last executing test programs: 5.139373436s ago: executing program 3 (id=405): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="3c00330080f7000008021100000108021100000032505050"], 0x58}}, 0x0) 5.060660225s ago: executing program 3 (id=406): syz_open_dev$vim2m(0x0, 0x0, 0x2) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) pipe(&(0x7f00000004c0)) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000080)="1080", 0x2, r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) pipe(&(0x7f0000000040)) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) r2 = gettid() openat$vcsu(0xffffff9c, &(0x7f0000000180), 0x2800, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) setrlimit(0x0, &(0x7f0000000300)={0x10801, 0x4}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000380)={0x1}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000000000000000000000000009c00010000000000180100002020642500000000442020207b1af8ff00000000bfa100000000000007010000f8ffffffb7e4ff0008000000b703000000000000850000001700000095000000000000007637404c0ca1980dc829914a4f8c111f13ea1625554e4a8cbe90a162fd55ecfb4ee4601bc0d66426924e55e0c244ddbc630bd24e07137bf89d99ff348894fd8d14986b2bc89aef77e7dc60c12562fd633879cce9e42eb69f3291e2bce36d1cd41e0cb6bcc96a2594130e406a7bfc12273a0167d8a9128c80f78c702083d2b936a07a213b761cee35e4868db3182d183744223fe531937861ccf51788080082465c2dda3d1dd086a74f17dd8c0f9fa51426e7cb70db4251bd19e8e94fe6d66d331a346ad5b2b481f1e02419f23df751f8c85a44d258c19330a3ba5b6f1cebf5dc2dd246b211ee295978da5cb5ae30d3e04764754d092526c070d95bfc70255e52347f7a1123ea22ac5ddfcccf7b82"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x0, 0xe, 0x0, &(0x7f0000000040)="e0dfefecd8f827e5ab388c1fb6ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.245257453s ago: executing program 0 (id=413): r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = io_uring_setup(0x17c7, &(0x7f00000002c0)) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200), 0xf000) ioctl$MON_IOCX_GETX(r6, 0x400c920a, &(0x7f00000002c0)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000001c0)=""/203, 0xcb}) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0xfffe, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0xa9, 0xffa1, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90524fc60100002000a000200053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f00000012c0)={0x2, {{0x2, 0x0, @multicast2}}, 0x20000e0}, 0x8c) 3.085146645s ago: executing program 1 (id=416): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x1b}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x9, 0xf}}, './file0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000002000000f3000040"]) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r8}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5}]}}}]}, 0x3c}}, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000140)={0x9, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0xab}, @call={0x85, 0x0, 0x0, 0x86}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x3}, @map_fd={0x18, 0xd, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x12}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @map_val={0x18, 0x2, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000100)='syzkaller\x00', 0x6, 0x1000, &(0x7f00000006c0)=""/4096, 0x40f00, 0x2, '\x00', r8, @fallback=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r9, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000180)=[{0x2, 0x3, 0x5, 0x1c875cb484c17873}, {0x2, 0x3, 0xe, 0xb}, {0x1, 0x1, 0x10, 0xb}, {0x3, 0x3, 0x8, 0x4}], 0x10, 0x1, @void, @value}, 0x94) 2.871709114s ago: executing program 1 (id=418): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000000)={[], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000080)={0xf844, 0x9, 0xaf83, 0x4, 0x8, "5966d4ca359a4d77"}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000004060108000000000000000000000000050001"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) socket$inet6(0xa, 0x6, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) r3 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000080), 0x10) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000400)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) shutdown(0xffffffffffffffff, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r5 = socket(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000300)={0x28, 0x0, 0x0, @my=0x1}, 0x10) connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) recvmmsg$unix(r5, &(0x7f0000002bc0)=[{{0x0, 0x40002, 0x0, 0x0, 0x0, 0xf0ff7f, 0x100000}, 0x8000000}, {{0x0, 0x8, &(0x7f0000000600)=[{0x0, 0x10}], 0x1}}], 0x3fffffffffffca8, 0x0, 0x0) 2.463915573s ago: executing program 3 (id=421): ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x4c80, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) fsopen(0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 