last executing test programs: 4.871257751s ago: executing program 0 (id=254): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000340)={0xffffffffffffffff, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000fc, 0x8, 0x0, 0x0}}, 0x36) r0 = socket$inet6(0xa, 0x2, 0x3a) recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) write(r1, &(0x7f00000004c0)='I', 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r3, 0xb97534d5fe9704cf, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3d2}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}}, 0x0) ioctl$BLKTRACESTART(r1, 0x1274, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r6, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003980)}}], 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000880)="800037bb8c010000", 0x8, 0x0, 0x0, 0x0) read(r0, &(0x7f0000001240)=""/4085, 0x100f) 3.990733724s ago: executing program 0 (id=263): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x488}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x3af4701e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, 0x0, &(0x7f0000000100)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) ioprio_set$pid(0x3, 0x0, 0x4004) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) socket$inet6(0xa, 0x802, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0xa000, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000000000000000000000001000000000000000a38caf73de3e846adc952de9e4251a96da05d547480a916a5e598d9f3d390049d7f8b3ce11d6fe086dad619c89297cc9d6fdc06cc1615c15baf4a288496dc5969f6d7734ad6868a0cd72cb79794927ceec7ddabea1f403f1e9a8bdd96af1815ead8f264e15edc15b36a3b64d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000580)=@bloom_filter={0x1e, 0x7fffffff, 0x9, 0x2, 0x40100, 0xffffffffffffffff, 0x525, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1, 0x6, @void, @value, @void, @value}, 0x50) 3.300971937s ago: executing program 3 (id=268): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x10, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4037, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) unshare(0x8040600) r3 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvfrom$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f000011a000/0x4000)=nil, 0x4000, 0xb635773f06ebbeea, 0x810, r2, 0x977bb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000800)=[{{&(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{&(0x7f00000004c0)="d54d16d585cba305e622dac0d4e0bed33d340d955ba627ea3a6d48643587dca46d2c6ce9d3ef166626eaf1e529573702663d6e9aa7590914c5af7c53bb197f293b7bf5f5efdbf96e8413588c2bb067c52738bc1177dde04889325632461992bb18c09ebf1107fe", 0x67}], 0x1, &(0x7f0000000700)=[@cred={{0x18, 0x1, 0x2, {r4}}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, r5, r5, r0, r3, r5]}}, @cred={{0x18, 0x1, 0x2, {r4}}}, @rights={{0x10, 0x1, 0x1, [r6]}}, @rights={{0x20, 0x1, 0x1, [r1, r1, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {r4}}}, @rights={{0x10, 0x1, 0x1, [r2]}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r0, r5]}}], 0xd4, 0x240480c0}}], 0x1, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x76) syz_emit_ethernet(0x27e, &(0x7f0000000a00)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa808100000086dd6dfce131024411fffe800000000000000000000000000010fc01000000000000000000000000000001002c3168000000350f000000000000071800000000040d0008f300000000000000ae060000000000000738000000010c01040007000000000000004b230000000000000700000000000000000000000000000001f8ffffffffffff090000000000000005020007c2040000040005020000c20400000005c910fc0200000000000000000000000000010000000000002c02000000000000c910fc0200000000000000000000000000010000000000000200fc0964000000000e04070010050000000000000000000000000000000001fe880000000000000000000000000101000000000000000000000000000000012001000000000000000000000000000200000000000000000000000000000000fc000000000000000000000000000000000000011111000000000000c2040000070f01020000037f0625590db33a2192474485bf076f26717bc9977439bb07c4f50c4a1c09074ff2e26a63153170ebdd98d798f3949780722f4756308c56bf35284da87d59b7fd7c12d1e77b4b9db525d8dede0194a117f1249ec090b009ae6a86dd007538dfb222048123e2d4a6dfc744ed94b977d96a34bf0db2cc151b272e9cde6b4d832e4300010000004e204e20007c907881000001e506a65c52cb6c0b43ba93218abe5154a292192efbf4a95957bbf8ae212edb78f2bc3f6e971476e44d564a22b5ee1e4cd1811dd3bffce0d7182f8e34ab25c3dce5548be3b73ce7fea0811ff8eed955d20460f881839c8065794316c776c39edbf4ea698dfab86057c303a6275cbbe5d0d6a99e5b65236dd00bdfb1f7a628defcaa08ce86e2ba849298d68383646cb7fa49097a7ac4d4217cd87d913047b1e88ab0bdcfcfaecb92664c69dc06fcaf9b5b3f245ea446ae03d58e4b622a9d91b45bacdaf83edec600"/724], 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r10 = dup3(r9, r8, 0x0) r11 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r11, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0) 2.980339547s ago: executing program 0 (id=273): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) inotify_init1(0x80800) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0xffff, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {0x3}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$tty1(0xc, 0x4, 0x1) mount$bind(0x0, 0x0, 0x0, 0x11080, 0x0) ioctl$VIDIOC_LOG_STATUS(0xffffffffffffffff, 0x5646, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r3, &(0x7f0000000400)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x0, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0x0, 0x3) mremap(&(0x7f0000007000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f000000b000/0x3000)=nil) 2.819572405s ago: executing program 2 (id=275): kexec_load(0x0, 0x2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x800000, 0x8000}], 0x320000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}}, 0x4008000) syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="24002d801a0001"], 0x64}}, 0x0) kexec_load(0x0, 0x2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x800000, 0x8000}], 0x320000) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}}, 0x4008000) (async) syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0) (async) syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0) (async) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="24002d801a0001"], 0x64}}, 0x0) (async) 2.819119265s ago: executing program 2 (id=276): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@empty}, &(0x7f0000000140)=0x14) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xfff3, 0x4}, {0x0, 0x1b}}}, 0x24}}, 0x0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0014079ad1440000", @ANYRES16=r3, @ANYBLOB="01002abd7000fddbdf25060000001800018014000200766c616e3100"/38], 0x2c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x2000006) 2.450844344s ago: executing program 3 (id=278): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0xc, &(0x7f0000000040)=0x5, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x9, "6372a100cce6227ad2"}, &(0x7f0000000200)=0x2d) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xf59, 0x1, 0x17) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r4, 0x40186f40, 0x0) openat$cgroup_ro(r4, 0x0, 0x275a, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000240)={0x88, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x3}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xfffffff7}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x29}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0xc0}, 0x2000c014) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x20, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800) r6 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, &(0x7f000000c3c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000000c0)={0x50, 0x0, r9, {0x7, 0x1f, 0x0, 0x7ab78c4493c52f9b}}, 0x50) write$FUSE_GETXATTR(r1, &(0x7f0000000140)={0x18, 0xfffffffffffffffe, r9, {0x8}}, 0x18) io_uring_enter(r1, 0x47f9, 0x0, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) flock(0xffffffffffffffff, 0x1) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r6, 0x708, 0x41e3, 0x0, 0x0, 0x0) io_setup(0x8, &(0x7f0000000680)=0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) io_pgetevents(r10, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000700)={0x77359400}, 0x0) 2.020855226s ago: executing program 2 (id=279): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="120000003d00000008f5ffff01a7000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) fgetxattr(r0, &(0x7f0000000380)=@known='system.posix_acl_access\x00', 0x0, 0x0) 2.020512642s ago: executing program 2 (id=280): bind$inet6(0xffffffffffffffff, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000180)=""/105, 0x69) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000ac0)=@unlock_all, 0xb) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000005c0)="96a67b36bd06304a08a67f14f6c3881ca6167592ce060670a396f8ab05ace2caca6b2a9ecf3471d2", 0x28}, {&(0x7f0000000500)="fc484e55021886bb", 0x7fffefd8}], 0x2}}], 0x1, 0x0) 1.648417477s ago: executing program 2 (id=281): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x2e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000065c0)=[{{&(0x7f0000000480), 0x80, &(0x7f0000000680)=[{&(0x7f0000000500)=""/101, 0x65}, {&(0x7f0000000600)=""/82, 0x52}, {&(0x7f0000000040)=""/9, 0x9}, {&(0x7f0000000b40)=""/76, 0x4c}, {&(0x7f0000000bc0)=""/79, 0x4f}], 0x5, &(0x7f0000000c40)=""/207, 0xcf}, 0x8001}, {{&(0x7f0000000d40)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/4096, 0x1000}, {&(0x7f0000003c40)=""/4096, 0x1000}, {&(0x7f0000000dc0)=""/30, 0x1e}], 0x4, &(0x7f0000000e40)=""/239, 0xef}, 0x7}, {{&(0x7f0000000f40)=@l2tp={0x2, 0x0, @multicast2}, 0x80, &(0x7f0000001280)=[{&(0x7f0000000fc0)=""/175, 0xaf}, {&(0x7f0000001080)}, {&(0x7f00000010c0)=""/58, 0x3a}, {&(0x7f0000001100)=""/113, 0x71}, {&(0x7f0000001180)=""/159, 0x9f}, {&(0x7f0000001240)=""/35, 0x23}], 0x6, &(0x7f00000012c0)=""/3, 0x3}, 0xfffffff8}, {{&(0x7f0000001300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000001540)=[{&(0x7f0000001380)=""/248, 0xf8}, {&(0x7f0000001480)=""/163, 0xa3}], 0x2000000000000219, &(0x7f0000001580)=""/230, 0xe6}, 0x2}, {{&(0x7f0000001680)=@xdp, 0x80, &(0x7f0000004d40)=[{&(0x7f0000001700)=""/181, 0xb5}, {&(0x7f00000017c0)=""/222, 0xde}, {&(0x7f00000018c0)=""/22, 0x16}, {&(0x7f0000001900)=""/88, 0x58}, {&(0x7f0000001980)=""/236, 0xec}, {&(0x7f0000001a80)=""/26, 0x1a}, {&(0x7f0000001ac0)=""/22, 0x16}, {&(0x7f0000001b00)=""/218, 0xda}, {&(0x7f0000004c40)}, {&(0x7f0000004c80)=""/188, 0xbc}], 0xa, &(0x7f0000004dc0)=""/37, 0x25}, 0x6}, {{&(0x7f0000004e00)=@un=@abs, 0x80, &(0x7f0000004f00)=[{&(0x7f0000004e80)=""/117, 0x75}], 0x1, &(0x7f0000004f40)=""/247, 0xf7}, 0x4}, {{&(0x7f0000005040)=@generic, 0x80, &(0x7f0000006280)=[{&(0x7f00000050c0)=""/171, 0xab}, {&(0x7f0000005180)=""/97, 0x61}, {&(0x7f0000005200)=""/124, 0x7c}, {&(0x7f0000005280)=""/4096, 0x1000}], 0x4, &(0x7f00000062c0)=""/248, 0xf8}, 0x2}, {{&(0x7f00000063c0)=@tipc, 0x80, &(0x7f0000006540)=[{&(0x7f0000006440)=""/37, 0x25}, {&(0x7f0000006480)=""/180, 0xb4}], 0x2, &(0x7f0000006580)=""/48, 0x30}, 0x3}], 0x8, 