last executing test programs: 1.89160372s ago: executing program 0 (id=254): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x24000088, &(0x7f0000000080)={0xa, 0x4e20, 0x8054, @dev={0xfe, 0x80, '\x00', 0x31}, 0x3}, 0x1c) 1.830488101s ago: executing program 0 (id=257): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0xa, 0x3, 0x3a) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000140)={0x0, 0x0, 0x6, 0x0, 0x8}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001003f00000000000000100000e60b"], 0x20}], 0x1}, 0x0) 1.692179922s ago: executing program 0 (id=261): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) r1 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r1, 0x40106f52, &(0x7f0000000000)={0x17, 0x0}) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@getqdisc={0x28, 0x26, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff3}, {0x7, 0xd}, {0xa}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x24040084) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x800) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000140)=""/215) 1.261982101s ago: executing program 2 (id=276): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20940, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x3f000000) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) timer_create(0x5, &(0x7f0000000080)={0x0, 0x25, 0x4}, 0x0) 1.061893644s ago: executing program 2 (id=277): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x129240, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc}) socket$xdp(0x2c, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00030000100000001c001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x2000800) 1.058869352s ago: executing program 2 (id=278): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb8, r1, 0x4, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x9}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x38, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2ed496b9e00a857f}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0xb8}, 0x1, 0x0, 0x0, 0x48000}, 0x40001) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x6c, r2, 0x1, 0x70bd29, 0x40000, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0xbfa6, @remote, 0x2f0}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x16}, 0x2}}}}]}]}, 0x6c}}, 0x4004090) 951.054855ms ago: executing program 2 (id=279): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x37) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0) sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x98fd3f00}, 0x0) 950.524817ms ago: executing program 2 (id=281): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000beff00000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000009b7120073797a310000000008000a40fffffffc0800054000000024080003400000004408000f4000000000000000000000000100000a"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) socket$inet(0x2, 0x802, 0x1) close(r0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) recvmmsg(r0, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b80)=""/19, 0x13}, 0x7}], 0x1, 0x40000100, 0x0) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r5, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x41, 0x0, 0x1}}, 0x10) bind$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0xc5d116e9899720b9, {{0x42}}}, 0x10) r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) ioctl$EVIOCGKEY(r6, 0x80404518, &(0x7f00000002c0)=""/183) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x3, @mcast1, 0x2}, 0x1c) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) write(r4, &(0x7f0000000340)="89ba41c97928dec7cec15a5775380e160d3dba2553b519a795020072aed129d4b5247c983455b3d75702b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a4bce636ea8d2b882b2b49e3a2df2206743010e930eda2769c5ee6d5e3d541ce9a21c3ce5cb5fbdad9a45de0000000000000000000000000000f1d3", 0x80) 701.638384ms ago: executing program 3 (id=285): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r1) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffb, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x6, 0x6, 0xd21, 0x101, 0x6, 0x5, 0xbd, 0x100, 0x4}}}}]}, 0x58}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=@newtfilter={0x87c, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb}, {}, {0x8, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x6, 0x9, 0xe, 0x4, {0x1, 0x1, 0x8, 0x1, 0x200, 0x6}, {0x1, 0x1, 0xb5, 0x0, 0x9, 0xe}, 0x8, 0x80, 0x6f8}}, @TCA_POLICE_RATE={0x404, 0x2, [0xffffff8e, 0x8, 0x1ff, 0x7b7e, 0xc0, 0xa, 0x401, 0x4, 0x6, 0x0, 0xd3d, 0x6, 0x2, 0x5, 0x4, 0x6, 0x8e01, 0x6, 0x7, 0x4, 0xea7, 0x31, 0x20000000, 0x8001, 0x1, 0x100, 0x6, 0x0, 0x0, 0x7, 0xb7, 0x7, 0x2, 0xc6e, 0x400000, 0xf79, 0xec9e, 0x5, 0x6, 0x6, 0x40, 0x401, 0xffffff54, 0x4, 0x3, 0x95, 0xf, 0x9, 0x4, 0xfffffffa, 0x0, 0x3, 0x3, 0x0, 0x100, 0x200, 0x8, 0x2, 0x4, 0x3, 0x4, 0xffffffa8, 0x0, 0x2, 0x47, 0x85ff, 0x4, 0x0, 0x964d, 0x5f, 0xfffffffd, 0x1, 0x8d5f, 0x4, 0x6, 0xffff, 0x2, 0x80000000, 0x384a, 0x8, 0x3, 0x5, 0x7f, 0x80, 0xffffeb06, 0xf93, 0x9, 0xfffffcfc, 0x5, 0xfffffe00, 0xed, 0x401, 0x80000000, 0x80000001, 0x5a57ee2d, 0xfffffffd, 0x8, 0x6, 0x9, 0x5, 0x0, 0x1, 0xfffffffd, 0x4, 0x8, 0x6, 0x6, 0x2, 0x8, 0x4, 0x4b4, 0x2, 0xc6cd, 0xc4, 0x3, 0x7f, 0x4, 0x0, 0xfe, 0x9, 0x7, 0x6, 0x5, 0x5, 0xfffffffb, 0x6, 0x0, 0x6, 0x4, 0x3, 0x0, 0x6, 0x49a, 0xcb, 0x8, 0x7, 0x2, 0x2, 0x8, 0xa, 0x5, 0x6, 0x30, 0x6, 0x9, 0x85398d5, 0x0, 0xfffffe01, 0x3, 0x0, 0x9, 0x5, 0x7, 0xc, 0xe571, 0x0, 0xfffffff9, 0x2a, 0x0, 0xfffffff7, 0xa4, 0xfffffffe, 0x1000, 0x3d1e, 0x0, 0x0, 0x3, 0x5, 0xec2b, 0x2, 0x2, 0xfffffffb, 0x0, 0x6, 0x9, 0x4, 0x80000000, 0x6, 0x869, 0x1ff, 0x8, 0x8, 0x9, 0x175, 0x9, 0xffffffff, 0x2, 0x7ba, 0x6, 0x0, 0x9, 0x9, 0x10000, 0x5, 0x5, 0x7fff, 0x0, 0x3, 0x5, 0x5, 0x0, 0x4cf, 0xa0000000, 0x8000, 0xc, 0xf, 0x8, 0x9, 0x401, 0xd, 0x9, 0xfffffffa, 0x4c, 0x9, 0x0, 0x8, 0x100, 0x9, 0x9, 0x8, 0xb, 0x7, 0x800, 0x3, 0xff, 0x4, 0x5, 0x0, 0x8, 0xff, 0x1, 0xe, 0x9, 0x2, 0x62, 0x0, 0x1, 0xc, 0x5, 0x7, 0x6, 0x7, 0x6, 0x80000, 0x9, 0x0, 0x0, 0x7f, 0x9, 0x80000000, 0x0, 0x5ae, 0x3, 0x2, 0xf1, 0xfffffffd]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1, 0x2, 0x9d7b, 0x2, 0xffffffff, 0x2, 0x7, 0x9, 0x2, 0x5, 0x1ff, 0x2, 0xc516, 0x0, 0xfffff0b5, 0x3, 0x3, 0x3, 0x8, 0x3ff, 0x2, 0x2, 0x3, 0xfffffffd, 0x41c, 0x46, 0x3, 0x76, 0x800, 0x3, 0x133, 0x6, 0x8, 0x6, 0x3, 0x9eca, 0x4, 0x8, 0x101, 0xa, 0x8, 0x2, 0x7ff, 0xfffff800, 0x3, 0x8001, 0x4, 0x2, 0x0, 0x0, 0x2, 0xfffffffb, 0x4, 0x82, 0x141, 0x1f8, 0x1000, 0x5, 0x0, 0x7, 0xd3, 0xfffffffc, 0x2, 0x5, 0xc8d, 0x9, 0x6, 0xc, 0x0, 0x6, 0x8, 0x7, 0x5, 0x1, 0x1, 0x2, 0x6, 0xf1, 0xa, 0xfffffff9, 0x5, 0x2, 0x1327d97c, 0xffff527b, 0x9, 0xffffffff, 0x5, 0x7, 0x4, 0x8001, 0xff, 0xffff, 0x8, 0x7, 0x9000000, 0xde, 0x12a, 0xc, 0x8, 0xfffffeff, 0x6, 0x8, 0x76d4, 0x1, 0x7, 0x0, 0xebe2, 0xbe5, 0x3, 0x7f, 0xf, 0x9, 0x2, 0x0, 0x6, 0x8, 0x1, 0x0, 0x3, 0x8, 0x7fff, 0x5, 0xe0d3, 0x3, 0x6, 0x5, 0x9, 0x4, 0x1000, 0x2, 0x5, 0x400, 0x8, 0x8, 0xff, 0x3, 0x0, 0x5, 0x1, 0x1, 0x1000, 0x80000000, 0xc, 0x3, 0x2fb, 0x5, 0x1, 0x9, 0x40, 0x1, 0xb1, 0xb, 0x4, 0x6, 0x4d444d0a, 0x100, 0xe5, 0x8, 0xfffffffe, 0x9, 0x100, 0x3, 0x4, 0x9, 0x0, 0x1, 0x0, 0xb, 0x8, 0xffff0001, 0x5, 0x1000, 0x8d9, 0x101, 0x8db, 0x8, 0x5, 0x6, 0x8, 0x7, 0x0, 0x57, 0x8, 0x7, 0x3, 0xc, 0x2, 0x0, 0x7, 0x2, 0x2, 0x9, 0x80, 0x9, 0x6, 0x401, 0x0, 0xfae, 0xb6, 0x7, 0x1, 0x2, 0xba8b, 0xe3b426a, 0x1ff, 0x5, 0x6, 0x2, 0x5, 0x931e, 0x5, 0x2, 0x36bf9f05, 0xeb, 0x9, 0x9, 0x1ff, 0x7fff, 0x1, 0x8001, 0x9, 0x8, 0x80, 0x200, 0x8, 0x0, 0x7, 0x100, 0x16, 0x80000000, 0x9, 0x7fffffff, 0x1, 0x4d9, 0x7, 0x5c4, 0x2, 0x6, 0x8, 0x7, 0x4, 0x400000, 0x0, 0x7, 0x9, 0xb20, 0xff, 0x6cb7db37, 0x4, 0x2, 0x7, 0x1, 0x2, 0x4, 0x4, 0x2]}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x20000010}, 0x8080) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000140)=@xdp={0x2c, 0x8, r10, 0x15}, 0x80, &(0x7f0000000500)=[{&(0x7f00000002c0)="f2", 0x1}], 0x1, 0x0, 0xd21}, 0x44) 561.617827ms ago: executing program 3 (id=288): r0 = socket(0x1e, 0x1, 0x0) sendmsg$nl_generic(r0, &(0x7f00000014c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001480)={&(0x7f0000000380)=ANY=[@ANYBLOB="dc1000003d001a272cbd7000fedbdf250c0000003010cf8008005700", @ANYRES32=0x0, @ANYBLOB="080069000700000014006300000000000000000000000000000000010204b96732e8d70da528471cc6af69fbc08228974cd83879864965752438cc960a38769fc89d8d93c0bc9a3febde3ee265931574cf4ea2f3d90f084e98dc2591afa3ea24e25abb88e48e002fe129d4e5dd7b7a5c39a095189f178bf526b7f1dcb5d194a792764adad7db6892fc34630d4bcb76b1abb5411f55e57dcce1c7539dd74ba7e92f5f2cf5175df2d21531b928176551bffbcc181340fc74e68e45f98fed0183da723ca4d0626a234382c05c6211c16b2dcba6d64b7e76083a6eac99cc31d6973de14106514350d6fa9c0403078dc860e087f8be52736ef11ed577022247b11601ae84c6d95e573ac52b42e8774a88361753a3186ca81d2e68a4db98e47cb52c842488217e6358cfe183c3b0a27251bbac6b197926ce4c7945a2d5cd7303d8dc613854c63eb8e2ebd629f4b67c690174211885857ebd487de400e48bb609d9256e3d99c67d3545e284bd2447fc7984043f2468f943160b71ea12ead2e903cc2be66ccdc264b2e06f56bd9ebbbfeccb0dacc94eb5192924c2e3ec61f78e3fe999f48bcfe99f0713494d13e8bf3a3eb210dbb7dee174fff0980cf07bc04b76e1b36168995da8adbbe632a5cad91a7d243892ff7d9758ef37e0708317f6a7d7fe15f656cba5324287bbb44e32a79be27f2ae1cdbcb5ce1110800ac19726758d8e796691ebddff71a48784c0223febad2db2a24d0ef7743005825cae9d5174f575aeacf9f0286014effa0f5046b8873d8050f9f9a168500e6c6cb3458973aaf882d98ebf7ea1336e30c2a93c3151c72b776a638cc13584d0541b8a111c067aad45a6cc83523d59ec2a087f068a55fd66a6580d439669771669a68b189849490132ec3627fb769e6b5e2838997ce5936b2b6478bfa54648ad1756948e8a35c5f7636ad54a56e175d5c463adc22b445d22545e69422ec2c2ae1061e22a39796ede28d7f2367266c603ff1f7936c5619ec7f13eed02fdb2fdbf39b10dea96a78fec12cbcb090d576f3357cadca4e72542734dafc1ab97eafa17c0549d7ba1d07fe689685a40f9b1cc2b03e3953c7bc03ddbdf4e7533aaff1dfce58b16cabab22ded310824dff1de59df5348051c0bff623560a37a53cf3ba6d71d2a69bce912e95ed4bd313b00f2aca1e46608b849900073586260877ed014a25f4f97213f539878417818e8529b93dc0a1a47ccfa935103e35df9709cbfe6771a92ac5b9f6fd1b3922b7c966515cccfe54a294ec83abc9bbcdf5750a02244ebe5a3cb0e67efe96b488c9ccd86e3fe2a99ee7f8844069ec76c84825bcfd59ebd53a864914ee24e3647c39c02ff0f000091941f067136f3f3e268fb5b2fb67cd275ea316308ae646bf2d8aabac46264de2f8f6eaca655945af9be9519be278094f53ab73e9c76652c0c413b909436f20e600d68853adc0e32f6641f39226eb0bcc310d310fdc6371f8f40b60e9052add9e21830e1a4d4305225c3cca2764acd91bfc4cc1d13b3d7614a56f946f8027e2e93d2789c6484f56989b58beef0ce03bc21ee289fdebf1e8eedbff44c647e42b929e310ba602a01c62ae4c527dfc7cb995f66c8e51e6e89c7b29056ea98fdd4d6712ae2f31326ad51038c251effb523383b9990b3c173333e744b9ed5f1d49175ad8edffc602e1b60d5ac195e020bb4534623ff9c8fbfb4e46d3808d59829c1c8c6d3aeefe64b48f58e5406336b80c261ae1cadb84fba3726df1990f7d2ce21dafaae84ae489c1a90cf6b974f010d107c34c31ef8e16c4df8c5cf09ebfa34fd45f8a2fde283f998b98a7584695357e502704238a1ffa9ba3709e99a929fe971b0db3c4798729b8d295d7c43b4c08e12e68af003c78933c0421df0ccd9f9e57d255b9c68b343552624110c029130f3193e82304d196ce36b7ed2e4f6859fbcf907a0b62ba3601c9afddd62f29e4c827a284440aeca6c8e1733ce4fc3b70538a61fe26483d4e481a3ea6a2ce325263fd4f100dbe7cc05fd85810f35c72510ab56079f4351d943c2e78ba1d5d21ca60676f0c445af1e4ff8