2.32400795s ago: executing program 0 (id=422): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x5, 0x0, 0x20001f00) 2.275376567s ago: executing program 0 (id=423): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="3c00330080f7000008021100000108021100000032505050505000000000000200000000"], 0x58}}, 0x0) 2.203097269s ago: executing program 0 (id=424): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', 0xffffffffffffffff}) socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x3ed9, &(0x7f0000000080)={0x0, 0x5708, 0x200, 0x2, 0x1, 0x0, r0}, &(0x7f0000000100), 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x20002) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) unshare(0x2a020400) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0xc008551a, 0x0) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) unshare(0x44020400) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x4, &(0x7f00000001c0)=[{0x15, 0x0, 0x2}, {0x0, 0xfc, 0x7f}, {0x2}, {0x6}]}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f00008f9000/0x1000)=nil) 1.994158212s ago: executing program 1 (id=427): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x32) read(r0, &(0x7f00000019c0)=""/4107, 0x100b) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000800000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r5, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) sendmmsg$inet6(r4, &(0x7f0000000980)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x800) 1.592811253s ago: executing program 3 (id=428): openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x4}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_STATX={0x15, 0x19, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x1, 0xd8) socket(0x27, 0x800, 0x9) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000280)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000200)={0xa000000d}) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={0x0, 0x9}, 0x8) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f00000012c0)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0xa, [{{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x0, @loopback}}, {{0x2, 0x0, @empty}}, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2=0xac1414bb}}, {{0x2, 0x0, @remote}}, {{0x2, 0x0, @loopback}}]}, 0x590) setsockopt$inet_group_source_req(r7, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x104) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) socket$kcm(0x10, 0x2, 0x10) 1.333321049s ago: executing program 2 (id=429): setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000019340), 0x10, 0x0) read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141a42, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop0', 0x0, 0x0) symlinkat(&(0x7f0000000280)='./file2\x00', r1, &(0x7f0000000100)='./file2\x00') (async) symlinkat(&(0x7f0000000280)='./file2\x00', r1, &(0x7f0000000100)='./file2\x00') lsm_set_self_attr(0x65, &(0x7f0000000240)=ANY=[@ANYRESDEC=r1], 0x20, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3000}, [@alu={0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2f22}, @jmp={0x5, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2) (async) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180)=0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f0000000080)}, 0x1c) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f0000000080)}, 0x1c) socket$inet(0xa, 0x801, 0x84) (async) r2 = socket$inet(0xa, 0x801, 0x84) listen(r2, 0x8) (async) listen(r2, 0x8) syz_open_dev$tty1(0xc, 0x4, 0x4) (async) syz_open_dev$tty1(0xc, 0x4, 0x4) openat$sndseq(0xffffff9c, &(0x7f00000001c0), 0x2a0002) (async) r3 = openat$sndseq(0xffffff9c, &(0x7f00000001c0), 0x2a0002) sendfile(r3, r2, &(0x7f0000000200)=0x2, 0x5) (async) sendfile(r3, r2, &(0x7f0000000200)=0x2, 0x5) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 1.249263052s ago: executing program 0 (id=430): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x4e20, @empty}}}, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="dfeb018d117af0b9a6c5914406940018001a0000000000100000001000000000000000000017397e1b87addfe93310f429270fccd2e123ffe46331fe1921b43d10330f953b96921ccc1ba759000000000000"], 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x18}, 0xd}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000680)={'#! ', './file0/file0', [], 0xa, "208a8f44e620"}, 0x17) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400001ea, &(0x7f0000000600), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)=[0x0], 0x0, 0xaf, &(0x7f0000000200), 0x0, 0x3e, &(0x7f0000000480), &(0x7f00000002c0), 0x8, 0x89, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000640)={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) listen(r4, 