last executing test programs: 11.026630346s ago: executing program 2 (id=33): socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0xa, 0x801, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x14) openat$hpet(0xffffff9c, &(0x7f0000000a40), 0x640400, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x14) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x4c38}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x0, 0x80000001}, 0x0, 0x0) 9.819721831s ago: executing program 2 (id=37): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x8000) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0xfffffff8, 0x401, 0xfffffffd, 0xc4cf, 0x7, "0441d3e189e87fe30600000000000f000200", 0x4, 0x200}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000340)=0x2) r2 = socket$inet_tcp(0x2, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x707cb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2000000000002) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0) bind$netlink(r5, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r6, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) r7 = syz_io_uring_setup(0x18d7, 0x0, &(0x7f0000ffe000), &(0x7f0000ffe000)) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x2, &(0x7f0000000180), 0xfe) syz_open_procfs(0x0, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_buf(r8, 0x29, 0x30, 0x0, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r2, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) 8.008606309s ago: executing program 3 (id=41): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) syz_clone(0x4001100, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) io_submit(r4, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r2, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) socket$phonet_pipe(0x23, 0x5, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x1, 0x0, 0x7fffffff, 0x8000000000000, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3ff, 0x800, 0x5, 0x0, 0xfffffffffffffff9, 0x100000}, 0x0, 0x0) close(0x4) sendmmsg$inet(r1, 0x0, 0x0, 0x0) 7.816123512s ago: executing program 2 (id=42): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) syz_clone(0x4001100, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) io_submit(r4, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r2, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) socket$phonet_pipe(0x23, 0x5, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x1, 0x0, 0x7fffffff, 0x8000000000000, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3ff, 0x800, 0x5, 0x0, 0xfffffffffffffff9, 0x100000}, 0x0, 0x0) close(0x4) sendmmsg$inet(r1, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) 5.021698957s ago: executing program 0 (id=43): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) syz_clone(0x4001100, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) io_submit(r3, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r1, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) socket$phonet_pipe(0x23, 0x5, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x1, 0x0, 0x7fffffff, 0x8000000000000, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3ff, 0x800, 0x5, 0x0, 0xfffffffffffffff9, 0x100000}, 0x0, 0x0) close(0x4) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) 5.005958396s ago: executing program 1 (id=44): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0xffffffffffffffff}, 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) landlock_create_ruleset(&(0x7f0000000140)={0xe97, 0x3, 0x3}, 0x18, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'bridge_slave_1\x00', &(0x7f0000000500)=@ethtool_ts_info}) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-arm)\x00'}, 0x58) socket$inet_mptcp(0x2, 0x1, 0x106) socket$xdp(0x2c, 0x3, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x808, 0x80, 0x2, 0x3, 0x80, 0x100, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0x98e, 0xffffff01, 0x6, 0x0, 0x0, 0x5, 0x6, 0x0, 0x50, 0x3c5b, 0x1, 0x8, 0xd, 0x2, 0x80, 0xffffffff, 0xe65e, 0x4, 0x7, 0x400003, 0x8, 0x4c74, 0x80000000, 0x243, 0x3, 0xe, 0x8d, 0x6, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x5, 0x6, 0x6, 0x0, 0x5, 0x4, 0x40000008, 0x3ff, 0x80, 0x0, 0x7, 0x3, 0x8, 0x4, 0x1, 0x8], [0x5, 0x9, 0x8000012f, 0xf7, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0xfffffffe, 0x6c7, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x7f, 0x27, 0xe, 0x312, 0x78, 0xea1, 0x4, 0x4, 0x7, 0x7fff, 0x1, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x9, 0x4dd, 0x1000002, 0x4, 0xb, 0x4, 0x9, 0x5, 0x9, 0x6, 0x4b, 0x8000, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x4, 0x1, 0x9, 0x3, 0x3, 0x0, 0xebf, 0x48c93693, 0x401, 0xfffffffd], [0x7, 0x408, 0x4, 0x9, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x9, 0x5, 0xb, 0x4, 0x4, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x5, 0x80001, 0x6, 0x5, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x3, 0x200, 0x2080, 0x0, 0x4, 0x2950bfaf, 0xfffffffb, 0xa2, 0x8000007, 0x4, 0x4, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x1, 0x12b, 0x4, 0x1, 0xa, 0x24ac5e56, 0x5, 0x1c, 0x7, 0x3, 0x200a, 0x80a2ed, 0x4, 0x25], [0x9, 0xd9, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0xa, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2, 0x14c, 0x60a4, 0x6, 0x200016, 0xffffffff, 0x80000005, 0x5, 0x4, 0xc8, 0x7ff, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x3, 0x227, 0x5, 0x8, 0x8, 0x30b1d693, 0xa1f, 0x89, 0xa673, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0xd7, 0x200, 0x6, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$ocfs2_control(0xffffff9c, &(0x7f00000001c0), 0x8000, 0x0) openat$cgroup_ro(r3, 0x0, 0x275a, 0x0) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r5, 0x80047437, &(0x7f0000000080)) socket$packet(0x11, 0x1, 0x300) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r6, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r6, 0x40047435, &(0x7f0000000200)=0x1) 4.937746723s ago: executing program 2 (id=45): socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0xa, 0x801, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x14) openat$hpet(0xffffff9c, &(0x7f0000000a40), 0x640400, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x14) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x4c38}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x0, 0x80000001}, 0x0, 0x0) 4.63932783s ago: executing program 3 (id=46): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 3.951513944s ago: executing program 1 (id=47): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000f00), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, 0x0, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x21, r3}) 3.839797509s ago: executing program 1 (id=48): r0 = openat$mixer(0xffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) ioctl$mixer_OSS_ALSAEMULVER(r0, 0x80044df9, &(0x7f0000000100)) 3.839389736s ago: executing program 2 (id=49): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$autofs(0xffffff9c, &(0x7f0000000000), 0x600, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x1a, 0x0, &(0x7f0000000080)) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 3.779988705s ago: executing program 3 (id=50): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c03, r0) 3.779590688s ago: executing program 3 (id=51): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@getqdisc={0x28, 0x26, 0x100, 0x70bd25, 0x3c, {0x0, 0x0, 0x0, 0x0, {0xd, 0xffff}, {0x1, 0x3}, {0xffe0, 0xfff3}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x800000}, 0x18) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) futex(&(0x7f0000000300)=0x1, 0x8, 0x1, &(0x7f0000000500), &(0x7f0000000540)=0x1, 0x2) r5 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000a00)) ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000a80)={0x60, 0x0, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x9, 0x4c}) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) 3.744917951s ago: executing program 0 (id=52): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x20) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)}) close_range(r1, r1, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fanotify_mark(r3, 0x1, 0x4800003e, r2, 0x0) r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x6, 0x0, 0x7ffc1ffb}]}) openat(0xffffffffffffff9c, 0x0, 0x88041, 0x2) llistxattr(&(0x7f0000000740)='./file1\x00', 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 3.558258908s ago: executing program 1 (id=53): set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) iopl(0xe) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x80017) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000300)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) pipe(&(0x7f0000000040)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={&(0x7f0000000300), &(0x7f0000000380)}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap$xdp(&(0x7f0000f8f000/0x1000)=nil, 0x1000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) 2.909024067s ago: executing program 2 (id=54): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800100000400000028000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000ffff00000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xffffffffffffff64, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0xffffffffffffffff, 0x803, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) r4 = socket$netlink(0x10, 0x3, 0x4) ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000000)=@generic={0x0, 0x8}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000000)={0x4}) sendto$inet(r5, &(0x7f0000001600)="09268a927f1f6588b967481241ba7860fcfaf65ac635ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcec8044ab4ea6f7ae55d88fecf90b1a7511bf746b152124eb38d6c7a207112eb1bf554bc070626792d394df5adf7355fa5f8deb9db3da042d88", 0xfdef, 0x11, 0x0, 0x0) r7 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) io_uring_enter(r7, 0x6e2, 0x620, 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) 2.548694049s ago: executing program 1 (id=55): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@getqdisc={0x28, 0x26, 0x100, 0x70bd25, 0x3c, {0x0, 0x0, 0x0, 0x0, {0xd, 0xffff}, {0x1, 0x3}, {0xffe0, 0xfff3}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x800000}, 0x18) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) futex(&(0x7f0000000300)=0x1, 0x8, 0x1, &(0x7f0000000500), &(0x7f0000000540)=0x1, 0x2) r5 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000a00)) ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000a80)={0x60, 0x0, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x9, 0x4c}) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) 1.797057163s ago: executing program 0 (id=56): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) syz_clone(0x4001100, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) io_submit(r4, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r2, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) socket$inet_mptcp(0x2, 0x1, 0x106) socket$phonet_pipe(0x23, 0x5, 0x2) socket$inet6_sctp(0xa, 0x5, 0x84) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x1, 0x0, 0x7fffffff, 0x8000000000000, 0x0, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3ff, 0x800, 0x5, 0x0, 0xfffffffffffffff9, 0x100000}, 0x0, 0x0) close(0x4) sendmmsg$inet(r1, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) 1.455698781s ago: executing program 3 (id=57): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000f00), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, 0x0, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x21, r3}) 1.437350587s ago: executing program 3 (id=58): socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0xa, 0x801, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x14) openat$hpet(0xffffff9c, &(0x7f0000000a40), 0x640400, 0x0) io_setup(0x6, &(0x7f0000001380)) syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x14) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x4c38}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x0, 0x80000001}, 0x0, 0x0) 949.611481ms ago: executing program 0 (id=59): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 539.865705ms ago: executing program 1 (id=60): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 79.829054ms ago: executing program 0 (id=61): r0 = openat$mixer(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) ioctl$mixer_OSS_ALSAEMULVER(r0, 0x80044df9, &(0x7f0000000100)) 0s ago: executing program 0 (id=62): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$autofs(0xffffff9c, &(0x7f0000000000), 0x600, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x1a, 0x0, &(0x7f0000000080)) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:27670' (ED25519) to the list of known hosts. [ 42.549244][ T5856] cgroup: Unknown subsys name 'net' [ 42.696172][ T5856] cgroup: Unknown subsys name 'cpuset' [ 42.701329][ T5856] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.641585][ T5856] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.228822][ T5954] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 47.230855][ T5956] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 47.232121][ T5954] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 47.234095][ T5956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 47.236825][ T5954] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 47.238605][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 47.239705][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.240840][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.241082][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 47.241842][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 47.242427][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 47.243084][ T5955] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 47.243873][ T5954] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 47.244328][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 47.244608][ T5956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 47.248747][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.250733][ T5956] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 47.252454][ T5954] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 47.253151][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.253618][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.514648][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 47.554900][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 47.588609][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 47.627710][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 47.849780][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.853601][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.856775][ T5940] bridge_slave_0: entered allmulticast mode [ 47.860650][ T5940] bridge_slave_0: entered promiscuous mode [ 47.871383][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.874670][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.877641][ T5941] bridge_slave_0: entered allmulticast mode [ 47.881379][ T5941] bridge_slave_0: entered promiscuous mode [ 47.896195][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.899214][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.902730][ T5940] bridge_slave_1: entered allmulticast mode [ 47.908992][ T5940] bridge_slave_1: entered promiscuous mode [ 47.953425][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.956466][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.959461][ T5941] bridge_slave_1: entered allmulticast mode [ 47.963560][ T5941] bridge_slave_1: entered promiscuous mode [ 48.010325][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.013404][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.016314][ T5947] bridge_slave_0: entered allmulticast mode [ 48.020044][ T5947] bridge_slave_0: entered promiscuous mode [ 48.048121][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.050982][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.053980][ T5946] bridge_slave_0: entered allmulticast mode [ 48.057538][ T5946] bridge_slave_0: entered promiscuous mode [ 48.084883][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.087818][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.090734][ T5947] bridge_slave_1: entered allmulticast mode [ 48.095180][ T5947] bridge_slave_1: entered promiscuous mode [ 48.142456][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.145429][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.148345][ T5946] bridge_slave_1: entered allmulticast mode [ 48.152422][ T5946] bridge_slave_1: entered promiscuous mode [ 48.157464][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.185797][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.190907][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.224336][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.229596][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.261810][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.358409][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.364176][ T5940] team0: Port device team_slave_0 added [ 48.367799][ T5947] team0: Port device team_slave_0 added [ 48.370884][ T5941] team0: Port device team_slave_0 added [ 48.374905][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.379562][ T5940] team0: Port device team_slave_1 added [ 48.383150][ T5947] team0: Port device team_slave_1 added [ 48.386847][ T5941] team0: Port device team_slave_1 added [ 48.487028][ T5946] team0: Port device team_slave_0 added [ 48.538203][ T5946] team0: Port device team_slave_1 added [ 48.540656][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.543362][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.551588][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.556494][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.559127][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.567613][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.585568][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.587723][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.595633][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.616136][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.618998][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.628100][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.633231][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.635757][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.643591][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.647677][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.649943][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.660071][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.696567][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.698746][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.706440][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.710724][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.713853][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.721410][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.819489][ T5941] hsr_slave_0: entered promiscuous mode [ 48.821794][ T5941] hsr_slave_1: entered promiscuous mode [ 48.878423][ T5940] hsr_slave_0: entered promiscuous mode [ 48.880662][ T5940] hsr_slave_1: entered promiscuous mode [ 48.882994][ T5940] debugfs: 'hsr0' already exists in 'hsr' [ 48.884801][ T5940] Cannot create hsr debugfs directory [ 48.888741][ T5947] hsr_slave_0: entered promiscuous mode [ 48.890928][ T5947] hsr_slave_1: entered promiscuous mode [ 48.895254][ T5947] debugfs: 'hsr0' already exists in 'hsr' [ 48.897009][ T5947] Cannot create hsr debugfs directory [ 48.901034][ T5946] hsr_slave_0: entered promiscuous mode [ 48.903614][ T5946] hsr_slave_1: entered promiscuous mode [ 48.905822][ T5946] debugfs: 'hsr0' already exists in 'hsr' [ 48.907830][ T5946] Cannot create hsr debugfs directory [ 49.299752][ T5941] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 49.308029][ T5941] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 49.318814][ T5941] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 49.322813][ T5954] Bluetooth: hci2: command tx timeout [ 49.322819][ T5304] Bluetooth: hci0: command tx timeout [ 49.322822][ T64] Bluetooth: hci1: command tx timeout [ 49.323136][ T64] Bluetooth: hci3: command tx timeout [ 49.324585][ T5941] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 49.358949][ T5940] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 49.364748][ T5940] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 49.369120][ T5940] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 49.373155][ T5940] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 49.430820][ T5947] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.440333][ T5947] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.448331][ T5947] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.454154][ T5947] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.512956][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.525459][ T5946] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 49.529559][ T5946] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 49.539563][ T5946] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 49.544803][ T5946] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 49.563490][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.584285][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.586693][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.595688][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.606452][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.609291][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.631376][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.644472][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.646479][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.659142][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.663932][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.666226][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.699436][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.726360][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.729596][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.735400][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.738336][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.748174][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.780659][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.787357][ T225] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.789654][ T225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.798144][ T225] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.800442][ T225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.859211][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.893300][ T5941] veth0_vlan: entered promiscuous mode [ 49.899225][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.906940][ T5941] veth1_vlan: entered promiscuous mode [ 49.942759][ T5941] veth0_macvtap: entered promiscuous mode [ 49.947882][ T5940] veth0_vlan: entered promiscuous mode [ 49.951363][ T5941] veth1_macvtap: entered promiscuous mode [ 49.958458][ T5940] veth1_vlan: entered promiscuous mode [ 49.980279][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.985239][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.995096][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.003593][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.014407][ T5940] veth0_macvtap: entered promiscuous mode [ 50.021527][ T5940] veth1_macvtap: entered promiscuous mode [ 50.033283][ T225] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.038864][ T225] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.043057][ T225] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.051268][ T225] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.059373][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.074089][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.093231][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.096004][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.107431][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.110083][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.126565][ T5946] veth0_vlan: entered promiscuous mode [ 50.126959][ T93] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.131286][ T93] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.137092][ T5947] veth0_vlan: entered promiscuous mode [ 50.151648][ T5947] veth1_vlan: entered promiscuous mode [ 50.165917][ T5946] veth1_vlan: entered promiscuous mode [ 50.172986][ T225] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.176667][ T225] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.190329][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.195699][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.219080][ T5947] veth0_macvtap: entered promiscuous mode [ 50.229606][ T5941] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 50.230235][ T5947] veth1_macvtap: entered promiscuous mode [ 50.237831][ T93] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.239465][ T5946] veth0_macvtap: entered promiscuous mode [ 50.240586][ T93] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.252725][ T5946] veth1_macvtap: entered promiscuous mode [ 50.270900][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.275367][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.286215][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.292489][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.298493][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.300148][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.324676][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.327865][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.362548][ T6030] overlayfs: failed to resolve './file0': -2 [ 50.370203][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.376567][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.388374][ T46] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.391102][ T46] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.422168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.425045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.427925][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.430482][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.433499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.436441][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.438983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.441651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.475690][ T46] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.481474][ T40] audit: type=1326 audit(1763797420.070:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.496334][ T46] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.505002][ T40] audit: type=1326 audit(1763797420.070:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.511385][ T40] audit: type=1326 audit(1763797420.080:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.521663][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.521753][ T40] audit: type=1326 audit(1763797420.080:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.521776][ T40] audit: type=1326 audit(1763797420.080:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.525157][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.541139][ T40] audit: type=1326 audit(1763797420.080:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=233 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.547630][ T40] audit: type=1326 audit(1763797420.090:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.554116][ T40] audit: type=1326 audit(1763797420.090:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.560388][ T40] audit: type=1326 audit(1763797420.090:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.567285][ T40] audit: type=1326 audit(1763797420.090:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.3.4" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x7ffc0000 [ 50.604135][ T6035] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 50.606253][ T6035] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 50.609332][ T6035] vhci_hcd vhci_hcd.0: Device attached [ 50.800001][ T93] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.804368][ T93] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.814668][ T93] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.817872][ T93] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.872127][ T6009] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 50.998488][ T1254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.007539][ T1254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.406562][ T64] Bluetooth: hci0: command tx timeout [ 51.408990][ T5944] Bluetooth: hci3: command tx timeout [ 51.409039][ T5954] Bluetooth: hci2: command tx timeout [ 51.410976][ T5944] Bluetooth: hci1: command tx timeout [ 51.903104][ T6036] vhci_hcd: connection reset by peer [ 51.907445][ T46] vhci_hcd: stop threads [ 51.907665][ T46] vhci_hcd: release socket [ 51.908027][ T46] vhci_hcd: disconnect device [ 53.247229][ T6057] ======================================================= [ 53.247229][ T6057] WARNING: The mand mount option has been deprecated and [ 53.247229][ T6057] and is ignored by this kernel. Remove the mand [ 53.247229][ T6057] option from the mount to silence this warning. [ 53.247229][ T6057] ======================================================= [ 53.265334][ T6057] new mount options do not match the existing superblock, will be ignored [ 53.408958][ T6062] overlayfs: failed to resolve './file0': -2 [ 53.482836][ T5954] Bluetooth: hci2: command tx timeout [ 53.486044][ T5304] Bluetooth: hci0: command tx timeout [ 53.488465][ T64] Bluetooth: hci3: command tx timeout [ 53.492743][ T5944] Bluetooth: hci1: command tx timeout [ 54.393146][ T6071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10'. [ 55.572034][ T5944] Bluetooth: hci1: command tx timeout [ 55.572077][ T64] Bluetooth: hci3: command tx timeout [ 55.573823][ T5944] Bluetooth: hci2: command tx timeout [ 55.575570][ T64] Bluetooth: hci0: command tx timeout [ 55.972085][ T6009] vhci_hcd: vhci_device speed not set [ 56.884143][ T6107] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 56.886688][ T6107] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 56.891828][ T6107] vhci_hcd vhci_hcd.0: Device attached [ 57.122075][ T24] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 57.274314][ T24] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 57.277955][ T24] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 57.281525][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 57.288087][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1023, setting to 64 [ 57.297337][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 57.303251][ T24] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 57.306049][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.312124][ T24] usb 6-1: Product: syz [ 57.317644][ T24] usb 6-1: Manufacturer: syz [ 57.331800][ T24] usb 6-1: SerialNumber: syz [ 57.402560][ T24] usb 6-1: config 0 descriptor?? [ 57.441650][ T6106] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 57.482067][ T53] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 57.489702][ T24] input: KB Gear Tablet as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input5 [ 57.750961][ T6108] vhci_hcd: connection reset by peer [ 57.755689][ T13] vhci_hcd: stop threads [ 57.764716][ T13] vhci_hcd: release socket [ 57.772389][ T13] vhci_hcd: disconnect device [ 57.793800][ T1326] usb 6-1: USB disconnect, device number 2 [ 60.081668][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 60.081686][ T40] audit: type=1326 audit(1763797429.670:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.098707][ T40] audit: type=1326 audit(1763797429.670:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.122346][ T40] audit: type=1326 audit(1763797429.680:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.131822][ T40] audit: type=1326 audit(1763797429.680:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.143742][ T40] audit: type=1326 audit(1763797429.680:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.152892][ T40] audit: type=1326 audit(1763797429.690:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=233 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.161475][ T40] audit: type=1326 audit(1763797429.690:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.170625][ T40] audit: type=1326 audit(1763797429.690:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.180794][ T40] audit: type=1326 audit(1763797429.690:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.191694][ T40] audit: type=1326 audit(1763797429.690:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6130 comm="syz.2.22" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000 [ 60.242009][ T6137] ÿÿÿÿ: renamed from lo (while UP) [ 61.270268][ T6152] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 61.272686][ T6152] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 61.283414][ T6152] vhci_hcd vhci_hcd.0: Device attached [ 61.842629][ T6153] vhci_hcd: connection closed [ 61.843531][ T62] vhci_hcd: stop threads [ 61.849827][ T62] vhci_hcd: release socket [ 61.858217][ T62] vhci_hcd: disconnect device [ 62.592430][ T53] vhci_hcd: vhci_device speed not set [ 63.621158][ T6181] overlayfs: failed to resolve './file0/file0': -2 [ 63.672829][ T6183] new mount options do not match the existing superblock, will be ignored [ 65.357046][ T6202] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 65.359412][ T6202] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 65.366814][ T6202] vhci_hcd vhci_hcd.0: Device attached [ 65.493670][ T6207] new mount options do not match the existing superblock, will be ignored [ 65.612554][ T6009] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 66.570446][ T6203] vhci_hcd: connection reset by peer [ 66.583449][ T46] vhci_hcd: stop threads [ 66.585287][ T46] vhci_hcd: release socket [ 66.587237][ T46] vhci_hcd: disconnect device [ 67.190261][ T6242] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 67.192483][ T6242] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 67.196293][ T6242] vhci_hcd vhci_hcd.0: Device attached [ 67.462160][ T53] usb 39-1: new low-speed USB device number 3 using vhci_hcd [ 67.792104][ T6243] vhci_hcd: connection reset by peer [ 67.804899][ T225] vhci_hcd: stop threads [ 67.806299][ T225] vhci_hcd: release socket [ 67.807764][ T225] vhci_hcd: disconnect device [ 70.909382][ T6009] vhci_hcd: vhci_device speed not set [ 72.084653][ T6289] new mount options do not match the existing superblock, will be ignored [ 72.382391][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 72.382427][ T40] audit: type=1326 audit(1763797441.940:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.462386][ T40] audit: type=1326 audit(1763797441.940:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.469303][ T40] audit: type=1326 audit(1763797441.950:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.477056][ T40] audit: type=1326 audit(1763797441.950:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.485872][ T40] audit: type=1326 audit(1763797441.950:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.493213][ T40] audit: type=1326 audit(1763797441.950:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=233 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.499816][ T40] audit: type=1326 audit(1763797441.950:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.506971][ T40] audit: type=1326 audit(1763797441.960:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.514103][ T40] audit: type=1326 audit(1763797441.960:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.520883][ T40] audit: type=1326 audit(1763797441.960:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6293 comm="syz.0.52" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000 [ 72.592180][ T53] vhci_hcd: vhci_device speed not set [ 73.067534][ T6312] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 73.069597][ T6312] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 73.226702][ T6312] vhci_hcd vhci_hcd.0: Device attached [ 73.522013][ T6009] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 73.602102][ T6319] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 73.604228][ T6319] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 73.613404][ T6319] vhci_hcd vhci_hcd.0: Device attached [ 73.742958][ T6313] vhci_hcd: connection reset by peer [ 73.752905][ T62] vhci_hcd: stop threads [ 73.754692][ T62] vhci_hcd: release socket [ 73.756730][ T62] vhci_hcd: disconnect device [ 73.992311][ T53] usb 39-1: new low-speed USB device number 4 using vhci_hcd [ 74.200708][ T6320] vhci_hcd: connection reset by peer [ 74.205137][ T13] vhci_hcd: stop threads [ 74.206924][ T13] vhci_hcd: release socket [ 74.208819][ T13] vhci_hcd: disconnect device [ 75.860923][ T6365] new mount options do not match the existing superblock, will be ignored [ 75.967914][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 75.970073][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 75.975920][ T1417] ================================================================== [ 75.979164][ T1417] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 75.982050][ T1417] Read of size 8 at addr ffff88806b3c8020 by task aoe_tx0/1417 [ 75.986323][ T1417] [ 75.987276][ T1417] CPU: 2 UID: 0 PID: 1417 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 75.987296][ T1417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.987306][ T1417] Call Trace: [ 75.987312][ T1417] [ 75.987318][ T1417] dump_stack_lvl+0x116/0x1f0 [ 75.987342][ T1417] print_report+0xcd/0x630 [ 75.987364][ T1417] ? __virt_addr_valid+0x81/0x610 [ 75.987383][ T1417] ? __phys_addr+0xe8/0x180 [ 75.987404][ T1417] ? tty_write_room+0x7d/0x90 [ 75.987427][ T1417] kasan_report+0xe0/0x110 [ 75.987449][ T1417] ? tty_write_room+0x7d/0x90 [ 75.987475][ T1417] tty_write_room+0x7d/0x90 [ 75.987498][ T1417] handle_tx+0x14f/0x630 [ 75.987517][ T1417] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 75.987541][ T1417] dev_hard_start_xmit+0x97/0x740 [ 75.987568][ T1417] __dev_queue_xmit+0xa46/0x4490 [ 