last executing test programs: 6.962939502s ago: executing program 3 (id=37): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x3f) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) r2 = socket$unix(0x1, 0x5, 0x0) connect(r2, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) connect(0xffffffffffffffff, &(0x7f0000931ff4)=@un=@abs={0x0, 0x0, 0x4a21}, 0x80) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x3fffffffd, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_GETENCODER(r3, 0xc01464a6, &(0x7f0000000400)={r4}) r5 = socket(0x10, 0x3, 0x0) write(r5, 0x0, 0x0) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r6, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/147, 0x93}], 0x1, 0x0, 0x0) 6.870880234s ago: executing program 3 (id=39): r0 = socket$kcm(0x2, 0xa, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000001f80), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$tun(0xffffffffffffffff, &(0x7f0000000280)={@val={0x6f01, 0x800}, @void, @mpls={[], @generic="b849b7b54ab478beab2f1431c247ac4b3a4e04"}}, 0x17) r4 = socket$inet_dccp(0x2, 0x6, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x800) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x4001, 0x3, 0x1f4, 0x12c, 0x600, 0x148, 0x0, 0x148, 0x1e8, 0x240, 0x240, 0x1e8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @loopback, 0x0, 0x0, 'ip6gretap0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x250) syz_open_dev$sg(0x0, 0x7fffffff, 0xb4313f2c2156f2f7) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000080)) syslog(0x3, &(0x7f00000000c0)=""/157, 0x9d) 5.956353692s ago: executing program 1 (id=41): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$autofs(0xffffff9c, 0x0, 0x200142, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$netlink(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4b0}}, 0x0) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet(0x2, 0x1, 0x0) r4 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r4, 0x3) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r6 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000007940), 0x55, 0x0, 0x0) sendmmsg(r6, &(0x7f0000001500), 0x588, 0x3000000) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x60}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 5.944900479s ago: executing program 3 (id=42): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00B\x00', "006e34e400"}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 5.218437322s ago: executing program 2 (id=43): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) socket$nl_generic(0x11, 0x3, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r4 = openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendfile(r4, r3, 0x0, 0x3a) r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_open_dev$cec(0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$session_to_parent(0x12) io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 5.046718208s ago: executing program 1 (id=44): socket$phonet_pipe(0x23, 0x5, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000cab000)) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x1}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x200}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r3, 0xc04064aa, &(0x7f0000000400)={0x0, 0x0}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 4.883064812s ago: executing program 3 (id=45): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x0, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) r4 = socket$caif_stream(0x25, 0x1, 0x0) accept4(r4, &(0x7f0000000300)=@ll, &(0x7f0000000180)=0x80, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r4, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='maps\x00') read$FUSE(r5, &(0x7f0000000280)={0x2020}, 0x2020) setsockopt$inet_int(r0, 0x0, 0x18, 0x0, 0x0) 4.796428674s ago: executing program 0 (id=46): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x4001, 0x3, 0x320, 0x1f8, 0x0, 0x148, 0x0, 0x148, 0x28c, 0x240, 0x240, 0x28c, 0x240, 0x7fffffe, 0x0, {[{{@ip={@empty, @rand_addr, 0x0, 0x0, 'ipvlan0\x00', 'wlan1\x00'}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x2, 0x0, 'syz1\x00'}}, @common=@addrtype={{0x2c}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0x94}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffc}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x37c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}}]}, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000280)=[0x1], &(0x7f0000000340)=[{0x4, 0x2, 0x6, 0x8}, {0x0, 0x1, 0xb, 0x8}, {0x0, 0x2, 0x9, 0x5}, {0x1, 0x2, 0xf, 0x7}, {0x3, 0x5, 0xe, 0xa}, {0x5, 0x2, 0xf, 0x2}, {0x5, 0x5, 0x3, 0x9}], 0x10, 0xfffffffb, @void, @value}, 0x90) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) creat(&(0x7f0000000300)='./bus\x00', 0x0) listxattr(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) writev(r2, &(0x7f0000000200)=[{&(0x7f00000004c0)='4', 0x1}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='rpcgss_svc_unwrap_failed\x00', r2}, 0x10) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x4f}, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f000000fd00), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001a0000000c00228004020080040000800500920000000000070021"], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0) r6 = socket$inet_tcp(0x2, 0x3, 0x6) connect$inet(r6, &(0x7f0000000300)={0x2, 0x0, @loopback}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xf, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x6}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$binfmt_script(r6, &(0x7f0000000480)={'#! ', './file0'}, 0xb) 4.651492261s ago: executing program 2 (id=47): socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) set_mempolicy_home_node(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000180)=0x3, 0x12) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0xfe}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 4.63774046s ago: executing program 0 (id=48): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3) socket$nl_netfilter(0x10, 0x3, 0xc) readv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000000000)=""/107, 0x6b}], 0x1) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) read$char_usb(r3, &(0x7f0000001840)=""/4090, 