0x6) syz_emit_ethernet(0x72, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000640004000000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="4cc20101907800000402030306fe06e2d4c3d9050e0000000200000009220f61d2ffffffff1604b8972ae2372210903d3eacf5b3552a1734bb2ab288fe06170f00000402"], 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e00)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRESDEC=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000006c0)='tlb_flush\x00', r5}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f0000000780)=[{{&(0x7f0000000300)=@file={0x1, './file0/file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="14003303b7e5907700000100000001000000", @ANYRES32=r7, @ANYRES32=r6], 0x14, 0x8005}}, {{&(0x7f0000000880)=@file={0x1, './file0/file0\x00'}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000900)="b39e62809b9b72ab40ae2e8a6cedb93b9f230c308a04ba9845ee6cb9d41c3c35ba22096d919e78a3a5ca7d45589610acde7d2cef9ae907fb3ebd8bc8a5f1c05c641a7832bb0ae6872a73cbfcc7a6525559ce2aac11c04ac8dbb918eb760afcc5a6095c087ed6bd02ea5ab9d9b1b3fc30188e6469e9811779d975dfa25939bfab5143bd8ac4635566538843f8159cc6ab5dbceefa9fd9ed24c67d2c25f82e40b629ee6137a3dab5", 0xa7}, {&(0x7f00000009c0)="2c6deab47ed56c10dd425ceb3f80e185c7bf0701043e572fa2ce359b531778063525ef0beacbc9d639cd0558e3759361cf467696aa064000cbae1332c0e49be1c9fbfe3611a403b12066b5f0f030dc6ec468afe0eeb6cb6b71da6d3997540e73414066019844ae50d1db977ca5e512d99efbda73356de826a439273a37b13b68fa89c866c7adc0ad6fe13de2b1e83ee3cdedec8df1a696ad888c6d8ac967414a3d08f556ad18fcd1007a9befd237b042060fe198b1ad017e943d84728543a1a81c83c6858214bc", 0xc7}, {&(0x7f0000000ac0)="e3a70e179bc25bd642ea838d4b43eae17cee4137b3a0c1053d9ddb66a4a49e55e54cf0e666ceb49a144ca6bd643b903dedfa2fcdb46fa51cdc5d4b7c41be5158b9341672d81db68cdb34b81aaaed29a5454440000b0cb08ea3f35f231439bdba939f74fe176a91fd0c1a06ff7eceb6cfb6d7cbdf2be63488daca310465ed160d9e", 0x81}, {&(0x7f0000000b80)="f931567f7e1b521f78976e9b152280adfc7fbb67005427c92300ef6248ed6f6201402fb37e8ae38a15a5defaf046acad1500c29e03664f856e4e238cb0a75bc140404e1aeca5031c5c7ead7a6562285f1b2fdf3edbbd9cef87ba169b3d9f179f95634076c33afe61b75e529c160d9b12e5decd73fc9bd351d10dae1f423f0acb320d61f09f03bb3d36c57b39205b4ab3e21908b46c5396610b773284cb83ea80f53f6867f6fdf93f801dd7595fcbd41a5a32ca7b4067a2ff8b8fe8a1fe37c20b86cd5a1b27d923f2859ec7cf2e763701cc", 0xd1}, {&(0x7f0000000c80)="40d865d0a90f5613265dbd1975eaaf0ac7639fb166d1c4821ee805c7875a63a799d3c564bc6cc855a9a3fc915d580c2db61a805bf2c624bae854ff2299269e4134fdf1be2f55d9cb8655a26232c33ec36805937ef8c6ce24fe9c05e76937661fbe6855ac604f73", 0x67}, {&(0x7f0000000d00)="bb3f0fe5463835ae6c8f853afc36be718cf6a2093c4d50fd4907cd7de4626b559305cde0978f1ec974675af89584d4d4f32612d6a3a7775b7eacb1883aea19bbf2aeec83daa7e63208bc787647d65979f046342c96295767b07beaa5a6b81bd2448996b006f4415df92c0f9403a00e94eb2bcb33475dbda416f611819872483203845d6141ac14f215a37e20cd6c14847b64b3a25021a1aaeddfff2d20aa773d8ed2c428683951c366b01493f0d302689571b937efeca7a2c944550426a9cf0ecf6c963bf578f340902a9f4caab550d871b10002", 0xd4}], 0x6, 0x0, 0x0, 0x4000}}], 0x2, 0x4000d48) r8 = getpid() process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000340)=""/69, 0x623c41ea}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0) sendfile(r9, r9, 0x0, 0x30) r10 = socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000001c0)={'erspan0\x00'}) 1.145030073s ago: executing program 2 (id=431): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) arch_prctl$ARCH_SHSTK_STATUS(0x5005, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) write$dsp(r0, &(0x7f0000000540)="024913acde319b3a7cac20447312ad1fbed2fa3b2570072ac83b899897a7ef9ccb1ad10b0b2e57f75bb9c39281fbeb41350d41bbfda41c65f0839511ea8d804d7f", 0x41) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)) r1 = syz_open_dev$vim2m(&(0x7f0000000400), 0x0, 0x2) open_by_handle_at(r1, 0x0, 0x115402) close(r0) 1.093986224s ago: executing program 2 (id=432): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="3c00330080f7000008021100000108021100000032505050505000000000000200000000"], 0x58}}, 0x0) 1.055955816s ago: executing program 2 (id=433): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 1.052887784s ago: executing program 1 (id=434): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x200) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000040)={0x8, @capture={0x1000, 0x0, {0x75a5, 0xfe}, 0x1, 0x1}}) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$tipc(0x1e, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) pipe(&(0x7f0000000380)) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x41, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid}]}]}, 0x20}}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r5) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_MPATH(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r6, 