75.987594][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 75.987616][ T1417] ? rcu_is_watching+0x12/0xc0 [ 75.987635][ T1417] ? __pfx___dev_queue_xmit+0x10/0x10 [ 75.987657][ T1417] ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0 [ 75.987681][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 75.987704][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 75.987728][ T1417] ? do_raw_spin_lock+0x12c/0x2b0 [ 75.987754][ T1417] ? find_held_lock+0x2b/0x80 [ 75.987771][ T1417] ? skb_dequeue+0x126/0x180 [ 75.987800][ T1417] ? find_held_lock+0x2b/0x80 [ 75.987818][ T1417] ? rcu_is_watching+0x12/0xc0 [ 75.987838][ T1417] tx+0xcc/0x190 [ 75.987860][ T1417] ? __pfx_tx+0x10/0x10 [ 75.987880][ T1417] kthread+0x1e4/0x3e0 [ 75.987901][ T1417] ? find_held_lock+0x2b/0x80 [ 75.987917][ T1417] ? __pfx_kthread+0x10/0x10 [ 75.987937][ T1417] ? __pfx_default_wake_function+0x10/0x10 [ 75.987955][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 75.987976][ T1417] ? __kthread_parkme+0x19e/0x250 [ 75.987998][ T1417] ? __pfx_kthread+0x10/0x10 [ 75.988017][ T1417] kthread+0x3c5/0x780 [ 75.988040][ T1417] ? __pfx_kthread+0x10/0x10 [ 75.988065][ T1417] ? rcu_is_watching+0x12/0xc0 [ 75.988083][ T1417] ? __pfx_kthread+0x10/0x10 [ 75.988108][ T1417] ret_from_fork+0x675/0x7d0 [ 75.988132][ T1417] ? __pfx_kthread+0x10/0x10 [ 75.988154][ T1417] ret_from_fork_asm+0x1a/0x30 [ 75.988183][ T1417] [ 75.988189][ T1417] [ 76.074631][ T1417] Allocated by task 6334: [ 76.076441][ T1417] kasan_save_stack+0x33/0x60 [ 76.078451][ T1417] kasan_save_track+0x14/0x30 [ 76.080451][ T1417] __kasan_kmalloc+0xaa/0xb0 [ 76.082421][ T1417] alloc_tty_struct+0x96/0x8c0 [ 76.084431][ T1417] tty_init_dev.part.0+0x1e/0x500 [ 76.086540][ T1417] tty_open+0xa4f/0xf90 [ 76.088303][ T1417] chrdev_open+0x234/0x6a0 [ 76.090236][ T1417] do_dentry_open+0x982/0x1530 [ 76.092222][ T1417] vfs_open+0x82/0x3f0 [ 76.093517][ T1417] path_openat+0x1de4/0x2cb0 [ 76.095297][ T1417] do_filp_open+0x20b/0x470 [ 76.097225][ T1417] do_sys_openat2+0x11b/0x1d0 [ 76.099194][ T1417] __ia32_compat_sys_openat+0x16d/0x210 [ 76.101493][ T1417] __do_fast_syscall_32+0x7c/0x300 [ 76.103602][ T1417] do_fast_syscall_32+0x32/0x80 [ 76.105644][ T1417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 76.108148][ T1417] [ 76.109169][ T1417] Freed by task 1326: [ 76.110698][ T1417] kasan_save_stack+0x33/0x60 [ 76.112199][ T1417] kasan_save_track+0x14/0x30 [ 76.113703][ T1417] __kasan_save_free_info+0x3b/0x60 [ 76.115533][ T1417] __kasan_slab_free+0x5f/0x80 [ 76.117048][ T1417] kfree+0x2b8/0x6d0 [ 76.118292][ T1417] process_one_work+0x9cf/0x1b70 [ 76.119852][ T1417] worker_thread+0x6c8/0xf10 [ 76.121301][ T1417] kthread+0x3c5/0x780 [ 76.122631][ T1417] ret_from_fork+0x675/0x7d0 [ 76.124092][ T1417] ret_from_fork_asm+0x1a/0x30 [ 76.125951][ T1417] [ 76.126717][ T1417] Last potentially related work creation: [ 76.128478][ T1417] kasan_save_stack+0x33/0x60 [ 76.129969][ T1417] kasan_record_aux_stack+0xa7/0xc0 [ 76.131604][ T1417] insert_work+0x36/0x230 [ 76.132977][ T1417] __queue_work+0x97e/0x1160 [ 76.134542][ T1417] queue_work_on+0x1a4/0x1f0 [ 76.136492][ T1417] release_tty+0x4de/0x5d0 [ 76.138319][ T1417] tty_release_struct+0xb7/0xe0 [ 76.139879][ T1417] tty_release+0xe2d/0x1430 [ 76.141367][ T1417] __fput+0x402/0xb70 [ 76.142738][ T1417] task_work_run+0x150/0x240 [ 76.144623][ T1417] exit_to_user_mode_loop+0xec/0x130 [ 76.146865][ T1417] __do_fast_syscall_32+0x240/0x300 [ 76.149050][ T1417] do_fast_syscall_32+0x32/0x80 [ 76.151050][ T1417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 76.153351][ T1417] [ 76.154192][ T1417] The buggy address belongs to the object at ffff88806b3c8000 [ 76.154192][ T1417] which belongs to the cache kmalloc-cg-2k of size 2048 [ 76.159433][ T1417] The buggy address is located 32 bytes inside of [ 76.159433][ T1417] freed 2048-byte region [ffff88806b3c8000, ffff88806b3c8800) [ 76.164773][ T1417] [ 76.165806][ T1417] The buggy address belongs to the physical page: [ 76.168421][ T1417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b3c8 [ 76.171558][ T1417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.174305][ T1417] memcg:ffff88804d785101 [ 76.175952][ T1417] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 76.178907][ T1417] page_type: f5(slab) [ 76.180525][ T1417] raw: 04fff00000000040 ffff88801b44c140 0000000000000000 0000000000000001 [ 76.184011][ T1417] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88804d785101 [ 76.187516][ T1417] head: 04fff00000000040 ffff88801b44c140 0000000000000000 0000000000000001 [ 76.191107][ T1417] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88804d785101 [ 76.194592][ T1417] head: 04fff00000000003 ffffea0001acf201 00000000ffffffff 00000000ffffffff [ 76.198200][ T1417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 76.201532][ T1417] page dumped because: kasan: bad access detected [ 76.203759][ T1417] page_owner tracks the page as allocated [ 76.205567][ T1417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6138, tgid 6126 (syz.0.21), ts 60294053553, free_ts 58603426861 [ 76.212307][ T1417] post_alloc_hook+0x1af/0x220 [ 76.213919][ T1417] get_page_from_freelist+0x10a3/0x3a30 [ 76.215751][ T1417] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 76.217638][ T1417] alloc_pages_mpol+0x1fb/0x550 [ 76.219291][ T1417] new_slab+0x24a/0x360 [ 76.220673][ T1417] ___slab_alloc+0xd79/0x1a50 [ 76.222201][ T1417] __slab_alloc.constprop.0+0x63/0x110 [ 76.223981][ T1417] __kmalloc_cache_noprof+0x477/0x780 [ 76.225731][ T1417] copy_verifier_state+0xc0c/0x1030 [ 76.227412][ T1417] push_stack+0x1ca/0x370 [ 76.228864][ T1417] check_cond_jmp_op+0xaf5/0x7490 [ 76.230565][ T1417] do_check_common+0xa20a/0xb550 [ 76.232357][ T1417] bpf_check+0x8805/0xbdd0 [ 76.233869][ T1417] bpf_prog_load+0x112e/0x2850 [ 76.235424][ T1417] __sys_bpf+0x3e72/0x4980 [ 76.236884][ T1417] __ia32_sys_bpf+0x76/0xe0 [ 76.238388][ T1417] page last free pid 6114 tgid 6113 stack trace: [ 76.240448][ T1417] __free_frozen_pages+0x7df/0x1160 [ 76.242139][ T1417] __folio_put+0x329/0x450 [ 76.243594][ T1417] skb_release_data+0x81a/0x9e0 [ 76.245184][ T1417] napi_consume_skb+0x1b7/0x220 [ 76.246823][ T1417] skb_defer_free_flush+0x1e2/0x280 [ 76.248595][ T1417] net_rx_action+0x3b3/0xef0 [ 76.250219][ T1417] handle_softirqs+0x219/0x8e0 [ 76.251780][ T1417] __irq_exit_rcu+0x109/0x170 [ 76.253277][ T1417] irq_exit_rcu+0x9/0x30 [ 76.254711][ T1417] sysvec_call_function_single+0xa4/0xc0 [ 76.256493][ T1417] asm_sysvec_call_function_single+0x1a/0x20 [ 76.258463][ T1417] [ 76.259271][ T1417] Memory state around the buggy address: [ 76.261195][ T1417] ffff88806b3c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.263784][ T1417] ffff88806b3c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.266368][ T1417] >ffff88806b3c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.268956][ T1417] ^ [ 76.270722][ T1417] ffff88806b3c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.273255][ T1417] ffff88806b3c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.275911][ T1417] ================================================================== [ 76.278761][ T1417] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.281133][ T1417] CPU: 2 UID: 0 PID: 1417 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 76.284037][ T1417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.287473][ T1417] Call Trace: [ 76.288555][ T1417] [ 76.289582][ T1417] dump_stack_lvl+0x3d/0x1f0 [ 76.291161][ T1417] vpanic+0x640/0x6f0 [ 76.292455][ T1417] panic+0xca/0xd0 [ 76.293692][ T1417] ? __pfx_panic+0x10/0x10 [ 76.295203][ T1417] ? check_panic_on_warn+0x1f/0xb0 [ 76.296879][ T1417] check_panic_on_warn+0xab/0xb0 [ 76.298479][ T1417] end_report+0x107/0x170 [ 76.300019][ T1417] kasan_report+0xee/0x110 [ 76.301459][ T1417] ? tty_write_room+0x7d/0x90 [ 76.303020][ T1417] tty_write_room+0x7d/0x90 [ 76.304537][ T1417] handle_tx+0x14f/0x630 [ 76.305961][ T1417] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 76.307834][ T1417] dev_hard_start_xmit+0x97/0x740 [ 76.309496][ T1417] __dev_queue_xmit+0xa46/0x4490 [ 76.311174][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 76.312852][ T1417] ? rcu_is_watching+0x12/0xc0 [ 76.314455][ T1417] ? __pfx___dev_queue_xmit+0x10/0x10 [ 76.316194][ T1417] ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0 [ 76.318204][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 76.320029][ T1417] ? __lock_acquire+0xb8a/0x1c90 [ 76.322156][ T1417] ? do_raw_spin_lock+0x12c/0x2b0 [ 76.323884][ T1417] ? find_held_lock+0x2b/0x80 [ 76.325441][ T1417] ? skb_dequeue+0x126/0x180 [ 76.326983][ T1417] ? find_held_lock+0x2b/0x80 [ 76.328485][ T1417] ? rcu_is_watching+0x12/0xc0 [ 76.330130][ T1417] tx+0xcc/0x190 [ 76.331313][ T1417] ? __pfx_tx+0x10/0x10 [ 76.332704][ T1417] kthread+0x1e4/0x3e0 [ 76.334102][ T1417] ? find_held_lock+0x2b/0x80 [ 76.335832][ T1417] ? __pfx_kthread+0x10/0x10 [ 76.337326][ T1417] ? __pfx_default_wake_function+0x10/0x10 [ 76.339217][ T1417] ? lockdep_hardirqs_on+0x7c/0x110 [ 76.340949][ T1417] ? __kthread_parkme+0x19e/0x250 [ 76.342586][ T1417] ? __pfx_kthread+0x10/0x10 [ 76.344123][ T1417] kthread+0x3c5/0x780 [ 76.345484][ T1417] ? __pfx_kthread+0x10/0x10 [ 76.347050][ T1417] ? rcu_is_watching+0x12/0xc0 [ 76.348573][ T1417] ? __pfx_kthread+0x10/0x10 [ 76.350170][ T1417] ret_from_fork+0x675/0x7d0 [ 76.351696][ T1417] ? __pfx_kthread+0x10/0x10 [ 76.353246][ T1417] ret_from_fork_asm+0x1a/0x30 [ 76.354873][ T1417] [ 76.356487][ T1417] Kernel Offset: disabled [ 76.357977][ T1417] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:44:05 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000002 RBX=dffffc0000000000 RCX=ffffffff88f540bb RDX=ffff8880278cc900 RSI=ffffffff88f540c9 RDI=0000000000000007 RBP=0000000000000001 RSP=ffffc90007e8fb10 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000008f59 R11=0000000000000001 R12=ffff8880278cc900 R13=0000000000008f59 R14=0000000000141002 R15=ffff888027e66700 RIP=ffffffff81bc57c1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809780d000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080002000 CR3=000000006a80a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000014190f RBX=0000000000000001 RCX=ffffffff8b5db2a9 RDX=0000000000000000 RSI=ffffffff8da29329 RDI=ffffffff8bf078c0 RBP=ffffed1003b5f490 RSP=ffffc9000046fde8 R8 =0000000000000001 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001 R12=0000000000000001 R13=ffff88801dafa480 R14=ffffffff90824cd0 R15=0000000000000000 RIP=ffffffff8b5d9d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809790d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f747bb54 CR3=000000006a80a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8526ad55 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc9000783f428 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000032 R14=ffffffff9adc5da0 R15=ffffffff8526acf0 RIP=ffffffff8526ad7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a0d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000008016d000 CR3=0000000026f48000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000aac99 RBX=0000000000000003 RCX=ffffffff8b5db2a9 RDX=0000000000000000 RSI=ffffffff8da29329 RDI=ffffffff8bf078c0 RBP=ffffed1003766000 RSP=ffffc9000048fde8 R8 =0000000000000001 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801bb30000 R14=ffffffff90824cd0 R15=0000000000000000 RIP=ffffffff8b5d9d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097b0d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555c29e4d950 CR3=000000006c7f7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0ffe000 Opmask01=000000000000001c Opmask02=000000000000001f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbdbc93cb20 00007fbdbc93cb20 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000075676f008685 898884828183873a ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffff0f0e0d0c0b ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000843d7365 6361667265746e69 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbdbc803d48 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555c29e4e7a0 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65722f6574617473 2d6b6f6f682f6463 706368642f6e7572 2f7261762f3d6663 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00706368642e306d 747066632e666e6f 632e766c6f736572 2f65746174732d6b ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 524e584f01828700 00000084004e585e 5c5b4f5849535400 870058505c535b54 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555c29e5a2f8 0000000000000000 000000000000000f 0000555c2900873d ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555c29e54b58 0000000000000000 000000000000000f 0000000000875d81 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000