a65cd9ee946bf996e8bf6d8df0fa30e1c2974167a8a5957fa0dc5a722e4d5eb8ffda210beb6b483850a8abd86b76f20c55f4053769311a16b9067ec5bceb9e3207621d6c381d33ff37a96ab44c62ff8033b97d482ad9c199f250ed5c344bc5d12fdf7d27778d154a5f77979049a9d8f29d9da00445ca481bbce79b0d9f4f47d606800108370717256c4176f99ca91d1d8eba00b20a8b007a7a726013da042aa88232664c9c97c723027a4ceab588f57b1561e3f11d19f45079bd1874c7286a983c2a3e937183f1f95b5d407421529f9ce03df69af13a01d3ca66e3ae829687bbe2ee406372db27a56d67c478774b51fb660f379b23b8f4146877f6c8e330996250d44b9621369be8c0a0d4d4ff104951bed1419f157332c52f472536720e68b9a87428975241a2695512073c6542740b0902674629ea216c708b413b8b2ce9264ac93fa40c5b05ab8c66955dc11c1ab992dd0e36ca3b29e7537ecd7850dc22b364a1f2851ec3028261b8249c4b1b970dc6be34835ae20ed7ab0d94444898640f187db730fc179869f6b6951fbbe8ec6166d6ec9857381427a1a00594f27e156a165389099e05bffebf72155df65efdc2610da7eab5efeead2672bd848cb432b0b31f4b7d84bc03660155f95f0d39c4f8c19aa78148321103e0e54d443caa8560defe2ec374eb207ff925024c62c5ecade0f4fa43f4a3ce41e3ef971292e42fbc7938f32e21c374ed1c082e226b444d34602d363d356eb8151005e1829f6b9f60848d2004561bacd8e412aca90a57900ba312a10bbd7980765b55edee096b40fa8d19382f6c3a95777410cf9315cfefd0b1ec9e12c1b3627c9c50ac447c1115c1166ccba2a1c4d111a7c00bbe6480bde54ba5099b2ab342a35fbc2b53eaaad396e8e7ca1fefa21a5e8057e6ffba3ba4b9041eb42062162e5170747c520b5a1af3c4844224b68b384cd10c5552f7f1ff4924939cb4e35f9eb14eadce4aa9bb2f2da2de341f77cb3a4e25bd03062e64a6d04d53249048ccd8bf4d9c6299af5410cb78c2a2de8960577e4556dee9ee59c8141adfb0384e75659af15939dd508c6d6fe0464097dabcc6d0bc30da4d9b885f451e5c2a10471513eeaa347df54bd6dc895e9fc1a8c126681472517a02d53e087f9e7b28123f58ef763ec7c12e40921372f9e47614e6e51eeddd20ce643a5a66a709c5b45be7614ffdef6bd8b3c4ae3140a5fd83c0485c9b221d7125ab55c563d492570be116d4890158cdf77ecdcd3a655a733d5bdccc1d97b566f991965eb6dd99502ef40a100f8be9c193712ca461ef8344c2c17c68c2bab805d23e6e2513add0d2ba0d60df738bca9f77a52f19a463ea16190300e5e2006a7349196540c8f6ecd7628e0286a3e65cb9024b9f9274bf4d058420a7e036cf75e2bc1e819bb577a1645bfa179e88f91e4bebd16803c3de67a4e94f3d0e73250c07b72f3b4e4fcf7c8830f686c96aed437ab46701cd38136469daaecd4a7b1443a4938a2f0fce9d2305210adad22948f9bf95b6ad5b9ee67dcc3e9cfd5fd7e89c411324f32c3ff367f4286bb7b52702dd753261496a16e0e0fcf3d51e5c4e6b061d8d44f711e2926edc3ab82f0171ac27fef3c517f426e861b35c61fdc2ad6d13047601d65dd9de78fb7efad55d4379eda25502fdd65943f6d17f9b2f9f88839bb955a8401b7513dc22568474dee45e0a644a4f5084e72a199c755cd131f01a4cd65ddc26edfff009f3b2436db98842bc95c733c339d6b1ddb6f652311ce4233d42b8bc87444c78dd0225e637d632a643f234c7789c8e7afbe489118650eb5906749ee2c2674de8720458ccafdcbfc2d2db5160ea6b7cf1aeb0a7a8c2c1188faa4681e3cba89e866688fa227ba609c8b1a63d43de3fdb4660c6e4ab6b31506f9fd8a9830f766fb9c52e058d1262f9c942d51e64b0619b1f3aa78b02287e86e332b8c2cde9a9af353c0a0c3aea324af9a08313d81ad39a40313084fbde9716e3fda101c9031f74c56489c59bbaec39ec35d433b694eacfd2c2ee0f65e0f34b2099bc078f5c637d6209ab2d66fc7e9d78ef746c1956725b1a105fe39fe00f0101cf3010a015b4587a82257e8b305a3349e744552aa960535963474f8f108b513ea8b6265d927a1770010cab006340a8cee5d1b3e461e833d0bd9fc3a24ef990ebac1630a3ed8c4a5f4cb5f1e9f1f9dcb6f87d19cdfc67cb37ff8bbed0b192dc29361cf4b7a0b36168c8103ea92e65a87448ac9220754067eb8beaa9a103b1757fab6dc4bfde94b77dabbbc1fb49f32b6fba8aa91187d355d75eae7e439b858805d0f9045ab3003018a86b9e12cc926bca5ee71fc39b22bc149e17b9da8566478e9e330d42e8e871be46523a5ece08e010a39357ae24a206f291a226c3fa91d5d62d49f826e3d3de36c7eb5ac71b07f62995cb1d51f973445d5efc814cc24be9a4957cb8632a3905c9f64b1712a152bb2800c3f528943c9cba2edf867b4eddc8464e5d462c87823ecb55e24124ec53043fe0fdb82334ebbd0e4180a7daa0ebc444873a79f400d6fc0ff31323378032589b50f7658128d5b664fcc211c21be214288d565a40bbfb57d52bb1cf2c8a3ad499bffd50b8f177653f1fbf6370c61388e6b701691964c1b944edb1d1e0773558b972e0353d5c6d0eb26135cd474b354c31e3586d6c79d4bbc7dbb77b2d1f5b485ae02259efc52ff2dec84f1360d3e4221611dfcaeb6c39a9229d983a34808e2ef834dc77ec82c32fd2852afda5901f7780e84c166625935ccb2197303825f45a17ab4caea9877ff318de52ed8246a2eb29e1589807faa9a881686b376c7e0d458928a955d337c57a36f97a46f6aab736b8ca018cf94808010044f47b406888cafe1b8114da16575501ba6547221838749dfbe88d1587b14dc6b96ee7a3583d64b4b8f354d0675bf00c6fd6b30447813428cb60977a35804f38897a4e421d4e2bfb6ce28003a10e54bb1c7a40e0b7db787d4fe65be23208e7664bcac0c6b16fe16eb76be6ca02989276e4b1531fda082005cfa38322caa7cc5b67521ebe4127eb45affd2669d3450cba5299872cbffc857e77d5daf9a32798bbef07f942c67c596bc3a300402cd424350d463a3de6f50eda65f99c55813940db8d46264799bb8f310b925e9e397a6aba7a9fdacbbeaef92b10b0a761aab8879b837d64ba15b26c4911011c332ab6bd47982145bcd2c69be3bd36ec3dbba883c08934d915ff8ac7d94b21afb09c4efa93a36bb775d23d5ef74714a8f8adf48e1cec142c63290e610a6918398788cb0facc33bbba9ee42e2fa3071577e096c25e75787e9545602aa34ebc1892cb7d23b7d1810f69d1fe5957959b20e0886e0daa99d5d9e2d34bb1b597b07098fcef01629e7f3a461b276b369a8305fe6a0fea8858a08e8d45232a370fd3524abf7810bc81d79153aa15550789b093de1642b1a376c22c511679495447bc78ecb710866b77b5277bf554e62116d2cbd6502e51812e7de27b2733eae80ba9a37f8c38feba1105b8e727de5ed738a78ffd872f5414572f5cdf9270608da4e699f6d919c965feb97dd389f38c87d29dbed886dd3d85be0d256c54b01becfbf35226e01eb7a08ea87da6935760ab0266288d444f81a1c2ad4a3dc6ae5e2d1dcc41216e5a10d6d6fda9773051438436202203430314c7718faa739b733cc0aa371448e4483a21f629e7d930b8dbb743678bad135b8d2807193515e25eae4b0fb6e8d255fdce1950e08006b00ac1414bb08006e00", @ANYRES32=r0, @ANYBLOB="5a6ed194b0592c47b995436cbb3288cc51bd5b1c0ddff0b8e736b1ac027deddf11e42ad6aac1d4586eb2823c18282e37bc197c53f7c0fd945cfdc33bfe01ba93437e233dbd019f8feb53f42f19cf9a682b9d71b0e1d31d7fb094dff9228df5ac8480af2963429429578667e4d9a4b5f9a38b21291c1a5c9109e6a21b0f3cbb59db24c95b8aa3a84f11ce7325c5a81600"], 0x10dc}, 0x1, 0x0, 0x0, 0x4000040}, 0x800) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10200, 0x4, 0x9000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x93d, 0x0, 0x7ee69d08}]}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000580)=@x86={0x8, 0x0, 0x1, 0x0, 0x6, 0x5, 0x8, 0x3, 0x7, 0x7f, 0x4c, 0x6, 0x0, 0x6, 0x6, 0x10, 0x5, 0x7, 0xae, '\x00', 0x7, 0x9}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_GET_SREGS(r4, 0x8138ae83, &(0x7f0000000700)) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY(r5, 0x0, 0x1, 0x0, &(0x7f0000000280)) r6 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000000c0)={0x8, 0xffff8001, 0x94c7}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'xfrm0\x00', 0x0}) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r11 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r9, {0x0, 0x8}, {0x2, 0xffff}, {0x3, 0xffe0}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x2, 0xb, 0x5}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8805}, 0x10) r12 = gettid() rt_sigqueueinfo(r12, 0x36, &(0x7f00000007c0)={0x20, 0x2, 0x8}) sendmsg$tipc(r0, &(0x7f0000000100)={&(0x7f0000000340)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24040000}, 0x20048851) 441.762248ms ago: executing program 3 (id=291): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7200fbdbdf253900000008000300", @ANYRES32=r2, @ANYBLOB="0c005a8008000380040001"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 391.47818ms ago: executing program 3 (id=292): socket(0x10, 0x803, 0x0) fanotify_init(0x200, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) syz_open_dev$usbmon(&(0x7f0000000380), 0x0, 0x60040) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a4c000000060a01040000000000000000010000000900020073797a3200000000200004801c0001800c00010062697477697365000c00028000000340000000040900010073797a3000000000140000001100010000000000000000000700000af3b384b387077bde72bdcb708bc08adaef39f1d253f2050a96d2d28a36d9dd32e038354dabb555"], 0x74}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) socket$kcm(0x2, 0xa, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xf) socket$inet6(0xa, 0x3, 0x7) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100fc000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 391.334244ms ago: executing program 1 (id=293): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x7f, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040)=r1, 0x4) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x40d, 0x70bd2d, 0x1ffffffc, {0x0, 0x0, 0x0, 0x0, 0x731ff, 0x100}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0x8}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @rand_addr=0x64010100}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x24008045}, 0x0) 391.191364ms ago: executing program 0 (id=294): syz_emit_ethernet(0x36, &(0x7f0000000280)={@local, @link_local, @void, {@ipv4={0x800, @dccp={{0x6, 0x4, 0x1, 0x8, 0x28, 0x68, 0x0, 0x9, 0x21, 0x0, @rand_addr=0x64010100, @local, {[@generic={0x82, 0x2}]}}, {{0x4e21, 0x4e21, 0x4, 0x1, 0xb, 0x0, 0x0, 0x0, 0x2, "740e23", 0xd, '1\x00'}}}}}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000700180a050000000000000000000a0000000900010073797a30000000000900020073797a31000000001400000011"], 0x54}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001981100fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) 341.240012ms ago: executing program 1 (id=295): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009400000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_DELRULE={0x254, 0x8, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x62}]}, @NFTA_RULE_EXPRESSIONS={0x8c, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x4}}}, {0x58, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz2\x00'}]}}}, {0x20, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_COMPAT={0x4c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x88a8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x800}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x62}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x29}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}, @NFTA_RULE_USERDATA={0x45, 0x7, 0x1, 0x0, "7b604ab363c349d5e62705b1d39f3819e7953d0063fbb1224c0bfb2ad8ae18dc4e3b19cd22ed7ac59092d57e7e389327bf2aadbfa3e692a28f0533d4405ba758cf"}, @NFTA_RULE_COMPAT={0x1c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x6c}, @NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x8}]}, @NFTA_RULE_COMPAT={0x3c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x29}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2f}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6001}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xe28}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8847}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_RULE_USERDATA={0x9c, 0x7, 0x1, 0x0, "67a5dde960a2ee30c12b664f2f36cf4d332b312b2ce3800e725956fc5bb716020a2f126ac14d0cc810e97b99878d8f5c9074219c718489b221e66717f0d148ad90c8d61df12258164c99dea2fa802468bf19ac325088d50668064ea2e135efacf9bd9f690359f9707ff81765e6fde9e10555acd5cd1bccec80b71682c06649160cd7b7625600239403657ceb7280f08ccbe3de63e29aa219"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x27c}, 0x1, 0x0, 0x0, 0x810}, 0x400) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f00000000c0)={0xfe, 0x2, 0x200}) 341.003042ms ago: executing program 3 (id=296): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff3, 0xffff}, {0xfff2, 