0xce3db46858f33da1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x20000000) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) syz_open_dev$evdev(&(0x7f0000000140), 0x2, 0x800) getsockopt$bt_BT_SECURITY(r1, 0x111, 0x5, 0x0, 0x20001f00) 993.489765ms ago: executing program 2 (id=435): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r1 = epoll_create1(0x0) r2 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_int(r2, 0x0, 0x7, 0x0, &(0x7f00000000c0)) r3 = socket$unix(0x1, 0x1, 0x0) close(r3) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000000180)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4) bind$xdp(r4, &(0x7f00000002c0)={0x2c, 0x0, r6}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000080)) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000680)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x2}}, {@blksize={'blksize', 0x3d, 0x200}}, {@default_permissions}, {@allow_other}]}}) read$FUSE(r0, &(0x7f0000009800)={0x2020}, 0x2020) r7 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r7, 0x0, 0xa, &(0x7f0000000600)=0x80000004, 0x4) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r7) getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000240)={@loopback, 0x0}, &(0x7f0000000280)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', r6, 0x4, 0x52, 0xd, 0x9, 0x0, @remote, @rand_addr=' \x01\x00', 0x10, 0x8, 0x26c7ab1c, 0x2}}) getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000400)={@initdev, @multicast2, 0x0}, &(0x7f0000000440)=0xc) sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB="f0001000", @ANYRES16=r8, @ANYBLOB="000425bd70000008000015000000300001801400020076657468315f746f5f626f6e6400000008000100", @ANYRES32=r6, @ANYBLOB="080003000100000008000100", @ANYRES32=r11, @ANYBLOB="20000180140002006e657464657673696d3000000000000008000100", @ANYRES32=r6, @ANYBLOB="5c0001800800030000000000080003000100000008000100", @ANYRES32=r11, @ANYBLOB="0800030006000000140002006e657470636930000000000000000000140002007767320000000000000000000000000008000100", @ANYRES32=r10, @ANYBLOB="08000300000000000c00018008000300010000001800018014000200697036677265300000000000000000000c00018008000100", @ANYRES32=r9, @ANYBLOB], 0xf0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040880) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000bc0)={0x10}, 0x0, 0x0}) getdents64(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) 912.887402ms ago: executing program 1 (id=436): ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newlink={0x28, 0x10, 0x413, 0x0, 0x0, {}, [@IFLA_LINK={0x8}]}, 0x28}}, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000400)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x2) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x1) syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 713.87975ms ago: executing program 2 (id=437): write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r0 = syz_open_pts(0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = socket(0x1, 0x1, 0x0) ioctl$sock_ifreq(r3, 0x89f2, &(0x7f0000000040)={'bond0\x00', @ifru_names='veth0\x00'}) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) r5 = io_uring_setup(0x2a0c, &(0x7f00000002c0)) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0) r8 = accept4(r7, 0x0, 0x0, 0x0) recvmsg$kcm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)=""/252, 0xfc}], 0x1}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) setxattr$system_posix_acl(0x0, &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="020000002000000000009b00000400000000000000100ce377f808bc0dc11e430000000000000020000000000000006a6c5c2794ee070300000000000000f1178b8d6b74e17011e30f9ba2097e571ad0a4922990bcfce16499e33a3f83196c8af21500f736f270e74c8d5f942cb1de6a90947457f4df36f2d9acc7c0376ae467d478a99ee76b822a9dc3beefd900136ecaebc0337810f3fce46754659dbc1d032863af13e6c1d2f496d45bb7152cb1c8946029f5eedf374434288ef7e85988b207522dfc"], 0x24, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r9 = inotify_init1(0x0) fcntl$setown(r9, 0x8, 0xffffffffffffffff) fcntl$getownex(r9, 0x10, &(0x7f0000000140)={0x0, 0x0}) r11 = syz_open_procfs(r10, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r11, 0x4004662b, &(0x7f0000000180)={@id={0x2, 0x300, @b}}) 584.19735ms ago: executing program 3 (id=438): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}]}}}, @IFLA_BROADCAST={0xa}]}, 0x50}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0xde2e92ecda5c185f, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_ACT={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newqdisc={0x28, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x4}]}, 0x28}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = memfd_create(&(0x7f0000000000)='\x107', 