464d7561ca99cc641308000100004dc21b9c001a4b0464e9d7a490fe969138653592b707e4a755d182252ab16adb"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_clone(0x24100000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={0x4c, r2, 0x1, 0x0, 0x0, {0x4e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xab}}, {0x8}, {0x6}}]}, 0x4c}}, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4001, &(0x7f0000000000)=0x1, 0x7, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') read$FUSE(r3, &(0x7f0000002140)={0x2020}, 0x2020) r4 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r4, 0x4, 0x0, 0x2) socket$inet(0x2, 0x3, 0x2) r5 = socket$inet(0x2, 0x3, 0x2) r6 = socket$inet6(0xa, 0x3, 0xff) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0) sendfile(r8, r7, 0x0, 0x7) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) sendto$inet6(r6, &(0x7f0000000280)="eb43ef45c546a50bc7cc12129d130100000033302925ff007332e4228741e90a762873abfee765d1", 0x28, 0x4048814, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) setsockopt$inet_mreqsrc(r5, 0x0, 0x27, 0x0, 0x0) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r1) sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, r9, 0x4, 0x94b, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xb}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfe000000}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) syz_emit_ethernet(0x26, &(0x7f00000003c0)={@link_local, @empty, @val={@val={0x88a8, 0x3, 0x0, 0x1}, {0x8100, 0x1, 0x1, 0x4}}, {@can={0xc, {{0x3, 0x0, 0x0, 0x1}, 0x7, 0x0, 0x0, 0x0, "4ef846dab031fc34"}}}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_PKTINFO(r10, 0x10e, 0x3, 0x0, 0x0) writev(r10, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c611000000000000feff2c707f8f00ff", 0x58}], 0x1) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000240)={0x0, 0x8930}, 0x8) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r10, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r11, 0x4, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xe}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xc51}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x44800) 142.810562ms ago: executing program 1 (id=215): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000000), 0x0}, 0x20) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe800000000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 208.703µs ago: executing program 0 (id=216): r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x5) fchdir(r1) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x2000}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) llistxattr(&(0x7f0000000340)='./bus\x00', &(0x7f0000000b80)=""/4096, 0x1000) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb0100180000000000000002"], 0x0, 0x1a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x16, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0xfffffffffffffd0b, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) rmdir(&(0x7f0000000380)='./file0/../file0\x00') 0s ago: executing program 0 (id=217): r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000040)='memory.numa_stat\x00', 0x26e1, 0x0) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, '\x00', 0x2}}}, 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r1, 0x8010661b, &(0x7f0000000080)) setsockopt$packet_int(r1, 0x107, 0xf, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 38.279416][ T39] audit: type=1400 audit(1734615068.353:81): avc: denied { rlimitinh } for pid=5915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.284502][ T39] audit: type=1400 audit(1734615068.353:82): avc: denied { siginh } for pid=5915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.866291][ T39] audit: type=1400 audit(1734615069.973:83): avc: denied { read } for pid=5331 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 39.872295][ T39] audit: type=1400 audit(1734615069.973:84): avc: denied { append } for pid=5331 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.878135][ T39] audit: type=1400 audit(1734615069.973:85): avc: denied { open } for pid=5331 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.883905][ T39] audit: type=1400 audit(1734615069.973:86): avc: denied { getattr } for pid=5331 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '[localhost]:34163' (ED25519) to the list of known hosts. [ 40.032386][ T39] audit: type=1400 audit(1734615070.133:87): avc: denied { name_bind } for pid=5919 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 41.543053][ T5921] cgroup: Unknown subsys name 'net' [ 41.668780][ T5921] cgroup: Unknown subsys name 'cpuset' [ 41.672030][ T5921] cgroup: Unknown subsys name 'rlimit' [ 41.859049][ T5926] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.429694][ T5921] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 43.844043][ T39] kauditd_printk_skb: 17 callbacks suppressed [ 43.844053][ T39] audit: type=1400 audit(1734615073.943:105): avc: denied { execmem } for pid=5928 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.008673][ T39] audit: type=1400 audit(1734615074.113:106): avc: denied { create } for pid=5932 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 44.014633][ T39] audit: type=1400 audit(1734615074.113:107): avc: denied { create } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 44.019948][ T39] audit: type=1400 audit(1734615074.113:108): avc: denied { read write } for pid=5933 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 44.026285][ T39] audit: type=1400 audit(1734615074.113:109): avc: denied { read write } for pid=5932 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 44.032456][ T39] audit: type=1400 audit(1734615074.113:110): avc: denied { open } for pid=5933 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 44.038663][ T39] audit: type=1400 audit(1734615074.113:111): avc: denied { ioctl } for pid=5933 comm="syz-executor" path="socket:[5913]" dev="sockfs" ino=5913 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 44.041800][ T5936] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 44.057756][ T5944] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 44.060002][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 44.060237][ T5938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.062315][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 44.064702][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.066552][ T5944] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 44.068470][ T5938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.071076][ T5944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 44.071645][ T5938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.073326][ T5944] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 44.075390][ T5945] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 44.075676][ T5938] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 44.075857][ T5938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.077490][ T5944] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 44.080140][ T5947] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 44.080943][ T5944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 44.081615][ T39] audit: type=1400 audit(1734615074.183:112): avc: denied { read } for pid=5932 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 44.082267][ T39] audit: type=1400 audit(1734615074.183:113): avc: denied { open } for pid=5932 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 44.082968][ T39] audit: type=1400 audit(1734615074.183:114): avc: denied { mounton } for pid=5932 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 44.084624][ T5944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 44.086904][ T5288] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 44.089506][ T5944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 44.095982][ T5938] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 44.100954][ T5944] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 44.105830][ T5938] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 44.108166][ T5944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 44.207286][ T5932] chnl_net:caif_netlink_parms(): no params data found [ 44.260877][ T5933] chnl_net:caif_netlink_parms(): no params data found [ 44.315283][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 44.327210][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.329427][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.331416][ T5932] bridge_slave_0: entered allmulticast mode [ 44.333442][ T5932] bridge_slave_0: entered promiscuous mode [ 44.338304][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.340198][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.342060][ T5932] bridge_slave_1: entered allmulticast mode [ 44.344051][ T5932] bridge_slave_1: entered promiscuous mode [ 44.397832][ T5932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.419308][ T5932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.430855][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.432738][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.434634][ T5933] bridge_slave_0: entered allmulticast mode [ 44.437083][ T5933] bridge_slave_0: entered promiscuous mode [ 44.466399][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.468326][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.470184][ T5933] bridge_slave_1: entered allmulticast mode [ 44.472181][ T5933] bridge_slave_1: entered promiscuous mode [ 44.488628][ T5932] team0: Port device team_slave_0 added [ 44.491032][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.493559][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.496261][ T5942] bridge_slave_0: entered allmulticast mode [ 44.499108][ T5942] bridge_slave_0: entered promiscuous mode [ 44.513447][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.517747][ T5932] team0: Port device team_slave_1 added [ 44.527210][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.529142][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.531015][ T5942] bridge_slave_1: entered allmulticast mode [ 44.533009][ T5942] bridge_slave_1: entered promiscuous mode [ 44.535670][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.554670][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.556572][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.563191][ T5932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.573447][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 44.584317][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.586222][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.592873][ T5932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.607455][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.611444][ T5933] team0: Port device team_slave_0 added [ 44.613980][ T5933] team0: Port device team_slave_1 added [ 44.619199][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.676873][ T5942] team0: Port device team_slave_0 added [ 44.678745][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.680565][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.687999][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.693081][ T5932] hsr_slave_0: entered promiscuous mode [ 44.694959][ T5932] hsr_slave_1: entered promiscuous mode [ 44.703198][ T5942] team0: Port device team_slave_1 added [ 44.705042][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.707157][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.713644][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.767966][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.769828][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.771761][ T5937] bridge_slave_0: entered allmulticast mode [ 44.773814][ T5937] bridge_slave_0: entered promiscuous mode [ 44.784662][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.786529][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.793051][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.807339][ T5933] hsr_slave_0: entered promiscuous mode [ 44.809195][ T5933] hsr_slave_1: entered promiscuous mode [ 44.810984][ T5933] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.813082][ T5933] Cannot create hsr debugfs directory [ 44.816506][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.818385][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.820244][ T5937] bridge_slave_1: entered allmulticast mode [ 44.822205][ T5937] bridge_slave_1: entered promiscuous mode [ 44.830827][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.832637][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.839616][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.872139][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.877039][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.912698][ T5937] team0: Port device team_slave_0 added [ 44.933213][ T5937] team0: Port device team_slave_1 added [ 44.945837][ T5942] hsr_slave_0: entered promiscuous mode [ 44.947795][ T5942] hsr_slave_1: entered promiscuous mode [ 44.950044][ T5942] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.952017][ T5942] Cannot create hsr debugfs directory [ 44.964762][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.966662][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.973304][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.978590][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.980432][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.987119][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.051566][ T5937] hsr_slave_0: entered promiscuous mode [ 45.053381][ T5937] hsr_slave_1: entered promiscuous mode [ 45.055094][ T5937] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.057889][ T5937] Cannot create hsr debugfs directory [ 45.094731][ T5932] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 45.108074][ T5932] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 45.112590][ T5932] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 45.121920][ T5932] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 45.157760][ T5933] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 45.162481][ T5933] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 45.165585][ T5933] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 45.170660][ T5933] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 45.178782][ T5942] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 45.182119][ T5942] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 45.184997][ T5942] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 45.190706][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.192655][ T5932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.194806][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.196745][ T5932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.204192][ T5942] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 45.214312][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.216284][ T5933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.218249][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.220250][ T5933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.231273][ T220] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.234605][ T220] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.239574][ T220] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.242130][ T220] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.255293][ T5937] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.265348][ T5937] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.270998][ T5937] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.277048][ T5937] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.315713][ T5932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.319939][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.334717][ T5932] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.347042][ T220] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.348934][ T220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.354665][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.358066][ T5933] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.361244][ T220] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.363140][ T220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.373486][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.375358][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.380995][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.387088][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.388954][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.393547][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.401130][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.402968][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.407745][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.415681][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.417740][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.430631][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.432507][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.440309][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.442160][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.486764][ T5932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.502044][ T5932] veth0_vlan: entered promiscuous mode [ 45.507646][ T5932] veth1_vlan: entered promiscuous mode [ 45.527410][ T5932] veth0_macvtap: entered promiscuous mode [ 45.531568][ T5932] veth1_macvtap: entered promiscuous mode [ 45.544927][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.549380][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.553003][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.565651][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.577682][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.584134][ T5932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.586605][ T5932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.588864][ T5932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.591114][ T5932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.604294][ T5933] veth0_vlan: entered promiscuous mode [ 45.609403][ T5937] veth0_vlan: entered promiscuous mode [ 45.620062][ T5937] veth1_vlan: entered promiscuous mode [ 45.625653][ T5933] veth1_vlan: entered promiscuous mode [ 45.635428][ T5942] veth0_vlan: entered promiscuous mode [ 45.641781][ T5942] veth1_vlan: entered promiscuous mode [ 45.647850][ T5937] veth0_macvtap: entered promiscuous mode [ 45.660732][ T5937] veth1_macvtap: entered promiscuous mode [ 45.666575][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.668711][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.674411][ T5933] veth0_macvtap: entered promiscuous mode [ 45.685158][ T5942] veth0_macvtap: entered promiscuous mode [ 45.690471][ T5942] veth1_macvtap: entered promiscuous mode [ 45.692699][ T5933] veth1_macvtap: entered promiscuous mode [ 45.694866][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.698411][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.701931][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.704453][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.706828][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.713002][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.715829][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.718856][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.721582][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.725147][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.727936][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.730626][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.733126][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.735785][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.738462][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 45.741210][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.744257][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.747426][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.750177][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.753656][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.758989][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.761746][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.764260][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.766969][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.770091][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.772176][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.774890][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.777868][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.780600][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.783127][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 45.785685][ T5932] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 45.785813][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 45.793417][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.798306][ T5942] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.800583][ T5942] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.802845][ T5942] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.805102][ T5942] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.809171][ T5933] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.811630][ T5933] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.813895][ T5933] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.816345][ T5933] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.821196][ T5937] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.823518][ T5937] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.825784][ T5937] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.828155][ T5937] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.882068][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.884142][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.889492][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.891566][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.896847][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.898920][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.912886][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.915316][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.928382][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.930899][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.930908][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.934879][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.979492][ T6010] process 'syz.2.3' launched './file1' with NULL argv: empty string added [ 46.004806][ T6002] kvm: MWAIT instruction emulated as NOP! [ 46.023407][ T1140] Bluetooth: hci4: Frame reassembly failed (-84) [ 46.025245][ T1140] Bluetooth: hci4: Frame reassembly failed (-84) [ 46.027265][ T69] Bluetooth: hci4: Frame reassembly failed (-84) [ 46.058947][ T6005] kvm: pic: non byte write [ 46.060769][ T6005] kvm: pic: non byte write [ 46.096892][ T5938] Bluetooth: hci0: command tx timeout [ 46.098555][ T5944] Bluetooth: hci1: command tx timeout [ 46.147937][ T6034] o2cb: This node has not been configured. [ 46.149611][ T6034] o2cb: Cluster check failed. Fix errors before retrying. [ 46.151495][ T6034] (syz.3.9,6034,0):user_dlm_register:674 ERROR: status = -22 [ 46.153434][ T6034] (syz.3.9,6034,0):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "bus" [ 46.161007][ T6034] mmap: syz.3.9 (6034) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 46.186550][ T5944] Bluetooth: hci2: command tx timeout [ 46.188244][ T5944] Bluetooth: hci3: command tx timeout [ 46.547532][ T6075] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6075 comm=syz.3.16 [ 46.603499][ T6085] netlink: 60 bytes leftover after parsing attributes in process `syz.3.16'. [ 46.672450][ T6098] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 46.681921][ T6096] syz_tun: entered promiscuous mode [ 46.684358][ T6096] syz_tun: left promiscuous mode [ 47.133571][ T6141] warning: `syz.1.19' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 47.145086][ T6141] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 47.147301][ T6141] UDF-fs: Scanning with blocksize 2048 failed [ 47.149907][ T6141] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 47.151803][ T6141] UDF-fs: Scanning with blocksize 4096 failed [ 47.155171][ T6141] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19'. [ 47.295047][ T6158] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6158 comm=syz.2.24 [ 47.299340][ T6158] netlink: 28 bytes leftover after parsing attributes in process `syz.2.24'. [ 47.302415][ T6158] netlink: 3 bytes leftover after parsing attributes in process `syz.2.24'. [ 47.307323][ T6158] batadv1: entered promiscuous mode [ 47.308772][ T6158] batadv1: entered allmulticast mode [ 48.096160][ T5936] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 48.098705][ T5944] Bluetooth: hci4: command 0x1003 tx timeout [ 48.180626][ T5936] Bluetooth: hci0: command tx timeout [ 48.186376][ T5936] Bluetooth: hci1: command tx timeout [ 48.266047][ T5936] Bluetooth: hci3: command tx timeout [ 48.266133][ T5944] Bluetooth: hci2: command tx timeout [ 48.451219][ T6192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.32'. [ 48.453543][ T6192] netlink: 36 bytes leftover after parsing attributes in process `syz.0.32'. [ 48.462128][ T6192] Zero length message leads to an empty skb [ 48.520530][ T5944] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 48.540229][ T6201] netlink: 16 bytes leftover after parsing attributes in process `syz.2.35'. [ 49.125715][ T6156] syz.1.22 (6156) used greatest stack depth: 20512 bytes left [ 49.209231][ T6228] 9pnet_virtio: no channels available for device syz [ 49.240994][ T39] kauditd_printk_skb: 107 callbacks suppressed [ 49.241004][ T39] audit: type=1400 audit(1734615079.343:222): avc: denied { write } for pid=6229 comm="syz.1.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 49.241169][ T6230] netlink: 300 bytes leftover after parsing attributes in process `syz.1.45'. [ 49.243163][ T39] audit: type=1400 audit(1734615079.343:223): avc: denied { nlmsg_write } for pid=6229 comm="syz.1.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 49.274306][ T39] audit: type=1400 audit(1734615079.373:224): avc: denied { create } for pid=6231 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 49.281235][ T39] audit: type=1400 audit(1734615079.383:225): avc: denied { create } for pid=6231 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 49.288362][ T39] audit: type=1400 audit(1734615079.383:226): avc: denied { setopt } for pid=6231 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 49.294705][ T39] audit: type=1400 audit(1734615079.383:227): avc: denied { connect } for pid=6231 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 49.301144][ T39] audit: type=1400 audit(1734615079.383:228): avc: denied { write } for pid=6231 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 49.502015][ T6236] kvm: kvm [6235]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111 [ 49.713279][ T6240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.49'. [ 49.721599][ T6240] bond0: entered promiscuous mode [ 49.722971][ T6240] bond_slave_0: entered promiscuous mode [ 49.724622][ T6240] bond_slave_1: entered promiscuous mode [ 49.802827][ T39] audit: type=1400 audit(1734615079.903:229): avc: denied { ioctl } for pid=6246 comm="syz.2.51" path="socket:[11368]" dev="sockfs" ino=11368 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 49.809146][ T6247] capability: warning: `syz.2.51' uses 32-bit capabilities (legacy support in use) [ 49.810128][ T39] audit: type=1400 audit(1734615079.903:230): avc: denied { read } for pid=6246 comm="syz.2.51" name="btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 49.818315][ T39] audit: type=1400 audit(1734615079.903:231): avc: denied { open } for pid=6246 comm="syz.2.51" path="/dev/btrfs-control" dev="devtmpfs" ino=1335 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 49.958455][ T6217] input: syz0 as /devices/virtual/input/input5 [ 50.004286][ T6254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.013286][ T6254] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.028605][ T6217] netfs: Couldn't get user pages (rc=-14) [ 50.236061][ T30] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 50.266337][ T5944] Bluetooth: hci1: command tx timeout [ 50.266352][ T5936] Bluetooth: hci0: command tx timeout [ 50.336089][ T5936] Bluetooth: hci2: command tx timeout [ 50.336264][ T5944] Bluetooth: hci3: command 0x040f tx timeout [ 50.350369][ T6264] x_tables: duplicate underflow at hook 2 [ 50.412470][ T30] usb 7-1: not running at top speed; connect to a high speed hub [ 50.417117][ T30] usb 7-1: config 3 has an invalid interface number: 69 but max is 0 [ 50.420131][ T30] usb 7-1: config 3 has no interface number 0 [ 50.426084][ T30] usb 7-1: config 3 interface 69 altsetting 255 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 50.430618][ T30] usb 7-1: config 3 interface 69 altsetting 255 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 50.435260][ T30] usb 7-1: config 3 interface 69 altsetting 255 has a duplicate endpoint with address 0xF, skipping [ 50.440043][ T30] usb 7-1: config 3 interface 69 altsetting 255 has a duplicate endpoint with address 0x5, skipping [ 50.442949][ T30] usb 7-1: config 3 interface 69 has no altsetting 0 [ 50.447690][ T30] usb 7-1: Dual-Role OTG device on HNP port [ 50.449595][ T30] usb 7-1: New USB device found, idVendor=0df6, idProduct=061c, bcdDevice=4b.71 [ 50.452012][ T30] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.454078][ T30] usb 7-1: Product: 㘑鈕蟑䙀롐夌亍⋮ఁꯞᝯ㞘᫘ਖ咁曏麩葧몉䎏쪘娆캔삛P姂ꫨ敌琜ठ蟋皬齢퀌〸␖핑瀸ᷫ࿟䇪싙쬷⠸뱿⭸㨑멻魷撏ꉓﴦꄗచ遇ᬏ찶쭕㊁ᴣ뗫鍸껔㋆뚓ﭐ᠗顣얐㹔菈芘鋒牱㽟᝿鄑촤鏻㟜땐笠ꍋ咉嚹楣ቚ鯃ᴦ觍᪚葐㥔슛투뷋馹嗺念諾嶵䷟ꍮ㪢褭᚟ᙱ댨㾋鳑穴瞏懃먥⼹옎 [ 50.464171][ T30] usb 7-1: Manufacturer: 郼掊♂悘ꘆ꤮ꂩ슲鮝爒׼刀鯷㴿陒ꢭ⟈㓗훾瀞ߣ徧ꍡ挦䏵ꌑ诿ᥞᗷ友鿖윃㮔㰥 [ 50.468207][ T30] usb 7-1: SerialNumber:  [ 50.680989][ T30] asix 7-1:3.69 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 50.684261][ T30] asix 7-1:3.69: probe with driver asix failed with error -71 [ 50.691060][ T30] usb 7-1: USB disconnect, device number 2 [ 50.928383][ T6279] netlink: 8 bytes leftover after parsing attributes in process `syz.3.59'. [ 50.936647][ T6279] Bluetooth: MGMT ver 1.23 [ 51.227553][ T6305] ata3.00: invalid multi_count 1 ignored [ 51.401564][ T6328] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 51.795974][ T5994] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 51.966017][ T5994] usb 8-1: Using ep0 maxpacket: 8 [ 51.968807][ T5994] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 51.971572][ T5994] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 51.974947][ T5994] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 51.977624][ T5994] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 51.981007][ T5994] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 51.983344][ T5994] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.190536][ T6346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.192850][ T6346] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.195542][ T5994] usb 8-1: usb_control_msg returned -32 [ 52.197123][ T5994] usbtmc 8-1:16.0: can't read capabilities [ 52.336035][ T5938] Bluetooth: hci1: command tx timeout [ 52.347302][ T5938] Bluetooth: hci0: command tx timeout [ 52.398848][ T6377] erspan1: entered promiscuous mode [ 52.426072][ T5938] Bluetooth: hci2: command tx timeout [ 52.428013][ T5938] Bluetooth: hci3: command 0x040f tx timeout [ 52.437873][ T6380] vxcan2: entered promiscuous mode [ 52.555150][ T5994] usb 8-1: USB disconnect, device number 2 [ 52.556901][ T6389] netlink: 'syz.2.81': attribute type 1 has an invalid length. [ 52.577663][ T6389] 8021q: adding VLAN 0 to HW filter on device bond1 [ 52.595827][ T6389] bond1: (slave veth3): Enslaving as an active interface with a down link [ 52.612093][ T6389] bond1: (slave veth5): Enslaving as an active interface with a down link [ 52.737681][ T6410] netlink: 4 bytes leftover after parsing attributes in process `syz.3.85'. [ 53.443530][ T6425] fuse: Bad value for 'user_id' [ 53.444793][ T6425] fuse: Bad value for 'user_id' [ 53.451390][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.3.88'. [ 53.454011][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.3.88'. [ 53.482111][ T6430] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.498588][ T6431] netlink: 256 bytes leftover after parsing attributes in process `syz.2.90'. [ 53.501202][ T6430] netlink: 256 bytes leftover after parsing attributes in process `syz.2.90'. [ 53.568122][ T6436] fuse: Unknown parameter 'fd0x0000000000000004' [ 53.587676][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.3.88'. [ 53.590968][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.3.88'. [ 53.767381][ T6448] delete_channel: no stack [ 53.917894][ T6458] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.986632][ T6458] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.057797][ T6458] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.125550][ T6458] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.196610][ T6458] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.201915][ T6458] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.208583][ T6458] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.213781][ T6458] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.496050][ T5938] Bluetooth: hci3: command 0x040f tx timeout [ 54.731742][ T39] kauditd_printk_skb: 81 callbacks suppressed [ 54.731752][ T39] audit: type=1400 audit(1734615084.833:313): avc: denied { read write } for pid=6473 comm="syz.1.101" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 54.740101][ T39] audit: type=1400 audit(1734615084.833:314): avc: denied { open } for pid=6473 comm="syz.1.101" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 54.751328][ T39] audit: type=1400 audit(1734615084.833:315): avc: denied { bind } for pid=6473 comm="syz.1.101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 54.759613][ T39] audit: type=1400 audit(1734615084.833:316): avc: denied { name_bind } for pid=6473 comm="syz.1.101" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 54.765188][ T6477] kAFS: No cell specified [ 54.766682][ T39] audit: type=1400 audit(1734615084.833:317): avc: denied { node_bind } for pid=6473 comm="syz.1.101" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 54.772643][ T39] audit: type=1400 audit(1734615084.863:318): avc: denied { read append } for pid=6476 comm="syz.1.102" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 54.779045][ T39] audit: type=1400 audit(1734615084.863:319): avc: denied { open } for pid=6476 comm="syz.1.102" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 54.785653][ T39] audit: type=1400 audit(1734615084.863:320): avc: denied { ioctl } for pid=6476 comm="syz.1.102" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 54.797775][ T39] audit: type=1400 audit(1734615084.903:321): avc: denied { read } for pid=6478 comm="syz.1.103" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 54.813516][ T6468] kvm: kvm [6467]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111 [ 54.835329][ T39] audit: type=1400 audit(1734615084.933:322): avc: denied { create } for pid=6480 comm="syz.3.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 54.848829][ T6482] raw_sendmsg: syz.1.103 forgot to set AF_INET. Fix it! [ 54.857944][ T6479] netlink: 576 bytes leftover after parsing attributes in process `syz.1.103'. [ 54.859914][ T6481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.104'. [ 54.862754][ T6481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.104'. [ 54.873218][ T6468] kvm: kvm [6467]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111 [ 54.876046][ T6481] bond0: entered promiscuous mode [ 54.877465][ T6481] bond_slave_0: entered promiscuous mode [ 54.879125][ T6481] bond_slave_1: entered promiscuous mode [ 54.881491][ T6481] batadv_slave_1: entered promiscuous mode [ 54.970454][ T63] IPVS: starting estimator thread 0... [ 55.076612][ T6494] IPVS: using max 41 ests per chain, 98400 per kthread [ 55.094005][ T6512] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed. [ 55.219871][ T5938] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 55.233763][ T6517] mac80211_hwsim hwsim7 : renamed from wlan1 (while UP) [ 55.390700][ T6531] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20001 [ 55.392841][ T6531] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 55.455595][ T6539] fuse: Bad value for 'group_id' [ 55.458609][ T6539] fuse: Bad value for 'group_id' [ 55.662429][ T6547] syz.2.122 uses obsolete (PF_INET,SOCK_PACKET) [ 55.668156][ T6547] overlayfs: workdir and upperdir must be separate subtrees [ 55.694578][ T6548] netlink: 'syz.3.123': attribute type 3 has an invalid length. [ 55.940204][ T6569] sctp: [Deprecated]: syz.3.130 (pid 6569) Use of int in maxseg socket option. [ 55.940204][ T6569] Use struct sctp_assoc_value instead [ 55.967995][ T6571] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6571 comm=syz.3.131 [ 57.487632][ T5975] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 57.649019][ T5975] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 57.652299][ T5975] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 57.655266][ T5975] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 57.658368][ T5975] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 57.661961][ T5975] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 57.664291][ T5975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.668937][ T5975] usb 7-1: config 0 descriptor?? [ 57.670895][ T6588] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 58.078891][ T6588] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 58.080825][ T6588] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 58.084211][ T6588] vhci_hcd vhci_hcd.0: Device attached [ 58.088012][ T6591] vhci_hcd: cannot find the pending unlink 5 [ 58.089775][ T6588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.092095][ T6588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.099390][ T6591] vhci_hcd: connection closed [ 58.101367][ T1140] vhci_hcd: stop threads [ 58.101400][ T5975] usbhid 7-1:0.0: can't add hid device: -71 [ 58.102923][ T1140] vhci_hcd: release socket [ 58.103830][ T5975] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 58.105322][ T1140] vhci_hcd: disconnect device [ 58.107478][ T5975] usb 7-1: USB disconnect, device number 3 [ 59.296962][ T5938] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 59.300202][ T5938] Bluetooth: hci3: Injecting HCI hardware error event [ 59.304613][ T5944] Bluetooth: hci3: hardware error 0x00 [ 61.376082][ T5944] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 67.133127][ T39] kauditd_printk_skb: 42 callbacks suppressed [ 67.133138][ T39] audit: type=1400 audit(1734615097.233:365): avc: denied { mount } for pid=6595 comm="syz.3.141" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 67.141750][ T39] audit: type=1400 audit(1734615097.243:366): avc: denied { getopt } for pid=6595 comm="syz.3.141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 67.170498][ T39] audit: type=1400 audit(1734615097.273:367): avc: denied { ioctl } for pid=6606 comm="syz.2.142" path="/dev/sg0" dev="devtmpfs" ino=721 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 67.195207][ T39] audit: type=1400 audit(1734615097.293:368): avc: denied { create } for pid=6612 comm="syz.2.