0x1b}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0) (async) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0) 337.868069ms ago: executing program 1 (id=297): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8024) r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 231.927303ms ago: executing program 3 (id=298): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd0000120000000000000060ec97000f982c00fe8000000000000000001100000000aaff02000000000000000000000000000104"], 0xfce) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='2', 0x1, 0x4fed0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r3, 0x0) accept4$unix(r3, 0x0, 0x0, 0x0) r4 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040)) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x0, '\x00', [{0x2, 0x7d9, 0x2c0000000000000, 0x5, 0x6, 0x6}, {0x5, 0x7, 0x3, 0x9, 0xfffffffffffffbff, 0x4}], ['\x00', '\x00', '\x00', '\x00', '\x00']}) r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r5) ioctl$EVIOCRMFF(r5, 0x4004550d, &(0x7f00000000c0)=0x18) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000340)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000000540)={{r5}, r6, 0x2, @unused=[0x8, 0x2, 0xd1, 0xa5], @subvolid=0x4}) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 229.771099ms ago: executing program 0 (id=299): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000040000703fcffffff00000100037c000004"], 0x18}, 0x1, 0x0, 0x0, 0x4008011}, 0xc000) futex(&(0x7f0000000040)=0x1, 0x8, 0x1, 0x0, 0x0, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') ioctl$BTRFS_IOC_ADD_DEV(r2, 0xb701, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {}, {0xfffe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x220008e8}, 0x804) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="b8f20c508c36616a592dd759e4aecd02b7e25504da90f62908dd986d14303320082b4fd9e02689b0cd273cbe053370c1e2bf744c041aeb501132589f798ff6d9ace50458b5b7d6f579f70229b77b380c8b3c1588", @ANYBLOB="ed4d00000000fddbdf253100000008000300", @ANYRES32=r6, @ANYBLOB="0800db"], 0x24}}, 0x8040) 82.452728ms ago: executing program 2 (id=300): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000008340)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x8, 0x2}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x1c}]}}]}, 0x3c}, 0x1, 0x0, 0xf000, 0x4000010}, 0x0) 82.303957ms ago: executing program 1 (id=301): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ipvlan0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x20000000) r2 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r1, {0x0, 0xd}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x24, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8001}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x81}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}]}}]}, 0x54}, 0x1, 0xc00, 0x0, 0x40005}, 0x8010) 324.885µs ago: executing program 1 (id=302): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r1) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x2) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) prlimit64(r3, 0x4, 0x0, &(0x7f0000000040)) 119.076µs ago: executing program 0 (id=303): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) r1 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r1, 0x40106f52, &(0x7f0000000000)={0x17, 0x0}) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@getqdisc={0x28, 0x26, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff3}, {0x7, 0xd}, {0xa}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x24040084) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x800) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000140)=""/215) 0s ago: executing program 1 (id=304): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f00000004c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x9, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1, 0x60}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:46724' (ED25519) to the list of known hosts. [ 46.203108][ T40] audit: type=1400 audit(1780709196.981:116): avc: denied { name_bind } for pid=5649 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 46.239351][ T40] audit: type=1400 audit(1780709197.021:117): avc: denied { execute } for pid=5650 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 46.248048][ T40] audit: type=1400 audit(1780709197.021:118): avc: denied { execute_no_trans } for pid=5650 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 46.981905][ T40] audit: type=1400 audit(1780709197.761:119): avc: denied { write } for pid=5651 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 47.043780][ T40] audit: type=1400 audit(1780709197.821:120): avc: denied { write } for pid=5654 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 47.906685][ T40] audit: type=1400 audit(1780709198.681:121): avc: denied { write } for pid=5657 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 47.963503][ T40] audit: type=1400 audit(1780709198.741:122): avc: denied { write } for pid=5660 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 48.053794][ T40] audit: type=1400 audit(1780709198.831:123): avc: denied { write } for pid=5663 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 48.107090][ T40] audit: type=1400 audit(1780709198.891:124): avc: denied { write } for pid=5666 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 48.189243][ T40] audit: type=1400 audit(1780709198.971:125): avc: denied { write } for pid=5669 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 49.036114][ T5650] cgroup: Unknown subsys name 'net' [ 49.179324][ T5650] cgroup: Unknown subsys name 'cpuset' [ 49.183343][ T5650] cgroup: Unknown subsys name 'rlimit' [ 49.412075][ T5720] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 50.172112][ T5650] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.893345][ T40] kauditd_printk_skb: 35 callbacks suppressed [ 53.893357][ T40] audit: type=1400 audit(1780709204.671:161): avc: denied { execmem } for pid=5735 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 54.054137][ T40] audit: type=1400 audit(1780709204.831:162): avc: denied { create } for pid=5738 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 54.064577][ T40] audit: type=1400 audit(1780709204.831:163): avc: denied { read write } for pid=5738 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 54.073739][ T40] audit: type=1400 audit(1780709204.831:164): avc: denied { open } for pid=5738 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 54.074960][ T5743] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.087021][ T5750] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.087748][ T5743] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.089864][ T5754] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.090216][ T5752] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.093914][ T40] audit: type=1400 audit(1780709204.841:165): avc: denied { ioctl } for pid=5738 comm="syz-executor" path="socket:[2845]" dev="sockfs" ino=2845 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 54.094262][ T5752] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.094662][ T5743] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.094742][ T5752] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.095181][ T5752] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.096827][ T5754] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.097272][ T5743] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.097777][ T5743] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.098469][ T5750] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.098620][ T5752] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.100687][ T62] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.104250][ T5752] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.105323][ T40] audit: type=1400 audit(1780709204.881:166): avc: denied { read } for pid=5739 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 54.106726][ T5747] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.107441][ T62] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.108314][ T62] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.108838][ T5750] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.109529][ T40] audit: type=1400 audit(1780709204.881:167): avc: denied { open } for pid=5739 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 54.151826][ T40] audit: type=1400 audit(1780709204.881:168): avc: denied { mounton } for pid=5739 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 54.160419][ T40] audit: type=1400 audit(1780709204.891:169): avc: denied { module_request } for pid=5739 comm="syz-executor" kmod="netdev-nr2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 54.168707][ T40] audit: type=1400 audit(1780709204.911:170): avc: denied { sys_module } for pid=5739 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 54.662530][ T5744] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.665380][ T5744] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.667859][ T5744] bridge_slave_0: entered allmulticast mode [ 54.670645][ T5744] bridge_slave_0: entered promiscuous mode [ 54.709785][ T5744] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.712385][ T5744] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.714927][ T5744] bridge_slave_1: entered allmulticast mode [ 54.720591][ T5744] bridge_slave_1: entered promiscuous mode [ 54.782817][ T5744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.794001][ T5744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.804742][ T5738] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.807030][ T5738] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.809373][ T5738] bridge_slave_0: entered allmulticast mode [ 54.812146][ T5738] bridge_slave_0: entered promiscuous mode [ 54.822715][ T5739] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.825446][ T5739] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.828629][ T5739] bridge_slave_0: entered allmulticast mode [ 54.831906][ T5739] bridge_slave_0: entered promiscuous mode [ 54.835207][ T5739] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.837621][ T5739] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.840060][ T5739] bridge_slave_1: entered allmulticast mode [ 54.842985][ T5739] bridge_slave_1: entered promiscuous mode [ 54.852654][ T5738] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.855573][ T5738] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.858507][ T5738] bridge_slave_1: entered allmulticast mode [ 54.861574][ T5738] bridge_slave_1: entered promiscuous mode [ 54.906230][ T5744] team0: Port device team_slave_0 added [ 54.942263][ T5744] team0: Port device team_slave_1 added [ 54.946719][ T5739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.951713][ T5738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.956300][ T5738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.959473][ T5741] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.961799][ T5741] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.964204][ T5741] bridge_slave_0: entered allmulticast mode [ 54.967118][ T5741] bridge_slave_0: entered promiscuous mode [ 54.970597][ T5741] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.972834][ T5741] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.975080][ T5741] bridge_slave_1: entered allmulticast mode [ 54.977997][ T5741] bridge_slave_1: entered promiscuous mode [ 54.997178][ T5739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.021611][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.024424][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.034690][ T5744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.074411][ T5738] team0: Port device team_slave_0 added [ 55.076770][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.079127][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.087814][ T5744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.105480][ T5741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.110519][ T5738] team0: Port device team_slave_1 added [ 55.125678][ T5739] team0: Port device team_slave_0 added [ 55.130783][ T5739] team0: Port device team_slave_1 added [ 55.135000][ T5741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.166333][ T5738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.168620][ T5738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.176192][ T5738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.202522][ T5741] team0: Port device team_slave_0 added [ 55.212450][ T5741] team0: Port device team_slave_1 added [ 55.215144][ T5738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.217839][ T5738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.225905][ T5738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.230968][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.233146][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.241560][ T5739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.271248][ T5744] hsr_slave_0: entered promiscuous mode [ 55.274555][ T5744] hsr_slave_1: entered promiscuous mode [ 55.286427][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.288950][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.298182][ T5739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.311898][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.314066][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.321692][ T5741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.326387][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.328716][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.337585][ T5741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.387742][ T5738] hsr_slave_0: entered promiscuous mode [ 55.389902][ T5738] hsr_slave_1: entered promiscuous mode [ 55.391911][ T5738] debugfs: 'hsr0' already exists in 'hsr' [ 55.393766][ T5738] Cannot create hsr debugfs directory [ 55.429145][ T5739] hsr_slave_0: entered promiscuous mode [ 55.431495][ T5739] hsr_slave_1: entered promiscuous mode [ 55.433760][ T5739] debugfs: 'hsr0' already exists in 'hsr' [ 55.435642][ T5739] Cannot create hsr debugfs directory [ 55.507006][ T5741] hsr_slave_0: entered promiscuous mode [ 55.510131][ T5741] hsr_slave_1: entered promiscuous mode [ 55.513081][ T5741] debugfs: 'hsr0' already exists in 'hsr' [ 55.515463][ T5741] Cannot create hsr debugfs directory [ 55.786042][ T5744] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.793808][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.798030][ T5744] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.802355][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.804986][ T5744] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.810974][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.820339][ T5744] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.824474][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 55.858219][ T5739] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.863988][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.867484][ T5739] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.872221][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.874903][ T5739] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.879483][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.883641][ T5739] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.888435][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 55.944212][ T5741] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.949644][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 55.952292][ T5741] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.956017][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 55.958714][ T5741] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.962627][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 55.966274][ T5741] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.970981][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 56.048655][ T5744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.064805][ T5738] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.070702][ T5738] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 56.074297][ T5738] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.080152][ T5738] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 56.083795][ T5738] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.090443][ T5738] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 56.095669][ T5738] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.100876][ T5738] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 56.113466][ T5744] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.138184][ T5739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.145414][ T1243] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.148033][ T1243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.161450][ T1243] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.163745][ T1243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.167711][ T62] Bluetooth: hci2: command tx timeout [ 56.167817][ T5746] Bluetooth: hci0: command tx timeout [ 56.168030][ T5098] Bluetooth: hci1: command tx timeout [ 56.168357][ T5754] Bluetooth: hci3: command tx timeout [ 56.215101][ T5739] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.222511][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.224844][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.238411][ T5741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.250881][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.254016][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.280247][ T5741] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.290317][ T1243] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.292608][ T1243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.309675][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.311927][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.335878][ T5738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.367228][ T5738] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.388684][ T232] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.391675][ T232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.402354][ T232] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.404722][ T232] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.455838][ T5738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.551316][ T5744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.584376][ T5744] veth0_vlan: entered promiscuous mode [ 56.593455][ T5744] veth1_vlan: entered promiscuous mode [ 56.625556][ T5744] veth0_macvtap: entered promiscuous mode [ 56.633199][ T5744] veth1_macvtap: entered promiscuous mode [ 56.642673][ T5739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.654735][ T5744] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.663828][ T5744] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.683439][ T5741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.686233][ T100] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.689708][ T100] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.696235][ T100] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.699450][ T100] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.729871][ T5739] veth0_vlan: entered promiscuous mode [ 56.738293][ T5739] veth1_vlan: entered promiscuous mode [ 56.771523][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.773114][ T5741] veth0_vlan: entered promiscuous mode [ 56.777362][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.791997][ T5741] veth1_vlan: entered promiscuous mode [ 56.810497][ T5738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.817868][ T5739] veth0_macvtap: entered promiscuous mode [ 56.823647][ T5739] veth1_macvtap: entered promiscuous mode [ 56.828432][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.831436][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.844779][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.854709][ T5741] veth0_macvtap: entered promiscuous mode [ 56.863206][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.874700][ T5741] veth1_macvtap: entered promiscuous mode [ 56.876263][ T5744] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.880215][ T100] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.889887][ T100] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.893535][ T100] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.909331][ T100] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.930140][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.945352][ T5738] veth0_vlan: entered promiscuous mode [ 56.949115][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.970708][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.973452][ T71] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.977784][ T5738] veth1_vlan: entered promiscuous mode [ 56.988582][ T71] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.991669][ T71] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.996477][ T1243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.000100][ T1243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.049201][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.052526][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.095394][ T5738] veth0_macvtap: entered promiscuous mode [ 57.101025][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.105972][ T5738] veth1_macvtap: entered promiscuous mode [ 57.106272][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.150330][ T5738] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.153510][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.162226][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.170211][ T5738] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.172901][ T5899] netlink: 'syz.1.8': attribute type 8 has an invalid length. [ 57.176252][ T5899] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8'. [ 57.186298][ T5899] veth1_to_team: entered promiscuous mode [ 57.189073][ T5899] gretap0: entered promiscuous mode [ 57.191352][ T5899] ip6gretap0: entered promiscuous mode [ 57.193839][ T5899] hsr1: entered promiscuous mode [ 57.195532][ T5900] netlink: 'syz.2.3': attribute type 10 has an invalid length. [ 57.199828][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.202590][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.209544][ T5900] team0: Port device dummy0 added [ 57.212688][ T5900] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3'. [ 57.215365][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.215416][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.233129][ T5902] Zero length message leads to an empty skb [ 57.235974][ T5900] team0: Port device dummy0 removed [ 57.298590][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.302230][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.342343][ T5908] syz.3.4 uses obsolete (PF_INET,SOCK_PACKET) [ 57.342592][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.344976][ T5907] syzkaller0: entered promiscuous mode [ 57.349585][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.352858][ T5907] syzkaller0: entered allmulticast mode [ 57.734083][ T5922] block nbd0: not configured, cannot reconfigure [ 58.246694][ T5746] Bluetooth: hci3: command tx timeout [ 58.247365][ T62] Bluetooth: hci1: command tx timeout [ 58.247839][ T5098] Bluetooth: hci2: command tx timeout [ 58.247914][ T5754] Bluetooth: hci0: command tx timeout [ 58.348022][ T5937] veth0: entered promiscuous mode [ 58.350960][ T5937] veth0: left promiscuous mode [ 58.478991][ T5943] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 58.640080][ T13] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 58.678521][ T5960] syzkaller0: entered promiscuous mode [ 58.680457][ T5960] syzkaller0: entered allmulticast mode [ 58.760914][ T5964] syzkaller0: entered promiscuous mode [ 58.763323][ T5964] syzkaller0: entered allmulticast mode [ 59.226972][ T3266] cfg80211: failed to load regulatory.db [ 60.327481][ T62] Bluetooth: hci0: command tx timeout [ 60.327567][ T5746] Bluetooth: hci3: command tx timeout [ 60.327590][ T5746] Bluetooth: hci2: command tx timeout [ 60.327603][ T5746] Bluetooth: hci1: command tx timeout [ 61.522458][ T5947] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 61.561584][ T5975] netlink: 'syz.1.36': attribute type 1 has an invalid length. [ 61.564434][ T5975] netlink: 760 bytes leftover after parsing attributes in process `syz.1.36'. [ 61.568785][ T5975] warning: `syz.1.36' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 61.581481][ T40] kauditd_printk_skb: 47 callbacks suppressed [ 61.581491][ T40] audit: type=1400 audit(1780709212.361:218): avc: denied { bind } for pid=5978 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.589640][ T40] audit: type=1400 audit(1780709212.361:219): avc: denied { name_bind } for pid=5978 comm="syz.0.35" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 61.600367][ T40] audit: type=1400 audit(1780709212.361:220): avc: denied { node_bind } for pid=5978 comm="syz.0.35" saddr=172.20.20.170 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 61.613313][ T40] audit: type=1400 audit(1780709212.361:221): avc: denied { setopt } for pid=5978 comm="syz.0.35" laddr=172.20.20.170 lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.621387][ T40] audit: type=1400 audit(1780709212.361:222): avc: denied { setopt } for pid=5978 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 61.634432][ T40] audit: type=1400 audit(1780709212.361:223): avc: denied { read } for pid=5978 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 61.642533][ T40] audit: type=1400 audit(1780709212.361:224): avc: denied { ioctl } for pid=5978 comm="syz.0.35" path="socket:[8754]" dev="sockfs" ino=8754 ioctlcmd=0x587b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.685946][ T5989] syzkaller0: entered promiscuous mode [ 61.689083][ T5989] syzkaller0: entered allmulticast mode [ 61.695470][ T40] audit: type=1400 audit(1780709212.471:225): avc: denied { create } for pid=5994 comm="syz.3.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 61.701992][ T40] audit: type=1400 audit(1780709212.481:226): avc: denied { getopt } for pid=5994 comm="syz.3.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.707948][ T40] audit: type=1400 audit(1780709212.481:227): avc: denied { connect } for pid=5994 comm="syz.3.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 61.754393][ T6002] netlink: 32 bytes leftover after parsing attributes in process `syz.2.49'. [ 61.764535][ T6004] syzkaller0: entered promiscuous mode [ 61.767284][ T6004] syzkaller0: entered allmulticast mode [ 61.770952][ T6004] tipc: Started in network mode [ 61.773288][ T6004] tipc: Node identity 0e7358a266db, cluster identity 4711 [ 61.775850][ T6004] tipc: Enabled bearer , priority 0 [ 61.780934][ T6004] tipc: Resetting bearer [ 61.786009][ T6003] tipc: Resetting bearer [ 61.788122][ T6006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.50'. [ 61.800554][ T6003] tipc: Disabling bearer [ 61.870418][ T6012] block nbd0: not configured, cannot reconfigure [ 61.911685][ T6019] netlink: 28 bytes leftover after parsing attributes in process `syz.0.57'. [ 62.077160][ T6016] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 62.360808][ T6050] syzkaller0: entered promiscuous mode [ 62.362614][ T6050] syzkaller0: entered allmulticast mode [ 62.406893][ T62] Bluetooth: hci1: command tx timeout [ 62.408562][ T62] Bluetooth: hci2: command tx timeout [ 62.410496][ T5754] Bluetooth: hci3: command tx timeout [ 62.412085][ T5754] Bluetooth: hci0: command tx timeout [ 62.589031][ T6073] tipc: Started in network mode [ 62.591139][ T6073] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 62.596031][ T6073] tipc: Enabled bearer , priority 10 [ 63.528475][ T24] IPVS: starting estimator thread 0... [ 63.626684][ T6107] IPVS: using max 25 ests per chain, 60000 per kthread [ 63.650534][ T6123] netlink: 60 bytes leftover after parsing attributes in process `syz.2.103'. [ 63.653450][ T6121] sctp: [Deprecated]: syz.1.102 (pid 6121) Use of struct sctp_assoc_value in delayed_ack socket option. [ 63.653450][ T6121] Use struct sctp_sack_info instead [ 63.654315][ T6123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.103'. [ 63.665035][ T6123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.103'. [ 63.714929][ T6125] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.718744][ T6125] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.775029][ T6125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.781605][ T6125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.846817][ T5832] tipc: Node number set to 10136234 [ 63.851664][ T1243] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.856405][ T1243] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.864226][ T1243] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.868687][ T71] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.079388][ T6159] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 64.174263][ T6168] syzkaller0: entered promiscuous mode [ 64.176688][ T6168] syzkaller0: entered allmulticast mode [ 64.188546][ T6170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.121'. [ 64.331475][ T6179] netlink: 4 bytes leftover after parsing attributes in process `syz.2.126'. [ 64.331574][ T6180] Cannot find add_set index 4 as target [ 64.339653][ T6176] xt_hashlimit: size too large, truncated to 1048576 [ 64.510399][ T6203] netlink: 28 bytes leftover after parsing attributes in process `syz.2.136'. [ 64.683751][ T6224] netlink: 'syz.0.145': attribute type 29 has an invalid length. [ 64.691388][ T6224] netlink: 'syz.0.145': attribute type 29 has an invalid length. [ 64.696083][ T6224] netlink: 'syz.0.145': attribute type 32 has an invalid length. [ 64.701091][ T6224] netlink: 500 bytes leftover after parsing attributes in process `syz.0.145'. [ 65.061772][ T6254] netlink: 12 bytes leftover after parsing attributes in process `syz.0.154'. [ 65.141333][ T6270] netlink: 'syz.0.162': attribute type 13 has an invalid length. [ 65.144155][ T6269] syzkaller0: entered promiscuous mode [ 65.144976][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.162'. [ 65.146169][ T6269] syzkaller0: entered allmulticast mode [ 65.166821][ T6270] netlink: 'syz.0.162': attribute type 13 has an invalid length. [ 65.169461][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.162'. [ 65.169503][ T1243] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.170114][ T6269] TC_ACT_REPEAT abuse ? [ 65.178256][ T1243] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.203602][ T1243] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.207534][ T1243] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.392562][ T6288] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.395004][ T6288] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.426073][ T6288] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.431554][ T6288] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.522619][ T71] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.525292][ T71] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.528515][ T71] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.531276][ T71] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.560484][ T6304] syz_tun: entered allmulticast mode [ 65.674831][ T6316] syzkaller0: entered promiscuous mode [ 65.677822][ T6316] syzkaller0: entered allmulticast mode [ 65.681026][ T6316] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 65.689789][ T6316] sch_tbf: burst 5 is lower than device syzkaller0 mtu (1514) ! [ 65.902369][ T6335] syzkaller0: entered promiscuous mode [ 65.904077][ T6335] syzkaller0: entered allmulticast mode [ 66.542289][ T6347] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048) [ 66.639691][ T40] kauditd_printk_skb: 61 callbacks suppressed [ 66.639702][ T40] audit: type=1400 audit(1780709217.421:289): avc: denied { write } for pid=6350 comm="syz.0.197" name="/" dev="9p" ino=72877879 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 66.649187][ T40] audit: type=1400 audit(1780709217.421:290): avc: denied { add_name } for pid=6350 comm="syz.0.197" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 66.655397][ T40] audit: type=1400 audit(1780709217.421:291): avc: denied { create } for pid=6350 comm="syz.0.197" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 66.664381][ T40] audit: type=1400 audit(1780709217.421:292): avc: denied { associate } for pid=6350 comm="syz.0.197" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 66.672516][ T40] audit: type=1400 audit(1780709217.421:293): avc: denied { read } for pid=6350 comm="syz.0.197" name="file1" dev="9p" ino=72877883 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 66.680316][ T40] audit: type=1400 audit(1780709217.421:294): avc: denied { open } for pid=6350 comm="syz.0.197" path="/49/file0/file1" dev="9p" ino=72877883 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 66.688989][ T40] audit: type=1400 audit(1780709217.421:295): avc: denied { unmount } for pid=6350 comm="syz.0.197" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 66.696094][ T40] audit: type=1400 audit(1780709217.421:296): avc: denied { read write } for pid=6350 comm="syz.0.197" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 66.704646][ T40] audit: type=1400 audit(1780709217.421:297): avc: denied { open } for pid=6350 