last executing test programs: 6.237351388s ago: executing program 3 (id=399): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f00000001c0)={0x24, 0x14, 0x105, 0x70bc2a, 0x2ddfdb7b, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "053e3e71ed07348ace"}]}, 0x24}, 0x1, 0x0, 0x0, 0x8086}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x0, 0xe, 0x60a00, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, r0, 0x4, 0x5, 0x4, 0x7}, 0x50) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tcp_congestion(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0xa, 0x1, 'AUDIT\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, '\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r6 = userfaultfd(0x1) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000280)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 6.235721716s ago: executing program 1 (id=400): socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r0], &(0x7f0000000a80)=""/212, 0x26, 0xd4, 0x1, 0x2, 0x10000}, 0x28) cachestat(r1, &(0x7f0000000540)={0x0, 0x1fc}, &(0x7f0000000580), 0x0) openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f00000005c0)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x1}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) clock_adjtime(0x1, &(0x7f0000000680)={0x19b1, 0x0, 0x0, 0x0, 0x0, 0x40000, 0xfffffbff, 0xffffffff, 0x10000, 0xe5, 0x4, 0x202, 0x0, 0x1000, 0x0, 0x4, 0x101, 0x81, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x800}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x5}, 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, &(0x7f0000000040)={0x1, 0x9, 0x26}) socket$inet6(0xa, 0x1, 0x100) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, 0x0, 0x600) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r5, 0x301, 0x0, 0xffffffff, {{0x11}, {@void, @void}}}, 0x1c}}, 0x4000880) 5.205746375s ago: executing program 3 (id=403): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$can_j1939(0x1d, 0x2, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x141440, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x60, 0x0, 0x1, 0x20000002, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x67}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}], @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}, @chandef_params, @key_params=[@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cfa87c7b77e4a2824dc815a8ad"}], @key_params=[@NL80211_ATTR_KEY_IDX={0x5}]]}, 0x60}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r2, @ANYBLOB="0800c300741300000800c400010000000400c5"], 0x30}}, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x81, 0x200000}) pivot_root(0x0, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x4000000) r3 = userfaultfd(0x80001) read(r3, &(0x7f0000000200)=""/145, 0x91) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) r4 = socket(0x1, 0x803, 0x0) bind$unix(r4, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000009680)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x9000000) 4.228514765s ago: executing program 2 (id=405): sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="25003300d0000000080211000001080211000000505050505050d00003"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 4.155573081s ago: executing program 2 (id=406): getpgid(0x0) syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r3, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) 3.945775426s ago: executing program 1 (id=407): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xc, 0x0, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37}, 0x94) r0 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2b, 0x0, 0x0, 0x200}]}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000040)) keyctl$set_reqkey_keyring(0xe, 0x1) keyctl$set_reqkey_keyring(0xe, 0x1) r4 = dup(0xffffffffffffffff) write$6lowpan_enable(r4, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e20, @empty}, {0x2, 0x4e24, @broadcast}, 0x152, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x0, 0x7}) socket$nl_sock_diag(0x10, 0x3, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0xc, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, 0x0) quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, r7, 0x0) sendmsg$netlink(r6, 0x0, 0x4895) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="10020000000068e25903e80ed2f1000000"], 0x0, 0x0, 0x0, 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580), 0x8) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r8, 0x29, 0x18, 0x0, &(0x7f00000004c0)) 3.943987196s ago: executing program 3 (id=408): socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r0], &(0x7f0000000a80)=""/212, 0x26, 0xd4, 0x1, 0x2, 0x10000}, 0x28) cachestat(r1, &(0x7f0000000540)={0x0, 0x1fc}, &(0x7f0000000580), 0x0) openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f00000005c0)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x1}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) clock_adjtime(0x1, &(0x7f0000000680)={0x19b1, 0x0, 0x0, 0x0, 0x0, 0x40000, 0xfffffbff, 0xffffffff, 0x10000, 0xe5, 0x4, 0x202, 0x0, 0x1000, 0x0, 0x4, 0x101, 0x81, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x800}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x5}, 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, &(0x7f0000000040)={0x1, 0x9, 0x26}) socket$inet6(0xa, 0x1, 0x100) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, 0x0, 0x600) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r5, 0x301, 0x0, 0xffffffff, {{0x11}, {@void, @void}}}, 0x1c}}, 0x4000880) 3.6649717s ago: executing program 1 (id=409): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={0x0, &(0x7f0000000440)=""/179, &(0x7f0000000300)="a2f3eb259a349465cc14df88ff16ac4fe7d83f4e0efa18a58dadaafdc9a9661082725e2690ee16357058342ae6a720dcaa6298bb7476b89c71780fbc60b254cc4d717b6f475c204a3e184c7f49a5fd1a55f7f911031cfdb76d1c377d69aeddf1a6e5cacecc7d92169ec3994973c103ace7d31f48e982c1271b266dcf0a9b", &(0x7f00000006c0), 0x3, r3}, 0x38) writev(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x200080c0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x20, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r6, 0x4140aecd, &(0x7f0000000140)={{0xdddd0000, 0xffff1000, 0xc, 0x9, 0x7f, 0x7, 0x81, 0xff, 0x0, 0x4, 0x0, 0x8}, {0xd000, 0xd000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8080000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x1b, 0x5, 0x4, 0x92, 0x80}, {0x10000, 0x4000, 0xe, 0x7, 0x1, 0x40, 0x2, 0x0, 0xf9, 0x29, 0x9, 0x9}, {0xeeee8000, 0xdddd0000, 0xe, 0x9, 0x5, 0x2, 0x7, 0xf1, 0x2, 0x66, 0x2, 0x8}, {0x4000, 0xdddd1000, 0x10, 0x2, 0xad, 0x5, 0x5, 0x5, 0x1, 0xe, 0x6, 0xa}, {0x8000000, 0xeeef0000, 0xb, 0x0, 0xcd, 0x5, 0x5, 0x6, 0x4, 0x6, 0xff, 0x6}, {0x4000, 0xf000, 0xd, 0xe, 0x13, 0x40, 0x3, 0x0, 0x7f, 0x1, 0x4, 0x7}, {0x100000, 0x5}, {0x1, 0xff81}, 0x80000003, 0x0, 0xdddd1000, 0x20, 0x5, 0x9000, 0xeeee0000, 0x1, [0x3, 0x2, 0x3, 0x3]}) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x8c, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76"]) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) r8 = dup(r7) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) sendmsg$inet6(r7, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x0) 3.664231525s ago: executing program 0 (id=410): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0xa, 0x1, 'AUDIT\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, '\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = userfaultfd(0x1) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000280)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 3.632861245s ago: executing program 0 (id=411): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f00000001c0)={0x24, 0x14, 0x105, 0x70bc2a, 