0xffa) add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000600)=""/170, 0xaa}], 0x1, 0xffeffffe, 0x0) read$char_usb(r3, &(0x7f0000000240)=""/34, 0x43) sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000bc0)=@getspdinfo={0x14, 0x25, 0x1}, 0x14}}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/121, 0x79}], 0x1) sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) bind$ax25(r4, &(0x7f00000000c0)={{0x3, @null, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) 3.876592912s ago: executing program 1 (id=49): syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="0000f1ff", @ANYRES16], 0x28}, 0x1, 0x0, 0x0, 0x24048001}, 0x24004010) socket$kcm(0x10, 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) iopl(0x3) socket(0x840000000002, 0x3, 0x100) r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) 3.578737044s ago: executing program 2 (id=50): r0 = eventfd(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r0, 0x4002f516, &(0x7f0000000200)={0x4b, 0x1}) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000008000/0x11000)=nil, 0x11000, 0x100000c) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00', @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14"], 0x54}}, 0x0) ioctl$USBDEVFS_SETINTERFACE(r3, 0x80085504, &(0x7f0000000140)={0x0, 0x6}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_clone3(0x0, 0x0) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) clock_nanosleep(0x9, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f00000001c0)) 3.297564079s ago: executing program 3 (id=51): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000808000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x4f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000400)='./file0\x00', 0x0, 0x223216, 0x0) chdir(&(0x7f0000000100)='./file0\x00') syz_open_dev$loop(0x0, 0x2, 0x40000) syz_usb_connect$hid(0xf63067478e218e8, 0x36, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) close(r1) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) rename(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000800)='./file0\x00') move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x50009404, &(0x7f0000000140)) 3.107753591s ago: executing program 2 (id=52): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000150001030000000000000000"], 0x14}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000540)=[{0x4, 0x2, 0x0, 0x1}, {0x3, 0x5, 0x10}, {0x4, 0x3, 0xb, 0xb}, {0x3, 0x3, 0x9, 0xc}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r2 = open(&(0x7f0000000140)='./file1\x00', 0x0, 0x0) mknodat$loop(r2, &(0x7f0000000000)='./file1\x00', 0xc000, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r2, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f0000000280)='./file1\x00') 3.030220469s ago: executing program 0 (id=53): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x400, 0x70bd2c, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x5, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x7c45, &(0x7f0000000080)={0x0, 0x20, 0x13100, 0x0, 0xfffffffc}, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x145842, 0x0) r3 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2.179257149s ago: executing program 2 (id=54): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@d, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10) socket$kcm(0x2, 0xa, 0x2) r1 = userfaultfd(0x80001) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$UFFDIO_ZEROPAGE(r3, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x17) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="03a3d74264beee3a4b5819ed386dc61a7e0fd90af404bed6e723504aaae4078ff6a7f4673c3b4171b4d1dd38873132505a64d3efbf9549176ec500e908cc5cd9e8e492c25357f4ef1df4148b92f50e6781bbf3017932d968"], 0x13) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000006100)=""/102389, 0x18ff5}], 0x1, 0xfffffffd, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) openat$procfs(0xffffff9c, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0xd3, 0x4180) 2.04881175s ago: executing program 0 (id=55): syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x1}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x804) syz_open_dev$sg(0x0, 0x0, 0x0) r3 = memfd_create(&(0x7f0000000480)='%\x00\xae\xdb\xb8\x18\xc1\xecWbNO\xde^\xff\x19\x17QE{*X\xe3\xe2\x06\x00\x00\x00\xf6\xc0H\xa2\x83\x92\xee\n_\xcc\x1cC\xe5\x9f n\xbe?\xe7\x89*\xf1\xc5b\v\xec\xe4\xb0\xa2\xc5\xee\x04\x98\xa9\xb9\xe5\x8c\xc3\x97B\xaa+\x81\xcfJ\xf2o\xf6k\xcc\xf7\x057\x8d\xb1\xa0\x86\xe8\xda\x90\xc2\x1e\x15\x11\x92\x9d\xc1M\xe5@\v\x001\xae\x19$\xf8\x96\x81\xcbR\xae`\xd3\xf8_R~7\xf5\x1c\xc8\xf9\xe2z\x00<\xdc\x11\x89\xc9&f', 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x2a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@mss, @timestamp, @window, @mss, @timestamp, @window], 0x21a5) 1.916355671s ago: executing program 1 (id=56): ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f00000000c0)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, 0x41, 0x9, 0x70bd25, 0x0, {0x5}}, 0x14}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = io_uring_setup(0x6281, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x18, r4, 0x601, 0x0, 0x800, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000200)=0x6, 0x4) syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) pipe(0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x0) io_setup(0x3ff, &(0x7f0000000500)) mkdir(&(0x7f0000000040)='./file0\x00', 0xa0) 1.108427001s ago: executing program 0 (id=57): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) r0 = epoll_create(0x400) r1 = eventfd(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo/3\x00') pread64(r2, &(0x7f0000000300)=""/246, 0xf6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x3, 0x5, &(0x7f0000000700)=ANY=[], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="5becbc0e0d7cca6073a4f11d1b00", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) add_key$user(0x0, &(0x7f0000000440), &(0x7f00000005c0)="ca996e4a4c9748265ca5b19498b6941430e963570a676702000000a4c124ed6bfe0d8004a355af19a6e3", 0x2a, 0xfffffffffffffffd) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 1.096950996s ago: executing program 1 (id=58): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') preadv(r1, 0x0, 