0x0) write$binfmt_elf32(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600000000000000000000000001003e00000000000000000038000000000000000000000000002000000000000000007f8049e30c1e0440"], 0x58) finit_module(r6, 0x0, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2c, r7, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x4}, @ETHTOOL_A_DEBUG_MSGMASK={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}]}]}, 0x2c}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800f5000100000080030000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000003000000950000000000000000007d20b8"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000004c0)='contention_begin\x00', r8}, 0x10) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r9) ioctl$KVM_GET_NESTED_STATE(r9, 0xc080aebe, &(0x7f0000001580)={{0x0, 0x0, 0x80}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r10 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r10, 0xc0405665, &(0x7f0000004000)={0x0, 0x2}) ioctl$SIOCSIFHWADDR(r9, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100"}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="b400000000000000791090000000000063000018000000009500000000000000f9f364f4a8286bb241139d0ff5717ae08d5c1e560ccd0bfe769ece9747aa7e4bee70a6c24e1747211411a067ea4974aefc5aa75d614dc104b7dfb11dbcaf0cd81e392da8635689c5ff795b48dfc6791955bb44e0998d7342c5f38c47027bc3a6858e62d498993268bd9d99eeaf20dcb387b6"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r11 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r11, 0x107, 0x14, &(0x7f0000000000)=0x930d, 0x4) 484.079994ms ago: executing program 3 (id=439): pipe2$watch_queue(0x0, 0x80) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f00000000c0)={0x6, 0x5, 0x0, 0xe8, "194dc3057681c67364f15ef02f950567e84c42b3e26d6d056e4ef600"}) dup2(0xffffffffffffffff, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x3, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r4, r3, &(0x7f00000000c0)=0x58, 0x7) 243.917172ms ago: executing program 0 (id=440): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) epoll_create1(0x0) timer_create(0x9, &(0x7f0000000100)={0x0, 0x0, 0x1}, &(0x7f0000000500)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000700)={{}, {0x77359400}}, &(0x7f0000000380)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb0100180000005d6f63378f4324220c00000006000000020000000000001302000000000061613000"], 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/228, 0x0, 0xe4, 0x0, 0x0, 0x0, @void, @value}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, r2, 0x0, 0x3, 0x5, 0x0, @void, @value, @void, @value}, 0x48) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f00000002c0)={0x1, 0x5}, 0x2) ioctl$TIOCNOTTY(r3, 0x5422) dup(r3) r5 = io_uring_setup(0x17ba, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1}) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmmsg(r6, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000440)=""/233, 0xe9}], 0x1}}], 0x1, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000340), 0x0, 0x0) ioctl$CEC_DQEVENT(r7, 0xc0506107, 0x0) ioctl$CEC_DQEVENT(r7, 0xc0506107, &(0x7f0000000200)={0x0, 0x0, 0x0, @lost_msgs}) ioctl$IOC_PR_PREEMPT(r7, 0x40046109, &(0x7f0000000040)={0xd0}) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x9, 0xf, &(0x7f0000000b00)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0xa0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x7b}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 0s ago: executing program 1 (id=441): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000240)={{{@in=@local, @in6=@private2, 0x0, 0x0, 0x0, 0xfffd, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x8000000, 0x6c}, 0x0, @in=@multicast2, 0x0, 0x0, 0x1, 0xfd}}, 0xe4) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xfc) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x48, 0x30, 0x0, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x48}}, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014}) r8 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x101402) fdatasync(r8) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r3, &(0x7f0000000000)={0xa0000001}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}, {{0x4}, {0x0, 0x1, 0x0, 0x1}}, {{0x2, 0x1, 0x1}, {0x2, 0x1, 0x1, 0x1}}, {{0x2, 0x0, 0x0, 0x1}, {0x4}}], 0x20) ppoll(&(0x7f0000000200)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x3) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4000004, 0x32, 0xffffffffffffffff, 0x0) clock_adjtime(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10) epoll_wait(r3, 0x0, 0x0, 0x400) setsockopt$ax25_int(r0, 0x101, 0x9, &(0x7f0000000000)=0x641, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:45833' (ED25519) to the list of known hosts. [ 