comm="syz.0.197" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 66.711691][ T40] audit: type=1400 audit(1780709217.461:298): avc: denied { unmount } for pid=5744 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 66.991829][ T6368] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 67.093867][ T6377] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.520478][ T6400] syzkaller0: entered promiscuous mode [ 67.522831][ T6400] syzkaller0: entered allmulticast mode [ 67.786570][ T6416] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.868097][ T6424] FAULT_INJECTION: forcing a failure. [ 67.868097][ T6424] name failslab, interval 1, probability 0, space 0, times 1 [ 67.873465][ T6424] CPU: 2 UID: 0 PID: 6424 Comm: syz.1.228 Not tainted syzkaller #0 PREEMPT(full) [ 67.873486][ T6424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 67.873497][ T6424] Call Trace: [ 67.873504][ T6424] [ 67.873512][ T6424] dump_stack_lvl+0x100/0x190 [ 67.873546][ T6424] should_fail_ex.cold+0x5/0xa [ 67.873571][ T6424] should_failslab+0xc2/0x120 [ 67.873592][ T6424] __kmalloc_cache_noprof+0x7a/0x6f0 [ 67.873616][ T6424] ? sctp_add_bind_addr+0xae/0x3e0 [ 67.873645][ T6424] sctp_add_bind_addr+0xae/0x3e0 [ 67.873670][ T6424] sctp_copy_local_addr_list+0x349/0x550 [ 67.873697][ T6424] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 67.873725][ T6424] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 67.873752][ T6424] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.873777][ T6424] sctp_bind_addr_copy+0x331/0x530 [ 67.873808][ T6424] sctp_connect_new_asoc+0x1c9/0x770 [ 67.873828][ T6424] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 67.873869][ T6424] sctp_sendmsg+0x1743/0x22e0 [ 67.873893][ T6424] ? __lock_acquire+0x4a5/0x2630 [ 67.873912][ T6424] ? __pfx_sctp_sendmsg+0x10/0x10 [ 67.873934][ T6424] ? __pfx_sock_has_perm+0x10/0x10 [ 67.873966][ T6424] ? __pfx_sctp_sendmsg+0x10/0x10 [ 67.873986][ T6424] inet_sendmsg+0x11c/0x140 [ 67.874013][ T6424] ____sys_sendmsg+0x98d/0xb70 [ 67.874033][ T6424] ? __pfx_inet_sendmsg+0x10/0x10 [ 67.874060][ T6424] ? __pfx_____sys_sendmsg+0x10/0x10 [ 67.874081][ T6424] ? __pfx__kstrtoull+0x10/0x10 [ 67.874108][ T6424] ___sys_sendmsg+0x190/0x1e0 [ 67.874129][ T6424] ? __pfx____sys_sendmsg+0x10/0x10 [ 67.874159][ T6424] ? find_held_lock+0x2b/0x80 [ 67.874188][ T6424] __sys_sendmmsg+0x205/0x430 [ 67.874214][ T6424] ? __pfx___sys_sendmmsg+0x10/0x10 [ 67.874243][ T6424] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 67.874278][ T6424] ? fput+0x79/0x100 [ 67.874302][ T6424] ? ksys_write+0x1ac/0x250 [ 67.874321][ T6424] ? __pfx_ksys_write+0x10/0x10 [ 67.874342][ T6424] __x64_sys_sendmmsg+0x9c/0x100 [ 67.874366][ T6424] ? lockdep_hardirqs_on+0x78/0x100 [ 67.874389][ T6424] do_syscall_64+0x115/0x870 [ 67.874412][ T6424] ? clear_bhb_loop+0x40/0x90 [ 67.874431][ T6424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.874446][ T6424] RIP: 0033:0x7fa69339ce59 [ 67.874461][ T6424] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 67.874475][ T6424] RSP: 002b:00007fa69421b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 67.874490][ T6424] RAX: ffffffffffffffda RBX: 00007fa693615fa0 RCX: 00007fa69339ce59 [ 67.874500][ T6424] RDX: 0000000000000001 RSI: 0000200000000600 RDI: 0000000000000003 [ 67.874508][ T6424] RBP: 00007fa69421b090 R08: 0000000000000000 R09: 0000000000000000 [ 67.874517][ T6424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 67.874530][ T6424] R13: 00007fa693616038 R14: 00007fa693615fa0 R15: 00007fff0dfc7718 [ 67.874552][ T6424] [ 68.127202][ T5825] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 68.276981][ T5825] usb 8-1: Using ep0 maxpacket: 16 [ 68.285445][ T5825] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 68.289608][ T5825] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 68.294454][ T5825] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 68.298280][ T5825] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 68.302096][ T5825] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 68.308870][ T5825] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 68.312705][ T5825] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 68.315858][ T5825] usb 8-1: Manufacturer: syz [ 68.320278][ T5825] usb 8-1: config 0 descriptor?? [ 68.387410][ T6453] binder: 6450:6453 ioctl c0306201 200000000080 returned -14 [ 68.391024][ T6453] binder: 6450:6453 ioctl c0306201 200000000200 returned -22 [ 68.427875][ T6457] vcan0: tx drop: invalid da for name 0xffef000000000000 [ 68.479291][ T6461] binder_alloc: 6460: binder_alloc_buf, no vma [ 68.515664][ T6463] syzkaller1: entered allmulticast mode [ 68.586603][ T5825] rc_core: IR keymap rc-hauppauge not found [ 68.588580][ T5825] Registered IR keymap rc-empty [ 68.590837][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.607361][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.628917][ T5825] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 68.634467][ T5825] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input6 [ 68.643198][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.656628][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.675015][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880575a0000: rx timeout, send abort [ 68.679246][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.696666][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.716677][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.736745][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.756699][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.777608][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.796655][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.816657][ T5825] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 68.838974][ T5825] mceusb 8-1:0.0: Registered with mce emulator interface version 1 [ 68.842322][ T5825] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 68.857930][ T5825] usb 8-1: USB disconnect, device number 2 [ 69.027664][ T6478] process 'syz.2.250' launched '#! [ 69.027664][ T6478] ' with NULL argv: empty string added [ 69.175869][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880575a3c00: rx timeout, send abort [ 69.179262][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880575a0000: abort rx timeout. Force session deactivation [ 69.213736][ T6502] syzkaller0: entered promiscuous mode [ 69.216085][ T6502] syzkaller0: entered allmulticast mode [ 69.256069][ T6504] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 69.301925][ T6512] capability: warning: `syz.3.263' uses deprecated v2 capabilities in a way that may be insecure [ 69.387228][ T6515] loop4: detected capacity change from 0 to 2640 [ 69.393657][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.397099][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.400669][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.403908][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.406392][ T6519] ======================================================= [ 69.406392][ T6519] WARNING: The mand mount option has been deprecated and [ 69.406392][ T6519] and is ignored by this kernel. Remove the mand [ 69.406392][ T6519] option from the mount to silence this warning. [ 69.406392][ T6519] ======================================================= [ 69.407119][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.423932][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.425765][ T6519] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 69.427206][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.428052][ T6520] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 69.429641][ T6521] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 69.431746][ T6520] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 69.433974][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.441682][ T6521] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3) [ 69.442785][ T6515] ldm_validate_partition_table(): Disk read failed. [ 69.442825][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.442894][ T6515] Buffer I/O error on dev loop4, logical block 0, async page read [ 69.443096][ T6515] Dev loop4: unable to read RDB block 0 [ 69.446022][ T6521] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3) [ 69.449564][ T6515] loop4: unable to read partition table [ 69.452284][ T6521] overlayfs: d_ino too big (59, ino=9223372036854776120, xinobits=3) [ 69.453334][ T6515] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾‚³˜) failed (rc=-5) [ 69.458617][ T6521] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3) [ 69.474733][ T6521] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3) [ 69.478859][ T6521] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3) [ 69.482436][ T6521] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3) [ 69.520280][ T5818] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.587355][ T6533] __nla_validate_parse: 7 callbacks suppressed [ 69.587368][ T6533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.271'. [ 69.608273][ T6536] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 69.629309][ T6533] bond1: entered promiscuous mode [ 69.633700][ T6533] bond1: entered allmulticast mode [ 69.642211][ T6533] 8021q: adding VLAN 0 to HW filter on device bond1 [ 69.676664][ T5818] usb 5-1: Using ep0 maxpacket: 16 [ 69.679198][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880575a3c00: abort rx timeout. Force session deactivation [ 69.680070][ T5818] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.687698][ T5818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 69.693996][ T5818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 69.694933][ T6546] FAULT_INJECTION: forcing a failure. [ 69.694933][ T6546] name failslab, interval 1, probability 0, space 0, times 0 [ 69.698168][ T5818] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 69.703032][ T6546] CPU: 0 UID: 0 PID: 6546 Comm: syz.2.274 Not tainted syzkaller #0 PREEMPT(full) [ 69.703056][ T6546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 69.703066][ T6546] Call Trace: [ 69.703073][ T6546] [ 69.703081][ T6546] dump_stack_lvl+0x100/0x190 [ 69.703108][ T6546] should_fail_ex.cold+0x5/0xa [ 69.703135][ T6546] should_failslab+0xc2/0x120 [ 69.703156][ T6546] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 69.703187][ T6546] ? v9fs_init_fs_context+0x17f/0x590 [ 69.703212][ T6546] kstrdup+0x51/0xe0 [ 69.703232][ T6546] v9fs_init_fs_context+0x17f/0x590 [ 69.703253][ T6546] alloc_fs_context+0x60c/0xf40 [ 69.703286][ T6546] path_mount+0xdbd/0x23d0 [ 69.703318][ T6546] ? __pfx_path_mount+0x10/0x10 [ 69.703344][ T6546] ? lockdep_hardirqs_on+0x78/0x100 [ 69.703397][ T6546] ? putname+0xb1/0x110 [ 69.703423][ T6546] ? kmem_cache_free+0x127/0x6c0 [ 69.703468][ T6546] ? __x64_sys_mount+0x293/0x310 [ 69.703494][ T6546] __x64_sys_mount+0x293/0x310 [ 69.703523][ T6546] ? __pfx___x64_sys_mount+0x10/0x10 [ 69.703554][ T6546] ? rcu_is_watching+0x12/0xc0 [ 69.703586][ T6546] do_syscall_64+0x115/0x870 [ 69.703609][ T6546] ? clear_bhb_loop+0x40/0x90 [ 69.703631][ T6546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.703651][ T6546] RIP: 