last executing test programs: 1m25.115419091s ago: executing program 1 (id=18): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r2, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendfile(r0, r0, 0x0, 0x40008) 1m24.78140664s ago: executing program 1 (id=19): ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, &(0x7f0000000300)={0x9, "b7462fea4315b7064ddd5f48719f0400181be04f476f0879ac2ed07043c1e31029c044952dc812b483ed1eda905e3c6c3013f06fc2966b05536f8b86a56bc3e924f16809ecb28ca2082bdc59320711dc86454c1951ad5c40065e999ebc4b4da4106dc92d779eeda0b3af4dd9c7ec948ac8cc5b63b0632456ac21fab0b996901336dba5ccd417223948d3a16e00686dfa0f21d99725974bb7086e10bf18b4113c37bf43db74611f2d8ca6d12822afb7da7b4f839d48d5050ca355ac7f44741fb13cdd9c21b7bd6bfe9382ce5fdf680fe18318dd0d449fd74a4a6b469c3bec2ef206ca09685762ed4dc6c3d318ce01b1520d19c281e443e67ff8a2088d48159e5ee0eb1b48d19287b17a8ac591a274c62a8e06e6bc7d2de2b4582948725612eda1c1bbf926bda5f6d37278c853c39462a803266144b55e92acbca7256c966c4cb90641aed21b184bd80ea6420038586c1c3c1e5b2e0f6c599150b5ef9b20b191f0ec48b1db947e19228e916131162d4ad24ef90c8e76f15d9d4b9f39e6daa944a49b9c4d0b12961658b63476f27dc7226ac0341e72ae47ab294d02c33b1def1377991cf2ef52ec19efcea61390b6ebff7ee28f6d1598fb95a7fccf68799715a9d17e7461e0cf3462e1c589f647e45cf193bb15ff9e782e9e1c929633d5bd666553774b8df537a09f9587ebc92bf57c87791f75ed59e080a77f0037e68c06f86e82"}) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/power/resume', 0x143a82, 0x8) r2 = dup(r1) r3 = open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x0) sendfile(r2, r3, 0x0, 0x8000fffffffe) 1m24.401774357s ago: executing program 1 (id=22): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x4, 0x8}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x6}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x8, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 1m24.282571243s ago: executing program 1 (id=23): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) umount2(&(0x7f0000000480)='./file0\x00', 0x2) 1m24.248059749s ago: executing program 1 (id=24): syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r0, &(0x7f0000000100)=""/40, 0x28) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 1m22.763470432s ago: executing program 1 (id=32): bpf$ENABLE_STATS(0x20, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) mkdir(&(0x7f0000000140)='./file0\x00', 0xd2) ioctl$sock_SIOCGPGRP(r4, 0x8904, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000480)=@framed, &(0x7f00000003c0)='GPL\x00', 0x80, 0xfffffe3d, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r6}, 0x18) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, 0x0) request_key(&(0x7f0000000080)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000000040)='\xb1H\xd7\xda\xe8y\xa9rustV\x1eS=\xd4\x16\x95::\x00\x00\x00', 0x0) setuid(0xee00) 1m22.735746608s ago: executing program 32 (id=32): bpf$ENABLE_STATS(0x20, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) mkdir(&(0x7f0000000140)='./file0\x00', 0xd2) ioctl$sock_SIOCGPGRP(r4, 0x8904, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000480)=@framed, &(0x7f00000003c0)='GPL\x00', 0x80, 0xfffffe3d, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r6}, 0x18) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, 0x0) request_key(&(0x7f0000000080)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000000040)='\xb1H\xd7\xda\xe8y\xa9rustV\x1eS=\xd4\x16\x95::\x00\x00\x00', 0x0) setuid(0xee00) 8.341405866s ago: executing program 4 (id=380): memfd_create(0x0, 0x3) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = fanotify_init(0x200, 0x101000) unshare(0x2c020400) readv(r5, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/136, 0x88}], 0x1) 7.38741133s ago: executing program 4 (id=393): bpf$ENABLE_STATS(0x20, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) mkdir(&(0x7f0000000140)='./file0\x00', 0xd2) ioctl$sock_SIOCGPGRP(r4, 0x8904, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000480)=@framed, &(0x7f00000003c0)='GPL\x00', 0x80, 0xfffffe3d, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='itimer_expire\x00', r6}, 0x18) r7 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, 0x0) request_key(&(0x7f0000000080)='rxrpc_s\x00', 0x0, &(0x7f0000000040)='\xb1H\xd7\xda\xe8y\xa9rustV\x1eS=\xd4\x16\x95::\x00\x00\x00', 0x0) setuid(0xee00) 6.442881153s ago: executing program 4 (id=388): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 4.982281558s ago: executing program 2 (id=399): r0 = socket$inet_sctp(0x2, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x12) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004}, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0xa, 0x3, 0x3, @local}}}, 0x48) shutdown(r0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000280)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r6}, &(0x7f00000000c0)=0x8) listen(r0, 0x9) 4.982016038s ago: executing program 2 (id=400): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x60) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$xdp(0x2c, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000001240)={'IDLETIMER\x00'}, &(0x7f0000001280)=0x1e) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @remote, @link_local, @private=0xac1414bb}}}}, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_open_procfs(0x0, 0x0) fsopen(&(0x7f0000000000)='erofs\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x7, &(0x7f00000000c0)={0x1a, "e922604a455494c905fd824393fe53e14fcab3d1eb0000000000000000000800"}}) 4.90435924s ago: executing program 3 (id=401): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0x2, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1fdbdccca50667ed, 0x10}, {0xe, 0x2}, {0xfff3, 0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x502}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008041}, 0x14088810) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000040000000000000000000080950000000000000005b821edf961a59c5cd68695d34cd6d63891609ccd5dec49f080f6ee0ac1b063754a4735d9d5c7d28dd8c9d0925641f63239abac6fabeb185ca8b424d5931330a38b116029ea269dad360c"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc}) r7 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r7, 0x4) close_range(r6, r7, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) 4.219701348s ago: executing program 0 (id=402): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000140), 0x0, 0x0, 0x0) listxattr(0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, 0x0, 0x0, 0x1a, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 3.942506137s ago: executing program 3 (id=403): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = syz_open_dev$dri(0x0, 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r4 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r4, 0x29, 0x12, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x200008, @loopback, 0x39}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) sendto$inet6(r5, 0x0, 0x0, 0x20000841, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r6, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c9, 0x12) 3.942036955s ago: executing program 2 (id=404): ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000280)={{0x0, 0x0, 0x0, 0x3}, 'syz1\x00', 0x52}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1a1}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0xd2cf, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f00000000c0), &(0x7f0000000080)) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) recvmmsg$unix(r3, &(0x7f00000043c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20, &(0x7f0000004540)) write(r3, &(0x7f0000000140)="24003f00010006", 0x7) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_type(r4, &(0x7f0000000300), 0x2, 0x0) openat$cgroup_procs(r4, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r5) r6 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000000)=0x7) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x0, 0x0) 3.862027897s ago: executing program 2 (id=405): socket$l2tp6(0xa, 0x2, 0x73) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01082cbd7000fedbdf250c00000020000580080001006574680014000280080003000c1800ed070004"], 0x34}, 0x1, 0x0, 0x0, 0x24008000}, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000140), 0x8) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) syz_usb_connect(0x6, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x70, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x48, 0x8, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @local}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x24000855}, 0x0) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x7, 0x1, 0x3, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x6, 0x1, 0x6}}}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x201, 0x7, 0x2, 0x80, 0x10, 0x4}, 0x29, &(0x7f0000000200)={0x5, 0xf, 0x29, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0x5, 0x0, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0xb4, 0x0, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x6, 0x5, 0x7fff}, @ssp_cap={0xc, 0x10, 0xa, 0x4, 0x0, 0x811, 0xff0f, 0x6}]}, 0x4, [{0x0, 0x0}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1404}}, {0x0, 0x0}, {0x59, &(0x7f0000000340)=@string={0x59, 0x3, "4e51ecb75310935f72937de916ed8b5ca5df5eeb1201424de22455f387647f11d24c02377fc924f9292a245c6c5c35537606dd6cbd29194ea34fb55b1c03f5ae6bcb1606d2efc5482abf2d7f63262309e741bd43d134e7"}}]}) r9 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r7, 0x39) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r8, 0xffffffffffffffff) read(0xffffffffffffffff, 0x0, 0x0) r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) fsetxattr$security_capability(r10, &(0x7f0000000000), &(0x7f0000000080)=@v2={0x2000000, [{0xfffffffd, 0x8}, {0x4, 0x9}]}, 0x14, 0x2) 3.232726707s ago: executing program 3 (id=406): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x68, 0x68, 0x4, [@enum64={0x5, 0x4, 0x0, 0x13, 0x0, 0x2, [{0xa, 0x0, 0x8}, {0x10, 0x1000, 0xf87}, {0x8, 0x9, 0xfffffffa}, {0x9, 0x5, 0x8000}]}, @ptr={0xa, 0x0, 0x0, 0x2, 0x3}, @decl_tag={0x10, 0x0, 0x0, 0x11, 0x5, 0x9}, @int={0x2, 0x0, 0x0, 0x1, 0x0, 0x52, 0x0, 0x7a, 0x2}]}, {0x0, [0x30, 0x0]}}, &(0x7f0000000640)=""/111, 0x84, 0x6f, 0x0, 