0x2ddfdb7b, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "053e3e71ed07348ace"}]}, 0x24}, 0x1, 0x0, 0x0, 0x8086}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x3, 0x0, 0xe, 0x60a00, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, r0, 0x4, 0x5, 0x4, 0x7}, 0x50) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tcp_congestion(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0xa, 0x1, 'AUDIT\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, '\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r6 = userfaultfd(0x1) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000280)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 2.92650018s ago: executing program 2 (id=412): getpgid(0x0) syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r3, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) setrlimit(0xc, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) 2.515355629s ago: executing program 2 (id=413): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$can_j1939(0x1d, 0x2, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x141440, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x60, 0x0, 0x1, 0x20000002, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x67}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}], @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}, @chandef_params, @key_params=[@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cfa87c7b77e4a2824dc815a8ad"}], @key_params=[@NL80211_ATTR_KEY_IDX={0x5}]]}, 0x60}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r2, @ANYBLOB="0800c300741300000800c400010000000400c5"], 0x30}}, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x81, 0x200000}) pivot_root(0x0, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x4000000) r3 = userfaultfd(0x80001) read(r3, &(0x7f0000000200)=""/145, 0x91) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) r4 = socket(0x1, 0x803, 0x0) bind$unix(r4, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000009680)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x9000000) 1.567606195s ago: executing program 1 (id=414): getpgid(0x0) r0 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0xc, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x13, 0x1, 0x0, "61060005000000000000006c4a00000800", 0x494e4f4b}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) 1.506400595s ago: executing program 0 (id=415): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xf1) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) futex(0x0, 0xd, 0x1, &(0x7f0000000100), &(0x7f0000000280)=0x2, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_CAP_ACK(r2, 0x10e, 0xa, &(0x7f0000000000)=0x7, 0x4) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000200)='./bus/file0\x00', 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xa8400, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r4], 0x40}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f"], 0xfdef) openat$sequencer2(0xffffff9c, &(0x7f00000003c0), 0x210001, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.21169102s ago: executing program 2 (id=416): getpgid(0x0) r0 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r4, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0xc, 0x0) socket$unix(0x1, 0x5, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x13, 0x1, 0x0, "61060005000000000000006c4a00000800", 0x494e4f4b}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) 1.207800722s ago: executing program 3 (id=417): getpgid(0x0) r0 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r4, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0xc, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r6, &(0x7f00000000c0)={0x1d, r7}, 0x10) sendmsg$can_bcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r8, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x13, 0x1, 0x0, "61060005000000000000006c4a00000800", 0x494e4f4b}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) 1.156031365s ago: executing program 0 (id=418): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xc, 0x0, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37}, 0x94) r0 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2b, 0x0, 0x0, 0x200}]}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000040)) keyctl$set_reqkey_keyring(0xe, 0x1) keyctl$set_reqkey_keyring(0xe, 0x1) r4 = dup(0xffffffffffffffff) write$6lowpan_enable(r4, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={0x0, {0x2, 0x4e24, @multicast2}, {0x2, 0x4e20, @empty}, {0x2, 0x4e24, @broadcast}, 0x152, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x0, 0x7}) socket$nl_sock_diag(0x10, 0x3, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0xc, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, 0x0) quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, r7, 0x0) sendmsg$netlink(r6, 0x0, 0x4895) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="10020000000068e25903e80ed2f1000000"], 0x0, 0x0, 0x0, 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580), 0x8) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r8, 0x29, 0x18, 0x0, &(0x7f00000004c0)) 1.108029035s ago: executing program 0 (id=419): r0 = socket$inet_icmp(0x2, 0x2, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x1c3902, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, 0x0) get_mempolicy(0x0, 0x0, 0x203, &(0x7f0000394000/0x3000)=nil, 0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)) sendfile(r4, r4, 0x0, 0x2000fb) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r7, 0x0, r6, 0x0, 0x10000008ebc, 0x0) splice(r5, 0x0, r8, 0x0, 0x25a5, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r9, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r9, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000002140)={0x14, 0x1, 0x8, 0x201, 0x0, 0x0, {0x2, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c4}, 0x4000000) setsockopt$inet_int(r0, 0x0, 0x16, 0x0, 0x0) 924.759593ms ago: executing program 3 (id=420): socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r0], &(0x7f0000000a80)=""/212, 0x26, 0xd4, 0x1, 0x2, 0x10000}, 0x28) cachestat(r1, &(0x7f0000000540)={0x0, 0x1fc}, &(0x7f0000000580), 0x0) openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f00000005c0)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x1}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) clock_adjtime(0x1, &(0x7f0000000680)={0x19b1, 0x0, 0x0, 0x0, 0x0, 0x40000, 0xfffffbff, 0xffffffff, 0x10000, 0xe5, 0x4, 0x202, 0x0, 0x1000, 0x0, 0x4, 0x101, 0x81, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x800}) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x5}, 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, &(0x7f0000000040)={0x1, 0x9, 0x26}) socket$inet6(0xa, 0x1, 0x100) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, 0x0, 0x600) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r5, 0x301, 0x0, 0xffffffff, {{0x11}, {@void, @void}}}, 0x1c}}, 0x4000880) 902.908439ms ago: executing program 1 (id=421): getpgid(0x0) syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_int(r3, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) setrlimit(0xc, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) 516.117173ms ago: executing program 0 (id=422): getpgid(0x0) r0 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x4, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0x3, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x5, 0x0, &(0x7f0000000c00)) connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0xc, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x13, 0x1, 0x0, "61060005000000000000006c4a00000800", 0x494e4f4b}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) 298.869478ms ago: executing program 1 (id=423): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900"], 0xf0}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x6a, r0, {0x8000}}, './file0\x00'}) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="f4ba2930", @ANYRES16=0x0, @ANYBLOB="6ba425bd7000fbdbdf250100000005000400040000000800110000000000050021000100000008001800ac1414bb06000300070000000500220001000000"], 0x44}}, 0x40004) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x20, 0x10, 0x800, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x50840, 0x4422}}, 0x20}}, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRESDEC=r0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0) syz_io_uring_setup(0x34b7, 0x0, &(0x7f00000001c0), &(0x7f0000000500)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3f0200000000000000ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7d02002c755ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a320000000004000580140000001100010000000000000000000000000a"], 0x294}}, 0x4048014) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r4, 0x1) sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/power/pm_trace_dev_match', 0x185200, 0x22) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote, r7}, 0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r7, {0xfffd, 0x1}, {0x1, 0xfff1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x30004804}, 0x4840) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000003c0)={0x0, @generic={0x3, "55102dda0b4bd2254e91c8e53a1b"}, @can={0x1d, r7}, @nfc={0x27, 0x0, 0x0, 0x5}, 0x8, 0x0, 0x0, 0x0, 0x200, &(0x7f0000000240)='veth1_vlan\x00', 0x8, 0x8, 0x7fff}) 275.43229ms ago: executing program 2 (id=424): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x13}], 0x2) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0)) socket$nl_sock_diag(0x10, 0x3, 0x4) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_open_dev$dri(0x0, 0x0, 0x0) r1 = fsopen(&(0x7f0000000000)='udf\x00', 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, &(0x7f00000000c0)='io#harset', 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tcp_congestion(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0xa, 0x1, 'AUDIT\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, '\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = userfaultfd(0x1) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000280)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 0s ago: executing program 3 (id=425): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$can_j1939(0x1d, 0x2, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x141440, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x60, 0x0, 0x1, 0x20000002, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x67}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}], @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}, @chandef_params, @key_params=[@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cfa87c7b77e4a2824dc815a8ad"}], @key_params=[@NL80211_ATTR_KEY_IDX={0x5}]]}, 0x60}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r2, @ANYBLOB="0800c300741300000800c400010000000400c5"], 0x30}}, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x81, 0x200000}) pivot_root(0x0, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x4000000) r3 = userfaultfd(0x80001) read(r3, &(0x7f0000000200)=""/145, 0x91) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) r4 = socket(0x1, 0x803, 0x0) bind$unix(r4, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000009680)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x9000000) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:64315' (ED25519) to the list of known hosts. [ 47.550383][ T5856] cgroup: Unknown subsys name 'net' [ 47.704369][ T5856] cgroup: Unknown subsys name 'cpuset' [ 47.712334][ T5856] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.199865][ T5856] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.407645][ T5939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.412007][ T5939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.415491][ T5939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.419362][ T5939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.423101][ T5939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.430317][ T5298] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.440046][ T5945] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.445311][ T5945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.449510][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.452779][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.458047][ T5948] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.469900][ T5939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.472672][ T5939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.475486][ T5939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.478109][ T5939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.481654][ T5298] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.488674][ T5298] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.492234][ T5298] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.501317][ T5298] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.505575][ T5298] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.868974][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 53.892849][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 54.062591][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 54.202463][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.205917][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.209389][ T5938] bridge_slave_0: entered allmulticast mode [ 54.213319][ T5938] bridge_slave_0: entered promiscuous mode [ 54.217790][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.220562][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.223707][ T5938] bridge_slave_1: entered allmulticast mode [ 54.229205][ T5938] bridge_slave_1: entered promiscuous mode [ 54.365641][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.397121][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.400760][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.403807][ T5942] bridge_slave_0: entered allmulticast mode [ 54.407703][ T5942] bridge_slave_0: entered promiscuous mode [ 54.415118][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.417431][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.420505][ T5947] bridge_slave_0: entered allmulticast mode [ 54.423467][ T5947] bridge_slave_0: entered promiscuous mode [ 54.426906][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.429495][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.432684][ T5947] bridge_slave_1: entered allmulticast mode [ 54.436577][ T5947] bridge_slave_1: entered promiscuous mode [ 54.441384][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.444793][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 54.483316][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.486644][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.489345][ T5942] bridge_slave_1: entered allmulticast mode [ 54.494323][ T5942] bridge_slave_1: entered promiscuous mode [ 54.558890][ T5938] team0: Port device team_slave_0 added [ 54.563870][ T5938] team0: Port device team_slave_1 added [ 54.590354][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.679742][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.716592][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.760847][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.763216][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.772903][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.783634][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.792659][ T5947] team0: Port device