0033:0x7f7b2d19ce59 [ 69.703668][ T6546] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 69.703685][ T6546] RSP: 002b:00007f7b2e132028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.703704][ T6546] RAX: ffffffffffffffda RBX: 00007f7b2d415fa0 RCX: 00007f7b2d19ce59 [ 69.703717][ T6546] RDX: 0000200000000040 RSI: 0000200000000680 RDI: 0000200000000640 [ 69.703729][ T6546] RBP: 00007f7b2e132090 R08: 0000200000000080 R09: 0000000000000000 [ 69.703740][ T6546] R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000002 [ 69.703752][ T6546] R13: 00007f7b2d416038 R14: 00007f7b2d415fa0 R15: 00007ffda08da198 [ 69.703778][ T6546] [ 69.790703][ T5818] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 69.798349][ T5818] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 69.801957][ T5818] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 69.805187][ T5818] usb 5-1: Manufacturer: syz [ 69.805197][ T6547] xt_hashlimit: size too large, truncated to 1048576 [ 69.814849][ T5818] usb 5-1: config 0 descriptor?? [ 69.866452][ T6550] bridge_slave_0 (unregistering): left allmulticast mode [ 69.869480][ T6550] bridge_slave_0 (unregistering): left promiscuous mode [ 69.873430][ T6550] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.942318][ T6555] tipc: Started in network mode [ 69.944381][ T6555] tipc: Node identity fe8000000000000000000000000000bb, cluster identity 4711 [ 69.948513][ T6555] tipc: Enabling of bearer rejected, failed to enable media [ 70.025403][ T6561] netlink: 44 bytes leftover after parsing attributes in process `syz.2.281'. [ 70.098729][ T5818] rc_core: IR keymap rc-hauppauge not found [ 70.102385][ T5818] Registered IR keymap rc-empty [ 70.104458][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.126728][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.148501][ T5818] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 70.154688][ T5818] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input7 [ 70.162875][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.176644][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.206761][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.237489][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.256773][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.280004][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.290310][ T6578] syzkaller0: entered promiscuous mode [ 70.292568][ T6578] syzkaller0: entered allmulticast mode [ 70.296763][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.316722][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.336635][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.367478][ T5818] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 70.391517][ T5818] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 70.396321][ T5818] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 70.416710][ T5818] usb 5-1: USB disconnect, device number 2 [ 70.576999][ T6595] sit1: entered promiscuous mode [ 70.654473][ T6603] netlink: 24 bytes leftover after parsing attributes in process `syz.3.296'. [ 70.666247][ T6607] netlink: 'syz.1.297': attribute type 13 has an invalid length. [ 70.669637][ T6607] netlink: 'syz.1.297': attribute type 17 has an invalid length. [ 70.834363][ T6607] hsr1: left promiscuous mode [ 70.843418][ T6607] sit1: left promiscuous mode [ 70.977076][ C1] ================================================================== [ 70.980561][ C1] BUG: KASAN: use-after-free in qdisc_pkt_len_segs_init+0xa51/0xb30 [ 70.983679][ C1] Read of size 2 at addr ffff888137ea31c8 by task syz.1.304/6626 [ 70.987793][ C1] [ 70.989081][ C1] CPU: 1 UID: 0 PID: 6626 Comm: syz.1.304 Not tainted syzkaller #0 PREEMPT(full) [ 70.989104][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.989114][ C1] Call Trace: [ 70.989121][ C1] [ 70.989128][ C1] dump_stack_lvl+0x100/0x190 [ 70.989151][ C1] print_report+0x13d/0x4b0 [ 70.989176][ C1] ? __virt_addr_valid+0x239/0x430 [ 70.989197][ C1] ? qdisc_pkt_len_segs_init+0xa51/0xb30 [ 70.989214][ C1] kasan_report+0xdf/0x1d0 [ 70.989234][ C1] ? qdisc_pkt_len_segs_init+0xa51/0xb30 [ 70.989254][ C1] qdisc_pkt_len_segs_init+0xa51/0xb30 [ 70.989274][ C1] __dev_queue_xmit+0x270/0x4950 [ 70.989297][ C1] ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0 [ 70.989324][ C1] ? kmalloc_reserve+0x148/0x350 [ 70.989347][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 70.989367][ C1] ? __asan_memset+0x23/0x50 [ 70.989391][ C1] ? __alloc_skb+0x4e9/0x710 [ 70.989413][ C1] ? __alloc_skb+0x5b7/0x710 [ 70.989435][ C1] ? __asan_memcpy+0x3c/0x60 [ 70.989457][ C1] ? __asan_memcpy+0x3c/0x60 [ 70.989480][ C1] ? skb_copy_header+0x20/0x2b0 [ 70.989503][ C1] ? __pskb_copy_fclone+0x498/0xe30 [ 70.989520][ C1] ? __pfx_netif_rx_internal+0x10/0x10 [ 70.989548][ C1] ? __asan_memmove+0x3c/0x60 [ 70.989572][ C1] ? hsr_create_tagged_frame+0x795/0xf00 [ 70.989593][ C1] hsr_forward_skb+0xdcf/0x28b0 [ 70.989611][ C1] ? __pfx_hsr_drop_frame+0x10/0x10 [ 70.989629][ C1] ? __pfx_hsr_forward_skb+0x10/0x10 [ 70.989652][ C1] hsr_handle_frame+0x82f/0xac0 [ 70.989669][ C1] ? __pfx_hsr_handle_frame+0x10/0x10 [ 70.989685][ C1] __netif_receive_skb_core.constprop.0+0x6c5/0x3530 [ 70.989711][ C1] ? kasan_save_stack+0x3f/0x50 [ 70.989725][ C1] ? kasan_save_stack+0x30/0x50 [ 70.989739][ C1] ? kasan_save_free_info+0x3b/0x70 [ 70.989759][ C1] ? __kasan_slab_free+0x5f/0x80 [ 70.989773][ C1] ? kmem_cache_free+0x127/0x6c0 [ 70.989793][ C1] ? kfree_skbmem+0x19a/0x210 [ 70.989810][ C1] ? consume_skb+0xd1/0x110 [ 70.989826][ C1] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 70.989849][ C1] ? tasklet_action_common+0x2de/0x3d0 [ 70.989872][ C1] ? handle_softirqs+0x1ea/0xa00 [ 70.989894][ C1] ? do_softirq+0xac/0xe0 [ 70.989915][ C1] ? __dev_queue_xmit+0xa04/0x4950 [ 70.989933][ C1] ? __ip6_finish_output+0x357/0xdf0 [ 70.989960][ C1] ? ip6_output+0x2aa/0xa60 [ 70.989979][ C1] ? NF_HOOK.constprop.0+0x115/0x5a0 [ 70.990001][ C1] ? mld_sendpack+0x8f7/0xec0 [ 70.990040][ C1] ? mld_ifc_work+0x75a/0xc10 [ 70.990062][ C1] ? process_one_work+0xa0e/0x1980 [ 70.990083][ C1] ? worker_thread+0x5ef/0xe50 [ 70.990102][ C1] ? kthread+0x370/0x450 [ 70.990121][ C1] ? ret_from_fork+0x72b/0xd50 [ 70.990139][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 70.990166][ C1] ? __lock_acquire+0x4a5/0x2630 [ 70.990187][ C1] ? process_backlog+0x32a/0x1580 [ 70.990208][ C1] __netif_receive_skb_one_core+0xb0/0x1e0 [ 70.990229][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 70.990251][ C1] ? lock_acquire+0x1b1/0x370 [ 70.990271][ C1] ? process_backlog+0x32a/0x1580 [ 70.990291][ C1] ? process_backlog+0x32a/0x1580 [ 70.990310][ C1] __netif_receive_skb+0x1f/0x120 [ 70.990332][ C1] process_backlog+0x37a/0x1580 [ 70.990354][ C1] __napi_poll.constprop.0+0xaf/0x450 [ 70.990377][ C1] net_rx_action+0xa40/0xf20 [ 70.990402][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 70.990425][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 70.990444][ C1] ? sched_clock+0x38/0x60 [ 70.990461][ C1] ? sched_clock_cpu+0x6c/0x570 [ 70.990482][ C1] ? sched_clock+0x38/0x60 [ 70.990498][ C1] ? rcu_is_watching+0x12/0xc0 [ 70.990524][ C1] handle_softirqs+0x1ea/0xa00 [ 70.990547][ C1] ? trace_csd_function_exit+0x75/0x200 [ 70.990568][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 70.990591][ C1] ? irqtime_account_irq+0x176/0x2d0 [ 70.990611][ C1] ? tun_rx_batched.isra.0+0x402/0x750 [ 70.990635][ C1] do_softirq+0xac/0xe0 [ 70.990657][ C1] [ 70.990662][ C1] [ 70.990668][ C1] __local_bh_enable_ip+0xf8/0x120 [ 70.990690][ C1] tun_rx_batched.isra.0+0x407/0x750 [ 70.990713][ C1] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 70.990739][ C1] ? rcu_is_watching+0x12/0xc0 [ 70.990762][ C1] ? tun_get_user+0x1cc8/0x3c20 [ 70.990790][ C1] tun_get_user+0x1e31/0x3c20 [ 70.990821][ C1] ? __pfx_tun_get_user+0x10/0x10 [ 70.990848][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 70.990879][ C1] ? find_held_lock+0x2b/0x80 [ 70.990893][ C1] ? tun_get+0x191/0x370 [ 70.990916][ C1] ? tun_get+0x191/0x370 [ 70.990942][ C1] tun_chr_write_iter+0xdc/0x200 [ 70.990974][ C1] vfs_write+0x6ac/0x1070 [ 70.990994][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 70.991022][ C1] ? __pfx_vfs_write+0x10/0x10 [ 70.991039][ C1] ? find_held_lock+0x2b/0x80 [ 70.991062][ C1] ksys_write+0x12a/0x250 [ 70.991081][ C1] ? __pfx_ksys_write+0x10/0x10 [ 70.991101][ C1] ? rcu_is_watching+0x12/0xc0 [ 70.991127][ C1] do_syscall_64+0x115/0x870 [ 70.991149][ C1] ? clear_bhb_loop+0x40/0x90 [ 70.991170][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.991188][ C1] RIP: 0033:0x7fa69339ce59 [ 70.991203][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 70.991220][ C1] RSP: 002b:00007fa69421b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 70.991238][ C1] RAX: ffffffffffffffda RBX: 00007fa693615fa0 RCX: 00007fa69339ce59 [ 70.991249][ C1] RDX: 000000000000007a RSI: 00002000000004c0 RDI: 0000000000000003 [ 70.991260][ C1] RBP: 00007fa693432d6f R08: 0000000000000000 R09: 0000000000000000 [ 70.991271][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.991281][ C1] R13: 00007fa693616038 R14: 00007fa693615fa0 R15: 00007fff0dfc7718 [ 70.991298][ C1] [ 70.991305][ C1] [ 71.176641][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 71.181969][ C1] The buggy address belongs to the physical page: [ 71.181981][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x137ea3 [ 71.181995][ C1] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 71.182012][ C1] raw: 057ff00000000000 ffffea0004dfa8c8 ffffea0004dfa8c8 0000000000000000 [ 71.182023][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 71.219783][ C1] page dumped because: kasan: bad access detected [ 71.222338][ C1] page_owner info is not present (never set?) [ 71.224748][ C1] [ 71.225752][ C1] Memory state around the buggy address: [ 71.228033][ C1] ffff888137ea3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.231206][ C1] ffff888137ea3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.234201][ C1] >ffff888137ea3180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.236742][ C1] ^ [ 71.239248][ C1] ffff888137ea3200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.242416][ C1] ffff888137ea3280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.245552][ C1] ================================================================== [ 71.249143][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.251901][ C1] CPU: 1 UID: 0 PID: 6626 Comm: syz.1.304 Not tainted syzkaller #0 PREEMPT(full) [ 71.254715][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 71.258635][ C1] Call Trace: [ 71.259953][ C1] [ 71.261100][ C1] dump_stack_lvl+0x100/0x190 [ 71.263000][ C1] vpanic+0x552/0x970 [ 71.264604][ C1] ? __pfx_vpanic+0x10/0x10 [ 71.266454][ C1] ? mark_held_locks+0x40/0x70 [ 71.268355][ C1] ? irqentry_exit+0x24d/0x970 [ 71.270213][ C1] ? qdisc_pkt_len_segs_init+0xa51/0xb30 [ 71.272464][ C1] panic+0xd1/0xe0 [ 71.273991][ C1] ? __pfx_panic+0x10/0x10 [ 71.275573][ C1] ? check_panic_on_warn+0x1f/0x90 [ 71.277543][ C1] check_panic_on_warn.cold+0x19/0x34 [ 71.279601][ C1] end_report.part.0+0x3a/0x90 [ 71.281295][ C1] kasan_report.cold+0xe/0x18 [ 