0x2, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r3, &(0x7f0000000a80)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1, 0x2}}, 0x12) listen(0xffffffffffffffff, 0xcbe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xe080, 0x800, 0x1}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x34c, 0x18c, 0x2b8, 0x182, 0x18c, 0x0, 0x284, 0x3a8, 0x3a8, 0x284, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x164, 0x18c, 0x0, {0x0, 0xe0ffff00000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "83f0a574725c23587dcfbd695650fe91ad9f7783f34f23315a573f167f755eaff4d665d219fa653cdfd7ee1092b07e243bd3e81b17fa1a6a18d79ae45b76f817515ec14cdf53d785cfe1d638f578cf51801a954830bfb97c4595e7b07b7147a846d1a230f2e1053fd68b5c45f2847c271539bdbd0f149a701a72fc1f87ab788a"}}]}, @common=@inet=@SET1={0x28}}, {{@uncond, 0x0, 0xc8, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3a8) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x60, 0x43, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)="58d6b50700000089b914a6b02f652f0853ea69fb1f78ec9ec45a628f8ef529469ad691867e25080afe99bf1a127411bf9f68b53a520d418693f2a108186ff4280059fb26529b542d03edf4e0894e8d09fd3a90ee006e9af219cff265344ade46648695f1741c350d078ac610dc7208b80854f5", &(0x7f0000000a80)="ff922de15dc70ed799924fe3c46c6e99bf85287c9dd48301a7f9b5a622bbc817a48bf7870199767b25516f358f02ec87d4c7f6f57d22ab55bb3c9d42834a02853d08eb5c44d44a25783e050000009b2f1c621a1ae33a049aca16cc0482fcefce6dbe808253bfdbd86fee348f46f9cb614f35f5edc647a42957c79a3b5c5c7bdf3b2f61de9513992000d7371f7c537cfd16bb8000a290ace97d194991e2de8653be", 0x2, r9, 0x4}, 0x38) bpf$BPF_GET_PROG_INFO(0x15, &(0x7f0000000340)={r9, 0x0, 0x0}, 0x10) r10 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r10, 0x0, 0x2a, &(0x7f0000000300)={0x6, {{0x2, 0x0, @multicast2}}}, 0xe7) setsockopt$inet_MCAST_JOIN_GROUP(r10, 0x0, 0x2a, &(0x7f0000000180)={0x7, {{0x2, 0x0, @multicast2}}}, 0x88) 1.579784186s ago: executing program 1 (id=282): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="2d6373c1c05dda58692da0f0cba140a7cecc7075736574202b637075202b6370755db474202b63707573657e202b726c696d697420"], 0x25) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000d00)="a07018a01e1678d7cfcd1c9121aec63f46bc13e47d69b2884b841be75625438ff8e699541712f1718dae01a2f61cce7db751ded00eae6f4783d2705d3456a3d26f19cdcaaa0910478e3369056c3e2a9ce22363d55cc8956c465f10ed18f5c50a191b6f59c77d8d7aba82e245c463d626a03a53ba99aa1a79a17d4d338215b9a66c4892cf2533c1fe3a977cf8a6f3c29a293d09f400e7c07e9fbbfd602f2d869036e06242d5fb9c67084251324d074f6ef3fb4a790dbd6351854d50454a05efb2db3d4d59fbbb77c417acb82f", 0xcc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e66000804fa2a6838a27f2611ad48bbd0000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008004000b7040000000000008500000033000000850000000500000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000c80)=@mangle={'mangle\x00', 0x64, 0x6, 0x57c, 0x3ec, 0x3ec, 0x3ec, 0x304, 0x3ec, 0x4b4, 0x4b4, 0x4b4, 0x4b4, 0x4b4, 0x6, 0x0, {[{{@uncond, 0x0, 0xc8, 0x10c, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @DNPT={0x44, 'DNPT\x00', 0x0, {@ipv4=@dev, @ipv6=@private0, 0x3c, 0x13}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@ipv6={@remote, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24}}, {{@uncond, 0x0, 0xa4, 0xe8}, @SNPT={0x44, 'SNPT\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@private}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @HL={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x5d8) r4 = openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x109000, 0x183) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {0x3acc002}}, './file0\x00'}) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000003c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000600)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23c, 0x0, 0x0, "b4bc323ef77d1f0000568400"}}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x0, 0x5, 0x0, 0x0, r8}) ioctl$TUNSETOWNER(r0, 0x400454cc, 0x0) close(r0) 1.407221385s ago: executing program 1 (id=283): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x103b01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800) r3 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="0f20e06635000004000f22e066b80500000066b9000000000f01c166b9f302000066b80060000066ba00000000baf80c66b8de18c08e66efbafc0cedf30f4ad30f20d86635200000000f22d8f30f1effba410066ed3667660f38824c150f64660ffbd4660f13743c", 0x68}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) timer_create(0x2, 0x0, &(0x7f0000000880)=0x0) timer_gettime(r4, &(0x7f0000001580)) r5 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r5, &(0x7f0000000240)=ANY=[@ANYBLOB='changeprofile ://&'], 0x17) 1.406775233s ago: executing program 0 (id=284): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x10, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000340)=[{0x5, 0x5, 0x0, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$llc_int(r3, 0x10c, 0xb, &(0x7f0000000000)=0xcb5, 0x4) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2) socket$inet_smc(0x2b, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) mq_open(&(0x7f0000000040)='!-@\x00', 0xc2, 0x22, &(0x7f00000000c0)={0x8, 0x5, 0xfffffe01, 0x8}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d00"], 0x1c}], 0x1, 0x0, 0x0, 0x4000}, 0x0) recvmmsg(r7, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000021c0)=""/4104, 0x1000}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{&(0x7f00000002c0)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000440)=""/99, 0x63}], 0x1, &(0x7f0000000680)=""/141, 0x8d}, 0x7}, {{&(0x7f00000004c0)=@hci, 0x80, &(0x7f00000007c0)=[{&(0x7f0000001080)=""/67, 0xfe3f}, {&(0x7f0000000580)}, {&(0x7f0000000740)=""/78, 0x4e}], 0x3, &(0x7f0000000800)=""/84, 0x54}, 0x7}], 0x40000000000027c, 0x0, 0x0) 1.403569077s ago: executing program 3 (id=285): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x14, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="100001000000000000000000", @ANYRES32], 0x10}, 0x0) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x2000, @ipv4={'\x00', '\xff\xff', @remote}, 0xffffffff}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x4000300) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r4, @ANYBLOB="0c009985f2330fd547793c000800a0003a0900080500390104000000080026"], 0x40}}, 0x0) 1.220598864s ago: executing program 1 (id=286): r0 = socket(0x6, 0x80000, 0x100) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x200280, 0x0) (async) fsopen(0x0, 0x0) (async) r2 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) r3 = epoll_create1(0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x1a, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="791298000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e80100008000000000887a5ad103649afa17690884f800031e03a6d1bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d69bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527f5649bd60df638596fd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d095b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe08735d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b39437f1ea2df0000000000000000000000000022b90d93a267f3af4e02606f0ce6c2ffc404b575a09d6e625f3248689005eb4a9c8df3c67e6b2b759cab3a7bedf1b927cd8ba6d13b3e7d7279515e3d6d20"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x61880, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) (async) creat(0x0, 0x0) (async) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) (async) recvmmsg$unix(r6, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r7 = epoll_create1(0x0) (async) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r3, &(0x7f0000000000)={0xa0000001}) epoll_wait(0xffffffffffffffff, &(0x7f0000000340)=[{}], 0x1, 0x1000) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r8 = socket(0x15, 0x5, 0x0) getsockopt(r8, 0x200000000114, 0x2720, 0x0, &(0x7f0000000000)) r9 = memfd_create(&(0x7f0000000440)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xb5\x12\t\xe0\xf2\'f\xf4+\xb3\xdeA6\x10O\xdd\x9c\xf7B', 0x7) fcntl$addseals(r9, 0x409, 0x8) (async) ioctl$FS_IOC_RESVSP(r9, 0x40305829, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4000}) close_range(r1, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="e00b111c000000d56f6b063301000000000000000000dd79bcbc9ea45c590001"], 0x1c}}, 0x0) 940.824792ms ago: executing program 1 (id=287): r0 = socket(0x5, 0x5, 0x116a) close(r0) socket$can_j1939(0x1d, 0x2, 0x7) (async) socket$can_j1939(0x1d, 0x2, 0x7) getsockname$packet(r0, 0x0, &(0x7f0000000080)) 939.096579ms ago: executing program 1 (id=288): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000140)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x8}}, 0x10) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) timer_settime(0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x800001, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x1a, 0x1, 0x0, 0x0, {0x81}, [@FRA_DST={0x14, 0x1, @empty}]}, 0x30}}, 0x0) mlock2(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x0) munmap(&(0x7f0000001000/0x1000)=nil, 0x1000) r4 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_VDPA_GET_VRING_NUM(r4, 0x8002af76, &(0x7f00000001c0)) futex_waitv(&(0x7f0000001080), 0x0, 0x0, 0x0, 0x1) 700.947673ms ago: executing program 2 (id=289): bind$inet6(0xffffffffffffffff, 0x0, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000000180)=""/105, 0x69) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000ac0)=@unlock_all, 0xb) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000005c0)="96a67b36bd06304a08a67f14f6c3881ca6167592ce060670a396f8ab05ace2caca6b2a9ecf3471d2", 0x28}, {&(0x7f0000000500)="fc484e55021886bb", 0x7fffefd8}], 0x2}}], 0x1, 0x0) 505.006963ms ago: executing program 0 (id=290): socket$igmp(0x2, 0x3, 0x2) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000003c0)={0x2710, 0x3, 0xf000, 0x1000, &(0x7f00009b0000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10000, 0x1, 0xeeee0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) ftruncate(r7, 0xfff) ioctl$TCSBRKP(r7, 0x5425, 0x6) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) 375.758663ms ago: executing program 3 (id=291): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xbe0b}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xfffffff1}, 0x0) 300.496206ms ago: executing program 3 (id=292): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r1, @ANYRES16=r2, @ANYRES64=r2, @ANYRES32=r3, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000) r4 = socket$vsock_stream(0x28, 0x1, 0x0) r5 = syz_open_dev$swradio(&(0x7f0000000380), 0x0, 0x2) ioctl$VIDIOC_G_CTRL(r5, 0xc008561b, &(0x7f0000000000)={0xf0f040, 0x8}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='vxfs\x00', 0x1000000, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000100)={'bond_slave_0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1f, 0x2, 0x7, 0x20000004}}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_CONFIG(r6, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000900)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010000000015000000000d000000"], 