0x6, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = dup(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) epoll_create1(0x0) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r2}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1}) io_uring_enter(r3, 0x234f, 0xb1e6, 0x1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x0, {0x2, 0x0, 0x7fff, 0xe57}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) socket$nl_netfilter(0x10, 0x3, 0xc) 3.03385336s ago: executing program 0 (id=407): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) munlockall() fsopen(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x122}, 0x1, 0x0, 0x0, 0x2}, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r7, 0xffffffffffffffff, 0x0) 2.998663443s ago: executing program 4 (id=408): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = syz_io_uring_setup(0x5379, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100, 0x1000000, 0x20000}, &(0x7f0000000040), &(0x7f0000000080)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() msgrcv(0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x1000) msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02"], 0x6, 0x800) msgrcv(0x0, &(0x7f0000000000)={0x0, ""/237}, 0xf5, 0x0, 0x2000) msgsnd(0x0, &(0x7f0000000100)={0x2}, 0x8, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000004300010001000000000000000a00feff0b000100254012402b5b7d"], 0x20}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xfffffffc}, 0x8) openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0xc1842, 0x0) syz_usb_disconnect(0xffffffffffffffff) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4, 0x2}, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.61292916s ago: executing program 0 (id=409): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, 0x0, 0x44000010) r2 = socket$pptp(0x18, 0x1, 0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x1c, 0x0, 0x0, 0x70bd29, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000}, 0x24000080) getgid() bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000002180)=ANY=[], 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sendmsg$nl_route(r3, 0x0, 0x0) close(r2) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x6) 2.39211532s ago: executing program 3 (id=410): request_key(&(0x7f00000013c0)='keyring\x00', &(0x7f0000001400)={'syz', 0x2}, 0x0, 0xfffffffffffffffe) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$inet(0x2, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/cpu_byteorder', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x3874) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_register$IORING_UNREGISTER_FILES(0xffffffffffffffff, 0x3, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_FILES(0xffffffffffffffff, 0x3, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x30000000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x50, 0x6000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0x2, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x3, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000200)=0xc0) openat$procfs(0xffffff9c, 0x0, 0x0, 0x0) 1.900885127s ago: executing program 3 (id=411): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r3 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r3, 0x29, 0x12, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x200008, @loopback, 0x39}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) sendto$inet6(r4, 0x0, 0x0, 0x20000841, 0x0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) close_range(r5, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c9, 0x12) 1.684809667s ago: executing program 0 (id=412): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000040)=0x3ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@gettfilter={0x2c, 0x2e, 0x201, 0x0, 0x0, {}, [{0x8, 0xf}]}, 0x2c}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xc}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) r5 = socket$netlink(0x10, 0x3, 0x15) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0) sendfile(r3, r3, 0x0, 0x40008) 1.370596349s ago: executing program 4 (id=413): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet6_buf(0xffffffffffffffff, 0x6, 0x6, 0x0, &(0x7f0000000240)) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000380)={'bond0\x00', &(0x7f0000000000)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0xfffffffb, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x200]}}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x2c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x2c}}, 0x0) socket$inet(0x2, 0x3, 0x2) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) unshare(0x6a040000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) recvmsg$unix(r4, 0x0, 0x10002) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r5 = dup(r3) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r6, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r6, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 918.391641ms ago: executing program 3 (id=414): bpf$ENABLE_STATS(0x20, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) mkdir(&(0x7f0000000140)='./file0\x00', 0xd2) ioctl$sock_SIOCGPGRP(r4, 0x8904, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000480)=@framed, &(0x7f00000003c0)='GPL\x00', 0x80, 0xfffffe3d, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='itimer_expire\x00', r6}, 0x18) r7 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, 0x0) request_key(&(0x7f0000000080)='rxrpc_s\x00', 0x0, &(0x7f0000000040)='\xb1H\xd7\xda\xe8y\xa9rustV\x1eS=\xd4\x16\x95::\x00\x00\x00', 0x0) setuid(0xee00) 792.277104ms ago: executing program 2 (id=415): syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) io_setup(0x19, &(0x7f00000009c0)) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, 0x0, 0x0) r5 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="010300000100fddbdf2526"], 0x14}}, 0x0) 512.209738ms ago: executing program 0 (id=416): syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) io_setup(0x19, &(0x7f00000009c0)) 370.302867ms ago: executing program 4 (id=417): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) creat(0x0, 0x0) inotify_init1(0x0) inotify_init() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) shmget(0x0, 0x2000, 0x10, &(0x7f00004f0000/0x2000)=nil) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000480)=[@in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0xf, @remote, 0x2}, @in={0x2, 0x4e20, @private=0xa010100}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @multicast1}}, @in6={0xa, 0x4e20, 0x0, @mcast1, 0xd}], 0x84) 222.50857ms ago: executing program 2 (id=418): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0x2, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1fdbdccca50667ed, 0x10}, {0xe, 0x2}, {0xfff3, 0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x502}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008041}, 0x14088810) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000040000000000000000000080950000000000000005b821edf961a59c5cd68695d34cd6d63891609ccd5dec49f080f6ee0ac1b063754a4735d9d5c7d28dd8c9d0925641f63239abac6fabeb185ca8b424d5931330a38b116029ea269dad360c"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc}) r7 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r7, 0x4) close_range(r6, r7, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) 0s ago: executing program 0 (id=419): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x0) r4 = syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000680)=0x0) sendmsg$NFC_CMD_SE_IO(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000006c0)={&(0x7f0000001280)={0xd8, r4, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NFC_ATTR_SE_APDU={0xba, 0x19, "661b6bb94e8d5dd1ea3bae3efbbd414ec10228317d5102cf20a6f3f0e2a81371c444eb076e89f01d9201ad2bf30f45a2f4458ea8e976183fc9f99f7c15a11619dd24cb08138bf8802ac1bfc4c881fea03120eafc69eb36bf32b952d67a698d1ec57e5aa43e5d05671fe67092abf4e92a34101da981f90643171f0c0148964bf4ab69dfbeddbac56bddc041c8f7e1b5d1602b42793b7e8c59cc2d785cda78b2f69967263cd794cbf97996cf1a0eb42fcf836ede141449"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x114010}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, 0x0, 0x741, 0x70bd2a, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '-'}, @NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, 'nbd\x00'}, @NFC_ATTR_FIRMWARE_NAME={0x9, 0x14, '.:!\')'}, @NFC_ATTR_FIRMWARE_NAME={0x6, 0x14, '^['}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r6, &(0x7f00000003c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120) r7 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) r8 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r8, 0x0, 0x0) r10 = openat$cgroup_ro(r9, 0x0, 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RSTATu(r10, &(0x7f0000000300)={0x5f, 0x7d, 0x2, {{0x0, 0x46, 0x7, 0x7, {0x1, 0x4, 0x6}, 0x50800000, 0x6, 0xffffffff, 0xfffffffffffff800, 0x9, '/dev/fb1\x00', 0x4, 'nbd\x00', 0x1, '-', 0x5, '.:!