team_slave_0 added [ 54.800885][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.803357][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.812699][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.872111][ T5947] team0: Port device team_slave_1 added [ 54.901619][ T5942] team0: Port device team_slave_0 added [ 54.904146][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.906683][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.909195][ T5946] bridge_slave_0: entered allmulticast mode [ 54.912776][ T5946] bridge_slave_0: entered promiscuous mode [ 54.918695][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.921891][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.924197][ T5946] bridge_slave_1: entered allmulticast mode [ 54.926822][ T5946] bridge_slave_1: entered promiscuous mode [ 54.959196][ T5942] team0: Port device team_slave_1 added [ 54.996246][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.999114][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.010926][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.068768][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.071245][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.082041][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.114249][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.117032][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.126933][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.133990][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.141891][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.178042][ T5938] hsr_slave_0: entered promiscuous mode [ 55.180684][ T5938] hsr_slave_1: entered promiscuous mode [ 55.183984][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.186460][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.195819][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.224445][ T5946] team0: Port device team_slave_0 added [ 55.228736][ T5946] team0: Port device team_slave_1 added [ 55.350641][ T5947] hsr_slave_0: entered promiscuous mode [ 55.353837][ T5947] hsr_slave_1: entered promiscuous mode [ 55.357411][ T5947] debugfs: 'hsr0' already exists in 'hsr' [ 55.360415][ T5947] Cannot create hsr debugfs directory [ 55.367432][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.370651][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.382531][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.456498][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.458976][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.468630][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.475756][ T5942] hsr_slave_0: entered promiscuous mode [ 55.478416][ T5942] hsr_slave_1: entered promiscuous mode [ 55.482063][ T5942] debugfs: 'hsr0' already exists in 'hsr' [ 55.483876][ T5942] Cannot create hsr debugfs directory [ 55.490683][ T5298] Bluetooth: hci3: command tx timeout [ 55.490777][ T5944] Bluetooth: hci0: command tx timeout [ 55.500248][ T5944] Bluetooth: hci1: command tx timeout [ 55.570218][ T5944] Bluetooth: hci2: command tx timeout [ 55.676999][ T5946] hsr_slave_0: entered promiscuous mode [ 55.680571][ T5946] hsr_slave_1: entered promiscuous mode [ 55.683767][ T5946] debugfs: 'hsr0' already exists in 'hsr' [ 55.686479][ T5946] Cannot create hsr debugfs directory [ 55.982728][ T5938] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.991540][ T5938] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.996813][ T5938] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.006564][ T5938] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.043421][ T5947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.048801][ T5947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 56.057471][ T5947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 56.077811][ T5947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 56.134646][ T5942] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.143038][ T5942] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.148409][ T5942] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.155038][ T5942] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.211345][ T5946] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.217619][ T5946] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.228696][ T5946] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.236828][ T5946] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.284977][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.306161][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.323923][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.336341][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.355726][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.359499][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.371477][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.373860][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.386723][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.388971][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.398894][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.420898][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.424423][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.466588][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.479913][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.482282][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.503351][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.509830][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.512835][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.548373][ T5947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.577189][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.596895][ T5942] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.602083][ T5942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.608811][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.611957][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.635282][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.638416][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.729430][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.772556][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.821911][ T5938] veth0_vlan: entered promiscuous mode [ 56.834235][ T5938] veth1_vlan: entered promiscuous mode [ 56.864136][ T5947] veth0_vlan: entered promiscuous mode [ 56.885141][ T5947] veth1_vlan: entered promiscuous mode [ 56.894363][ T5938] veth0_macvtap: entered promiscuous mode [ 56.903047][ T5938] veth1_macvtap: entered promiscuous mode [ 56.909598][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.937477][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.950993][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.963053][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.972898][ T5947] veth0_macvtap: entered promiscuous mode [ 56.978257][ T5947] veth1_macvtap: entered promiscuous mode [ 56.998066][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.003050][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.022588][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.025578][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.035334][ T5942] veth0_vlan: entered promiscuous mode [ 57.045807][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.061075][ T5942] veth1_vlan: entered promiscuous mode [ 57.088137][ T5946] veth0_vlan: entered promiscuous mode [ 57.094703][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.114915][ T1141] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.118367][ T1141] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.142338][ T1141] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.145950][ T1141] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.150459][ T5946] veth1_vlan: entered promiscuous mode [ 57.156300][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.159549][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.175524][ T5942] veth0_macvtap: entered promiscuous mode [ 57.190130][ T5942] veth1_macvtap: entered promiscuous mode [ 57.196609][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.199582][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.241090][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.243554][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.244748][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.247791][ T5946] veth0_macvtap: entered promiscuous mode [ 57.269888][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.272608][ T5938] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.287951][ T5946] veth1_macvtap: entered promiscuous mode [ 57.294312][ T1198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.297588][ T1198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.302322][ T1141] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.308451][ T1141] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.316924][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.321865][ T1141] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.328235][ T1141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.341440][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.383894][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.387105][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.407334][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.418442][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.436236][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.442867][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.496214][ T1198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.505587][ T1198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.518350][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.526751][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.561388][ T1198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.564787][ T1198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.570784][ T5944] Bluetooth: hci3: command tx timeout [ 57.570832][ T5298] Bluetooth: hci1: command tx timeout [ 57.572953][ T5944] Bluetooth: hci0: command tx timeout [ 57.659781][ T5939] Bluetooth: hci2: command tx timeout [ 58.512212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.716981][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.921827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.925166][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.928215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 59.024250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 59.028847][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 59.127207][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 59.331335][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 59.334453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 59.649961][ T5939] Bluetooth: hci0: command tx timeout [ 59.652308][ T5939] Bluetooth: hci1: command tx timeout [ 59.654622][ T5939] Bluetooth: hci3: command tx timeout [ 59.961543][ T5944] Bluetooth: hci2: command tx timeout [ 60.638934][ T6036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 60.703165][ T6047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5'. [ 60.982319][ T6050] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6'. [ 61.192639][ T6054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6'. [ 61.732220][ T5939] Bluetooth: hci1: command tx timeout [ 61.734786][ T5944] Bluetooth: hci3: command tx timeout [ 61.738314][ T5939] Bluetooth: hci0: command tx timeout [ 62.050401][ T5939] Bluetooth: hci2: command tx timeout [ 62.082037][ T6055] netlink: 'syz.1.7': attribute type 1 has an invalid length. [ 62.363054][ T6062] netlink: 'syz.0.10': attribute type 1 has an invalid length. [ 62.597856][ T6060] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.946222][ T6068] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 65.613042][ T6082] netlink: 48 bytes leftover after parsing attributes in process `syz.2.15'. [ 65.894142][ T6083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15'. [ 73.249780][ T5801] usb 8-1: new low-speed USB device number 2 using dummy_hcd [ 73.702900][ T6173] netlink: 48 bytes leftover after parsing attributes in process `syz.1.38'. [ 73.966192][ T6173] netlink: 4 bytes leftover after parsing attributes in process `syz.1.38'. [ 74.154101][ T6177] netlink: 48 bytes leftover after parsing attributes in process `syz.1.39'. [ 74.199858][ T5801] usb 8-1: device descriptor read/64, error -71 [ 74.450386][ T6179] netlink: 4 bytes leftover after parsing attributes in process `syz.1.39'. [ 75.010935][ T5801] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 75.139827][ T5801] usb 8-1: device descriptor read/64, error -71 [ 75.493641][ T5801] usb usb8-port1: attempt power cycle [ 76.508485][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.517130][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 78.811010][ T6208] netlink: 'syz.3.47': attribute type 1 has an invalid length. [ 80.341785][ T6211] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 86.729011][ T839] cfg80211: failed to load regulatory.db [ 88.017670][ T6279] netlink: 'syz.0.67': attribute type 1 has an invalid length. [ 88.090213][ T6284] netlink: 'syz.2.69': attribute type 1 has an invalid length. [ 89.902729][ T6289] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 89.944030][ T6285] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 92.597369][ T6320] Driver unsupported XDP return value 0 on prog (id 15) dev N/A, expect packet loss! [ 92.825708][ T6323] netlink: 48 bytes leftover after parsing attributes in process `syz.1.81'. [ 93.271570][ T6327] netlink: 48 bytes leftover after parsing attributes in process `syz.0.82'. [ 93.503064][ T6330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.82'. [ 93.859164][ T6337] netlink: 48 bytes leftover after parsing attributes in process `syz.3.84'. [ 94.092676][ T6340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.84'. [ 94.592900][ T6349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.87'. [ 98.557326][ T6368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.92'. [ 100.431090][ T6387] netlink: 48 bytes leftover after parsing attributes in process `syz.3.95'. [ 100.522451][ T5298] Bluetooth: hci3: link tx timeout [ 100.525006][ T5298] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.528825][ T5939] Bluetooth: hci3: link tx timeout [ 100.560034][ T5939] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.644180][ T6389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.95'. [ 101.169754][ T4457] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 101.322696][ T4457] usb 5-1: Using ep0 maxpacket: 8 [ 101.330060][ T4457] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.334176][ T4457] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 101.337242][ T4457] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 101.341569][ T4457] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 101.345065][ T4457] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 101.348977][ T4457] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.361964][ T4457] hub 5-1:1.0: bad descriptor, ignoring hub [ 101.364201][ T4457] hub 5-1:1.0: probe with driver hub failed with error -5 [ 101.378359][ T4457] cdc_wdm 5-1:1.0: skipping garbage [ 101.380801][ T4457] cdc_wdm 5-1:1.0: skipping garbage [ 101.390133][ T4457] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 