0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r2, 0x7005) syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x6585, 0x10100}, 0x0, 0x0) syz_io_uring_setup(0x5e2, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {}, {0x1}, {}, {0xfffffffa, 0x6}], 0x0, 0x0, 0x8, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$caif_stream(0x25, 0x1, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80) 1.011072434s ago: executing program 2 (id=59): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB]) r2 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x40045731, 0x0) r3 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy\x13\xdc\xd8\x12/\x86\xcafi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5$\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xbd\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;\xb1\x80\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUp\xdf\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x2) ftruncate(r3, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r3, 0x0) lseek(r3, 0x1003ff, 0x4) ioctl$VHOST_VDPA_GET_CONFIG(r1, 0x8008af73, &(0x7f0000000000)={0x0, 0x3e, ""/62}) 118.730818ms ago: executing program 0 (id=60): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000100)='./file0\x00', 0x2000, 0x1) setsockopt$packet_buf(r0, 0x107, 0x0, &(0x7f0000000280)="6b5706f02a937cc8bbfe5523b28b1f0c3c36d730448a826b4e42584c0b8ba0589d3f91303818d2fb710a9dab434f80b5dc25412dd763ccefe3e12928c112921916623ccdb702514f2ad6095cf469e49eb12b5df093738951c00b5bf3c895e3f5b9919cd30c80db046d486ba6e66dbfb9c416", 0x72) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x52}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/crypto\x00', 0x0, 0x0) lseek(r3, 0x1000000, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000940)="d744784ca67c0398246d848e6df22054de2bd8ca3da64dfdea7d8eb74ffe057d7469066c6ca034a2677ce0c1c25e2b2a825d677e0fbac312a7da165cd5db94fa38cdf3a3f3f93b912a7515e0b1e441a3be644a296bcc765e7adc9ddb4d14376a69cbfcd2ddd156ba432349e96debeda26ee8914c28f4", 0x7ffff000}, {&(0x7f00000009c0)="d86e5c29ab2c0dce2b79f95d543a0d6b45dec9dab7afbc0d6d678feb7a652e67638c3ee007937917fad76308e99818f8f112b73a3c3e3c5ed80c49fab6e0593e95008b4a47aebdde3e28cea1cec26385f3d03b872970dfb69a63a6384a9be5b9419ff8ea6d9c2a730307894adb589d11a1ec59255d10acb1fbef", 0x7a}], 0x2}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000000000000000340000000e0001006e657464657673696d0000000f0002005d657464657673696d300000"], 0x34}}, 0x0) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r8, 0xae78, 0x0) 103.701325ms ago: executing program 1 (id=61): r0 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa, @void, @value}, 0x94) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) gettid() connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) unshare(0x46060480) socket(0xa, 0x801, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 0s ago: executing program 3 (id=62): dup(0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) r0 = io_uring_setup(0x6281, &(0x7f0000000080)={0x0, 0x1000000, 0x0, 0x0, 0x21}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x14341, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = syz_open_procfs$pagemap(0xffffffffffffffff, 0x0) lsm_get_self_attr(0x68, 0xffffffffffffffff, &(0x7f00000005c0), 0x1) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f00000001c0)={0x60, 0x1, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0}) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) io_uring_enter(0xffffffffffffffff, 0x2fcd, 0x4000, 0x0, 0x0, 0x0) pipe(0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') preadv(r5, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4c, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000ac0)='cachefiles_tmpfile\x00', r5, 0x0, 0x7fffffe}, 0x73) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x90}, [@ldst={0x3, 0x3, 0xb, 0xa, 0x0, 0xffffffffffffffe8}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:62715' (ED25519) to the list of known hosts. [ 41.296505][ T5928] cgroup: Unknown subsys name 'net' [ 41.484081][ T5928] cgroup: Unknown subsys name 'cpuset' [ 41.487469][ T5928] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.385451][ T5928] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.137133][ T5944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.141498][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.141855][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.144560][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.149940][ T5946] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.152615][ T5946] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.154662][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.157126][ T5946] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.159291][ T5946] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.160400][ T5954] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.161543][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.162896][ T5951] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.164819][ T5954] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.165105][ T5951] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.165316][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.166999][ T5307] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.167058][ T5946] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.167272][ T5946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.180984][ T5954] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.185068][ T5307] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.187956][ T5307] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.188083][ T5954] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.190077][ T5307] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.192174][ T5954] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.328345][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 45.332132][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 45.450169][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.453037][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.455097][ T5948] bridge_slave_0: entered allmulticast mode [ 45.457207][ T5948] bridge_slave_0: entered promiscuous mode [ 