\')'}, 0x4, 'nbd\x00'}}, 0x5f) ioctl$FBIOPUT_CON2FBMAP(r7, 0x4610, &(0x7f0000000180)={0x1}) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40859' (ED25519) to the list of known hosts. [ 41.269737][ T5855] cgroup: Unknown subsys name 'net' [ 41.439862][ T5855] cgroup: Unknown subsys name 'cpuset' [ 41.446001][ T5855] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.411983][ T5855] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.817540][ T5948] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.818777][ T5953] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.818855][ T5954] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.819900][ T5954] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.820932][ T5948] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.821181][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.821748][ T5948] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.822022][ T5948] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.823959][ T63] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.825104][ T5954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.828478][ T63] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.831938][ T5954] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.834716][ T63] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.838545][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.840360][ T5954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.841154][ T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.844365][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.861149][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.865670][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.869205][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 46.125418][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 46.215821][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 46.291145][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.293831][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.296352][ T5940] bridge_slave_0: entered allmulticast mode [ 46.299049][ T5940] bridge_slave_0: entered promiscuous mode [ 46.302671][ T5950] chnl_net:caif_netlink_parms(): no params data found [ 46.357595][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.360657][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.363701][ T5940] bridge_slave_1: entered allmulticast mode [ 46.367830][ T5940] bridge_slave_1: entered promiscuous mode [ 46.397558][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 46.428536][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.430828][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.433164][ T5941] bridge_slave_0: entered allmulticast mode [ 46.436063][ T5941] bridge_slave_0: entered promiscuous mode [ 46.444683][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.447895][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.450978][ T5941] bridge_slave_1: entered allmulticast mode [ 46.454966][ T5941] bridge_slave_1: entered promiscuous mode [ 46.477897][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.490009][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.556613][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.638703][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.643699][ T5940] team0: Port device team_slave_0 added [ 46.648371][ T5940] team0: Port device team_slave_1 added [ 46.752836][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.756450][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.759289][ T5950] bridge_slave_0: entered allmulticast mode [ 46.762411][ T5950] bridge_slave_0: entered promiscuous mode [ 46.783570][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.788527][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.797031][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.804717][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.807196][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.809481][ T5950] bridge_slave_1: entered allmulticast mode [ 46.812133][ T5950] bridge_slave_1: entered promiscuous mode [ 46.816900][ T5941] team0: Port device team_slave_0 added [ 46.819663][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.822363][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.830805][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.891848][ T5941] team0: Port device team_slave_1 added [ 46.925251][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.928304][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.930687][ T5939] bridge_slave_0: entered allmulticast mode [ 46.933415][ T5939] bridge_slave_0: entered promiscuous mode [ 46.938040][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.943932][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.946295][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.954242][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.957962][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.960808][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.963760][ T5939] bridge_slave_1: entered allmulticast mode [ 46.966510][ T5939] bridge_slave_1: entered promiscuous mode [ 46.970299][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.002196][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.004686][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.012656][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.079968][ T5940] hsr_slave_0: entered promiscuous mode [ 47.082804][ T5940] hsr_slave_1: entered promiscuous mode [ 47.127187][ T5950] team0: Port device team_slave_0 added [ 47.159607][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.163471][ T5950] team0: Port device team_slave_1 added [ 47.196744][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.220530][ T5941] hsr_slave_0: entered promiscuous mode [ 47.222981][ T5941] hsr_slave_1: entered promiscuous mode [ 47.225058][ T5941] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.227845][ T5941] Cannot create hsr debugfs directory [ 47.264426][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.268877][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.276963][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.338721][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.340983][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.349695][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.357482][ T5939] team0: Port device team_slave_0 added [ 47.364253][ T5939] team0: Port device team_slave_1 added [ 47.416681][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.418876][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.427041][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.431322][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.433506][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.441465][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.540128][ T5950] hsr_slave_0: entered promiscuous mode [ 47.543436][ T5950] hsr_slave_1: entered promiscuous mode [ 47.546754][ T5950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.549945][ T5950] Cannot create hsr debugfs directory [ 47.601087][ T5939] hsr_slave_0: entered promiscuous mode [ 47.603384][ T5939] hsr_slave_1: entered promiscuous mode [ 47.605529][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.608094][ T5939] Cannot create hsr debugfs directory [ 47.800154][ T5940] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.808848][ T5940] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.823219][ T5940] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.828721][ T5940] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.866650][ T5955] Bluetooth: hci3: command tx timeout [ 47.866652][ T5945] Bluetooth: hci1: command tx timeout [ 47.866945][ T5955] Bluetooth: hci0: command tx timeout [ 47.878381][ T5941] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.885036][ T5941] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.892297][ T5941] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.898729][ T5941] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.945029][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.953805][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.955967][ T5955] Bluetooth: hci2: command tx timeout [ 47.960849][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.976835][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.030596][ T5950] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 48.045366][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.050858][ T5950] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 48.056260][ T5950] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 48.071820][ T5950] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 48.098990][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.112209][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.115184][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.133080][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.135998][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.178331][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.208454][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.243290][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.248005][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.257469][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.259926][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.278423][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.280908][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.289722][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.292601][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.302148][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.310204][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.313239][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.332552][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.351537][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.353802][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.367465][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.370663][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.372944][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.434949][ T5940] veth0_vlan: entered promiscuous mode [ 48.448822][ T5940] veth1_vlan: entered promiscuous mode [ 48.475133][ T5940] veth0_macvtap: entered promiscuous mode [ 48.481265][ T5940] veth1_macvtap: entered promiscuous mode [ 48.493493][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.501207][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.510963][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.515808][ T5940] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.518729][ T5940] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.521468][ T5940] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.524220][ T5940] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.549744][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.561224][ T5941] veth0_vlan: entered promiscuous mode [ 48.578979][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.596383][ T5941] veth1_vlan: entered promiscuous mode [ 48.611182][ T5939] veth0_vlan: entered promiscuous mode [ 48.634173][ T5939] veth1_vlan: entered promiscuous mode [ 48.643934][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.647611][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.661282][ T5950] veth0_vlan: entered promiscuous mode [ 48.675438][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.676039][ T5950] veth1_vlan: entered