0x14}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001500)=ANY=[@ANYBLOB="380000002d000100000000000000000008000000", @ANYRES32], 0x38}], 0x1}, 0x0) r8 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) r11 = socket$inet(0x2, 0x80000, 0x2) getsockopt$IPT_SO_GET_REVISION_TARGET(r11, 0x0, 0x43, 0x0, &(0x7f0000000100)) r12 = userfaultfd(0x801) ioctl$UFFDIO_API(r12, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r12, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r12, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r13 = getpid() ioctl$FS_IOC_GETFSLABEL(r11, 0x81009431, &(0x7f0000000340)) process_vm_readv(r13, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f00000009c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x60, 0x0, r0}) io_uring_enter(r8, 0x7a98, 0x0, 0x0, 0x0, 0x0) 201.112754ms ago: executing program 0 (id=293): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) inotify_init1(0x80800) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0xffff, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {0x3}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$tty1(0xc, 0x4, 0x1) mkdirat(0xffffffffffffff9c, 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(0xffffffffffffffff, 0x5646, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r3, &(0x7f0000000400)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x0, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0x0, 0x3) mremap(&(0x7f0000007000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f000000b000/0x3000)=nil) 150.187915ms ago: executing program 1 (id=294): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x5, 0x141101) r1 = dup(r0) syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[], 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000003c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='dyR,\x00']) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]}) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5}, 0x20) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r5, 0x4048aecb, &(0x7f0000000480)=ANY=[@ANYBLOB="070000000000000007000000ffffffff"]) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) socket$packet(0x11, 0x2, 0x300) socket(0x11, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000900)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x46, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @remote}, "060086dd030020a9"}}}}}, 0x0) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000010000000000009500000004000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = socket$packet(0x11, 0x3, 0x300) write$char_usb(0xffffffffffffffff, &(0x7f00000008c0)='-0', 0x2) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r9}, 0x10) syz_emit_ethernet(0x114, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x3, 0x28, 0xfffffffffffffece, 0x67, 0x0, 0x7, 0x21, 0x0, @empty, @multicast1, {[@cipso={0x86, 0x0, 0x2, [{0x5, 0x0, "6e955ec0f8"}, {0x6, 0x0, "eb82acac2b4582"}, {0x7}, {0x6, 0x0, "451d89ce906205ab968988"}]}]}}, {{0x4e21, 0x4e21, 0x4, 0x1, 0xa, 0x0, 0x0, 0x2, 0x5, "48e603", 0x3, "5525eb"}, "bd2b65d5cd27409f20b009fd98d61e979a6f0dc62b390b6a5f760181fc3bef269106f758021d1b392431c1140f8fb3fc360628e13be8d1391d1386d13509b2624eb81825fc39ed4678b171a8afde402a3f68e9e6521223a2c5621df27f2675bb4a2683362dd20223585093396a75c89f9731db3364dc44389716ae06ea15b629a7bb1f62b83cdf8def08ca47dd26889fb9efe6e324f83219c2305d269eee60a47ded3fa9b8448fec4b0b93649dd7c4edb18f01723e88b6d40275c42e9b258a6d475c41e9788693b72b31676c737319827243d1acb5ae47fb03c0ce5d24347cd23d10"}}}}}, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) 0s ago: executing program 3 (id=295): r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000380)={0x80080, 0x0, 0x13}, 0x3c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0xa, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) (async) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) (async) socket$xdp(0x2c, 0x3, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) write$cgroup_int(r2, &(0x7f0000000040)=0x900, 0x12) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r3, 0x29, 0x3a, &(0x7f0000001240)=0x737, 0x4) (async) setsockopt$inet6_int(r3, 0x29, 0x3a, &(0x7f0000001240)=0x737, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) (async) socket$key(0xf, 0x3, 0x2) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) write$P9_RVERSION(r5, 0x0, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async) creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r6, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) truncate(0x0, 0x8fff5) creat(0x0, 0xd931d3864d39dc4a) (async) creat(0x0, 0xd931d3864d39dc4a) r7 = landlock_create_ruleset(&(0x7f0000000100)={0x6104}, 0x18, 0x0) landlock_restrict_self(r7, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_dccp_buf(r1, 0x21, 0xe, &(0x7f0000000140)="a0088922f6a0c6808459607987081b34eea7983ed24ea6296c2f3bc2f52b7589249dd461e3282b17e6449807af7a1dadd36b7c0222975ee40e9a69a0d066ec161023aab82b912005cb8d4857c18254", 0x4f) r8 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$alg(r8, &(0x7f0000000240)=""/4096, 0xfffffdef) (async) read$alg(r8, &(0x7f0000000240)=""/4096, 0xfffffdef) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:52149' (ED25519) to the list of known hosts. [ 42.316398][ T5938] cgroup: Unknown subsys name 'net' [ 42.465378][ T5938] cgroup: Unknown subsys name 'cpuset' [ 42.470425][ T5938] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.310200][ T5938] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.974324][ T5952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.978241][ T5956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.981560][ T5956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.984330][ T5956] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.986993][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.990112][ T5956] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 46.001924][ T5963] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 46.004543][ T5963] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 46.006995][ T5963] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 46.009119][ T5963] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 46.010877][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 46.013710][ T5964] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 46.014837][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 46.018686][ T5963] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 46.019782][ T5957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 46.021765][ T5963] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 46.024873][ T5957] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 46.029328][ T5959] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 46.029611][ T5957] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 46.035313][ T65] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 46.039734][ T65] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 46.047104][ T5957] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 46.051088][ T5957] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 46.054881][ T5957] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.186858][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 46.274191][ T5954] chnl_net:caif_netlink_parms(): no params data found [ 46.286030][ T5953] chnl_net:caif_netlink_parms(): no params data found [ 46.289652][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.292549][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.294779][ T5949] bridge_slave_0: entered allmulticast mode [ 46.296968][ T5949] bridge_slave_0: entered promiscuous mode [ 46.303721][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.305756][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.307802][ T5949] bridge_slave_1: entered allmulticast mode [ 46.309813][ T5949] bridge_slave_1: entered promiscuous mode [ 46.349689][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.354498][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.450445][ T5949] team0: Port device team_slave_0 added [ 46.454370][ T5949] team0: Port device team_slave_1 added [ 46.456526][ T5961] chnl_net:caif_netlink_parms(): no params data found [ 46.467460][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.469518][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.471902][ T5953] bridge_slave_0: entered allmulticast mode [ 46.474044][ T5953] bridge_slave_0: entered promiscuous mode [ 46.513239][ T5953] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.516040][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.518798][ T5953] bridge_slave_1: entered allmulticast mode [ 46.521929][ T5953] bridge_slave_1: entered promiscuous mode [ 46.525263][ T5954] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.527164][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.529203][ T5954] bridge_slave_0: entered allmulticast mode [ 46.531337][ T5954] bridge_slave_0: entered promiscuous mode [ 46.536714][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.538756][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.546209][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.575879][ T5954] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.578009][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.580119][ T5954] bridge_slave_1: entered allmulticast mode [ 46.583034][ T5954] bridge_slave_1: entered promiscuous mode [ 46.586172][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.588195][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.595855][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.602885][ T5953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.606599][ T5953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.684461][ T5954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.702464][ T5953] team0: Port device team_slave_0 added [ 46.706178][ T5949] hsr_slave_0: entered promiscuous mode [ 46.708345][ T5949] hsr_slave_1: entered promiscuous mode [ 46.712441][ T5954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.722734][ T5953] team0: Port device team_slave_1 added [ 46.744068][ T5961] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.746175][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.748241][ T5961] bridge_slave_0: entered allmulticast mode [ 46.750377][ T5961] bridge_slave_0: entered promiscuous mode [ 46.753721][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.755787][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.757811][ T5961] bridge_slave_1: entered allmulticast mode [ 46.759940][ T5961] bridge_slave_1: entered promiscuous mode [ 46.805188][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.807290][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.814813][ T5953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.820872][ T5954] team0: Port device team_slave_0 added [ 46.828011][ T5954] team0: Port device team_slave_1 added [ 46.830930][ T5961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.834186][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.836269][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.843796][ T5953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.875467][ T5961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.900636][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.903409][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.910703][ T5954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.915215][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.917270][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.924837][ T5954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.934282][ T5961] team0: Port device team_slave_0 added [ 46.968262][ T5953] hsr_slave_0: entered promiscuous mode [ 46.971051][ T5953] hsr_slave_1: entered promiscuous mode [ 46.973351][ T5953] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.975982][ T5953] Cannot create hsr debugfs directory [ 46.978628][ T5961] team0: Port device team_slave_1 added [ 47.021549][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.024141][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.031785][ T5961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.052005][ T5954] hsr_slave_0: entered promiscuous mode [ 47.054304][ T5954] hsr_slave_1: entered promiscuous mode [ 47.056436][ T5954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.059542][ T5954] Cannot create hsr debugfs directory [ 47.072431][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.074414][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.081997][ T5961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.162198][ T5961] hsr_slave_0: entered promiscuous mode [ 47.164367][ T5961] hsr_slave_1: entered promiscuous mode [ 47.166378][ T5961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.168553][ T5961] Cannot create hsr debugfs directory [ 47.275728][ T5949] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.282326][ T5949] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.289772][ T5949] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.296050][ T5949] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.343490][ T5953] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.347554][ T5953] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.351163][ T5953] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.357549][ T5953] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.380035][ T5954] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.386183][ T5954] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.389250][ T5954] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.392898][ T5954] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.425357][ T5961] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.428822][ T5961] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.435565][ T5961] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.440669][ T5961] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.486937][ T5953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.500015][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.509856][ T5954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.519097][ T5953] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.525622][ T5954] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.533554][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.543343][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.546086][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.549686][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.552394][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.556542][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.558602][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.561361][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.563461][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.584745][ T220] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.586807][ T220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.590115][ T220] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.592634][ T220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.630303][ T5961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.659552][ T5961] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.664418][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.667198][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.676167][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.679004][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.710096][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.727956][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.738270][ T5949] veth0_vlan: entered promiscuous mode [ 47.747485][ T5949] veth1_vlan: entered promiscuous mode [ 47.772603][ T5954] veth0_vlan: entered promiscuous mode [ 47.780089][ T5954] veth1_vlan: entered promiscuous mode [ 47.784989][ T5949] veth0_macvtap: entered promiscuous mode [ 47.790776][ T5949] veth1_macvtap: entered promiscuous mode [ 47.803183][ T5953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.818242][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.833514][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.841352][ T5953] veth0_vlan: entered promiscuous mode [ 47.847340][ T5954] veth0_macvtap: entered promiscuous mode [ 47.851554][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.855213][ T5954] veth1_macvtap: entered promiscuous mode [ 47.860012][ T5953] veth1_vlan: entered promiscuous mode [ 47.863791][ T5949] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.866761][ T5949] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.869598][ T5949] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.872821][ T5949] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.893929][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.897284][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.900622][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.904680][ T5954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.907660][ T5954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.910982][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.919759][ T5961] veth0_vlan: entered promiscuous mode [ 47.927187][ T5954] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.929920][ T5954] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.933762][ T5954] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.937023][ T5954] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.956070][ T5961] veth1_vlan: entered promiscuous mode [ 47.960668][ T5953] veth0_macvtap: entered promiscuous mode [ 47.972768][ T220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.973050][ T5953] veth1_macvtap: entered promiscuous mode [ 47.975435][ T220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.991987][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.994411][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.998919][ T5953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.003571][ T5953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.007421][ T5953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.011394][ T5953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.016345][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.023088][ T5961] veth0_macvtap: entered promiscuous mode [ 48.036872][ T5953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.041040][ T5953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.045750][ T5953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.045759][ T5956] Bluetooth: hci0: command tx timeout [ 48.049736][ T5953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.052209][ T5957] Bluetooth: hci2: command tx timeout [ 48.052232][ T65] Bluetooth: hci1: command tx timeout [ 48.057203][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.071309][ T5953] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.074199][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.075920][ T5953] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.082762][ T5953] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.086234][ T5953] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.091101][ T5961] veth1_macvtap: entered promiscuous mode [ 48.105241][ T220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.108256][ T220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.115404][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.119534][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.125958][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.130126][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.132120][ T5957] Bluetooth: hci3: command tx timeout [ 48.134235][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.139753][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.146117][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.170097][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.175253][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.179250][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.184531][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.188392][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.192984][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.198526][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.204646][ T5961] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.207968][ T5961] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.211336][ T5961] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.215154][ T5961] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.220183][ T220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.226162][ T220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.243829][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.246965][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.280482][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.284955][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.301112][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.307817][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.310518][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.313474][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.680903][ T6036] netlink: 'syz.2.3': attribute type 10 has an invalid length. [ 48.714048][ T6036] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.716639][ T6036] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.722103][ T6036] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.724209][ T6036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.726610][ T6036] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.728638][ T6036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.732696][ T6036] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 48.783837][ T6031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 48.786456][ T6031] bridge_slave_1: left allmulticast mode [ 48.788360][ T6031] bridge_slave_1: left promiscuous mode [ 48.790047][ T6031] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.794592][ T6031] bridge_slave_0: left allmulticast mode [ 48.796770][ T6031] bridge_slave_0: left promiscuous mode [ 48.799783][ T6031] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.809676][ T6031] bond0: (slave bridge0): Releasing backup interface [ 48.875131][ T6037] tipc: Started in network mode [ 48.876700][ T6037] tipc: Node identity ffffffff, cluster identity 4711 [ 48.878641][ T6037] tipc: Node number set to 4294967295 [ 48.901589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 49.046346][ T6040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'. [ 49.049452][ T6040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'. [ 49.319524][ T6050] overlayfs: missing 'lowerdir' [ 49.541503][ T62] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 49.692859][ T62] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 49.698245][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 49.702043][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 49.706559][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.067169][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.069758][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.072970][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.075596][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.078126][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.081263][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.084520][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.087059][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.090115][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.092970][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.095577][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.098644][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.101215][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.104432][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.107496][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.110081][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.112905][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.116065][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.118682][ T62] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 50.121322][ T62] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 50.124563][ T5957] Bluetooth: hci0: command tx timeout [ 50.124586][ T5957] Bluetooth: hci1: command tx timeout [ 50.126357][ T62] usb 5-1: config 0 interface 0 has no altsetting 0 [ 50.131886][ T62] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 50.132050][ T5957] Bluetooth: hci2: command tx timeout [ 50.134466][ T62] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 50.134479][ T62] usb 5-1: Product: syz [ 50.134486][ T62] usb 5-1: Manufacturer: syz [ 50.134494][ T62] usb 5-1: SerialNumber: syz [ 50.143246][ T62] usb 5-1: config 0 descriptor?? [ 50.156040][ T62] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 50.201533][ T5957] Bluetooth: hci3: command tx timeout [ 50.413842][ T6060] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 50.416281][ T6060] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 50.423290][ T6060] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 50.427369][ T6060] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 50.429711][ T6060] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 50.433547][ T6060] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 50.436459][ T6060] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 50.438720][ T6060] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 50.442726][ T6060] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 50.445739][ T6060] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 50.448075][ T6060] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 50.451991][ T6060] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 50.562330][ T62] usb 5-1: USB disconnect, device number 2 [ 50.568318][ T62] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 51.394211][ T6031] syz.2.3 (6031) used greatest stack depth: 20816 bytes left [ 51.613888][ T6079] fuse: Invalid rootmode [ 52.042920][ T6098] input: syz0 as /devices/virtual/input/input5 [ 52.401926][ T5957] Bluetooth: hci3: ACL packet for unknown connection handle 1 [ 52.444758][ T5957] Bluetooth: hci0: command 0x0419 tx timeout [ 52.444797][ T5956] Bluetooth: hci2: command 0x0419 tx timeout [ 52.446982][ T5957] Bluetooth: hci1: command 0x0419 tx timeout [ 52.488174][ T6099] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 52.488820][ T6104] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 52.531797][ T5957] Bluetooth: hci3: command 0x0419 tx timeout [ 52.662355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.664908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.668148][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.707674][ T6099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.712628][ T6110] netlink: 24 bytes leftover after parsing attributes in process `syz.1.26'. [ 52.717704][ T6099] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 52.721843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.732498][ T6099] bond0 (unregistering): Released all slaves [ 52.761584][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.895092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.901856][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.943499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.509493][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.750852][ T6115] block nbd1: shutting down sockets [ 54.128576][ T6166] nfs: Unknown parameter 'acNz5A' [ 54.374818][ T6197] netlink: 'syz.3.38': attribute type 9 has an invalid length. [ 54.522190][ T5957] Bluetooth: hci1: command 0x0419 tx timeout [ 54.532105][ T5957] Bluetooth: hci2: command 0x0419 tx timeout [ 54.532594][ T65] Bluetooth: hci0: command 0x0419 tx timeout [ 54.601583][ T65] Bluetooth: hci3: command 0x0419 tx timeout [ 54.622120][ T40] audit: type=1800 audit(1736699574.144:2): pid=6208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.41" name="bus" dev="9p" ino=40239566 res=0 errno=0 [ 55.009794][ T6222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 55.021817][ T6223] mkiss: ax0: crc mode is auto. [ 55.097775][ T6230] netlink: 'syz.1.48': attribute type 2 has an invalid length. [ 55.221204][ T6240] program syz.0.51 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 55.237997][ T6223] netlink: 8 bytes leftover after parsing attributes in process `syz.2.46'. [ 55.343912][ T6249] Zero length message leads to an empty skb [ 55.791110][ T6225] Process accounting resumed [ 55.933706][ T65] block nbd3: Receive control failed (result -107) [ 55.972954][ T6252] nbd3: detected capacity change from 0 to 131074 [ 56.021591][ T6251] nbd3: detected capacity change from 131074 to 12 [ 56.026024][ T5950] block nbd3: Dead connection, failed to find a fallback [ 56.028396][ T5950] block nbd3: shutting down sockets [ 56.030071][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.034545][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.037386][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.040673][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.043968][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.047727][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.050979][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.055153][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.057637][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.060210][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.062733][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.065388][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.067750][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.070401][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.074388][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.077064][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.079393][ T5950] ldm_validate_partition_table(): Disk read failed. [ 56.081940][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.084726][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.086003][ T6261] overlay: filesystem on ./file0 not supported as upperdir [ 56.087068][ T5950] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 56.092700][ T5950] Buffer I/O error on dev nbd3, logical block 0, async page read [ 56.095124][ T5950] Dev nbd3: unable to read RDB block 0 [ 56.096814][ T5950] nbd3: unable to read partition table [ 56.098469][ T5950] nbd3: partition table beyond EOD, truncated [ 56.130599][ T5950] ldm_validate_partition_table(): Disk read failed. [ 56.133402][ T5950] Dev nbd3: unable to read RDB block 0 [ 56.135126][ T5950] nbd3: unable to read partition table [ 56.136818][ T5950] nbd3: partition table beyond EOD, truncated [ 56.186032][ T6269] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 56.216813][ T6269] netlink: 'syz.1.60': attribute type 1 has an invalid length. [ 56.390426][ T6280] syz.3.58 uses obsolete (PF_INET,SOCK_PACKET) [ 56.601688][ T65] Bluetooth: hci2: command 0x0419 tx timeout [ 56.602109][ T5957] Bluetooth: hci0: command 0x0419 tx timeout [ 56.604277][ T5956] Bluetooth: hci1: command 0x0419 tx timeout [ 56.683527][ T5956] Bluetooth: hci3: command 0x0419 tx timeout [ 56.692261][ T6287] bridge_slave_0: left allmulticast mode [ 56.693943][ T6287] bridge_slave_0: left promiscuous mode [ 56.695746][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.701172][ T6287] bridge_slave_1: left allmulticast mode [ 56.703348][ T6287] bridge_slave_1: left promiscuous mode [ 56.705481][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.711983][ T6287] bond0: (slave bond_slave_0): Releasing backup interface [ 56.722553][ T6287] bond0: (slave bond_slave_1): Releasing backup interface [ 56.739541][ T6287] team0: Port device team_slave_0 removed [ 56.745000][ T6287] team0: Port device team_slave_1 removed [ 56.747095][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.749353][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.753761][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.756061][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 57.534401][ T6305] sctp: [Deprecated]: syz.0.66 (pid 6305) Use of int in max_burst socket option. [ 57.534401][ T6305] Use struct sctp_assoc_value instead [ 57.776644][ T56] libceph: connect (1)[c::]:6789 error -101 [ 57.779567][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 57.783292][ T56] libceph: connect (1)[c::]:6789 error -101 [ 57.785288][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 58.045914][ T56] libceph: connect (1)[c::]:6789 error -101 [ 58.048368][ T56] libceph: mon0 (1)[c::]:6789 connect error [ 58.197380][ T6336] netlink: 'syz.0.73': attribute type 10 has an invalid length. [ 58.405467][ T6322] ceph: No mds server is up or the cluster is laggy [ 58.588196][ T6342] netlink: 12 bytes leftover after parsing attributes in process `syz.2.77'. [ 58.732458][ T65] Bluetooth: hci0: command 0x0419 tx timeout [ 58.734349][ T65] Bluetooth: hci2: command 0x0419 tx timeout [ 58.736139][ T65] Bluetooth: hci1: command 0x0419 tx timeout [ 58.761563][ T65] Bluetooth: hci3: command 0x0419 tx timeout [ 58.780812][ T6354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.79'. [ 58.787851][ T6354] netlink: 664 bytes leftover after parsing attributes in process `syz.3.79'. [ 59.159591][ T6362] Bluetooth: MGMT ver 1.23 [ 59.356816][ T6372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.83'. [ 59.488458][ T6380] input: syz0 as /devices/virtual/input/input6 [ 59.741261][ T6390] usb 2-1: USB disconnect, device number 2 [ 59.794176][ T6393] fuse: Bad value for 'fd' [ 59.962039][ T56] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 60.033331][ T6393] nbd0: detected capacity change from 0 to 22 [ 60.046683][ T6390] block nbd0: shutting down sockets [ 60.047881][ T5950] ldm_validate_partition_table(): Disk read failed. [ 60.089040][ T5950] Dev nbd0: unable to read RDB block 0 [ 60.091652][ T5950] nbd0: unable to read partition table [ 60.094034][ T5950] nbd0: partition table beyond EOD, truncated [ 60.105741][ T5950] ldm_validate_partition_table(): Disk read failed. [ 60.108023][ T5950] Dev nbd0: unable to read RDB block 0 [ 60.109835][ T5950] nbd0: unable to read partition table [ 60.113174][ T5950] nbd0: partition table beyond EOD, truncated [ 60.131562][ T56] usb 6-1: Using ep0 maxpacket: 32 [ 60.142274][ T56] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 60.146181][ T56] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 60.151353][ T56] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 60.156105][ T56] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 60.160083][ T56] usb 6-1: config 1 interface 1 has no altsetting 0 [ 60.166704][ T56] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 60.170159][ T56] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.172071][ T833] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 60.173289][ T56] usb 6-1: Product: syz [ 60.178768][ T56] usb 6-1: Manufacturer: syz [ 60.180568][ T56] usb 6-1: SerialNumber: syz [ 60.324628][ T833] usb 7-1: config 1 interface 0 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 60.328495][ T833] usb 7-1: config 1 interface 0 has no altsetting 0 [ 60.335535][ T833] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 60.338220][ T833] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.340573][ T833] usb 7-1: Product: syz [ 60.342769][ T833] usb 7-1: Manufacturer: syz [ 60.344361][ T833] usb 7-1: SerialNumber: syz [ 60.462410][ T6392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.468612][ T6392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.593851][ T6402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.93'. [ 60.599360][ T56] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor [ 60.603362][ T56] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor [ 60.710476][ T56] usb 6-1: USB disconnect, device number 2 [ 60.841758][ T5957] Bluetooth: hci3: command 0x0419 tx timeout [ 60.974632][ T6407] udevd[6407]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 61.472873][ T6435] block nbd0: shutting down sockets [ 61.573097][ T6451] Cannot find add_set index 0 as target [ 61.629389][ T6454] 9pnet_fd: Insufficient options for proto=fd [ 62.869201][ T6478] xt_CT: You must specify a L4 protocol and not use inversions on it [ 62.871368][ T6478] netlink: 20 bytes leftover after parsing attributes in process `syz.1.111'. [ 62.936110][ T833] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 62.942173][ T833] usb 7-1: USB disconnect, device number 2 [ 62.955020][ T833] usblp0: removed [ 62.991394][ T6480] process 'syz.2.112' launched '/dev/fd/8' with NULL argv: empty string added [ 64.032101][ T6516] ======================================================= [ 64.032101][ T6516] WARNING: The mand mount option has been deprecated and [ 64.032101][ T6516] and is ignored by this kernel. Remove the mand [ 64.032101][ T6516] option from the mount to silence this warning. [ 64.032101][ T6516] ======================================================= [ 64.627686][ T65] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 64.900798][ T6526] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.001488][ T6526] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.076599][ T6526] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.082007][ T65] Bluetooth: hci3: command 0x0419 tx timeout [ 65.151365][ T6526] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.231746][ T6526] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.239486][ T6526] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.248113][ T6526] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.264642][ T6526] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.724610][ T6546] netlink: 'syz.0.129': attribute type 52 has an invalid length. [ 66.707870][ T6576] netlink: 'syz.2.134': attribute type 1 has an invalid length. [ 66.709938][ T6574] binder: 6573:6574 ioctl 40046205 0 returned -22 [ 66.712394][ T6576] netlink: 224 bytes leftover after parsing attributes in process `syz.2.134'. [ 67.430761][ T6612] capability: warning: `syz.3.137' uses deprecated v2 capabilities in a way that may be insecure [ 68.000614][ T6633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'. [ 68.012595][ T6633] IPVS: Error joining to the multicast group [ 68.509771][ T40] audit: type=1326 audit(1736699588.034:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6659 comm="syz.1.145" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf714e579 code=0x0 [ 68.852399][ T6658] infiniband syz1: set down [ 68.853917][ T6658] infiniband syz1: added bond_slave_1 [ 68.859655][ T6667] can: request_module (can-proto-3) failed. [ 68.916870][ T6658] RDS/IB: syz1: added [ 68.924892][ T6658] smc: adding ib device syz1 with port count 1 [ 68.932095][ T6658] smc: ib device syz1 port 1 has pnetid SYZ0 (user defined) [ 69.953578][ T40] audit: type=1800 audit(1736699589.484:4): pid=6694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.152" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 70.774790][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.121483][ T5957] Bluetooth: hci2: command 0x0419 tx timeout [ 72.684595][ T6792] loop7: detected capacity change from 0 to 16384 [ 72.687044][ T6790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.171'. [ 72.955203][ T6800] xt_CT: You must specify a L4 protocol and not use inversions on it [ 73.231534][ T6798] loop7: detected capacity change from 16384 to 16383 [ 73.420970][ T6808] syz.3.181[6808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.421021][ T6808] syz.3.181[6808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.424560][ T6808] syz.3.181[6808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.745935][ T6826] mkiss: ax0: crc mode is auto. [ 74.706934][ T6882] netlink: 12 bytes leftover after parsing attributes in process `syz.1.196'. [ 74.777928][ T6884] netlink: 'syz.3.192': attribute type 12 has an invalid length. [ 74.780323][ T6884] netlink: 132 bytes leftover after parsing attributes in process `syz.3.192'. [ 75.030507][ T6887] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 75.032780][ T6887] overlayfs: failed to set xattr on upper [ 75.034498][ T6887] overlayfs: ...falling back to redirect_dir=nofollow. [ 75.036510][ T6887] overlayfs: ...falling back to index=off. [ 75.038197][ T6887] overlayfs: ...falling back to uuid=null. [ 75.699415][ T6910] overlayfs: failed to resolve './file1': -2 [ 75.714359][ T6908] syzkaller0: entered promiscuous mode [ 75.715947][ T6908] syzkaller0: entered allmulticast mode [ 75.961784][ T65] Bluetooth: hci3: command 0x0419 tx timeout [ 77.260467][ T6943] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.263121][ T6943] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.265475][ T6943] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.267793][ T6943] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.270123][ T6943] geneve2: entered allmulticast mode [ 77.337475][ T6947] block nbd3: not configured, cannot reconfigure [ 77.470822][ T6959] overlayfs: statfs failed on './file0' [ 77.542172][ T6961] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 77.546615][ T6961] qnx6: wrong signature (magic) in superblock #1. [ 77.549020][ T6961] qnx6: unable to read the first superblock [ 78.045544][ T6987] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 78.859129][ T7028] netlink: 'syz.0.233': attribute type 1 has an invalid length. [ 78.884029][ T7028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.233'. [ 78.896462][ T7028] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 78.902788][ T7028] bond0: (slave batadv1): Enslaving as a backup interface with an up link [ 79.033760][ T7026] block nbd3: shutting down sockets [ 79.043699][ T7025] block nbd3: server does not support multiple connections per device. [ 79.046264][ T7025] block nbd3: NBD_DISCONNECT [ 79.047702][ T7025] block nbd3: Send disconnect failed -32 [ 79.049571][ T7025] block nbd3: Send disconnect failed -32 [ 79.161785][ T62] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 79.341750][ T62] usb 7-1: Using ep0 maxpacket: 8 [ 79.349046][ T62] usb 7-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 79.352088][ T62] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.354308][ T62] usb 7-1: Product: syz [ 79.355461][ T62] usb 7-1: Manufacturer: syz [ 79.356770][ T62] usb 7-1: SerialNumber: syz [ 79.392762][ T62] usb 7-1: config 0 descriptor?? [ 79.422574][ T62] option 7-1:0.0: GSM modem (1-port) converter detected [ 79.611524][ T56] usb 7-1: USB disconnect, device number 3 [ 79.614194][ T56] option 7-1:0.0: device disconnected [ 79.621913][ T7015] netlink: 28 bytes leftover after parsing attributes in process `syz.2.230'. [ 79.689064][ T7032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 79.691595][ T7032] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 79.704778][ T7032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 79.706578][ T7032] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 79.713744][ T7032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 79.715429][ T7032] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 79.720667][ T7032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 79.728965][ T7032] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 80.193369][ T7068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.240'. [ 80.210047][ T7069] warning: `syz.2.240' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 80.218933][ T7039] [U] v3 [ 80.637153][ T7087] block device autoloading is deprecated and will be removed. [ 81.007030][ T35] cfg80211: failed to load regulatory.db [ 82.376465][ T7165] mkiss: ax0: crc mode is auto. [ 82.400023][ T7165] netfs: Couldn't get user pages (rc=-14) [ 82.795572][ T7171] /dev/sr0: Can't open blockdev [ 83.183421][ T7190] netlink: 'syz.1.266': attribute type 10 has an invalid length. [ 83.204121][ T7190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.210971][ T7190] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 83.629880][ T7211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.276'. [ 84.064908][ T7222] netlink: 228 bytes leftover after parsing attributes in process `syz.1.277'. [ 85.224204][ T7250] overlayfs: missing 'lowerdir' [ 86.070530][ T7276] syz.3.292: attempt to access beyond end of device [ 86.070530][ T7276] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 86.075510][ T7276] vxfs: unable to read disk superblock at 1 [ 86.077481][ T7276] syz.3.292: attempt to access beyond end of device [ 86.077481][ T7276] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 86.084712][ T7276] vxfs: unable to read disk superblock at 8 [ 86.086662][ T7276] vxfs: can't find superblock. [ 86.097804][ T7276] netlink: 20 bytes leftover after parsing attributes in process `syz.3.292'. [ 86.229328][ T7283] afs: Unknown parameter 'dyR' [ 86.246227][ T7283] syz.1.294: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 86.250793][ T7283] CPU: 3 UID: 0 PID: 7283 Comm: syz.1.294 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 86.253801][ T7283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.256862][ T7283] Call Trace: [ 86.257781][ T7283] [ 86.258614][ T7283] dump_stack_lvl+0x16c/0x1f0 [ 86.259939][ T7283] warn_alloc+0x24d/0x3a0 [ 86.261132][ T7283] ? __pfx_warn_alloc+0x10/0x10 [ 86.262522][ T7283] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 86.264107][ T7283] ? kasan_save_stack+0x42/0x60 [ 86.265442][ T7283] ? kasan_save_stack+0x33/0x60 [ 86.266772][ T7283] ? kasan_save_track+0x14/0x30 [ 86.268087][ T7283] ? __kasan_kmalloc+0xaa/0xb0 [ 86.269385][ T7283] ? xskq_create+0x52/0x1d0 [ 86.270597][ T7283] ? do_sock_setsockopt+0x222/0x480 [ 86.271993][ T7283] ? __sys_setsockopt+0x1a0/0x230 [ 86.273430][ T7283] ? __ia32_sys_setsockopt+0xbc/0x160 [ 86.274894][ T7283] __vmalloc_node_range_noprof+0x10df/0x1530 [ 86.276595][ T7283] ? xskq_create+0xfb/0x1d0 [ 86.277944][ T7283] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 86.280164][ T7283] ? xskq_create+0xfb/0x1d0 [ 86.281795][ T7283] vmalloc_user_noprof+0x6b/0x90 [ 86.283248][ T7283] ? xskq_create+0xfb/0x1d0 [ 86.284548][ T7283] xskq_create+0xfb/0x1d0 [ 86.285776][ T7283] xsk_setsockopt+0x8b0/0xac0 [ 86.287150][ T7283] ? __pfx_xsk_setsockopt+0x10/0x10 [ 86.289062][ T7283] ? find_held_lock+0x2d/0x110 [ 86.290751][ T7283] ? __pfx_xsk_setsockopt+0x10/0x10 [ 86.292599][ T7283] do_sock_setsockopt+0x222/0x480 [ 86.294444][ T7283] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 86.296126][ T7283] ? lock_acquire+0x2f/0xb0 [ 86.297526][ T7283] __sys_setsockopt+0x1a0/0x230 [ 86.298916][ T7283] __ia32_sys_setsockopt+0xbc/0x160 [ 86.300667][ T7283] ? lockdep_hardirqs_on+0x7c/0x110 [ 86.302236][ T7283] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 86.304637][ T7283] __do_fast_syscall_32+0x73/0x120 [ 86.306398][ T7283] do_fast_syscall_32+0x32/0x80 [ 86.308170][ T7283] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.310410][ T7283] RIP: 0023:0xf714e579 [ 86.311766][ T7283] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 86.318423][ T7283] RSP: 002b:00000000f514055c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 86.321258][ T7283] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 86.324094][ T7283] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000020 [ 86.326891][ T7283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 86.329756][ T7283] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 86.332143][ T7283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 86.335004][ T7283] [ 86.355706][ T7283] Mem-Info: [ 86.362186][ T7283] active_anon:9181 inactive_anon:270 isolated_anon:0 [ 86.362186][ T7283] active_file:12071 inactive_file:35055 isolated_file:0 [ 86.362186][ T7283] unevictable:1768 dirty:280 writeback:0 [ 86.362186][ T7283] slab_reclaimable:8449 slab_unreclaimable:57518 [ 86.362186][ T7283] mapped:26903 shmem:5325 pagetables:863 [ 86.362186][ T7283] sec_pagetables:301 bounce:0 [ 86.362186][ T7283] kernel_misc_reclaimable:0 [ 86.362186][ T7283] free:41912 free_pcp:11000 free_cma:0 [ 86.393785][ T7289] [ 86.394558][ T7289] ====================================================== [ 86.396406][ T7289] WARNING: possible circular locking dependency detected [ 86.398295][ T7289] 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 Not tainted [ 86.401513][ T7283] Node 0 active_anon:4008kB inactive_anon:1080kB active_file:1188kB inactive_file:7480kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5104kB dirty:0kB writeback:0kB shmem:5216kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9712kB pagetables:700kB sec_pagetables:1144kB all_unreclaimable? yes [ 86.401608][ T7289] ------------------------------------------------------ [ 86.401613][ T7289] syz.3.295/7289 is trying to acquire lock: [ 86.401619][ T7289] ffff888042ba4a50 [ 86.414053][ T7283] Node 1 active_anon:31416kB inactive_anon:0kB active_file:47096kB inactive_file:132740kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:102608kB dirty:1120kB writeback:0kB shmem:16084kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3120kB pagetables:2852kB sec_pagetables:60kB all_unreclaimable? no [ 86.415467][ T7289] (&q->sysfs_lock [ 86.417417][ T7283] Node 0 [ 86.418397][ T7289] ){+.+.}-{4:4} [ 86.428880][ T7283] DMA free:2996kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:16kB inactive_anon:156kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:596kB local_pcp:68kB free_cma:0kB [ 86.429674][ T7289] , at: blk_register_queue+0x132/0x4f0 [ 86.430539][ T7283] lowmem_reserve[]: 0 [ 86.431525][ T7289] [ 86.431525][ T7289] but task is already holding lock: [ 86.431530][ T7289] ffff888042ba4ae0 (&q->sysfs_dir_lock){+.+.}-{4:4}, at: blk_register_queue+0x5c/0x4f0 [ 86.431556][ T7289] [ 86.431556][ T7289] which lock already depends on the new lock. [ 86.431556][ T7289] [ 86.431559][ T7289] [ 86.431559][ T7289] the existing dependency chain (in reverse order) is: [ 86.431562][ T7289] [ 86.431562][ T7289] -> #5 ( [ 86.439817][ T7283] 273 [ 86.440864][ T7289] &q->sysfs_dir_lock){+.+.}-{4:4} [ 86.442281][ T7283] 0 [ 86.443988][ T7289] : [ 86.443993][ T7289] __mutex_lock+0x19b/0xa60 [ 86.444007][ T7289] blk_mq_sysfs_unregister_hctxs+0x92/0x2d0 [ 86.444019][ T7289] __blk_mq_update_nr_hw_queues+0x93f/0x1460 [ 86.444028][ T7289] blk_mq_update_nr_hw_queues+0x2a/0x40 [ 86.447068][ T7283] 0 [ 86.449898][ T7289] nbd_start_device+0x15b/0xd70 [ 86.449914][ T7289] nbd_ioctl+0x21a/0xfd0 [ 86.449924][ T7289] compat_blkdev_ioctl+0x2f7/0x750 [ 86.449936][ T7289] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 86.449946][ T7289] __do_fast_syscall_32+0x73/0x120 [ 86.449957][ T7289] do_fast_syscall_32+0x32/0x80 [ 86.454699][ T7283] 0 [ 86.454955][ T7289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.456001][ T7283] [ 86.457406][ T7289] [ 86.457406][ T7289] -> #4 (&q->q_usage_counter(io) [ 86.458425][ T7283] Node 0 [ 86.459145][ T7289] #49){++++}-{0:0} [ 86.461122][ T7283] DMA32 free:15740kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:3992kB inactive_anon:924kB active_file:1188kB inactive_file:7480kB unevictable:3536kB writepending:0kB present:1032196kB managed:306300kB mlocked:0kB bounce:0kB free_pcp:5672kB local_pcp:1276kB free_cma:0kB [ 86.462962][ T7289] : [ 86.462965][ T7289] blk_mq_submit_bio+0x1fb6/0x24c0 [ 86.462981][ T7289] __submit_bio+0x384/0x540 [ 86.462994][ T7289] submit_bio_noacct_nocheck+0x698/0xd70 [ 86.463007][ T7289] submit_bio_noacct+0x93a/0x1e20 [ 86.463020][ T7289] block_read_full_folio+0x812/0xa50 [ 86.466616][ T7283] lowmem_reserve[]: [ 86.467267][ T7289] filemap_read_folio+0xc6/0x2a0 [ 86.468300][ T7283] 0 [ 86.469815][ T7289] filemap_get_pages+0x155f/0x1be0 [ 86.472868][ T7283] 0 [ 86.473270][ T7289] filemap_read+0x3ca/0xd70 [ 86.475532][ T7283] 0 [ 86.477033][ T7289] blkdev_read_iter+0x187/0x480 [ 86.477046][ T7289] vfs_read+0x87f/0xbe0 [ 86.477055][ T7289] ksys_read+0x12b/0x250 [ 86.477064][ T7289] do_syscall_64+0xcd/0x250 [ 86.477076][ T7289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.478764][ T7283] 0 [ 86.479426][ T7289] [ 86.479426][ T7289] -> #3 (mapping.invalidate_lock [ 86.483391][ T7283] 0 [ 86.484723][ T7289] #2){.+.+}-{4:4}: [ 86.484743][ T7289] down_read+0x9a/0x330 [ 86.485924][ T7283] [ 86.487271][ T7289] filemap_fault+0x2e0/0x2820 [ 86.487294][ T7289] __do_fault+0x10a/0x490 [ 86.487308][ T7289] do_pte_missing+0x1a8/0x3e00 [ 86.498792][ T7283] Node 1 [ 86.498812][ T7289] __handle_mm_fault+0x103c/0x2a40 [ 86.501622][ T7283] DMA32 free:147764kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:33816kB inactive_anon:0kB active_file:47096kB inactive_file:132740kB unevictable:3536kB writepending:1120kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:37584kB local_pcp:8468kB free_cma:0kB [ 86.502337][ T7289] handle_mm_fault+0x3fa/0xaa0 [ 86.502352][ T7289] __get_user_pages+0x8d9/0x3b50 [ 86.502363][ T7289] faultin_page_range+0x24a/0x980 [ 86.505852][ T7283] lowmem_reserve[]: [ 86.506202][ T7289] do_madvise+0x504/0x770 [ 86.509608][ T7283] 0 [ 86.511009][ T7289] __ia32_sys_madvise+0xa7/0x110 [ 86.511021][ T7289] __do_fast_syscall_32+0x73/0x120 [ 86.511033][ T7289] do_fast_syscall_32+0x32/0x80 [ 86.513456][ T7283] 0 [ 86.513584][ T7289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.515720][ T7283] 0 [ 86.515979][ T7289] [ 86.515979][ T7289] -> #2 (&mm->mmap_lock [ 86.518105][ T7283] 0 [ 86.518448][ T7289] ){++++}-{4:4}: [ 86.521252][ T7283] 0 [ 86.521378][ T7289] __might_fault+0x11b/0x190 [ 86.525335][ T7283] [ 86.525599][ T7289] _copy_from_user+0x29/0xd0 [ 86.529087][ T7283] Node 0 [ 86.529702][ T7289] compat_blk_trace_setup+0xc9/0x200 [ 86.531522][ T7283] DMA: [ 86.531661][ T7289] blk_trace_ioctl+0x24a/0x290 [ 86.533173][ T7283] 89*4kB [ 86.534410][ T7289] compat_blkdev_ioctl+0x13c/0x750 [ 86.534426][ T7289] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 86.535937][ T7283] (U) [ 86.536757][ T7289] __do_fast_syscall_32+0x73/0x120 [ 86.538308][ T7283] 90*8kB [ 86.546278][ T7289] do_fast_syscall_32+0x32/0x80 [ 86.546299][ T7289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.546314][ T7289] [ 86.546314][ T7289] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 86.546330][ T7289] __mutex_lock+0x19b/0xa60 [ 86.546341][ T7289] blk_register_queue+0x13c/0x4f0 [ 86.546352][ T7289] add_disk_fwnode+0x785/0x1300 [ 86.546360][ T7289] brd_alloc.isra.0+0x50a/0x7c0 [ 86.547887][ T7283] (U) [ 86.549416][ T7289] brd_init+0x12b/0x1d0 [ 86.551009][ T7283] 50*16kB [ 86.552059][ T7289] do_one_initcall+0x128/0x630 [ 86.552077][ T7289] kernel_init_freeable+0x58f/0x8b0 [ 86.553485][ T7283] (U) [ 86.554211][ T7289] kernel_init+0x1c/0x2b0 [ 86.555720][ T7283] 35*32kB [ 86.557262][ T7289] ret_from_fork+0x45/0x80 [ 86.558770][ T7283] (U) 0*64kB [ 86.559500][ T7289] ret_from_fork_asm+0x1a/0x30 [ 86.561462][ T7283] 0*128kB [ 86.562155][ T7289] [ 86.562155][ T7289] -> #0 [ 86.564321][ T7283] 0*256kB [ 86.565305][ T7289] (&q->sysfs_lock [ 86.566413][ T7283] 0*512kB [ 86.567154][ T7289] ){+.+.