45.462143][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.464373][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.466535][ T5948] bridge_slave_1: entered allmulticast mode [ 45.468724][ T5948] bridge_slave_1: entered promiscuous mode [ 45.471833][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.473802][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.475765][ T5940] bridge_slave_0: entered allmulticast mode [ 45.477953][ T5940] bridge_slave_0: entered promiscuous mode [ 45.481733][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.483767][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.485813][ T5940] bridge_slave_1: entered allmulticast mode [ 45.488170][ T5940] bridge_slave_1: entered promiscuous mode [ 45.525344][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.529157][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.599028][ T5952] chnl_net:caif_netlink_parms(): no params data found [ 45.606582][ T5948] team0: Port device team_slave_0 added [ 45.609905][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.621048][ T5948] team0: Port device team_slave_1 added [ 45.625281][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.699002][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.701054][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.707849][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.728664][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 45.734390][ T5940] team0: Port device team_slave_0 added [ 45.736595][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.738528][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.746506][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.768783][ T5940] team0: Port device team_slave_1 added [ 45.790375][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.792396][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.794304][ T5952] bridge_slave_0: entered allmulticast mode [ 45.797226][ T5952] bridge_slave_0: entered promiscuous mode [ 45.803309][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.805416][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.807422][ T5952] bridge_slave_1: entered allmulticast mode [ 45.809594][ T5952] bridge_slave_1: entered promiscuous mode [ 45.813826][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.816208][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.825616][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.866847][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.869249][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.878310][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.886313][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.891175][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.907447][ T5948] hsr_slave_0: entered promiscuous mode [ 45.909499][ T5948] hsr_slave_1: entered promiscuous mode [ 45.970934][ T5952] team0: Port device team_slave_0 added [ 45.986257][ T5940] hsr_slave_0: entered promiscuous mode [ 45.988458][ T5940] hsr_slave_1: entered promiscuous mode [ 45.990313][ T5940] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.994452][ T5940] Cannot create hsr debugfs directory [ 46.009622][ T5952] team0: Port device team_slave_1 added [ 46.025623][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.027993][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.030544][ T5939] bridge_slave_0: entered allmulticast mode [ 46.033504][ T5939] bridge_slave_0: entered promiscuous mode [ 46.061597][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.063713][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.071453][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.076908][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.078942][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.087490][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.091632][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.093604][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.095606][ T5939] bridge_slave_1: entered allmulticast mode [ 46.097733][ T5939] bridge_slave_1: entered promiscuous mode [ 46.138485][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.142538][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.205723][ T5952] hsr_slave_0: entered promiscuous mode [ 46.207891][ T5952] hsr_slave_1: entered promiscuous mode [ 46.209923][ T5952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.212540][ T5952] Cannot create hsr debugfs directory [ 46.217210][ T5939] team0: Port device team_slave_0 added [ 46.233875][ T5939] team0: Port device team_slave_1 added [ 46.304605][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.306752][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.313584][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.335448][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.338168][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.347505][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.390242][ T5948] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.422015][ T5948] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.436739][ T5939] hsr_slave_0: entered promiscuous mode [ 46.438771][ T5939] hsr_slave_1: entered promiscuous mode [ 46.442331][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.444360][ T5939] Cannot create hsr debugfs directory [ 46.446072][ T5948] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.457861][ T5948] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.499361][ T5940] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.504491][ T5940] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.513644][ T5940] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.516742][ T5940] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.559309][ T5952] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.570247][ T5952] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.574490][ T5952] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.578078][ T5952] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.605047][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.610371][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.614660][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.618138][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.660960][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.691019][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.701997][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.704064][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.707437][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.709348][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.718270][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.735346][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.740132][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.745180][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.750516][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.752982][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.767955][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.770171][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.778154][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.785424][ T5952] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.795624][ T93] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.797995][ T93] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.804205][ T93] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.806407][ T93] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.814494][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.817037][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.824588][ T93] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.826606][ T93] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.874785][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.895107][ T5948] veth0_vlan: entered promiscuous mode [ 46.899821][ T5948] veth1_vlan: entered promiscuous mode [ 46.913811][ T5948] veth0_macvtap: entered promiscuous mode [ 46.916982][ T5948] veth1_macvtap: entered promiscuous mode [ 46.925460][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.932602][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.936909][ T5948] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.940411][ T5948] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.944488][ T5948] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.947380][ T5948] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.982045][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.996158][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.013302][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.015731][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.018489][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.041049][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.044192][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.055300][ T5940] veth0_vlan: entered promiscuous mode [ 47.067450][ T5952] veth0_vlan: entered promiscuous mode [ 47.069695][ T5939] veth0_vlan: entered promiscuous mode [ 47.074152][ T5939] veth1_vlan: entered promiscuous mode [ 47.076292][ T5940] veth1_vlan: entered promiscuous mode [ 47.077617][ T5948] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.079091][ T5952] veth1_vlan: entered promiscuous mode [ 47.102865][ T5940] veth0_macvtap: entered promiscuous mode [ 47.106217][ T5940] veth1_macvtap: entered promiscuous mode [ 47.118562][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.121907][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.127163][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.144104][ T5952] veth0_macvtap: entered promiscuous mode [ 47.146730][ T5940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.149494][ T5940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.153304][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.156054][ T5939] veth0_macvtap: entered promiscuous mode [ 47.161031][ T5952] veth1_macvtap: entered promiscuous mode [ 47.165325][ T5940] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.167839][ T5940] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.170209][ T5940] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.173422][ T5940] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.178224][ T5939] veth1_macvtap: entered promiscuous mode [ 47.197480][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.200278][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.203456][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.206210][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.210160][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.213762][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.216615][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.219359][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.223371][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.225952][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.228815][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.231507][ T5954] Bluetooth: hci3: command tx timeout [ 47.231554][ T5944] Bluetooth: hci1: command tx timeout [ 47.231713][ T5954] Bluetooth: hci2: command tx timeout [ 47.235044][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.235245][ T66] Bluetooth: hci0: command tx timeout [ 47.255840][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.258665][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.261866][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.264756][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.268107][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.270240][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.273561][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.276195][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.278985][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.282635][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.285345][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.288587][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.298891][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.301400][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.304129][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.306560][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.310781][ T5952] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.313167][ T5952] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.315449][ T5952] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.316669][ T6005] evm: overlay not supported [ 47.317705][ T5952] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.322579][ T93] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.324788][ T93] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.347162][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.350958][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.390864][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.393001][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.407055][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.408169][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.409125][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.416702][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.437744][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.439898][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.616316][ T6018] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 48.093407][ C3] Unknown status report in ack skb [ 48.330820][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.312086][ T66] Bluetooth: hci1: command tx timeout [ 49.312321][ T5944] Bluetooth: hci0: command tx timeout [ 49.320985][ T66] Bluetooth: hci3: command tx timeout [ 49.321014][ T5944] Bluetooth: hci2: command tx timeout [ 49.515170][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 50.263278][ T6072] syz.3.16: attempt to access beyond end of device [ 50.263278][ T6072] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 50.293189][ T6072] XFS (nbd3): SB validate failed with error -5. [ 50.463829][ T6082] bond1: entered promiscuous mode [ 50.469494][ T6089] netlink: 36 bytes leftover after parsing attributes in process `syz.0.17'. [ 50.470983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.481151][ T6089] netlink: 16 bytes leftover after parsing attributes in process `syz.0.17'. [ 50.484952][ T6089] netlink: 36 bytes leftover after parsing attributes in process `syz.0.17'. [ 50.489484][ T6089] netlink: 36 bytes leftover after parsing attributes in process `syz.0.17'. [ 50.491017][ T6082] bond1: entered allmulticast mode [ 50.494180][ T6082] 8021q: adding VLAN 0 to HW filter on device bond1 [ 50.557082][ T6082] bond1 (unregistering): Released all slaves [ 50.682117][ T6089] syz.0.17 (6089) used greatest stack depth: 20608 bytes left [ 51.410730][ T5944] Bluetooth: hci3: command tx timeout [ 51.410920][ T5307] Bluetooth: hci2: command tx timeout [ 51.412960][ T5944] Bluetooth: hci0: command tx timeout [ 51.417626][ T66] Bluetooth: hci1: command tx timeout [ 51.451928][ T6105] tmpfs: Bad value for 'mpol' [ 51.465354][ T6105] Driver unsupported XDP return value 0 on prog (id 12) dev N/A, expect packet loss! [ 51.586390][ T6109] syzkaller0: entered promiscuous mode [ 51.588250][ T6109] syzkaller0: entered allmulticast mode [ 52.587585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.590962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.484352][ T5307] Bluetooth: hci0: command tx timeout [ 53.485868][ T5307] Bluetooth: hci3: command tx timeout [ 53.487340][ T5307] Bluetooth: hci2: command tx timeout [ 53.488786][ T5307] Bluetooth: hci1: command tx timeout [ 53.918259][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 54.075051][ T6140] netlink: 284 bytes leftover after parsing attributes in process `syz.2.29'. [ 55.030828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.044634][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.305728][ T6157] syz.0.31: attempt to access beyond end of device [ 55.305728][ T6157] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0 [ 55.310018][ T6157] syz.0.31: attempt to access beyond end of device [ 55.310018][ T6157] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0 [ 55.314528][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 55.318524][ T6157] syz.0.31: attempt to access beyond end of device [ 55.318524][ T6157] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0 [ 55.322300][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 55.326867][ T6157] syz.0.31: attempt to access beyond end of device [ 55.326867][ T6157] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 55.330586][ T6157] syz.0.31: attempt to access beyond end of device [ 55.330586][ T6157] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 55.334607][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 55.337957][ T6157] syz.0.31: attempt to access beyond end of device [ 55.337957][ T6157] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 55.342067][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 55.345515][ T6157] syz.0.31: attempt to access beyond end of device [ 55.345515][ T6157] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 55.349077][ T6157] syz.0.31: attempt to access beyond end of device [ 55.349077][ T6157] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 55.354524][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 55.357580][ T6157] syz.0.31: attempt to access beyond end of device [ 55.357580][ T6157] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 55.361581][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 55.365023][ T6157] syz.0.31: attempt to access beyond end of device [ 55.365023][ T6157] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 55.369837][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 55.373275][ T6157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 55.376048][ T6157] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 56.511073][ T6002] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 56.524875][ T6172] Zero length message leads to an empty skb [ 56.575344][ T6175] syz.3.39 uses obsolete (PF_INET,SOCK_PACKET) [ 56.722852][ T6002] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 56.725414][ T6002] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.734702][ T6002] usb 5-1: config 0 descriptor?? [ 57.961859][ T6002] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 57.968294][ T6002] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 57.971244][ T6002] [drm:udl_init] *ERROR* Selecting channel failed [ 57.985125][ T6002] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 3 [ 57.987179][ T6002] [drm] Initialized udl on minor 3 [ 