promiscuous mode [ 48.679089][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.686540][ T5941] veth0_macvtap: entered promiscuous mode [ 48.697816][ T5941] veth1_macvtap: entered promiscuous mode [ 48.703267][ T5939] veth0_macvtap: entered promiscuous mode [ 48.708426][ T5939] veth1_macvtap: entered promiscuous mode [ 48.718734][ T5940] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.722912][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.732537][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.741443][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.747611][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.755393][ T5941] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.759847][ T5941] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.762509][ T5941] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.765272][ T5941] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.779272][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.781977][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.784645][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.787848][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.793352][ T5950] veth0_macvtap: entered promiscuous mode [ 48.803094][ T5950] veth1_macvtap: entered promiscuous mode [ 48.837727][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.841081][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.844509][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.862597][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.863411][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.865524][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.881391][ T5950] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.884449][ T5950] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.889143][ T5950] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.891855][ T5950] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.902773][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.911848][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.923855][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.929771][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.989177][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.992893][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.031982][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.035250][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.154346][ T6043] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 49.474455][ T6058] syz.1.12 uses obsolete (PF_INET,SOCK_PACKET) [ 49.586566][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 49.736611][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 49.741462][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 49.749951][ T10] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 49.756550][ T10] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 49.760728][ T10] usb 5-1: Product: syz [ 49.762439][ T10] usb 5-1: Manufacturer: syz [ 49.764057][ T10] usb 5-1: SerialNumber: syz [ 49.770595][ T10] usb 5-1: config 0 descriptor?? [ 49.774179][ T6051] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 49.780963][ T10] hub 5-1:0.0: bad descriptor, ignoring hub [ 49.783085][ T10] hub 5-1:0.0: probe with driver hub failed with error -5 [ 49.955710][ T5952] Bluetooth: hci0: command tx timeout [ 49.957911][ T5945] Bluetooth: hci3: command tx timeout [ 49.960150][ T5955] Bluetooth: hci1: command tx timeout [ 50.026060][ T5952] Bluetooth: hci2: command tx timeout [ 50.116036][ T6011] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 50.388633][ T6011] usb 8-1: unable to get BOS descriptor or descriptor too short [ 50.392597][ T6011] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 50.394885][ T6011] usb 8-1: can't read configurations, error -71 [ 50.445387][ T6090] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 50.838509][ T1021] usb 5-1: USB disconnect, device number 2 [ 51.475806][ T6011] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 51.605738][ T29] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 51.626201][ T6011] usb 8-1: Using ep0 maxpacket: 16 [ 51.628378][ T6011] usb 8-1: too many configurations: 123, using maximum allowed: 8 [ 51.631482][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.635364][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.639365][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.643220][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.647198][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.651088][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.654957][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.659289][ T6011] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.663689][ T6011] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 51.666667][ T6011] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 51.669448][ T6011] usb 8-1: SerialNumber: syz [ 51.672361][ T6011] usb 8-1: config 0 descriptor?? [ 51.677640][ T6011] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input5 [ 51.758222][ T29] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 51.763112][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 51.766873][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 51.770491][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 51.774355][ T29] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 51.777493][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.782005][ T29] usb 5-1: config 0 descriptor?? [ 51.784972][ T6120] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 51.894755][ T6117] input: syz1 as /devices/virtual/input/input6 [ 51.912497][ T5338] bcm5974 8-1:0.0: could not read from device [ 51.918296][ T5338] bcm5974 8-1:0.0: could not read from device [ 51.926362][ T6011] usb 8-1: USB disconnect, device number 3 [ 51.927447][ T5338] bcm5974 8-1:0.0: could not read from device [ 51.931501][ T5338] bcm5974 8-1:0.0: could not read from device [ 52.025902][ T5952] Bluetooth: hci1: command tx timeout [ 52.026012][ T5955] Bluetooth: hci3: command tx timeout [ 52.105834][ T5955] Bluetooth: hci2: command tx timeout [ 52.189261][ T1149] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.213207][ T29] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 52.230270][ T29] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 52.256337][ T1149] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.328684][ T1149] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.381984][ T5952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.386554][ T1149] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.388489][ T5952] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.392677][ T5952] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.396736][ T5952] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.399530][ T5952] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.566667][ T1149] bridge_slave_1: left allmulticast mode [ 52.569057][ T1149] bridge_slave_1: left promiscuous mode [ 52.571364][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.578655][ T1149] bridge_slave_0: left allmulticast mode [ 52.580480][ T1149] bridge_slave_0: left promiscuous mode [ 52.582351][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.676357][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.685862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.688620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.697712][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 52.715785][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 52.756202][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 52.849274][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.853936][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 52.858277][ T1149] bond0 (unregistering): Released all slaves [ 52.866317][ T6130] chnl_net:caif_netlink_parms(): no params data found [ 53.026948][ T6130] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.030135][ T6130] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.032606][ T6130] bridge_slave_0: entered allmulticast mode [ 53.035394][ T6130] bridge_slave_0: entered promiscuous mode [ 53.039517][ T6130] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.041831][ T6130] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.044649][ T6130] bridge_slave_1: entered allmulticast mode [ 53.051768][ T6130] bridge_slave_1: entered promiscuous mode [ 53.112606][ T6130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.133515][ T6130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.169614][ T6130] team0: Port device team_slave_0 added [ 53.172971][ T6130] team0: Port device team_slave_1 added [ 53.226081][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 53.264653][ T6130] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.267379][ T6130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.275399][ T6130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.291556][ T6130] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.293852][ T6130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.302356][ T6130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.345313][ T1149] hsr_slave_0: left promiscuous mode [ 53.348154][ T1149] hsr_slave_1: left promiscuous mode [ 53.350375][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 53.352746][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 53.355939][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 53.358314][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 53.378292][ T1149] veth1_macvtap: left promiscuous mode [ 53.380288][ T1149] veth0_macvtap: left promiscuous mode [ 53.382159][ T1149] veth1_vlan: left promiscuous mode [ 53.383940][ T1149] veth0_vlan: left promiscuous mode [ 53.489267][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.493440][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.496426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.876038][ T6165] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.882632][ T6165] ip6t_srh: unknown srh invflags 6BE9 [ 53.889888][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 53.935045][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 54.105923][ T5952] Bluetooth: hci1: command