71.283176][ C1] ? qdisc_pkt_len_segs_init+0xa51/0xb30 [ 71.285381][ C1] qdisc_pkt_len_segs_init+0xa51/0xb30 [ 71.287553][ C1] __dev_queue_xmit+0x270/0x4950 [ 71.289476][ C1] ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0 [ 71.291825][ C1] ? kmalloc_reserve+0x148/0x350 [ 71.293762][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 71.295881][ C1] ? __asan_memset+0x23/0x50 [ 71.297727][ C1] ? __alloc_skb+0x4e9/0x710 [ 71.299578][ C1] ? __alloc_skb+0x5b7/0x710 [ 71.301474][ C1] ? __asan_memcpy+0x3c/0x60 [ 71.303382][ C1] ? __asan_memcpy+0x3c/0x60 [ 71.305292][ C1] ? skb_copy_header+0x20/0x2b0 [ 71.307376][ C1] ? __pskb_copy_fclone+0x498/0xe30 [ 71.309452][ C1] ? __pfx_netif_rx_internal+0x10/0x10 [ 71.311642][ C1] ? __asan_memmove+0x3c/0x60 [ 71.313547][ C1] ? hsr_create_tagged_frame+0x795/0xf00 [ 71.315782][ C1] hsr_forward_skb+0xdcf/0x28b0 [ 71.317783][ C1] ? __pfx_hsr_drop_frame+0x10/0x10 [ 71.319821][ C1] ? __pfx_hsr_forward_skb+0x10/0x10 [ 71.321878][ C1] hsr_handle_frame+0x82f/0xac0 [ 71.323827][ C1] ? __pfx_hsr_handle_frame+0x10/0x10 [ 71.325940][ C1] __netif_receive_skb_core.constprop.0+0x6c5/0x3530 [ 71.328575][ C1] ? kasan_save_stack+0x3f/0x50 [ 71.330500][ C1] ? kasan_save_stack+0x30/0x50 [ 71.332461][ C1] ? kasan_save_free_info+0x3b/0x70 [ 71.334576][ C1] ? __kasan_slab_free+0x5f/0x80 [ 71.336606][ C1] ? kmem_cache_free+0x127/0x6c0 [ 71.338601][ C1] ? kfree_skbmem+0x19a/0x210 [ 71.340484][ C1] ? consume_skb+0xd1/0x110 [ 71.342330][ C1] ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10 [ 71.345108][ C1] ? tasklet_action_common+0x2de/0x3d0 [ 71.347333][ C1] ? handle_softirqs+0x1ea/0xa00 [ 71.349372][ C1] ? do_softirq+0xac/0xe0 [ 71.351119][ C1] ? __dev_queue_xmit+0xa04/0x4950 [ 71.353199][ C1] ? __ip6_finish_output+0x357/0xdf0 [ 71.355240][ C1] ? ip6_output+0x2aa/0xa60 [ 71.357077][ C1] ? NF_HOOK.constprop.0+0x115/0x5a0 [ 71.359149][ C1] ? mld_sendpack+0x8f7/0xec0 [ 71.361005][ C1] ? mld_ifc_work+0x75a/0xc10 [ 71.362880][ C1] ? process_one_work+0xa0e/0x1980 [ 71.364928][ C1] ? worker_thread+0x5ef/0xe50 [ 71.366856][ C1] ? kthread+0x370/0x450 [ 71.368624][ C1] ? ret_from_fork+0x72b/0xd50 [ 71.370546][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 71.372588][ C1] ? __lock_acquire+0x4a5/0x2630 [ 71.374607][ C1] ? process_backlog+0x32a/0x1580 [ 71.376608][ C1] __netif_receive_skb_one_core+0xb0/0x1e0 [ 71.378836][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 71.381037][ C1] ? lock_acquire+0x1b1/0x370 [ 71.382645][ C1] ? process_backlog+0x32a/0x1580 [ 71.384726][ C1] ? process_backlog+0x32a/0x1580 [ 71.386778][ C1] __netif_receive_skb+0x1f/0x120 [ 71.388793][ C1] process_backlog+0x37a/0x1580 [ 71.390520][ C1] __napi_poll.constprop.0+0xaf/0x450 [ 71.392635][ C1] net_rx_action+0xa40/0xf20 [ 71.394472][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 71.396571][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 71.398644][ C1] ? sched_clock+0x38/0x60 [ 71.400196][ C1] ? sched_clock_cpu+0x6c/0x570 [ 71.401680][ C1] ? sched_clock+0x38/0x60 [ 71.403006][ C1] ? rcu_is_watching+0x12/0xc0 [ 71.404445][ C1] handle_softirqs+0x1ea/0xa00 [ 71.405864][ C1] ? trace_csd_function_exit+0x75/0x200 [ 71.407529][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 71.409071][ C1] ? irqtime_account_irq+0x176/0x2d0 [ 71.410649][ C1] ? tun_rx_batched.isra.0+0x402/0x750 [ 71.412240][ C1] do_softirq+0xac/0xe0 [ 71.413499][ C1] [ 71.414380][ C1] [ 71.415245][ C1] __local_bh_enable_ip+0xf8/0x120 [ 71.416734][ C1] tun_rx_batched.isra.0+0x407/0x750 [ 71.418159][ C1] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 71.419803][ C1] ? rcu_is_watching+0x12/0xc0 [ 71.421257][ C1] ? tun_get_user+0x1cc8/0x3c20 [ 71.422659][ C1] tun_get_user+0x1e31/0x3c20 [ 71.424052][ C1] ? __pfx_tun_get_user+0x10/0x10 [ 71.425533][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 71.427175][ C1] ? find_held_lock+0x2b/0x80 [ 71.428573][ C1] ? tun_get+0x191/0x370 [ 71.429879][ C1] ? tun_get+0x191/0x370 [ 71.431154][ C1] tun_chr_write_iter+0xdc/0x200 [ 71.432632][ C1] vfs_write+0x6ac/0x1070 [ 71.433916][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 71.435522][ C1] ? __pfx_vfs_write+0x10/0x10 [ 71.436943][ C1] ? find_held_lock+0x2b/0x80 [ 71.438350][ C1] ksys_write+0x12a/0x250 [ 71.439685][ C1] ? __pfx_ksys_write+0x10/0x10 [ 71.441140][ C1] ? rcu_is_watching+0x12/0xc0 [ 71.442551][ C1] do_syscall_64+0x115/0x870 [ 71.443954][ C1] ? clear_bhb_loop+0x40/0x90 [ 71.445343][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.447089][ C1] RIP: 0033:0x7fa69339ce59 [ 71.448468][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 71.454188][ C1] RSP: 002b:00007fa69421b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.456674][ C1] RAX: ffffffffffffffda RBX: 00007fa693615fa0 RCX: 00007fa69339ce59 [ 71.459034][ C1] RDX: 000000000000007a RSI: 00002000000004c0 RDI: 0000000000000003 [ 71.461254][ C1] RBP: 00007fa693432d6f R08: 0000000000000000 R09: 0000000000000000 [ 71.463501][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.465785][ C1] R13: 00007fa693616038 R14: 00007fa693615fa0 R15: 00007fff0dfc7718 [ 71.468111][ C1] [ 71.469715][ C1] Kernel Offset: disabled [ 71.470955][ C1] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:27:01 Registers: info registers vcpu 0 CPU#0 RAX=1ffffffff1c371ea RBX=ffffea0001237b00 RCX=ffffffff8262995a RDX=dffffc0000000000 RSI=ffffffff8262996c RDI=ffff88802a078000 RBP=ffffea0001237b00 RSP=ffffc9000ca87758 R8 =0000000000000005 R9 =00000000000000f4 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=ffff88803f386b40 R14=0000000000000000 R15=ffffea0001237b30 RIP=ffffffff82629985 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6387000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3ec030 CR3=0000000036d1b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6576697372756365 725f64656772656d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffda08da686 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffda08da686 00007ffda08da68c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7b2d233352 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7b2d233392 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7b2d2334f6 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7b2d233384 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6379656b00657461 69746e6174736e69 246c746379656b00 7974697275636573 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff857e8fe5 RDI=ffffffff9b45cca0 RBP=ffffffff9b45cc60 RSP=ffffc9000069ff68 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000031 R14=0000000000000010 R15=ffffffff857e8f80 RIP=ffffffff857e900f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fa69421b6c0 ffffffff 00c00000 GS =0000 ffff8880d6487000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000110c2d5b7f CR3=000000005b527000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 203a6b6361747320 6461657268747020 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff0dfc7c06 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff0dfc7c06 00007fff0dfc7c0c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa693433352 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa693433392 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6934334f6 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa693433384 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 657a6973203c2065 7a69736565726600 632e6b6361747365 7461636f6c6c6100 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 405f4c5605190540 5f4c564040574300 460b4e4644515640 5144464a49494400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa6935ed5f8 00007fa6935ed5c8 00007fa6935ed600 00007fa6935ed5e0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000ac ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000006b3ef RBX=ffff88801ee94a80 RCX=ffffffff8b899225 RDX=0000000000000000 RSI=ffffffff8df0fbdb RDI=ffffffff8c1c4680 RBP=0000000000000000 RSP=ffffc90000187df0 R8 =0000000000000001 R9 =ffffed100d4c67b5 R10=ffff88806a633dab R11=0000000000000000 R12=0000000000000002 R13=ffffed1003dd2950 R14=0000000000000002 R15=ffffffff90d71950 RIP=ffffffff8b89787f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6587000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fa69344f156 CR3=0000000040061000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000feffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000001000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 012e000000010000 0008000400080010 00080000000c0200 0000000000080008 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000080008 0007000c00080000 0000000000100000 01d4000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 012b000000200000 0010000400000000 0000000000080016 0010000000140100 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000000140000 00280000003c0000 0060000000740000 008c0000005c0000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00a4000000b80000 00cc000000e00000 00f4000001140000 012c0000014c0000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000f000000000000 0000000000000000 004a000000000c0a 4680000000180000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00200000000e0014 000c000000080004 0020000e00000000 0000000000000000 ZMM24=9b573f7a9b573f7a 9b573f7a9b573f7a 9b573f7a9b573f7a 9b573f7a9b573f7a 9b573f7a9b573f7a 9b573f7a9b573f7a 9b573f7a9b573f7a 9b573f7a9b573f7a ZMM25=905c083c905c083c 905c083c905c083c 905c083c905c083c 905c083c905c083c 905c083c905c083c 905c083c905c083c 905c083c905c083c 905c083c905c083c ZMM26=6e5280986e528098 6e5280986e528098 6e5280986e528098 6e5280986e528098 6e5280986e528098 6e5280986e528098 6e5280986e528098 6e5280986e528098 ZMM27=5d35846c5d35846c 5d35846c5d35846c 5d35846c5d35846c 5d35846c5d35846c 5d35846c5d35846c 5d35846c5d35846c 5d35846c5d35846c 5d35846c5d35846c ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=7304000073040000 7304000073040000 7304000073040000 7304000073040000 7304000073040000 7304000073040000 7304000073040000 7304000073040000 info registers vcpu 3 CPU#3 RAX=000000000005ee5d RBX=ffff88801ee92540 RCX=ffffffff8b899225 RDX=0000000000000000 RSI=ffffffff8df0fbdb RDI=ffffffff8c1c4680 RBP=0000000000000000 RSP=ffffc90000197df0 R8 =0000000000000001 R9 =ffffed100d4e67b5 R10=ffff88806a733dab R11=0000000000000000 R12=0000000000000003 R13=ffffed1003dd24a8 R14=0000000000000003 R15=ffffffff90d71950 RIP=ffffffff8b89787f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6687000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa69414da08 CR3=000000002b854000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 337a79732f74656e 2f70756f7267637a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc5e55a606 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc5e55a606 00007ffc5e55a60c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6f47433352 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6f47433392 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6f474334f6 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6f47433384 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6379656b00657461 69746e6174736e69 246c746379656b00 7974697275636573 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000