57.990383][ T6002] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 57.995244][ T6002] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 58.006077][ T25] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 58.008963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.016829][ T6002] usb 5-1: USB disconnect, device number 2 [ 58.022518][ T25] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 58.659385][ T6201] xt_CT: You must specify a L4 protocol and not use inversions on it [ 58.670532][ T39] audit: type=1326 audit(1734560602.649:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.691202][ T39] audit: type=1326 audit(1734560602.659:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.697117][ T39] audit: type=1326 audit(1734560602.659:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.703602][ T39] audit: type=1326 audit(1734560602.659:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=232 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.709049][ T39] audit: type=1326 audit(1734560602.659:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.718782][ T6201] autofs4:pid:6201:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 58.720707][ T39] audit: type=1326 audit(1734560602.659:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.730963][ T39] audit: type=1326 audit(1734560602.659:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.736973][ T39] audit: type=1326 audit(1734560602.669:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.750696][ T39] audit: type=1326 audit(1734560602.689:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 58.756542][ T39] audit: type=1326 audit(1734560602.699:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6199 comm="syz.0.46" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 60.191066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 60.220393][ T6219] syzkaller0: entered promiscuous mode [ 60.230989][ T6219] syzkaller0: entered allmulticast mode [ 61.483558][ T66] Bluetooth: hci1: SCO packet for unknown connection handle 1955 [ 63.748988][ C1] ------------[ cut here ]------------ [ 63.750608][ C1] WARNING: CPU: 1 PID: 0 at net/mac80211/tx.c:5040 __ieee80211_beacon_get+0x149e/0x16e0 [ 63.753596][ C1] Modules linked in: [ 63.755148][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.13.0-rc3-syzkaller-00062-gc061cf420ded #0 [ 63.759980][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.762856][ C1] RIP: 0010:__ieee80211_beacon_get+0x149e/0x16e0 [ 63.764638][ C1] Code: 23 89 ef 44 89 e6 e8 81 d8 fb f6 44 38 e5 72 a2 e8 57 d7 fb f6 48 89 df e8 9f 7a 53 f7 31 db e9 9d fe ff ff e8 43 d7 fb f6 90 <0f> 0b 90 e9 a8 f6 ff ff 48 89 04 24 e8 a1 41 5e f7 48 8b 04 24 e9 [ 63.770027][ C1] RSP: 0018:ffffc900005a0b70 EFLAGS: 00010246 [ 63.771758][ C1] RAX: 0000000000000000 RBX: ffffc900005a0c20 RCX: ffffffff8a9d6e55 [ 63.774287][ C1] RDX: ffff88801cee4880 RSI: ffffffff8a9d77ad RDI: 0000000000000001 [ 63.777205][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 63.780227][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880678ac800 [ 63.783315][ C1] R13: 0000000000000041 R14: ffff888067794d80 R15: ffff8880677969d0 [ 63.786566][ C1] FS: 0000000000000000(0000) GS:ffff88802b500000(0000) knlGS:0000000000000000 [ 63.790002][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.792283][ C1] CR2: 0000000000000000 CR3: 0000000000500000 CR4: 0000000000352ef0 [ 63.795211][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.798163][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.801643][ C1] Call Trace: [ 63.803121][ C1] [ 63.804299][ C1] ? __warn+0xea/0x3c0 [ 63.805882][ C1] ? __ieee80211_beacon_get+0x149e/0x16e0 [ 63.807993][ C1] ? report_bug+0x3c0/0x580 [ 63.809689][ C1] ? handle_bug+0x54/0xa0 [ 63.811391][ C1] ? exc_invalid_op+0x17/0x50 [ 63.813147][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 63.815005][ C1] ? __ieee80211_beacon_get+0xb45/0x16e0 [ 63.817251][ C1] ? __ieee80211_beacon_get+0x149d/0x16e0 [ 63.819767][ C1] ? __ieee80211_beacon_get+0x149e/0x16e0 [ 63.822211][ C1] ieee80211_beacon_get_tim+0xa7/0x280 [ 63.824278][ C1] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 63.826555][ C1] mac80211_hwsim_beacon_tx+0x4ea/0xa10 [ 63.828690][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 63.830830][ C1] ? rcu_is_watching+0x12/0xc0 [ 63.832624][ C1] __iterate_interfaces+0x2e5/0x640 [ 63.834623][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 63.836905][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 63.840055][ C1] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 63.842551][ C1] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 63.845261][ C1] mac80211_hwsim_beacon+0x105/0x200 [ 63.847285][ C1] __hrtimer_run_queues+0x20a/0xae0 [ 63.849243][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 63.851403][ C1] ? read_tsc+0x9/0x20 [ 63.852945][ C1] hrtimer_run_softirq+0x17d/0x350 [ 63.854977][ C1] handle_softirqs+0x213/0x8f0 [ 63.857061][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 63.859409][ C1] __irq_exit_rcu+0x109/0x170 [ 63.861480][ C1] irq_exit_rcu+0x9/0x30 [ 63.863068][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 63.865194][ C1] [ 63.866326][ C1] [ 63.867466][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 63.869658][ C1] RIP: 0010:default_idle_call+0x99/0xb0 [ 63.871771][ C1] Code: 3c 24 e8 ca d6 ff ff e8 65 e9 ff ff 90 e8 2f f1 ff ff bf ff ff ff ff 89 c6 e8 d3 f2 54 f6 e8 ee be 54 f6 e8 f9 cc 86 f6 fb 90 cc cc cc cc 90 0f 0b 90 eb ab 66 2e 0f 1f 84 00 00 00 00 00 66 [ 63.879314][ C1] RSP: 0018:ffffc9000047fe10 EFLAGS: 00000206 [ 63.881718][ C1] RAX: 000000000010f54b RBX: 0000000000000001 RCX: 1ffffffff20393d9 [ 63.884662][ C1] RDX: 0000000000000000 RSI: ffffffff8b4cd180 RDI: ffffffff8bb16d40 [ 63.887498][ C1] RBP: ffffed10039dc910 R08: 0000000000000001 R09: 0000000000000001 [ 63.889799][ C1] R10: ffffffff901ce117 R11: 0000000000000001 R12: 0000000000000001 [ 63.892212][ C1] R13: ffff88801cee4880 R14: ffffffff901ce110 R15: 0000000000000000 [ 63.894645][ C1] do_idle+0x329/0x3f0 [ 63.895721][ C1] ? __pfx_do_idle+0x10/0x10 [ 63.896943][ C1] ? do_idle+0x2b4/0x3f0 [ 63.898079][ C1] cpu_startup_entry+0x4f/0x60 [ 63.899353][ C1] start_secondary+0x222/0x2b0 [ 63.900671][ C1] ? __pfx_start_secondary+0x10/0x10 [ 63.902127][ C1] common_startup_64+0x13e/0x148 [ 63.903496][ C1] [ 63.904350][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 63.906289][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.13.0-rc3-syzkaller-00062-gc061cf420ded #0 [ 63.909401][ C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.912916][ C1] Call Trace: [ 63.913812][ C1] [ 63.914585][ C1] dump_stack_lvl+0x3d/0x1f0 [ 63.915829][ C1] panic+0x71d/0x800 [ 63.916882][ C1] ? __pfx_panic+0x10/0x10 [ 63.918122][ C1] ? show_trace_log_lvl+0x29d/0x3d0 [ 63.919548][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 63.920940][ C1] ? __ieee80211_beacon_get+0x149e/0x16e0 [ 63.922446][ C1] check_panic_on_warn+0xab/0xb0 [ 63.923815][ C1] __warn+0xf6/0x3c0 [ 63.924864][ C1] ? __ieee80211_beacon_get+0x149e/0x16e0 [ 63.926406][ C1] report_bug+0x3c0/0x580 [ 63.927679][ C1] handle_bug+0x54/0xa0 [ 63.928943][ C1] exc_invalid_op+0x17/0x50 [ 63.930303][ C1] asm_exc_invalid_op+0x1a/0x20 [ 63.931711][ C1] RIP: 0010:__ieee80211_beacon_get+0x149e/0x16e0 [ 63.933558][ C1] Code: 23 89 ef 44 89 e6 e8 81 d8 fb f6 44 38 e5 72 a2 e8 57 d7 fb f6 48 89 df e8 9f 7a 53 f7 31 db e9 9d fe ff ff e8 43 d7 fb f6 90 <0f> 0b 90 e9 a8 f6 ff ff 48 89 04 24 e8 a1 41 5e f7 48 8b 04 24 e9 [ 63.938824][ C1] RSP: 0018:ffffc900005a0b70 EFLAGS: 00010246 [ 63.940467][ C1] RAX: 0000000000000000 RBX: ffffc900005a0c20 RCX: ffffffff8a9d6e55 [ 63.942549][ C1] RDX: ffff88801cee4880 RSI: ffffffff8a9d77ad RDI: 0000000000000001 [ 63.944645][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 63.946747][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880678ac800 [ 63.948944][ C1] R13: 0000000000000041 R14: ffff888067794d80 R15: ffff8880677969d0 [ 63.951230][ C1] ? __ieee80211_beacon_get+0xb45/0x16e0 [ 63.952866][ C1] ? __ieee80211_beacon_get+0x149d/0x16e0 [ 63.954491][ C1] ieee80211_beacon_get_tim+0xa7/0x280 [ 63.956044][ C1] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 63.957757][ C1] mac80211_hwsim_beacon_tx+0x4ea/0xa10 [ 63.959255][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 63.960781][ C1] ? rcu_is_watching+0x12/0xc0 [ 63.962069][ C1] __iterate_interfaces+0x2e5/0x640 [ 63.963526][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 63.965203][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 63.966841][ C1] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 63.968567][ C1] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 63.970628][ C1] mac80211_hwsim_beacon+0x105/0x200 [ 63.972114][ C1] __hrtimer_run_queues+0x20a/0xae0 [ 63.973407][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 63.974823][ C1] ? read_tsc+0x9/0x20 [ 63.975978][ C1] hrtimer_run_softirq+0x17d/0x350 [ 63.977390][ C1] handle_softirqs+0x213/0x8f0 [ 63.978613][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 63.980146][ C1] __irq_exit_rcu+0x109/0x170 [ 63.981474][ C1] irq_exit_rcu+0x9/0x30 [ 63.982673][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 63.984272][ C1] [ 63.985094][ C1] [ 63.985926][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 63.987554][ C1] RIP: 0010:default_idle_call+0x99/0xb0 [ 63.989032][ C1] Code: 3c 24 e8 ca d6 ff ff e8 65 e9 ff ff 90 e8 2f f1 ff ff bf ff ff ff ff 89 c6 e8 d3 f2 54 f6 e8 ee be 54 f6 e8 f9 cc 86 f6 fb 90 cc cc cc cc 90 0f 0b 90 eb ab 66 2e 0f 1f 84 00 00 00 00 00 66 [ 63.994156][ C1] RSP: 0018:ffffc9000047fe10 EFLAGS: 00000206 [ 63.995819][ C1] RAX: 000000000010f54b RBX: 0000000000000001 RCX: 1ffffffff20393d9 [ 63.998168][ C1] RDX: 0000000000000000 RSI: ffffffff8b4cd180 RDI: ffffffff8bb16d40 [ 64.000718][ C1] RBP: ffffed10039dc910 R08: 0000000000000001 R09: 0000000000000001 [ 64.003110][ C1] R10: ffffffff901ce117 R11: 0000000000000001 R12: 0000000000000001 [ 64.005209][ C1] R13: ffff88801cee4880 R14: ffffffff901ce110 R15: 0000000000000000 [ 64.007340][ C1] do_idle+0x329/0x3f0 [ 64.008431][ C1] ? __pfx_do_idle+0x10/0x10 [ 64.009675][ C1] ? do_idle+0x2b4/0x3f0 [ 64.010886][ C1] cpu_startup_entry+0x4f/0x60 [ 64.012212][ C1] start_secondary+0x222/0x2b0 [ 64.013490][ C1] ? __pfx_start_secondary+0x10/0x10 [ 64.014912][ C1] common_startup_64+0x13e/0x148 [ 64.016256][ C1] [ 64.017923][ C1] Kernel Offset: disabled [ 64.019191][ C1] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:23:27 Registers: info registers vcpu 0 CPU#0 RAX=0000000000080000 RBX=ffff888029da8140 RCX=ffffc90026dd1000 RDX=0000000000080000 RSI=0000000000000008 RDI=ffff888067fb2160 RBP=ffff888067fb2100 RSP=ffffc900075177e8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000002 R13=ffff888067fb2160 R14=0000000000000000 R15=ffff888067fb2668 RIP=ffffffff81fbc100 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f101ffc CR3=0000000000500000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000055 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff851417b5 RDI=ffffffff9a6672c0 RBP=ffffffff9a667280 RSP=ffffc900005a04d8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000006 R12=0000000000000000 R13=0000000000000055 R14=ffffffff85141750 R15=0000000000000000 RIP=ffffffff851417df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000000500000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 EAX=81a81fe4 EBX=ffffffff ECX=ffffffff EDX=81a81fe4 ESI=ffffffff EDI=ffffffff EBP=f6161a20 ESP=ffa409b0 EIP=f711497b EFL=00000297 [--S-APC] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA] SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 00000000 ffffffff 00c00000 GS =0063 58080440 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 00000000 ffffffff 00c00000 TR =0040 00091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f1ebff8 CR3=0000000000500000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000077a91 RBX=0000000000000003 RCX=ffffffff8b1a0819 RDX=0000000000000000 RSI=ffffffff8b4cd180 RDI=ffffffff8bb16d40 RBP=ffffed10039df488 RSP=ffffc9000049fe08 R8 =0000000000000001 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=0000000000000000 R12=0000000000000003 R13=ffff88801cefa440 R14=ffffffff901ce110 R15=0000000000000000 RIP=ffffffff8b1a1bff RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020027000 CR3=0000000068e72000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000019000000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000