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 67.200963][ T39] audit: type=1400 audit(1734615097.293:369): avc: denied { watch } for pid=6601 comm="syz.1.139" path="/44/file0" dev="tmpfs" ino=255 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 67.207089][ T39] audit: type=1400 audit(1734615097.293:370): avc: denied { watch_sb watch_reads } for pid=6601 comm="syz.1.139" path="/44/file0" dev="tmpfs" ino=255 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 67.213361][ T39] audit: type=1400 audit(1734615097.303:371): avc: denied { setopt } for pid=6612 comm="syz.2.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 67.221099][ T39] audit: type=1400 audit(1734615097.323:372): avc: denied { unmount } for pid=5942 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 67.242486][ T39] audit: type=1400 audit(1734615097.343:373): avc: denied { mount } for pid=6621 comm="syz.0.146" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 67.252237][ T39] audit: type=1400 audit(1734615097.353:374): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 67.263680][ T6624] ata1.00: invalid cdb length 6 [ 67.347131][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 67.348823][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 67.350433][ T220] Bluetooth: hci4: Frame reassembly failed (-84) [ 67.470675][ T6659] sp0: Synchronizing with TNC [ 67.484111][ T6660] [U] [ 67.540866][ T6665] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39709 sclass=netlink_route_socket pid=6665 comm=syz.2.156 [ 67.547012][ T1018] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 67.582022][ T6670] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6670 comm=syz.1.157 [ 67.587795][ T6670] netlink: 'syz.1.157': attribute type 4 has an invalid length. [ 67.593577][ T6670] netlink: 'syz.1.157': attribute type 4 has an invalid length. [ 67.651540][ T6672] Bluetooth: Short BCSP packet [ 67.655860][ T12] Bluetooth: Error in BCSP hdr checksum [ 67.698522][ T1018] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 67.701485][ T1018] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 67.704295][ T1018] usb 5-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 67.707644][ T1018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.711355][ T1018] usb 5-1: config 0 descriptor?? [ 67.781212][ T6680] netlink: 'syz.1.162': attribute type 21 has an invalid length. [ 67.783924][ T6680] __nla_validate_parse: 8 callbacks suppressed [ 67.783935][ T6680] netlink: 128 bytes leftover after parsing attributes in process `syz.1.162'. [ 67.788756][ T6680] netlink: 'syz.1.162': attribute type 5 has an invalid length. [ 67.791367][ T6680] netlink: 'syz.1.162': attribute type 6 has an invalid length. [ 67.794059][ T6680] netlink: 3 bytes leftover after parsing attributes in process `syz.1.162'. [ 67.797535][ T6681] netlink: 'syz.1.162': attribute type 21 has an invalid length. [ 67.800301][ T6681] netlink: 128 bytes leftover after parsing attributes in process `syz.1.162'. [ 67.802961][ T6681] netlink: 'syz.1.162': attribute type 5 has an invalid length. [ 67.805673][ T6681] netlink: 'syz.1.162': attribute type 6 has an invalid length. [ 67.808356][ T6681] netlink: 3 bytes leftover after parsing attributes in process `syz.1.162'. [ 67.811437][ T6680] netlink: 'syz.1.162': attribute type 21 has an invalid length. [ 67.813542][ T6680] netlink: 128 bytes leftover after parsing attributes in process `syz.1.162'. [ 67.816408][ T6680] netlink: 'syz.1.162': attribute type 5 has an invalid length. [ 67.818810][ T6680] netlink: 3 bytes leftover after parsing attributes in process `syz.1.162'. [ 67.868205][ T6683] efs: device does not support 512 byte blocks [ 67.870097][ T6683] device does not support 512 byte blocks [ 67.870097][ T6683] [ 67.906512][ T6687] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0 [ 67.907061][ T6688] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 1 [ 67.907550][ T6689] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 2 [ 67.908118][ T6690] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 3 [ 67.913027][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.923781][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.928541][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.932847][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.937345][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.942661][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.947717][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 67.951018][ T6685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6685 comm=syz.1.164 [ 68.063668][ T1341] usb 5-1: USB disconnect, device number 2 [ 68.103293][ T6702] x_tables: ip6_tables: DNPT target: used from hooks FORWARD, but only usable from PREROUTING/OUTPUT [ 68.213535][ T6710] xt_nat: multiple ranges no longer supported [ 68.216436][ T6710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.675891][ T6712] fuse: Bad value for 'fd' [ 68.799117][ T6716] kvm: emulating exchange as write [ 68.923070][ T6719] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 68.939565][ T6719] tipc: Enabling of bearer rejected, media not registered [ 68.966318][ T35] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 69.029284][ T6722] vivid-003: disconnect [ 69.036235][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 69.127824][ T35] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 69.130773][ T35] usb 5-1: config 0 has no interface number 0 [ 69.133009][ T35] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 69.137439][ T35] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 69.141969][ T35] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 69.147239][ T6723] netlink: 36 bytes leftover after parsing attributes in process `syz.1.174'. [ 69.150456][ T6723] netlink: 16 bytes leftover after parsing attributes in process `syz.1.174'. [ 69.153653][ T6723] netlink: 36 bytes leftover after parsing attributes in process `syz.1.174'. [ 69.157939][ T6723] netlink: 36 bytes leftover after parsing attributes in process `syz.1.174'. [ 69.164037][ T35] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 69.168150][ T35] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 69.174172][ T35] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 69.177618][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.181833][ T35] usb 5-1: config 0 descriptor?? [ 69.186222][ T6714] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 69.191736][ T35] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 69.376116][ T5944] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 69.378823][ T5936] Bluetooth: hci4: command 0x1003 tx timeout [ 69.696145][ T5944] Bluetooth: hci5: command 0x1003 tx timeout [ 69.697603][ T5938] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 69.805109][ T6720] vivid-003: reconnect [ 69.936371][ T6752] (unnamed net_device) (uninitialized): option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 69.967597][ T6757] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 69.969766][ T6757] IPv6: NLM_F_CREATE should be set when creating new route [ 69.971683][ T6757] IPv6: NLM_F_CREATE should be set when creating new route [ 70.161958][ T6766] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.492868][ T6784] infiniband syz2: set active [ 70.495353][ T6784] infiniband syz2: added team_slave_1 [ 70.498059][ T6784] syz2: rxe_create_cq: returned err = -12 [ 70.499785][ T6784] infiniband syz2: Couldn't create ib_mad CQ [ 70.501431][ T6784] infiniband syz2: Couldn't open port 1 [ 70.511863][ T6784] RDS/IB: syz2: added [ 70.513100][ T6784] smc: adding ib device syz2 with port count 1 [ 70.514760][ T6784] smc: ib device syz2 port 1 has pnetid [ 70.771929][ T6788] hsr_slave_1 (unregistering): left promiscuous mode [ 70.815519][ T6796] all: renamed from erspan0 (while UP) [ 70.872073][ T6799] binfmt_misc: register: failed to install interpreter file ./file0 [ 71.058741][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.060646][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.171872][ T6819] sock: sock_set_timeout: `syz.1.203' (pid 6819) tries to set negative timeout [ 71.475405][ T6846] IPv6: Can't replace route, no match found [ 71.725146][ T35] usb 5-1: USB disconnect, device number 3 [ 71.742773][ T35] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 71.764936][ T6862] overlay: filesystem on ./bus is read-only [ 71.798884][ T5938] [ 71.799541][ T5938] ====================================================== [ 71.801271][ T5938] WARNING: possible circular locking dependency detected [ 71.803060][ T5938] 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 Not tainted [ 71.805891][ T5938] ------------------------------------------------------ [ 71.808336][ T5938] kworker/u33:3/5938 is trying to acquire lock: [ 71.809952][ T5938] ffff88804fd42258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3bc/0xc00 [ 71.812719][ T5938] [ 71.812719][ T5938] but task is already holding lock: [ 71.814606][ T5938] ffff888031d9a420 (&conn->lock#2){+.+.}-{3:3}, at: sco_connect_cfm+0x29f/0xc00 [ 71.816986][ T5938] [ 71.816986][ T5938] which lock already depends on the new lock. [ 71.816986][ T5938] [ 71.819667][ T5938] [ 71.819667][ T5938] the existing dependency chain (in reverse order) is: [ 71.821964][ T5938] [ 71.821964][ T5938] -> #1 (&conn->lock#2){+.+.}-{3:3}: [ 71.823910][ T5938] _raw_spin_lock+0x2e/0x40 [ 71.825219][ T5938] sco_sock_connect+0x3b2/0xcc0 [ 71.826623][ T5938] __sys_connect_file+0x13e/0x1a0 [ 71.828076][ T5938] __sys_connect+0x14f/0x170 [ 71.829417][ T5938] __x64_sys_connect+0x72/0xb0 [ 71.830803][ T5938] do_syscall_64+0xcd/0x250 [ 71.832121][ T5938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.833780][ T5938] [ 71.833780][ T5938] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 71.836156][ T5938] __lock_acquire+0x249e/0x3c40 [ 71.837551][ T5938] lock_acquire.part.0+0x11b/0x380 [ 71.839025][ T5938] lock_sock_nested+0x3a/0xf0 [ 71.840379][ T5938] sco_connect_cfm+0x3bc/0xc00 [ 71.841745][ T5938] hci_sync_conn_complete_evt+0x421/0xa80 [ 71.843396][ T5938] hci_event_packet+0x9eb/0x1180 [ 71.844811][ T5938] hci_rx_work+0x2c5/0x16b0 [ 71.846183][ T5938] process_one_work+0x9c5/0x1ba0 [ 71.847638][ T5938] worker_thread+0x6c8/0xf00 [ 71.848968][ T5938] kthread+0x2c1/0x3a0 [ 71.850184][ T5938] ret_from_fork+0x45/0x80 [ 71.851490][ T5938] ret_from_fork_asm+0x1a/0x30 [ 71.852899][ T5938] [ 71.852899][ T5938] other info that might help us debug this: [ 71.852899][ T5938] [ 71.855510][ T5938] Possible unsafe locking scenario: [ 71.855510][ T5938] [ 71.857431][ T5938] CPU0 CPU1 [ 71.858827][ T5938] ---- ---- [ 71.860198][ T5938] lock(&conn->lock#2); [ 71.861266][ T5938] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 71.863403][ T5938] lock(&conn->lock#2); [ 71.865141][ T5938] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 71.866677][ T5938] [ 71.866677][ T5938] *** DEADLOCK *** [ 71.866677][ T5938] [ 71.868765][ T5938] 4 locks held by kworker/u33:3/5938: [ 71.870140][ T5938] #0: ffff88802a531148 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 [ 71.872795][ T5938] #1: ffffc90003e0fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 71.875727][ T5938] #2: ffff888023f80078 (&hdev->lock){+.+.}-{4:4}, at: hci_sync_conn_complete_evt+0x199/0xa80 [ 71.878370][ T5938] #3: ffff888031d9a420 (&conn->lock#2){+.+.}-{3:3}, at: sco_connect_cfm+0x29f/0xc00 [ 71.880848][ T5938] [ 71.880848][ T5938] stack backtrace: [ 71.882382][ T5938] CPU: 3 UID: 0 PID: 5938 Comm: kworker/u33:3 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 71.885178][ T5938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.887963][ T5938] Workqueue: hci2 hci_rx_work [ 71.889181][ T5938] Call Trace: [ 71.890014][ T5938] [ 71.890762][ T5938] dump_stack_lvl+0x116/0x1f0 [ 71.891904][ T5938] print_circular_bug+0x419/0x5d0 [ 71.893122][ T5938] check_noncircular+0x31a/0x400 [ 71.894345][ T5938] ? __pfx_check_noncircular+0x10/0x10 [ 71.895749][ T5938] ? lockdep_lock+0xc6/0x200 [ 71.896891][ T5938] ? __pfx_lockdep_lock+0x10/0x10 [ 71.898123][ T5938] ? add_lock_to_list+0x17d/0x390 [ 71.899376][ T5938] __lock_acquire+0x249e/0x3c40 [ 71.900576][ T5938] ? __pfx___lock_acquire+0x10/0x10 [ 71.901881][ T5938] ? __pfx___lock_acquire+0x10/0x10 [ 71.903223][ T5938] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.904486][ T5938] lock_acquire.part.0+0x11b/0x380 [ 71.905778][ T5938] ? sco_connect_cfm+0x3bc/0xc00 [ 71.907032][ T5938] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.908430][ T5938] ? rcu_is_watching+0x12/0xc0 [ 71.909629][ T5938] ? trace_lock_acquire+0x14e/0x1f0 [ 71.910943][ T5938] ? __pfx_lock_release+0x10/0x10 [ 71.912218][ T5938] ? trace_lock_acquire+0x14e/0x1f0 [ 71.913532][ T5938] ? sco_connect_cfm+0x3bc/0xc00 [ 71.914772][ T5938] ? lock_acquire+0x2f/0xb0 [ 71.915944][ T5938] ? sco_connect_cfm+0x3bc/0xc00 [ 71.917207][ T5938] lock_sock_nested+0x3a/0xf0 [ 71.918444][ T5938] ? sco_connect_cfm+0x3bc/0xc00 [ 71.919780][ T5938] sco_connect_cfm+0x3bc/0xc00 [ 71.920995][ T5938] ? __pfx_sco_connect_cfm+0x10/0x10 [ 71.922356][ T5938] ? hci_cb_lookup+0x319/0x4e0 [ 71.923601][ T5938] ? __pfx_sco_connect_cfm+0x10/0x10 [ 71.924960][ T5938] hci_sync_conn_complete_evt+0x421/0xa80 [ 71.926459][ T5938] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 71.928359][ T5938] ? skb_pull_data+0x166/0x210 [ 71.929909][ T5938] hci_event_packet+0x9eb/0x1180 [ 71.931165][ T5938] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 71.932768][ T5938] ? __pfx_hci_event_packet+0x10/0x10 [ 71.934163][ T5938] ? mark_held_locks+0x9f/0xe0 [ 71.935418][ T5938] ? kcov_remote_start+0x3cf/0x6e0 [ 71.936756][ T5938] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.938086][ T5938] hci_rx_work+0x2c5/0x16b0 [ 71.939280][ T5938] ? process_one_work+0x921/0x1ba0 [ 71.940610][ T5938] process_one_work+0x9c5/0x1ba0 [ 71.941894][ T5938] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.943348][ T5938] ? __pfx_process_one_work+0x10/0x10 [ 71.944738][ T5938] ? rcu_is_watching+0x12/0xc0 [ 71.945992][ T5938] ? assign_work+0x1a0/0x250 [ 71.947198][ T5938] worker_thread+0x6c8/0xf00 [ 71.948396][ T5938] ? __pfx_worker_thread+0x10/0x10 [ 71.949728][ T5938] kthread+0x2c1/0x3a0 [ 71.950796][ T5938] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.952154][ T5938] ? __pfx_kthread+0x10/0x10 [ 71.953360][ T5938] ret_from_fork+0x45/0x80 [ 71.954529][ T5938] ? __pfx_kthread+0x10/0x10 [ 71.955715][ T5938] ret_from_fork_asm+0x1a/0x30 [ 71.956954][ T5938] [ 71.958051][ T5938] BUG: sleeping function called from invalid context at net/core/sock.c:3624 [ 71.960318][ T5938] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5938, name: kworker/u33:3 [ 71.962688][ T5938] preempt_count: 1, expected: 0 [ 71.963967][ T5938] RCU nest depth: 0, expected: 0 [ 71.965250][ T5938] INFO: lockdep is turned off. [ 71.966557][ T5938] Preemption disabled at: [ 71.966562][ T5938] [<0000000000000000>] 0x0 [ 71.968853][ T5938] CPU: 3 UID: 0 PID: 5938 Comm: kworker/u33:3 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 71.971621][ T5938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.974365][ T5938] Workqueue: hci2 hci_rx_work [ 71.975610][ T5938] Call Trace: [ 71.976511][ T5938] [ 71.977284][ T5938] dump_stack_lvl+0x16c/0x1f0 [ 71.978526][ T5938] __might_resched+0x3c0/0x5e0 [ 71.979772][ T5938] ? __pfx_lock_release+0x10/0x10 [ 71.981066][ T5938] ? __pfx___might_resched+0x10/0x10 [ 71.982442][ T5938] ? lock_acquire+0x2f/0xb0 [ 71.983629][ T5938] ? sco_connect_cfm+0x3bc/0xc00 [ 71.984921][ T5938] lock_sock_nested+0x4b/0xf0 [ 71.986177][ T5938] ? sco_connect_cfm+0x3bc/0xc00 [ 71.987380][ T5938] sco_connect_cfm+0x3bc/0xc00 [ 71.988626][ T5938] ? __pfx_sco_connect_cfm+0x10/0x10 [ 71.989998][ T5938] ? hci_cb_lookup+0x319/0x4e0 [ 71.991255][ T5938] ? __pfx_sco_connect_cfm+0x10/0x10 [ 71.992668][ T5938] hci_sync_conn_complete_evt+0x421/0xa80 [ 71.994195][ T5938] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 71.995831][ T5938] ? skb_pull_data+0x166/0x210 [ 71.997083][ T5938] hci_event_packet+0x9eb/0x1180 [ 71.998389][ T5938] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 72.000015][ T5938] ? __pfx_hci_event_packet+0x10/0x10 [ 72.001429][ T5938] ? mark_held_locks+0x9f/0xe0 [ 72.002707][ T5938] ? kcov_remote_start+0x3cf/0x6e0 [ 72.004085][ T5938] ? lockdep_hardirqs_on+0x7c/0x110 [ 72.005406][ T5938] hci_rx_work+0x2c5/0x16b0 [ 72.006610][ T5938] ? process_one_work+0x921/0x1ba0 [ 72.007960][ T5938] process_one_work+0x9c5/0x1ba0 [ 72.009251][ T5938] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 72.010763][ T5938] ? __pfx_process_one_work+0x10/0x10 [ 72.012174][ T5938] ? rcu_is_watching+0x12/0xc0 [ 72.013421][ T5938] ? assign_work+0x1a0/0x250 [ 72.014625][ T5938] worker_thread+0x6c8/0xf00 [ 72.015867][ T5938] ? __pfx_worker_thread+0x10/0x10 [ 72.017197][ T5938] kthread+0x2c1/0x3a0 [ 72.018283][ T5938] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.019649][ T5938] ? __pfx_kthread+0x10/0x10 [ 72.020857][ T5938] ret_from_fork+0x45/0x80 [ 72.022018][ T5938] ? __pfx_kthread+0x10/0x10 [ 72.023240][ T5938] ret_from_fork_asm+0x1a/0x30 [ 72.024499][ T5938] [ 74.096113][ T5944] Bluetooth: hci2: command tx timeout [ 76.178854][ T2293] cfg80211: failed to load regulatory.db [ 76.186541][ T5938] Bluetooth: hci2: command tx timeout VM DIAGNOSIS: 13:31:42 Registers: info registers vcpu 0 CPU#0 RAX=0000000000042c2c RBX=0000000000000000 RCX=ffffffff8b299759 RDX=ffffed100d4c6fee RSI=ffffffff8bd1eb20 RDI=ffffffff81709459 RBP=fffffbfff1bd2ef8 RSP=ffffffff8de07e20 R8 =0000000000000000 R9 =ffffed100d4c6fed R10=ffff88806a637f6b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de977c0 R14=ffffffff905f33d0 R15=0000000000000000 RIP=ffffffff8b29ab3f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2f8422 CR3=000000002a26a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00746174735f616d 756e2e79726f6d65 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a3a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a47 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a41 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a55 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802adb ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802bb9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a94b488 00007f450a94b480 00007f450a94b478 00007f450a94b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450b4ad100 00007f450a94b440 00007f450a940004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a94b498 00007f450a94b490 00007f450a94b488 00007f450a94b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000005040c RBX=0000000000000001 RCX=ffffffff8b299759 RDX=ffffed100d4e6fee RSI=ffffffff8bd1eb20 RDI=ffffffff81709459 RBP=ffffed1003a53910 RSP=ffffc90000187e08 R8 =0000000000000000 R9 =ffffed100d4e6fed R10=ffff88806a737f6b R11=0000000000000000 R12=0000000000000001 R13=ffff88801d29c880 R14=ffffffff905f33d0 R15=0000000000000000 RIP=ffffffff8b29ab3f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f450b51df98 CR3=00000000284e0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f33ac002a3a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f33ac002a47 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f33ac002a41 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f33ac002a55 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f33ac002adb ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f33ac002bb9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4003000800000000 317a797300020009 0000000200000000 0000000000030a13 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03000000400c0008 0000010040120006 010000e000020004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8001001442dd1920 675af6b02eaa8002 0000000000000003 0000000000000003 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 ESI=00000000 EDI=00000000 EBP=00000000 ESP=0000792e EIP=000001b8 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0038 00000000 000fffff 00409300 DPL=0 DS [-WA] CS =0010 00000000 0000ffff 00009b00 DPL=0 CS16 [-RA] SS =0038 00000000 000fffff 00409300 DPL=0 DS [-WA] DS =0038 00000000 000fffff 00409300 DPL=0 DS [-WA] FS =0038 00000000 000fffff 00409300 DPL=0 DS [-WA] GS =0038 00000000 000fffff 00409300 DPL=0 DS [-WA] LDT=0008 00001800 000007ff 00408200 DPL=0 LDT TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy GDT= 00001000 000007ff IDT= 00003800 000001ff CR0=00000031 CR2=00000000 CR3=00000000 CR4=00002040 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000001 FCW=037f FSW=0041 [ST=0] FTW=01 MXCSR=00001f80 FPR0=c000000000000000 ffff FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000004030010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a3a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a47 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a41 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f450a802a55 info registers vcpu 3 CPU#3 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff851bb9f5 RDI=ffffffff9ab0ebe0 RBP=ffffffff9ab0eba0 RSP=ffffc90003e0f128 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=ffffffff851bb990 R15=0000000000000000 RIP=ffffffff851bba1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f450b4a56c0 CR3=000000002711e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000080fe00 06140075840a60dd ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fef89402a3a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fef89402a47 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fef89402a41 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fef89402a55 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fef89402adb ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fef89402bb9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 300f000040003566 320fc0000080b966 13f67354280f0000 40003d80380f662e ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c8a60ff3e0220f00 0000803566e0200f 300f000040000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 13f67354280f0000 40003d80380f662e 67ec00a0ba1806b2 f30f66659a1c0f0f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000