}-{4:4}: [ 86.567165][ T7289] __lock_acquire+0x249e/0x3c40 [ 86.567178][ T7289] lock_acquire.part.0+0x11b/0x380 [ 86.567187][ T7289] __mutex_lock+0x19b/0xa60 [ 86.568632][ T7283] 0*1024kB [ 86.569355][ T7289] blk_register_queue+0x132/0x4f0 [ 86.570822][ T7283] 0*2048kB [ 86.571678][ T7289] add_disk_fwnode+0x785/0x1300 [ 86.571690][ T7289] md_alloc+0x393/0x1030 [ 86.571703][ T7289] md_probe+0x6e/0xd0 [ 86.571715][ T7289] blk_request_module+0x115/0x1e0 [ 86.571723][ T7289] blkdev_get_no_open+0x7a/0xe0 [ 86.573379][ T7283] 0*4096kB [ 86.574129][ T7289] bdev_file_open_by_dev+0x6b/0x210 [ 86.577436][ T7283] = 2996kB [ 86.577996][ T7289] swsusp_check+0x78/0x410 [ 86.579788][ T7283] Node 0 [ 86.580893][ T7289] software_resume+0x6d/0x400 [ 86.582881][ T7283] DMA32: [ 86.583666][ T7289] resume_store+0x249/0x460 [ 86.583681][ T7289] kobj_attr_store+0x55/0x80 [ 86.583694][ T7289] sysfs_kf_write+0x117/0x170 [ 86.585135][ T7283] 307*4kB [ 86.587016][ T7289] kernfs_fop_write_iter+0x33d/0x500 [ 86.589236][ T7283] (UH) [ 86.590646][ T7289] vfs_write+0x5ae/0x1150 [ 86.592300][ T7283] 48*8kB [ 86.593750][ T7289] ksys_write+0x12b/0x250 [ 86.595292][ T7283] (UH) [ 86.596036][ T7289] __do_fast_syscall_32+0x73/0x120 [ 86.597299][ T7283] 19*16kB [ 86.598145][ T7289] do_fast_syscall_32+0x32/0x80 [ 86.599625][ T7283] (UH) 84*32kB [ 86.601194][ T7289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.601215][ T7289] [ 86.601215][ T7289] other info that might help us debug this: [ 86.601215][ T7289] [ 86.601218][ T7289] Chain exists of: [ 86.601218][ T7289] &q->sysfs_lock --> &q->q_usage_counter(io) [ 86.602027][ T7283] (UEH) [ 86.603377][ T7289] #49 --> [ 86.604225][ T7283] 54*64kB [ 86.605544][ T7289] &q->sysfs_dir_lock [ 86.606520][ T7283] (UEH) [ 86.607968][ T7289] [ 86.607968][ T7289] [ 86.607975][ T7289] Possible unsafe locking scenario: [ 86.607975][ T7289] [ 86.608856][ T7283] 22*128kB [ 86.610181][ T7289] CPU0 CPU1 [ 86.611049][ T7283] (UEH) 7*256kB [ 86.612124][ T7289] ---- ---- [ 86.612130][ T7289] lock(&q->sysfs_dir_lock); [ 86.612138][ T7289] lock(&q->q_usage_counter(io)#49); [ 86.612148][ T7289] lock(&q->sysfs_dir_lock); [ 86.612154][ T7289] lock(&q->sysfs_lock); [ 86.612160][ T7289] [ 86.612160][ T7289] *** DEADLOCK *** [ 86.612160][ T7289] [ 86.613062][ T7283] (UH) [ 86.614064][ T7289] 8 locks held by syz.3.295/7289: [ 86.615591][ T7283] 4*512kB (UM) [ 86.617147][ T7289] #0: ffff88804a5bcef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x267/0x390 [ 86.618639][ T7283] 1*1024kB [ 86.619522][ T7289] #1: [ 86.621074][ T7283] (M) [ 86.621952][ T7289] ffff88804a80a420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 [ 86.621982][ T7289] #2: ffff888027fba088 (&of->mutex){+.+.}-{4:4} [ 86.623513][ T7283] 0*2048kB [ 86.624815][ T7289] , at: kernfs_fop_write_iter+0x27b/0x500 [ 86.626071][ T7283] 0*4096kB [ 86.627562][ T7289] #3: ffff88801c37cb48 (kn->active#62){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 [ 86.630629][ T7283] = 15740kB [ 86.631402][ T7289] #4: ffffffff8dc80d08 (system_transition_mutex){+.+.}-{4:4}, at: software_resume+0x63/0x400 [ 86.631432][ T7289] #5: [ 86.632273][ T7283] Node 1 [ 86.633625][ T7289] ffffffff8e8b8f08 (major_names_lock){+.+.}-{4:4}, at: blk_request_module+0x29/0x1e0 [ 86.633650][ T7289] #6: [ 86.634431][ T7283] DMA32: [ 86.635830][ T7289] ffffffff8f62aa48 (disks_mutex){+.+.}-{4:4}, at: md_alloc+0x3e/0x1030 [ 86.636809][ T7283] 5*4kB [ 86.638182][ T7289] #7: ffff888042ba4ae0 [ 86.639735][ T7283] (ME) [ 86.641196][ T7289] ( [ 86.642120][ T7283] 167*8kB [ 86.643729][ T7289] &q->sysfs_dir_lock [ 86.644507][ T7283] (UME) [ 86.645844][ T7289] ){+.+.}-{4:4} [ 86.646700][ T7283] 14*16kB [ 86.648083][ T7289] , at: blk_register_queue+0x5c/0x4f0 [ 86.648889][ T7283] (UE) [ 86.650454][ T7289] [ 86.650454][ T7289] stack backtrace: [ 86.650474][ T7289] CPU: 3 UID: 0 PID: 7289 Comm: syz.3.295 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 86.650487][ T7289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.651367][ T7283] 7*32kB [ 86.652849][ T7289] Call Trace: [ 86.652855][ T7289] [ 86.652860][ T7289] dump_stack_lvl+0x116/0x1f0 [ 86.652874][ T7289] print_circular_bug+0x41c/0x610 [ 86.653874][ T7283] (UE) [ 86.655768][ T7289] check_noncircular+0x31a/0x400 [ 86.658636][ T7283] 305*64kB [ 86.661344][ T7289] ? __pfx_check_noncircular+0x10/0x10 [ 86.662207][ T7283] (UME) [ 86.663061][ T7289] ? kernfs_add_one+0x39d/0x520 [ 86.663949][ T7283] 95*128kB [ 86.665055][ T7289] ? lockdep_lock+0xc6/0x200 [ 86.665874][ T7283] (UME) [ 86.667165][ T7289] ? __pfx_lockdep_lock+0x10/0x10 [ 86.667187][ T7289] ? up_write+0x1b2/0x520 [ 86.667198][ T7289] __lock_acquire+0x249e/0x3c40 [ 86.669284][ T7283] 59*256kB [ 86.670183][ T7289] ? __pfx___lock_acquire+0x10/0x10 [ 86.671725][ T7283] (UME) [ 86.672687][ T7289] ? sysfs_add_file_mode_ns+0x227/0x3b0 [ 86.677053][ T7283] 15*512kB [ 86.677676][ T7289] lock_acquire.part.0+0x11b/0x380 [ 86.679639][ T7283] (UM) [ 86.680827][ T7289] ? blk_register_queue+0x132/0x4f0 [ 86.680843][ T7289] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 86.680853][ T7289] ? rcu_is_watching+0x12/0xc0 [ 86.687371][ T7283] 17*1024kB [ 86.688695][ T7289] ? trace_lock_acquire+0x14e/0x1f0 [ 86.690687][ T7283] (UME) [ 86.691239][ T7289] ? blk_register_queue+0x132/0x4f0 [ 86.694972][ T7283] 10*2048kB [ 86.695449][ T7289] ? lock_acquire+0x2f/0xb0 [ 86.696358][ T7283] (UME) [ 86.697927][ T7289] ? blk_register_queue+0x132/0x4f0 [ 86.697942][ T7289] __mutex_lock+0x19b/0xa60 [ 86.697956][ T7289] ? blk_register_queue+0x132/0x4f0 [ 86.698878][ T7283] 13*4096kB [ 86.701615][ T7289] ? kernfs_get+0x1f/0x30 [ 86.701629][ T7289] ? kobject_add_internal+0x54e/0x990 [ 86.701642][ T7289] ? blk_register_queue+0x132/0x4f0 [ 86.701654][ T7289] ? __pfx___mutex_lock+0x10/0x10 [ 86.701666][ T7289] ? kobject_add+0x17c/0x240 [ 86.710135][ T7283] (UM) [ 86.710450][ T7289] ? blk_register_queue+0x132/0x4f0 [ 86.711290][ T7283] = 147404kB [ 86.713544][ T7289] blk_register_queue+0x132/0x4f0 [ 86.713559][ T7289] add_disk_fwnode+0x785/0x1300 [ 86.713569][ T7289] ? md_alloc+0xb7f/0x1030 [ 86.713583][ T7289] md_alloc+0x393/0x1030 [ 86.713597][ T7289] md_probe+0x6e/0xd0 [ 86.715246][ T7283] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 86.715579][ T7289] ? __pfx_md_probe+0x10/0x10 [ 86.716398][ T7283] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 86.717084][ T7289] blk_request_module+0x115/0x1e0 [ 86.717097][ T7289] blkdev_get_no_open+0x7a/0xe0 [ 86.717113][ T7289] bdev_file_open_by_dev+0x6b/0x210 [ 86.717979][ T7283] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 86.719095][ T7289] swsusp_check+0x78/0x410 [ 86.719926][ T7283] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 86.720910][ T7289] software_resume+0x6d/0x400 [ 86.720925][ T7289] resume_store+0x249/0x460 [ 86.720936][ T7289] ? __pfx_resume_store+0x10/0x10 [ 86.722404][ T7283] 52427 total pagecache pages [ 86.723342][ T7289] ? __pfx_resume_store+0x10/0x10 [ 86.724214][ T7283] 14 pages in swap cache [ 86.725835][ T7289] kobj_attr_store+0x55/0x80 [ 86.728725][ T7283] Free swap = 123968kB [ 86.732599][ T7289] ? __pfx_kobj_attr_store+0x10/0x10 [ 86.732617][ T7289] sysfs_kf_write+0x117/0x170 [ 86.732631][ T7289] kernfs_fop_write_iter+0x33d/0x500 [ 86.732644][ T7289] ? __pfx_sysfs_kf_write+0x10/0x10 [ 86.732658][ T7289] vfs_write+0x5ae/0x1150 [ 86.732669][ T7289] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 86.732683][ T7289] ? __pfx___mutex_lock+0x10/0x10 [ 86.735200][ T7283] Total swap = 124996kB [ 86.735833][ T7289] ? __pfx_vfs_write+0x10/0x10 [ 86.737176][ T7283] 524155 pages RAM [ 86.738607][ T7289] ksys_write+0x12b/0x250 [ 86.739448][ T7283] 0 pages HighMem/MovableOnly [ 86.741246][ T7289] ? __pfx_ksys_write+0x10/0x10 [ 86.742476][ T7283] 206677 pages reserved [ 86.743756][ T7289] __do_fast_syscall_32+0x73/0x120 [ 86.744595][ T7283] 0 pages cma reserved [ 86.745985][ T7289] do_fast_syscall_32+0x32/0x80 [ 86.746000][ T7289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 86.847335][ T7289] RIP: 0023:0xf7fc8579 [ 86.848460][ T7289] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 86.853710][ T7289] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 86.855993][ T7289] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000040 [ 86.858156][ T7289] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.860344][ T7289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 86.862534][ T7289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.864710][ T7289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 86.866933][ T7289] [ 86.872839][ T7289] block device autoloading is deprecated and will be removed. [ 86.875111][ T7289] syz.3.295: attempt to access beyond end of device [ 86.875111][ T7289] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 86.878716][ T7289] PM: Image not found (code -5) [ 86.991603][ T6303] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 87.143209][ T6303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 47, changing to 9 [ 87.146643][ T6303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.149476][ T6303] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 87.153887][ T6303] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 87.156556][ T6303] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.159548][ T6303] usb 6-1: config 0 descriptor?? [ 87.615795][ T6303] usbhid 6-1:0.0: can't add hid device: -71 [ 87.618142][ T6303] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 87.621374][ T6303] usb 6-1: USB disconnect, device number 3 VM DIAGNOSIS: 16:33:26 Registers: info registers vcpu 0 CPU#0 RAX=00000000001db14c RBX=0000000000000000 RCX=ffffffff8b1a6899 RDX=ffffed1005686fee RSI=ffffffff8bb170c0 RDI=ffffffff81703039 RBP=fffffbfff1b52ef8 RSP=ffffffff8da07e20 R8 =0000000000000000 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=ffff88802b53fb10 R12=0000000000000000 R13=ffffffff8da977c0 R14=ffffffff901cf290 R15=0000000000000000 RIP=ffffffff8b1a7c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020d86000 CR3=000000006cfdc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffffea00016ac500 RCX=ffffffff81e2a645 RDX=1ffffd40002d58a1 RSI=ffffffff81e1ac8a RDI=ffffea00016ac508 RBP=800000005ab14007 RSP=ffffc900049ef890 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=1ffff11004b6608a R12=dffffc0000000000 R13=0000000000000000 R14=0000000000000000 R15=ffffc900049efce8 RIP=ffffffff81e1aca3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000202b9000 CR3=00000000678f8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000dd9cc RBX=0000000000000002 RCX=ffffffff8b1a6899 RDX=ffffed10056c6fee RSI=ffffffff8bb170c0 RDI=ffffffff81703039 RBP=ffffed10036ea000 RSP=ffffc9000048fe08 R8 =0000000000000000 R9 =ffffed10056c6fed R10=ffff88802b637f6b R11=0000000000000000 R12=0000000000000002 R13=ffff88801b750000 R14=ffffffff901cf290 R15=0000000000000000 RIP=ffffffff8b1a7c7f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000004aa54000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000010 RCX=ffffffff81794761 RDX=ffff888026818000 RSI=ffffffff8179474d RDI=0000000000000001 RBP=1ffff9200077fe43 RSP=ffffc90003bff208 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=722d302e33312e36 R12=0000000000000001 R13=0000000000000000 R14=ffff888022372440 R15=0000000000000001 RIP=ffffffff81794757 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=000000004bdfc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000