tx timeout [ 54.106495][ T5955] Bluetooth: hci3: command tx timeout [ 54.186696][ T5955] Bluetooth: hci2: command tx timeout [ 54.308339][ T1021] usb 5-1: USB disconnect, device number 3 [ 54.390924][ T6130] hsr_slave_0: entered promiscuous mode [ 54.393127][ T6130] hsr_slave_1: entered promiscuous mode [ 54.425852][ T5955] Bluetooth: hci0: command tx timeout [ 54.559016][ T6130] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 54.574483][ T6130] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 54.584493][ T6175] netlink: 'syz.2.42': attribute type 10 has an invalid length. [ 54.589103][ T6130] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 54.596459][ T6130] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 54.616188][ T6175] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.618869][ T6175] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.630252][ T6175] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.632518][ T6175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.635355][ T6175] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.637795][ T6175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.643605][ T6175] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 54.729035][ T6130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.739967][ T6130] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.748991][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.751278][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.767588][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.769969][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.918938][ T6130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.084782][ T6130] veth0_vlan: entered promiscuous mode [ 55.091820][ T6130] veth1_vlan: entered promiscuous mode [ 55.109294][ T6130] veth0_macvtap: entered promiscuous mode [ 55.119859][ T6130] veth1_macvtap: entered promiscuous mode [ 55.134362][ T6130] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.147045][ T6130] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.153282][ T6130] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.157525][ T6130] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.161122][ T6130] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.164565][ T6130] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.213070][ T98] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.217536][ T98] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.232230][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.234679][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.813030][ T6268] syzkaller0: entered promiscuous mode [ 55.814911][ T6268] syzkaller0: entered allmulticast mode [ 56.507687][ T5955] Bluetooth: hci0: command tx timeout [ 56.981751][ T59] IPVS: starting estimator thread 0... [ 57.085800][ T6295] IPVS: using max 45 ests per chain, 108000 per kthread [ 57.211854][ T6301] ip6t_srh: unknown srh invflags 6BE9 [ 57.216655][ T6301] ubi31: attaching mtd0 [ 57.222688][ T6301] ubi31: scanning is finished [ 57.224260][ T6301] ubi31: empty MTD device detected [ 57.412889][ T6301] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 57.415356][ T6301] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 57.417675][ T6301] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 57.419904][ T6301] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 57.422244][ T6301] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 57.424378][ T6301] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 57.426888][ T6301] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2460209692 [ 57.429999][ T6301] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 57.437393][ T6304] ubi31: background thread "ubi_bgt31d" started, PID 6304 [ 58.504601][ T6338] netlink: 'syz.2.70': attribute type 10 has an invalid length. [ 58.511170][ T6338] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 58.522293][ T6336] process 'syz.4.67' launched './file0' with NULL argv: empty string added [ 58.585950][ T5955] Bluetooth: hci0: command tx timeout [ 58.934375][ T6351] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 59.233277][ T40] audit: type=1800 audit(1750706293.698:2): pid=6336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.67" name="/" dev="fuse" ino=0 res=0 errno=0 [ 59.441757][ T839] libceph: connect (1)[c::]:6789 error -101 [ 59.444094][ T839] libceph: mon0 (1)[c::]:6789 connect error [ 59.599201][ T6364] ceph: No mds server is up or the cluster is laggy [ 59.941670][ T6382] ip6t_srh: unknown srh invflags 6BE9 [ 60.477818][ T6394] syzkaller0: entered promiscuous mode [ 60.479704][ T6394] syzkaller0: entered allmulticast mode [ 60.677009][ T5955] Bluetooth: hci0: command tx timeout [ 60.894111][ T6400] Bluetooth: MGMT ver 1.23 [ 62.484097][ T6438] ip6t_srh: unknown srh invflags 6BE9 [ 63.421614][ T6458] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.665344][ T6465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.101'. [ 64.018642][ T6479] netlink: 'syz.3.103': attribute type 4 has an invalid length. [ 64.224076][ T6073] IPVS: starting estimator thread 0... [ 64.315714][ T6487] IPVS: using max 45 ests per chain, 108000 per kthread [ 64.475726][ T839] usb 8-1: new full-speed USB device number 4 using dummy_hcd [ 64.975357][ T6495] ip6t_srh: unknown srh invflags 6BE9 [ 64.979860][ T6495] ubi: mtd0 is already attached to ubi31 [ 66.030813][ T6516] ip6t_srh: unknown srh invflags 6BE9 [ 66.489578][ T6011] IPVS: starting estimator thread 0... [ 66.575855][ T6542] IPVS: using max 45 ests per chain, 108000 per kthread [ 66.930424][ T839] usb 8-1: unable to get BOS descriptor or descriptor too short [ 66.938221][ T839] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 66.945917][ T839] usb 8-1: can't read configurations, error -71 [ 67.187867][ T6556] ip6t_srh: unknown srh invflags 6BE9 [ 67.194384][ T6556] ubi: mtd0 is already attached to ubi31 [ 67.933000][ T6593] ip6t_srh: unknown srh invflags 6BE9 [ 67.939723][ T6593] ubi: mtd0 is already attached to ubi31 [ 68.854818][ T839] IPVS: starting estimator thread 0... [ 68.956161][ T6608] IPVS: using max 45 ests per chain, 108000 per kthread [ 68.983399][ T6619] netlink: 'syz.4.128': attribute type 4 has an invalid length. [ 69.094846][ T6621] ip6t_srh: unknown srh invflags 6BE9 [ 69.733394][ T59] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 70.389482][ T6643] ip6t_srh: unknown srh invflags 6BE9 [ 70.394755][ T6643] ubi: mtd0 is already attached to ubi31 [ 70.836681][ T6648] ip6t_srh: unknown srh invflags 6BE9 [ 70.842589][ T6648] ubi: mtd0 is already attached to ubi31 [ 70.897356][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.900383][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.969813][ T6653] veth0: entered promiscuous mode [ 70.972825][ T6653] veth0: left promiscuous mode [ 71.314562][ T6664] ip6t_srh: unknown srh invflags 6BE9 [ 71.898500][ T59] usb 9-1: unable to get BOS descriptor or descriptor too short [ 71.912068][ T59] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 71.914484][ T59] usb 9-1: can't read configurations, error -71 [ 72.757175][ T6686] ip6t_srh: unknown srh invflags 6BE9 [ 72.759539][ T6686] ubi: mtd0 is already attached to ubi31 [ 73.190635][ T6693] ip6t_srh: unknown srh invflags 6BE9 [ 73.196337][ T6693] ubi: mtd0 is already attached to ubi31 [ 73.497392][ T6692] Zero length message leads to an empty skb [ 74.782090][ T6720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.154'. [ 75.580028][ T6735] ip6t_srh: unknown srh invflags 6BE9 [ 75.583402][ T6735] ubi: mtd0 is already attached to ubi31 [ 75.583984][ T6726] ip6t_srh: unknown srh invflags 6BE9 [ 75.587329][ T6726] ubi: mtd0 is already attached to ubi31 [ 76.229384][ T6748] ip6t_srh: unknown srh invflags 6BE9 [ 76.409277][ T6759] ======================================================= [ 76.409277][ T6759] WARNING: The mand mount option has been deprecated and [ 76.409277][ T6759] and is ignored by this kernel. Remove the mand [ 76.409277][ T6759] option from the mount to silence this warning. [ 76.409277][ T6759] ======================================================= [ 76.958223][ T6763] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 76.960338][ T6763] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 76.964048][ T6763] vhci_hcd vhci_hcd.0: Device attached [ 76.969250][ T40] audit: type=1326 audit(1750706311.438:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6762 comm="syz.4.165" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f36579 code=0x0 [ 77.135802][ T1021] vhci_hcd: vhci_device speed not set [ 77.205746][ T1021] usb 45-1: new full-speed USB device number 2 using vhci_hcd [ 77.785921][ T6764] vhci_hcd: connection reset by peer [ 77.790354][ T1149] vhci_hcd: stop threads [ 77.791983][ T1149] vhci_hcd: release socket [ 77.793769][ T1149] vhci_hcd: disconnect device [ 78.132718][ T6781] ip6t_srh: unknown srh invflags 6BE9 [ 78.589796][ T6791] netlink: 'syz.3.171': attribute type 4 has an invalid length. [ 78.996147][ T59] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 79.340255][ T6803] ip6t_srh: unknown srh invflags 6BE9 [ 79.343909][ T6803] ubi: mtd0 is already attached to ubi31 [ 81.083307][ T53] cfg80211: failed to load regulatory.db [ 81.485948][ T59] usb 8-1: unable to get BOS descriptor or descriptor too short [ 81.491977][ T59] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 81.494366][ T59] usb 8-1: can't read configurations, error -71 [ 81.906188][ T6844] ip6t_srh: unknown srh invflags 6BE9 [ 81.910380][ T6844] ubi: mtd0 is already attached to ubi31 [ 82.345855][ T1021] vhci_hcd: vhci_device speed not set [ 83.365492][ T6901] netlink: 'syz.2.193': attribute type 4 has an invalid length. [ 83.624017][ T6905] loop4: detected capacity change from 0 to 7 [ 83.634695][ T6305] Dev loop4: unable to read RDB block 7 [ 83.636558][ T6305] loop4: unable to read partition table [ 83.638423][ T6305] loop4: partition table beyond EOD, truncated [ 83.652315][ T6905] Dev loop4: unable to read RDB block 7 [ 83.659517][ T6905] loop4: unable to read partition table [ 83.665131][ T6905] loop4: partition table beyond EOD, truncated [ 83.673255][ T6905] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾‚³˜) failed (rc=-5) [ 85.149130][ T6921] ip6t_srh: unknown srh invflags 6BE9 [ 85.151654][ T6921] ubi: mtd0 is already attached to ubi31 [ 88.336898][ T6977] netlink: 8 bytes leftover after parsing attributes in process `syz.2.213'. [ 88.340676][ T6977] netlink: 32 bytes leftover after parsing attributes in process `syz.2.213'. [ 88.356774][ T6977] gtp0: entered promiscuous mode [ 88.358852][ T6977] gtp0: entered allmulticast mode [ 88.879262][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.217'. [ 88.886206][ T6990] bond_slave_0: entered promiscuous mode [ 88.888226][ T6990] bond_slave_1: entered promiscuous mode [ 88.890225][ T6990] macvtap1: entered promiscuous mode [ 88.891911][ T6990] bond0: entered promiscuous mode [ 88.893781][ T6990] macvtap1: entered allmulticast mode [ 88.895539][ T6990] bond0: entered allmulticast mode [ 88.897712][ T6990] bond_slave_0: entered allmulticast mode [ 88.899551][ T6990] bond_slave_1: entered allmulticast mode [ 88.903734][ T6990] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 88.909013][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.217'. [ 88.916453][ T6990] bond0: left allmulticast mode [ 88.918032][ T6990] bond_slave_0: left allmulticast mode [ 88.919764][ T6990] bond_slave_1: left allmulticast mode [ 88.921525][ T6990] bond0: left promiscuous mode [ 88.923953][ T6990] bond_slave_0: left promiscuous mode [ 88.926427][ T6990] bond_slave_1: left promiscuous mode [ 90.477448][ T7021] wg1 speed is unknown, defaulting to 1000 [ 90.480341][ T7021] wg1 speed is unknown, defaulting to 1000 [ 90.484640][ T7021] wg1 speed is unknown, defaulting to 1000 [ 90.492771][ T7021] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 90.502227][ T7021] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 90.525116][ T7021] wg1 speed is unknown, defaulting to 1000 [ 90.528655][ T7021] wg1 speed is unknown, defaulting to 1000 [ 90.532561][ T7021] wg1 speed is unknown, defaulting to 1000 [ 90.535190][ T7021] wg1 speed is unknown, defaulting to 1000 [ 91.960871][ T7046] ip6t_srh: unknown srh invflags 6BE9 [ 93.084100][ T7070] netlink: 'syz.4.236': attribute type 4 has an invalid length. [ 93.437367][ T6073] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 93.601822][ T6073] usb 9-1: not running at top speed; connect to a high speed hub [ 93.609828][ T6073] usb 9-1: config 1 interface 0 altsetting 3 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 93.620769][ T6073] usb 9-1: config 1 interface 0 has no altsetting 0 [ 93.627334][ T6073] usb 9-1: string descriptor 0 read error: -22 [ 93.629963][ T6073] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 93.633328][ T6073] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.642223][ T7070] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 94.826192][ T7097] ip6t_srh: unknown srh invflags 6BE9 [ 94.831341][ T7097] ubi: mtd0 is already attached to ubi31 [ 96.004797][ T6011] usb 9-1: USB disconnect, device number 4 [ 96.974214][ T7130] ip6t_srh: unknown srh invflags 6BE9 [ 97.777614][ T7138] ip6t_srh: unknown srh invflags 6BE9 [ 99.582854][ T7176] ip6t_srh: unknown srh invflags 6BE9 [ 100.197457][ T7188] input: syz1 as /devices/virtual/input/input8 [ 100.259659][ T7191] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 100.261767][ T7191] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 100.265501][ T7191] vhci_hcd vhci_hcd.0: Device attached [ 100.269378][ T7193] usbip_core: unknown command [ 100.270881][ T7193] vhci_hcd: unknown pdu 0 [ 100.272642][ T7193] usbip_core: unknown command [ 100.286096][ T1140] vhci_hcd: stop threads [ 100.287433][ T1140] vhci_hcd: release socket [ 100.288833][ T1140] vhci_hcd: disconnect device [ 100.659799][ T7197] trusted_key: syz.3.269 sent an empty control message without MSG_MORE. [ 101.275004][ T7212] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.278290][ T7212] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.327152][ T7212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.333332][ T7212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.383666][ T7212] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.386755][ T7212] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.389613][ T7212] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.392800][ T7212] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.429145][ T34] wg1 speed is unknown, defaulting to 1000 [ 101.431900][ T34] syz0: Port: 1 Link DOWN [ 103.316095][ T6073] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 103.465700][ T6073] usb 5-1: Using ep0 maxpacket: 32 [ 103.468905][ T6073] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.472348][ T6073] usb 5-1: config 0 has no interfaces? [ 103.475945][ T6073] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 103.479615][ T6073] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 103.482940][ T6073] usb 5-1: Product: syz [ 103.484277][ T6073] usb 5-1: Manufacturer: syz [ 103.486959][ T6073] usb 5-1: SerialNumber: syz [ 103.490236][ T6073] usb 5-1: config 0 descriptor?? [ 103.723124][ T59] usb 5-1: USB disconnect, device number 4 [ 106.863401][ T5955] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 106.879199][ T7312] warning: `syz.4.300' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 108.097231][ T5955] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 108.100346][ T5955] CPU: 3 UID: 0 PID: 5955 Comm: kworker/u33:7 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 108.100362][ T5955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.100371][ T5955] Workqueue: hci3 hci_rx_work [ 108.100386][ T5955] Call Trace: [ 108.100391][ T5955] [ 108.100396][ T5955] dump_stack_lvl+0x16c/0x1f0 [ 108.100416][ T5955] sysfs_warn_dup+0x7f/0xa0 [ 108.100433][ T5955] sysfs_create_dir_ns+0x24b/0x2b0 [ 108.100449][ T5955] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 108.100464][ T5955] ? find_held_lock+0x2b/0x80 [ 108.100478][ T5955] ? do_raw_spin_unlock+0x172/0x230 [ 108.100496][ T5955] kobject_add_internal+0x2c4/0x9b0 [ 108.100509][ T5955] kobject_add+0x16e/0x240 [ 108.100521][ T5955] ? __pfx_kobject_add+0x10/0x10 [ 108.100534][ T5955] ? do_raw_spin_unlock+0x172/0x230 [ 108.100552][ T5955] ? kobject_put+0xab/0x5a0 [ 108.100566][ T5955] device_add+0x288/0x1a70 [ 108.100578][ T5955] ? __pfx_dev_set_name+0x10/0x10 [ 108.100591][ T5955] ? __pfx_device_add+0x10/0x10 [ 108.100603][ T5955] ? mgmt_send_event_skb+0x2fb/0x460 [ 108.100624][ T5955] hci_conn_add_sysfs+0x17e/0x230 [ 108.100636][ T5955] le_conn_complete_evt+0x1075/0x1d70 [ 108.100656][ T5955] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 108.100673][ T5955] ? hci_event_packet+0x459/0x11c0 [ 108.100692][ T5955] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 108.100710][ T5955] ? skb_pull_data+0x166/0x210 [ 108.100728][ T5955] hci_le_meta_evt+0x354/0x5e0 [ 108.100738][ T5955] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 108.100757][ T5955] hci_event_packet+0x685/0x11c0 [ 108.100773][ T5955] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 108.100784][ T5955] ? __pfx_hci_event_packet+0x10/0x10 [ 108.100807][ T5955] ? kcov_remote_start+0x3c9/0x6d0 [ 108.100822][ T5955] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.100842][ T5955] hci_rx_work+0x2c5/0x16b0 [ 108.100854][ T5955] ? rcu_is_watching+0x12/0xc0 [ 108.100868][ T5955] process_one_work+0x9cc/0x1b70 [ 108.100892][ T5955] ? __pfx_process_one_work+0x10/0x10 [ 108.100914][ T5955] ? assign_work+0x1a0/0x250 [ 108.100932][ T5955] worker_thread+0x6c8/0xf10 [ 108.100955][ T5955] ? __pfx_worker_thread+0x10/0x10 [ 108.100971][ T5955] kthread+0x3c5/0x780 [ 108.100986][ T5955] ? __pfx_kthread+0x10/0x10 [ 108.101002][ T5955] ? rcu_is_watching+0x12/0xc0 [ 108.101012][ T5955] ? __pfx_kthread+0x10/0x10 [ 108.101028][ T5955] ret_from_fork+0x5d4/0x6f0 [ 108.101042][ T5955] ? __pfx_kthread+0x10/0x10 [ 108.101073][ T5955] ret_from_fork_asm+0x1a/0x30 [ 108.101093][ T5955] [ 108.101138][ T5955] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 108.191289][ T5955] Bluetooth: hci3: failed to register connection device [ 108.384011][ T7331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.304'. [ 108.387591][ T7331] netlink: 'syz.4.304': attribute type 5 has an invalid length. [ 108.390488][ T7331] netlink: 20 bytes leftover after parsing attributes in process `syz.4.304'. [ 108.403930][ T7331] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 108.407895][ T7331] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 108.411610][ T7331] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 108.415333][ T7331] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 108.420197][ T7331] geneve2: entered promiscuous mode [ 108.422113][ T7331] geneve2: entered allmulticast mode [ 109.927143][ T7358] netlink: 48 bytes leftover after parsing attributes in process `syz.3.312'. [ 110.301565][ T7358] syz.3.312 (7358): drop_caches: 1 [ 110.301899][ T7361] syz.3.312 (7361): drop_caches: 1 [ 110.345102][ T7358] syz.3.312 (7358): drop_caches: 1 [ 110.560099][ T7367] ip6t_srh: unknown srh invflags 6BE9 [ 112.447513][ T7401] netlink: 'syz.3.323': attribute type 4 has an invalid length. [ 112.886001][ T6011] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 113.060860][ T6011] usb 8-1: not running at top speed; connect to a high speed hub [ 113.065331][ T6011] usb 8-1: config 1 interface 0 altsetting 3 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 113.069500][ T6011] usb 8-1: config 1 interface 0 has no altsetting 0 [ 113.073897][ T6011] usb 8-1: string descriptor 0 read error: -22 [ 113.076308][ T6011] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 113.079288][ T6011] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.086637][ T7404] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 113.234317][ T7417] ip6t_srh: unknown srh invflags 6BE9 [ 114.666215][ T6073] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 115.108181][ T6073] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 115.110850][ T6073] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 115.114225][ T6073] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 115.118097][ T6073] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 115.121505][ T6073] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 115.125552][ T6073] usb 5-1: config 0 interface 0 has no altsetting 0 [ 115.129561][ T6073] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 115.133174][ T6073] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 115.135944][ T6073] usb 5-1: Product: syz [ 115.137269][ T6073] usb 5-1: Manufacturer: syz [ 115.138755][ T6073] usb 5-1: SerialNumber: syz [ 115.141966][ T6073] usb 5-1: config 0 descriptor?? [ 115.144092][ T7429] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 115.148158][ T6073] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 115.152366][ T6073] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 115.400565][ T59] usb 8-1: USB disconnect, device number 8 [ 115.460937][ T7441] wg1 speed is unknown, defaulting to 1000 [ 115.589748][ T6073] usb 5-1: USB disconnect, device number 5 [ 115.594192][ T6073] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 115.617036][ T7441] syz.3.333: attempt to access beyond end of device [ 115.617036][ T7441] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 115.621574][ T7441] syz.3.333: attempt to access beyond end of device [ 115.621574][ T7441] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 115.625545][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 115.630702][ T7441] syz.3.333: attempt to access beyond end of device [ 115.630702][ T7441] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 115.634679][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 115.639371][ T7441] syz.3.333: attempt to access beyond end of device [ 115.639371][ T7441] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 115.643388][ T7441] syz.3.333: attempt to access beyond end of device [ 115.643388][ T7441] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 115.649288][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 115.652329][ T7441] syz.3.333: attempt to access beyond end of device [ 115.652329][ T7441] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 115.656466][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 115.665940][ T7441] syz.3.333: attempt to access beyond end of device [ 115.665940][ T7441] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 115.669972][ T7441] syz.3.333: attempt to access beyond end of device [ 115.669972][ T7441] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 115.673921][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 115.677014][ T7441] syz.3.333: attempt to access beyond end of device [ 115.677014][ T7441] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 115.680954][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 115.684252][ T7441] syz.3.333: attempt to access beyond end of device [ 115.684252][ T7441] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 115.688397][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 115.745877][ T7441] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 115.749036][ T7441] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 116.144561][ T7454] ip6t_srh: unknown srh invflags 6BE9 [ 117.537110][ T7477] netlink: 'syz.4.341': attribute type 4 has an invalid length. [ 118.035825][ T6073] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 118.207891][ T6073] usb 9-1: not running at top speed; connect to a high speed hub [ 118.219664][ T6073] usb 9-1: config 1 interface 0 altsetting 3 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 118.228512][ T6073] usb 9-1: config 1 interface 0 has no altsetting 0 [ 118.268134][ T6073] usb 9-1: string descriptor 0 read error: -22 [ 118.270173][ T6073] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 118.272977][ T6073] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.317892][ T7481] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 118.388586][ T7498] netlink: 36 bytes leftover after parsing attributes in process `syz.3.345'. [ 119.054278][ T40] audit: type=1326 audit(1750706353.488:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.082358][ T40] audit: type=1326 audit(1750706353.488:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.096284][ T40] audit: type=1326 audit(1750706353.488:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.105368][ T40] audit: type=1326 audit(1750706353.488:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.113523][ T40] audit: type=1326 audit(1750706353.488:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.121176][ T40] audit: type=1326 audit(1750706353.488:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.129821][ T40] audit: type=1326 audit(1750706353.488:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.141486][ T40] audit: type=1326 audit(1750706353.488:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.154401][ T40] audit: type=1326 audit(1750706353.488:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 119.166181][ T40] audit: type=1326 audit(1750706353.488:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7503 comm="syz.0.346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000 [ 120.443651][ T839] usb 9-1: USB disconnect, device number 5 [ 121.619959][ T7536] wg1 speed is unknown, defaulting to 1000 [ 124.175395][ T7587] ip6t_srh: unknown srh invflags 6BE9 [ 126.779337][ T7634] netlink: 'syz.3.381': attribute type 4 has an invalid length. [ 126.922628][ T7642] ip6t_srh: unknown srh invflags 6BE9 [ 127.885146][ T7653] ip6t_srh: unknown srh invflags 6BE9 [ 128.567961][ T40] kauditd_printk_skb: 246 callbacks suppressed [ 128.567975][ T40] audit: type=1800 audit(1750706363.038:260): pid=7661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.387" name="nullb0" dev="tmpfs" ino=594 res=0 errno=0 [ 129.610575][ T7677] syz_tun: entered allmulticast mode [ 129.630202][ T7677] dvmrp1: entered allmulticast mode [ 129.667333][ T7676] syz_tun: left allmulticast mode [ 130.034825][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.3.398'. [ 130.038064][ T7692] netlink: 32 bytes leftover after parsing attributes in process `syz.3.398'. [ 130.054919][ T7692] gtp0: entered promiscuous mode [ 130.057314][ T7692] gtp0: entered allmulticast mode [ 131.225694][ T7714] netlink: 'syz.2.405': attribute type 4 has an invalid length. [ 132.278985][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.281186][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.675015][ T7745] wg1 speed is unknown, defaulting to 1000 [ 133.910289][ T7751] netlink: 56 bytes leftover after parsing attributes in process `syz.0.412'. [ 134.501925][ T7759] ip6t_srh: unknown srh invflags 6BE9 [ 135.302341][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302399][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302418][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302441][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302459][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302476][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302491][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302506][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302521][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302536][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302551][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302566][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302581][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302596][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302611][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302635][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302651][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302666][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302682][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302698][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302712][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302723][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302735][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302747][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302759][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302771][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302782][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302794][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302806][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302818][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302830][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302841][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302853][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302865][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302877][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302889][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302900][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302912][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302924][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302936][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302948][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302960][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.302971][ T5002] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 135.310735][ T7771] ================================================================== [ 135.310745][ T7771] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 135.310842][ T7771] Write of size 8 at addr ffffc90004ca9000 by task syz.0.419/7771 [ 135.310852][ T7771] [ 135.310859][ T7771] CPU: 0 UID: 0 PID: 7771 Comm: syz.0.419 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 135.310873][ T7771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.310881][ T7771] Call Trace: [ 135.310885][ T7771] [ 135.310890][ T7771] dump_stack_lvl+0x116/0x1f0 [ 135.310927][ T7771] print_report+0xcd/0x680 [ 135.310938][ T7771] ? __virt_addr_valid+0x81/0x610 [ 135.310953][ T7771] ? sys_imageblit+0x1a6f/0x1e60 [ 135.310966][ T7771] kasan_report+0xe0/0x110 [ 135.310977][ T7771] ? sys_imageblit+0x1a6f/0x1e60 [ 135.310991][ T7771] sys_imageblit+0x1a6f/0x1e60 [ 135.311006][ T7771] ? __pfx_sys_imageblit+0x10/0x10 [ 135.311019][ T7771] ? do_raw_spin_lock+0x12c/0x2b0 [ 135.311037][ T7771] ? find_held_lock+0x2b/0x80 [ 135.311049][ T7771] ? queue_work_on+0x12a/0x1f0 [ 135.311065][ T7771] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.311080][ T7771] ? queue_work_on+0x8b/0x1f0 [ 135.311096][ T7771] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 135.311110][ T7771] bit_putcs+0x90f/0xde0 [ 135.311130][ T7771] ? __pfx_bit_putcs+0x10/0x10 [ 135.311145][ T7771] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.311160][ T7771] ? fb_get_color_depth+0x120/0x250 [ 135.311176][ T7771] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.311193][ T7771] ? __pfx_bit_putcs+0x10/0x10 [ 135.311209][ T7771] fbcon_putcs+0x383/0x4a0 [ 135.311224][ T7771] do_update_region+0x2e6/0x3f0 [ 135.311238][ T7771] invert_screen+0x1e4/0x590 [ 135.311253][ T7771] ? __pfx_invert_screen+0x10/0x10 [ 135.311267][ T7771] ? __pfx_complement_pos+0x10/0x10 [ 135.311282][ T7771] ? trace_kmalloc+0x2b/0xd0 [ 135.311292][ T7771] ? __kmalloc_noprof+0x242/0x510 [ 135.311307][ T7771] ? __pfx_try_to_wake_up+0x10/0x10 [ 135.311318][ T7771] clear_selection+0x59/0x70 [ 135.311332][ T7771] vc_do_resize+0xd9b/0x10e0 [ 135.311350][ T7771] ? __pfx_vc_do_resize+0x10/0x10 [ 135.311366][ T7771] fbcon_set_disp+0x7ad/0xe40 [ 135.311381][ T7771] set_con2fb_map+0x703/0x1060 [ 135.311398][ T7771] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 135.311415][ T7771] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 135.311433][ T7771] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.311448][ T7771] do_fb_ioctl+0x328/0x7e0 [ 135.311459][ T7771] ? __pfx_do_fb_ioctl+0x10/0x10 [ 135.311470][ T7771] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.311486][ T7771] ? find_held_lock+0x2b/0x80 [ 135.311499][ T7771] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.311520][ T7771] fb_compat_ioctl+0x55e/0x670 [ 135.311531][ T7771] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 135.311542][ T7771] ? hook_file_ioctl_common+0x145/0x410 [ 135.311555][ T7771] ? __fget_files+0x20e/0x3c0 [ 135.311569][ T7771] ? fdget_pos+0x1f0/0x370 [ 135.311585][ T7771] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 135.311596][ T7771] __ia32_compat_sys_ioctl+0x242/0x370 [ 135.311610][ T7771] __do_fast_syscall_32+0x7c/0x3a0 [ 135.311634][ T7771] do_fast_syscall_32+0x32/0x80 [ 135.311651][ T7771] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.311666][ T7771] RIP: 0023:0xf70ee579 [ 135.311675][ T7771] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 135.311686][ T7771] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 135.311697][ T7771] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000004610 [ 135.311704][ T7771] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.311711][ T7771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.311717][ T7771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.311724][ T7771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.311733][ T7771] [ 135.311737][ T7771] [ 135.311742][ T7771] The buggy address belongs to the virtual mapping at [ 135.311742][ T7771] [ffffc900049a9000, ffffc90004caa000) created by: [ 135.311742][ T7771] drm_gem_shmem_vmap_locked+0x4bc/0x720 [ 135.311758][ T7771] [ 135.311761][ T7771] Memory state around the buggy address: [ 135.311767][ T7771] ffffc90004ca8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.311774][ T7771] ffffc90004ca8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.311781][ T7771] >ffffc90004ca9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 135.311787][ T7771] ^ [ 135.311792][ T7771] ffffc90004ca9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 135.311800][ T7771] ffffc90004ca9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 135.311805][ T7771] ================================================================== [ 135.311812][ T7771] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 135.311820][ T7771] CPU: 0 UID: 0 PID: 7771 Comm: syz.0.419 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 135.311833][ T7771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.311839][ T7771] Call Trace: [ 135.311843][ T7771] [ 135.311847][ T7771] dump_stack_lvl+0x3d/0x1f0 [ 135.311863][ T7771] panic+0x71c/0x800 [ 135.311879][ T7771] ? __pfx_panic+0x10/0x10 [ 135.311895][ T7771] ? __pfx__printk+0x10/0x10 [ 135.311910][ T7771] ? rcu_is_watching+0x12/0xc0 [ 135.311922][ T7771] ? sys_imageblit+0x1a6f/0x1e60 [ 135.311935][ T7771] check_panic_on_warn+0xab/0xb0 [ 135.311951][ T7771] end_report+0x107/0x170 [ 135.311969][ T7771] kasan_report+0xee/0x110 [ 135.311981][ T7771] ? sys_imageblit+0x1a6f/0x1e60 [ 135.311995][ T7771] sys_imageblit+0x1a6f/0x1e60 [ 135.312010][ T7771] ? __pfx_sys_imageblit+0x10/0x10 [ 135.312023][ T7771] ? do_raw_spin_lock+0x12c/0x2b0 [ 135.312040][ T7771] ? find_held_lock+0x2b/0x80 [ 135.312051][ T7771] ? queue_work_on+0x12a/0x1f0 [ 135.312067][ T7771] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.312083][ T7771] ? queue_work_on+0x8b/0x1f0 [ 135.312099][ T7771] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 135.312114][ T7771] bit_putcs+0x90f/0xde0 [ 135.312134][ T7771] ? __pfx_bit_putcs+0x10/0x10 [ 135.312150][ T7771] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.312165][ T7771] ? fb_get_color_depth+0x120/0x250 [ 135.312181][ T7771] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.312198][ T7771] ? __pfx_bit_putcs+0x10/0x10 [ 135.312214][ T7771] fbcon_putcs+0x383/0x4a0 [ 135.312230][ T7771] do_update_region+0x2e6/0x3f0 [ 135.312243][ T7771] invert_screen+0x1e4/0x590 [ 135.312259][ T7771] ? __pfx_invert_screen+0x10/0x10 [ 135.312274][ T7771] ? __pfx_complement_pos+0x10/0x10 [ 135.312290][ T7771] ? trace_kmalloc+0x2b/0xd0 [ 135.312301][ T7771] ? __kmalloc_noprof+0x242/0x510 [ 135.312316][ T7771] ? __pfx_try_to_wake_up+0x10/0x10 [ 135.312327][ T7771] clear_selection+0x59/0x70 [ 135.312341][ T7771] vc_do_resize+0xd9b/0x10e0 [ 135.312359][ T7771] ? __pfx_vc_do_resize+0x10/0x10 [ 135.312376][ T7771] fbcon_set_disp+0x7ad/0xe40 [ 135.312392][ T7771] set_con2fb_map+0x703/0x1060 [ 135.312409][ T7771] fbcon_set_con2fb_map_ioctl+0x16c/0x220 [ 135.312426][ T7771] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10 [ 135.312445][ T7771] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.312461][ T7771] do_fb_ioctl+0x328/0x7e0 [ 135.312472][ T7771] ? __pfx_do_fb_ioctl+0x10/0x10 [ 135.312483][ T7771] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.312500][ T7771] ? find_held_lock+0x2b/0x80 [ 135.312513][ T7771] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.312535][ T7771] fb_compat_ioctl+0x55e/0x670 [ 135.312546][ T7771] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 135.312557][ T7771] ? hook_file_ioctl_common+0x145/0x410 [ 135.312570][ T7771] ? __fget_files+0x20e/0x3c0 [ 135.312583][ T7771] ? fdget_pos+0x1f0/0x370 [ 135.312600][ T7771] ? __pfx_fb_compat_ioctl+0x10/0x10 [ 135.312611][ T7771] __ia32_compat_sys_ioctl+0x242/0x370 [ 135.312629][ T7771] __do_fast_syscall_32+0x7c/0x3a0 [ 135.312647][ T7771] do_fast_syscall_32+0x32/0x80 [ 135.312664][ T7771] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.312677][ T7771] RIP: 0023:0xf70ee579 [ 135.312686][ T7771] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 135.312696][ T7771] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 135.312707][ T7771] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000004610 [ 135.312714][ T7771] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.312720][ T7771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.312727][ T7771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.312733][ T7771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.312743][ T7771] [ 135.313500][ T7771] Kernel Offset: disabled VM DIAGNOSIS: 19:19:30 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85580b15 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc9000657ee88 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257 R12=0000000000000000 R13=0000000000000066 R14=ffffffff9b06d9c0 R15=ffffffff85580ab0 RIP=ffffffff85580b3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809755f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7435994 CR3=0000000028abd000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff88801deda440 RSI=ffffffff81604908 RDI=ffffffff93d13080 RBP=0000000000000001 RSP=ffffc90000590fd0 R8 =0000000000000001 R9 =fffffbfff27a2610 R10=ffffffff93d13087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809765f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000003310aff8 CR3=000000004ac89000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff88801dedc880 RSI=ffffffff81604908 RDI=ffffffff93d13080 RBP=0000000000000002 RSP=ffffc90000538fd0 R8 =0000000000000001 R9 =fffffbfff27a2610 R10=ffffffff93d13087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809775f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7486188 CR3=000000005e238000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff888026ba0000 RSI=ffffffff81604908 RDI=ffffffff93d13080 RBP=0000000000000003 RSP=ffffc900005e8fd0 R8 =0000000000000001 R9 =fffffbfff27a2610 R10=ffffffff93d13087 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809785f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fbfe9200038 CR3=000000004ac89000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0c0c200 Opmask01=00000000000000ff Opmask02=00000000fffffeff Opmask03=0000000020400004 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d2234bf1e0 000055d2234bf1e0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d22340e560 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbfe9df1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbfe9df1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 747a1d288e28fb2e 737326a40d6eb740 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030303030303030 7030303030303030 3076313030306730 303030623a646968 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0030303030303030 3070303030303030 3030763130303067 30303030623a6469 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d0d0d0d0d0d0d 4b0c0d0d0d5a0d0d 0d0d5f0759545500 5341494c41444f4d ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 07096e5bfd5b885d 000055d77e1d62cc 0000000000000051 0000000000003330 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d2233ef7d0 000055d223402bc0 0000000000000061 0000003177617264 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000