101.392887][ T4457] cdc_wdm 5-1:1.0: Unknown control protocol [ 101.876998][ T4457] usb 5-1: USB disconnect, device number 2 [ 102.098519][ T6397] cdc_wdm 5-1:1.0: Error autopm - -16 [ 102.910880][ T5939] Bluetooth: hci3: command 0x0406 tx timeout [ 103.161761][ T6413] netlink: 8 bytes leftover after parsing attributes in process `syz.1.101'. [ 104.557815][ T6424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.104'. [ 108.392510][ T6444] netlink: 48 bytes leftover after parsing attributes in process `syz.0.109'. [ 108.407031][ T6443] netlink: 48 bytes leftover after parsing attributes in process `syz.1.110'. [ 108.579651][ T6445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.109'. [ 108.680307][ T6448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.110'. [ 109.795433][ T6466] netlink: 'syz.0.115': attribute type 1 has an invalid length. [ 110.154190][ T6469] netlink: 48 bytes leftover after parsing attributes in process `syz.2.116'. [ 110.406690][ T6474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.116'. [ 110.735526][ T6471] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 113.495351][ T6490] netlink: 'syz.3.120': attribute type 1 has an invalid length. [ 114.221520][ T6498] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 115.398736][ T6509] netlink: 48 bytes leftover after parsing attributes in process `syz.3.125'. [ 116.809896][ T6512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.125'. [ 117.003260][ T6518] netlink: 48 bytes leftover after parsing attributes in process `syz.1.127'. [ 117.374166][ T6520] netlink: 48 bytes leftover after parsing attributes in process `syz.0.126'. [ 117.500138][ T6523] netlink: 'syz.2.128': attribute type 1 has an invalid length. [ 118.040180][ T6530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.126'. [ 119.694789][ T6540] netlink: 48 bytes leftover after parsing attributes in process `syz.0.131'. [ 120.021817][ T6547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.131'. [ 121.891437][ T6532] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 124.067431][ T6574] netlink: 'syz.1.139': attribute type 1 has an invalid length. [ 124.096473][ T6577] netlink: 48 bytes leftover after parsing attributes in process `syz.3.140'. [ 124.337819][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.140'. [ 124.342989][ T6575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.138'. [ 126.046376][ T6595] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 127.726771][ T6606] netlink: 48 bytes leftover after parsing attributes in process `syz.3.146'. [ 128.102016][ T6608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'. [ 129.099839][ T4457] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 129.319776][ T4457] usb 5-1: device descriptor read/64, error -71 [ 129.639905][ T4457] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 130.068205][ T6632] netlink: 48 bytes leftover after parsing attributes in process `syz.3.153'. [ 130.337279][ T6634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.153'. [ 130.399897][ T4457] usb 5-1: device descriptor read/64, error -71 [ 130.510609][ T4457] usb usb5-port1: attempt power cycle [ 130.851616][ T4457] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 130.870595][ T4457] usb 5-1: device descriptor read/8, error -71 [ 131.109817][ T4457] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 131.130287][ T4457] usb 5-1: device descriptor read/8, error -71 [ 131.240398][ T4457] usb usb5-port1: unable to enumerate USB device [ 132.263274][ T6648] netlink: 4 bytes leftover after parsing attributes in process `syz.0.156'. [ 133.514005][ T6655] netlink: 48 bytes leftover after parsing attributes in process `syz.3.158'. [ 133.586363][ T6661] netlink: 48 bytes leftover after parsing attributes in process `syz.0.159'. [ 133.921125][ T6666] netlink: 4 bytes leftover after parsing attributes in process `syz.2.160'. [ 134.858752][ T6672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.159'. [ 135.202896][ T6680] netlink: 48 bytes leftover after parsing attributes in process `syz.1.163'. [ 135.253725][ T6682] netlink: 48 bytes leftover after parsing attributes in process `syz.0.164'. [ 135.453232][ T6686] netlink: 4 bytes leftover after parsing attributes in process `syz.0.164'. [ 136.322385][ T6694] netlink: 48 bytes leftover after parsing attributes in process `syz.1.165'. [ 136.375377][ T6699] netlink: 48 bytes leftover after parsing attributes in process `syz.0.167'. [ 137.845888][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.848716][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.990851][ T6743] netlink: 48 bytes leftover after parsing attributes in process `syz.2.180'. [ 140.542790][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'. [ 140.886675][ T6750] netlink: 'syz.3.181': attribute type 1 has an invalid length. [ 144.887117][ T6772] netlink: 48 bytes leftover after parsing attributes in process `syz.1.188'. [ 145.045172][ T34] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 145.143490][ T6774] netlink: 4 bytes leftover after parsing attributes in process `syz.1.188'. [ 146.996239][ T34] usb 8-1: device descriptor read/64, error -71 [ 147.240072][ T34] usb 8-1: new low-speed USB device number 6 using dummy_hcd [ 147.399964][ T34] usb 8-1: device descriptor read/64, error -71 [ 147.512303][ T34] usb usb8-port1: attempt power cycle [ 148.392071][ T6793] netlink: 48 bytes leftover after parsing attributes in process `syz.0.193'. [ 148.475817][ T5298] Bluetooth: hci3: link tx timeout [ 148.477774][ T5298] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 148.480838][ T5939] Bluetooth: hci3: link tx timeout [ 148.482987][ T5939] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 148.498658][ T6796] netlink: 48 bytes leftover after parsing attributes in process `syz.2.194'. [ 148.621627][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.193'. [ 148.686277][ T5939] Bluetooth: hci3: link tx timeout [ 148.688625][ T5939] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 148.739993][ T34] usb 8-1: new low-speed USB device number 7 using dummy_hcd [ 148.762297][ T34] usb 8-1: device descriptor read/8, error -71 [ 148.766332][ T6799] netlink: 4 bytes leftover after parsing attributes in process `syz.2.194'. [ 149.039894][ T34] usb 8-1: new low-speed USB device number 8 using dummy_hcd [ 149.071463][ T34] usb 8-1: device descriptor read/8, error -71 [ 149.183671][ T34] usb usb8-port1: unable to enumerate USB device [ 149.404060][ T6807] netlink: 48 bytes leftover after parsing attributes in process `syz.0.196'. [ 150.531324][ T5939] Bluetooth: hci3: command 0x0406 tx timeout [ 152.429182][ T6834] netlink: 48 bytes leftover after parsing attributes in process `syz.0.204'. [ 152.645422][ T6838] netlink: 'syz.2.206': attribute type 1 has an invalid length. [ 152.792330][ T6836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.204'. [ 157.326760][ T6863] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 157.607370][ T6875] netlink: 48 bytes leftover after parsing attributes in process `syz.1.214'. [ 157.840852][ T6880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.214'. [ 158.995740][ T6888] netlink: 48 bytes leftover after parsing attributes in process `syz.3.218'. [ 159.222976][ T6892] netlink: 4 bytes leftover after parsing attributes in process `syz.3.218'. [ 164.454351][ T6959] FAULT_INJECTION: forcing a failure. [ 164.454351][ T6959] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 164.459434][ T6959] CPU: 3 UID: 0 PID: 6959 Comm: syz.1.237 Not tainted syzkaller #0 PREEMPT(full) [ 164.459452][ T6959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.459459][ T6959] Call Trace: [ 164.459465][ T6959] [ 164.459470][ T6959] dump_stack_lvl+0x16c/0x1f0 [ 164.459489][ T6959] should_fail_ex+0x512/0x640 [ 164.459507][ T6959] strncpy_from_user+0x3b/0x2e0 [ 164.459523][ T6959] getname_flags.part.0+0x8f/0x550 [ 164.459541][ T6959] ? __pfx_ksys_write+0x10/0x10 [ 164.459555][ T6959] getname_flags+0x93/0xf0 [ 164.459567][ T6959] __ia32_sys_unlinkat+0xb4/0x130 [ 164.459582][ T6959] __do_fast_syscall_32+0x7c/0x300 [ 164.459599][ T6959] do_fast_syscall_32+0x32/0x80 [ 164.459613][ T6959] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 164.459642][ T6959] RIP: 0023:0xf7ff4579 [ 164.459653][ T6959] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 164.459664][ T6959] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 000000000000012d [ 164.459676][ T6959] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000 [ 164.459683][ T6959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.459690][ T6959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 164.459697][ T6959] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 164.459703][ T6959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.459719][ T6959] [ 165.558062][ T6982] binder: 6976:6982 ioctl c0306201 80000080 returned -14 [ 166.225938][ T6990] FAULT_INJECTION: forcing a failure. [ 166.225938][ T6990] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.235102][ T6990] CPU: 2 UID: 0 PID: 6990 Comm: syz.1.247 Not tainted syzkaller #0 PREEMPT(full) [ 166.235129][ T6990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 166.235138][ T6990] Call Trace: [ 166.235144][ T6990] [ 166.235152][ T6990] dump_stack_lvl+0x16c/0x1f0 [ 166.235178][ T6990] should_fail_ex+0x512/0x640 [ 166.235203][ T6990] _copy_from_iter+0x29f/0x1720 [ 166.235236][ T6990] ? __pfx__copy_from_iter+0x10/0x10 [ 166.235257][ T6990] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 166.235291][ T6990] copy_page_from_iter+0xde/0x180 [ 166.235314][ T6990] tun_build_skb.constprop.0+0x2e8/0x1510 [ 166.235347][ T6990] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 166.235375][ T6990] ? __lock_acquire+0x62e/0x1ce0 [ 166.235413][ T6990] tun_get_user+0x149c/0x3cc0 [ 166.235446][ T6990] ? __pfx_tun_get_user+0x10/0x10 [ 166.235470][ T6990] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 166.235499][ T6990] ? find_held_lock+0x2b/0x80 [ 166.235517][ T6990] ? tun_get+0x191/0x370 [ 166.235543][ T6990] tun_chr_write_iter+0xdc/0x210 [ 166.235567][ T6990] vfs_write+0x7d0/0x11d0 [ 166.235586][ T6990] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 166.235611][ T6990] ? __pfx_vfs_write+0x10/0x10 [ 166.235625][ T6990] ? find_held_lock+0x2b/0x80 [ 166.235657][ T6990] ksys_write+0x12a/0x250 [ 166.235675][ T6990] ? __pfx_ksys_write+0x10/0x10 [ 166.235693][ T6990] ? rcu_is_watching+0x12/0xc0 [ 166.235715][ T6990] __do_fast_syscall_32+0x7c/0x300 [ 166.235737][ T6990] do_fast_syscall_32+0x32/0x80 [ 166.235757][ T6990] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 166.235777][ T6990] RIP: 0023:0xf7ff4579 [ 166.235790][ T6990] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 166.235805][ T6990] RSP: 002b:00000000f54e6520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 166.235821][ T6990] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000100 [ 166.235832][ T6990] RDX: 0000000000000080 RSI: 00000000f7485ff4 RDI: 0000000000000000 [ 166.235841][ T6990] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 166.235850][ T6990] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 166.235859][ T6990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 166.235881][ T6990] [ 166.494511][ T6995] netlink: 'syz.3.249': attribute type 1 has an invalid length. [ 166.507394][ T6995] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.528225][ T6995] bond1: (slave veth3): Enslaving as an active interface with a down link [ 166.542986][ T6995] bond1: (slave wlan1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 166.710426][ T7004] netlink: 48 bytes leftover after parsing attributes in process `syz.3.251'. [ 166.983470][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.251'. [ 167.312680][ T7016] netlink: 48 bytes leftover after parsing attributes in process `syz.0.261'. [ 167.716772][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'. [ 168.030313][ T7025] Zero length message leads to an empty skb [ 168.339976][ T7031] netlink: 48 bytes leftover after parsing attributes in process `syz.0.256'. [ 168.598894][ T7035] netlink: 4 bytes leftover after parsing attributes in process `syz.0.256'. [ 171.288218][ T7054] netlink: 48 bytes leftover after parsing attributes in process `syz.3.262'. [ 171.906058][ T7061] netlink: 48 bytes leftover after parsing attributes in process `syz.1.264'. [ 171.980524][ T7054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.262'. [ 172.145463][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.264'. [ 172.794853][ T7076] netlink: 48 bytes leftover after parsing attributes in process `syz.1.266'. [ 172.801866][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.267'. [ 172.806315][ T7074] netlink: 12 bytes leftover after parsing attributes in process `syz.3.267'. [ 172.991653][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.266'. [ 174.246646][ T7104] netlink: 48 bytes leftover after parsing attributes in process `syz.1.275'. [ 174.576816][ T7111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.275'. [ 175.970421][ T5944] Bluetooth: hci0: command 0x0406 tx timeout [ 175.970790][ T64] Bluetooth: hci2: command 0x0406 tx timeout [ 175.973651][ T5939] Bluetooth: hci1: command 0x0406 tx timeout [ 176.185866][ T7135] netlink: 48 bytes leftover after parsing attributes in process `syz.3.282'. [ 177.435301][ T7147] netlink: 48 bytes leftover after parsing attributes in process `syz.1.285'. [ 177.872958][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.285'. [ 178.131153][ T7156] netlink: 48 bytes leftover after parsing attributes in process `syz.3.287'. [ 178.775331][ T7161] netlink: 48 bytes leftover after parsing attributes in process `syz.2.288'. [ 178.839783][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'. [ 179.037797][ T7170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.288'. [ 179.992324][ T7181] netlink: 48 bytes leftover after parsing attributes in process `syz.0.298'. [ 180.334027][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.298'. [ 182.249175][ T7210] netlink: 48 bytes leftover after parsing attributes in process `syz.2.299'. [ 182.589219][ T7220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.299'. [ 183.222557][ T7227] netlink: 48 bytes leftover after parsing attributes in process `syz.1.303'. [ 183.503681][ T7229] netlink: 48 bytes leftover after parsing attributes in process `syz.2.304'. [ 183.726041][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.304'. [ 185.234168][ T7251] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'. [ 187.124125][ T7274] netlink: 'syz.0.316': attribute type 1 has an invalid length. [ 188.469770][ T7279] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 189.071699][ T7287] netlink: 48 bytes leftover after parsing attributes in process `syz.2.319'. [ 193.243584][ T7335] netlink: 48 bytes leftover after parsing attributes in process `syz.0.333'. [ 193.424233][ T7339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.333'. [ 194.293949][ T7343] netlink: 48 bytes leftover after parsing attributes in process `syz.0.335'. [ 196.162421][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.0.342'. [ 198.466867][ T7388] netlink: 48 bytes leftover after parsing attributes in process `syz.2.349'. [ 199.254694][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.258188][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.525324][ T7403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 199.790809][ T7406] netlink: 48 bytes leftover after parsing attributes in process `syz.0.354'. [ 199.997581][ T7409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.354'. [ 201.943408][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.0.361'. [ 202.228671][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz.2.362'. [ 202.290315][ T7450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.363'. [ 202.763690][ T7454] netlink: 48 bytes leftover after parsing attributes in process `syz.0.364'. [ 202.982730][ T7458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.364'. [ 207.038860][ T7498] netlink: 20 bytes leftover after parsing attributes in process `syz.3.379'. [ 207.053988][ T7498] netlink: 48 bytes leftover after parsing attributes in process `syz.3.379'. [ 207.504485][ T7503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.379'. [ 208.804652][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.382'. [ 210.531295][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.386'. [ 211.165827][ T7543] netlink: 20 bytes leftover after parsing attributes in process `syz.3.388'. [ 211.180991][ T7543] netlink: 48 bytes leftover after parsing attributes in process `syz.3.388'. [ 211.423301][ T7548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 215.205557][ T7589] netlink: 8 bytes leftover after parsing attributes in process `syz.1.400'. [ 217.607395][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.408'. [ 220.446871][ T7658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.420'. [ 221.211957][ T7667] netlink: 20 bytes leftover after parsing attributes in process `syz.1.423'. [ 221.216056][ T7667] netlink: 48 bytes leftover after parsing attributes in process `syz.1.423'. [ 221.398879][ T5939] non-paged memory [ 221.400337][ T5939] list_del corruption, ffff88802419bd00->next is LIST_POISON1 (dead000000000100) [ 221.403453][ T5939] ------------[ cut here ]------------ [ 221.405216][ T5939] kernel BUG at lib/list_debug.c:56! [ 221.406955][ T5939] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 221.410402][ T5939] CPU: 2 UID: 0 PID: 5939 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 221.415087][ T5939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 221.418471][ T5939] Workqueue: hci3 hci_conn_timeout [ 221.420440][ T5939] RIP: 0010:__list_del_entry_valid_or_report+0x121/0x200 [ 221.422661][ T5939] Code: 48 c7 c7 80 d8 f1 8b e8 4d 98 ea fc 90 0f 0b 4c 89 e7 e8 02 6f 4f fd 4c 89 e2 48 89 de 48 c7 c7 e0 d8 f1 8b e8 30 98 ea fc 90 <0f> 0b 48 89 ef e8 e5 6e 4f fd 48 89 ea 48 89 de 48 c7 c7 40 d9 f1 [ 221.428969][ T5939] RSP: 0018:ffffc90002a9fb68 EFLAGS: 00010286 [ 221.431144][ T5939] RAX: 000000000000004e RBX: ffff88802419bd00 RCX: ffffffff819a5479 [ 221.434403][ T5939] RDX: 0000000000000000 RSI: ffffffff819acfa6 RDI: 0000000000000005 [ 221.437320][ T5939] RBP: dead000000000122 R08: 0000000000000005 R09: 0000000000000000 [ 221.440408][ T5939] R10: 0000000080000000 R11: 0000000000000000 R12: dead000000000100 [ 221.443296][ T5939] R13: dffffc0000000000 R14: ffff888027774660 R15: ffff88802419bd00 [ 221.446138][ T5939] FS: 0000000000000000(0000) GS:ffff8880979e7000(0000) knlGS:0000000000000000 [ 221.449166][ T5939] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 221.451261][ T5939] CR2: 0000000080002000 CR3: 000000006f241000 CR4: 0000000000352ef0 [ 221.454014][ T5939] Call Trace: [ 221.455260][ T5939] [ 221.456475][ T5939] _hci_cmd_sync_cancel_entry.constprop.0+0x80/0x1d0 [ 221.458871][ T5939] hci_cancel_connect_sync+0xfa/0x2b0 [ 221.460959][ T5939] hci_abort_conn+0x15a/0x340 [ 221.462497][ T5939] hci_conn_timeout+0x1a2/0x210 [ 221.464071][ T5939] process_one_work+0x9cf/0x1b70 [ 221.465758][ T5939] ? __pfx_process_one_work+0x10/0x10 [ 221.467454][ T5939] ? assign_work+0x1a0/0x250 [ 221.468958][ T5939] worker_thread+0x6c8/0xf10 [ 221.470516][ T5939] ? __kthread_parkme+0x19e/0x250 [ 221.472420][ T5939] ? __pfx_worker_thread+0x10/0x10 [ 221.474412][ T5939] kthread+0x3c2/0x780 [ 221.476052][ T5939] ? __pfx_kthread+0x10/0x10 [ 221.478000][ T5939] ? rcu_is_watching+0x12/0xc0 [ 221.479534][ T5939] ? __pfx_kthread+0x10/0x10 [ 221.481047][ T5939] ret_from_fork+0x675/0x7d0 [ 221.482647][ T5939] ? __pfx_kthread+0x10/0x10 [ 221.484308][ T5939] ret_from_fork_asm+0x1a/0x30 [ 221.485819][ T5939] [ 221.486804][ T5939] Modules linked in: [ 221.488601][ T5939] ---[ end trace 0000000000000000 ]--- [ 221.549924][ T7674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.423'. [ 221.676334][ T5939] RIP: 0010:__list_del_entry_valid_or_report+0x121/0x200 [ 221.678683][ T5939] Code: 48 c7 c7 80 d8 f1 8b e8 4d 98 ea fc 90 0f 0b 4c 89 e7 e8 02 6f 4f fd 4c 89 e2 48 89 de 48 c7 c7 e0 d8 f1 8b e8 30 98 ea fc 90 <0f> 0b 48 89 ef e8 e5 6e 4f fd 48 89 ea 48 89 de 48 c7 c7 40 d9 f1 [ 221.709811][ T5939] RSP: 0018:ffffc90002a9fb68 EFLAGS: 00010286 [ 221.717525][ T5939] RAX: 000000000000004e RBX: ffff88802419bd00 RCX: ffffffff819a5479 [ 221.728117][ T5939] RDX: 0000000000000000 RSI: ffffffff819acfa6 RDI: 0000000000000005 [ 221.737106][ T5939] RBP: dead000000000122 R08: 0000000000000005 R09: 0000000000000000 [ 221.747044][ T5939] R10: 0000000080000000 R11: 0000000000000000 R12: dead000000000100 [ 221.755482][ T5939] R13: dffffc0000000000 R14: ffff888027774660 R15: ffff88802419bd00 [ 221.764870][ T5939] FS: 0000000000000000(0000) GS:ffff8880979e7000(0000) knlGS:0000000000000000 [ 221.776265][ T5939] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 221.785410][ T5939] CR2: 0000000080005000 CR3: 000000006f241000 CR4: 0000000000352ef0 [ 221.796387][ T5939] Kernel panic - not syncing: Fatal exception [ 221.799668][ T5939] Kernel Offset: disabled [ 221.801612][ T5939] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:30:20 Registers: info registers vcpu 0 CPU#0 RAX=00000002000008fd RBX=ffff8880277c2480 RCX=0000000000000830 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000010 RSP=ffffc90003b4f858 R8 =0000000000000000 R9 =fffffbfff2106b1a R10=ffffffff908358d7 R11=0000000000000001 R12=1ffff92000769f0c R13=0000000000000004 R14=0000000000000001 R15=ffffc90003b4f880 RIP=ffffffff8169ab68 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080002000 CR3=000000004be8c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=0000000000000000 RCX=ffffffff81c3c2ff RDX=0000000000000000 RSI=ffffffff8bf1d4c0 RDI=ffffffff818aa680 RBP=ffff88802b33a4c0 RSP=ffffc9000046fac8 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff908358d7 R11=ffff88802b33b2d8 R12=0000000000000000 R13=ffff88802b23a4c0 R14=ffff88802b23a4c0 R15=dffffc0000000000 RIP=ffffffff810014f0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000301f4ffc CR3=000000005fb28000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff852ca3d5 RDI=ffffffff9adeae20 RBP=ffffffff9adeade0 RSP=ffffc90002a9f488 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043 R12=0000000000000000 R13=0000000000000030 R14=ffffffff9adeade0 R15=ffffffff852ca370 RIP=ffffffff852ca3ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080002000 CR3=000000006f241000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000020983c RBX=0000000000000003 RCX=ffffffff8b61e2d9 RDX=ffffed10056a6656 RSI=ffffffff8bf1d4c0 RDI=ffffffff81913c4d RBP=ffffed10037e4000 RSP=ffffc9000048fde8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801bf20000 R14=ffffffff908358d0 R15=0000000000000000 RIP=ffffffff8b61cd8f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097ae7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f5081da4 CR3=000000006f241000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000024000000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000