42.247286][ T5335] cgroup: Unknown subsys name 'net' [ 42.406765][ T5335] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.361813][ T5335] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.425126][ T4776] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.433338][ T5353] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 47.436125][ T5353] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 47.436256][ T4776] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.438345][ T5353] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 47.442633][ T5353] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.443245][ T5355] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 47.446039][ T5353] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.450350][ T5353] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 47.450819][ T5360] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 47.452627][ T5353] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 47.455978][ T5360] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 47.457181][ T5353] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 47.460593][ T5360] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 47.460672][ T5353] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 47.463493][ T5360] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 47.467094][ T5360] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 47.519332][ T5358] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 47.525460][ T5362] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 47.529178][ T5362] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.531387][ T5358] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 47.535391][ T5358] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 47.537915][ T5358] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 47.542816][ T5358] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 47.705504][ T5352] chnl_net:caif_netlink_parms(): no params data found [ 47.920883][ T5352] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.923193][ T5352] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.925943][ T5352] bridge_slave_0: entered allmulticast mode [ 47.928428][ T5352] bridge_slave_0: entered promiscuous mode [ 47.943916][ T5352] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.945877][ T5352] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.947807][ T5352] bridge_slave_1: entered allmulticast mode [ 47.950317][ T5352] bridge_slave_1: entered promiscuous mode [ 47.991060][ T5356] chnl_net:caif_netlink_parms(): no params data found [ 48.046644][ T5352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.053932][ T5352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.173190][ T5352] team0: Port device team_slave_0 added [ 48.218058][ T5348] chnl_net:caif_netlink_parms(): no params data found [ 48.224372][ T5352] team0: Port device team_slave_1 added [ 48.226144][ T5356] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.228041][ T5356] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.229953][ T5356] bridge_slave_0: entered allmulticast mode [ 48.232315][ T5356] bridge_slave_0: entered promiscuous mode [ 48.237143][ T5356] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.239013][ T5356] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.241108][ T5356] bridge_slave_1: entered allmulticast mode [ 48.243439][ T5356] bridge_slave_1: entered promiscuous mode [ 48.328323][ T5352] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.330725][ T5352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.339276][ T5352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.346723][ T5352] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.349032][ T5352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.357734][ T5352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.363545][ T5356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.386146][ T5357] chnl_net:caif_netlink_parms(): no params data found [ 48.398682][ T5356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.522067][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.524480][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.526369][ T5348] bridge_slave_0: entered allmulticast mode [ 48.528629][ T5348] bridge_slave_0: entered promiscuous mode [ 48.559758][ T5356] team0: Port device team_slave_0 added [ 48.561751][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.563653][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.565525][ T5348] bridge_slave_1: entered allmulticast mode [ 48.567821][ T5348] bridge_slave_1: entered promiscuous mode [ 48.602110][ T5352] hsr_slave_0: entered promiscuous mode [ 48.609831][ T5352] hsr_slave_1: entered promiscuous mode [ 48.636418][ T5356] team0: Port device team_slave_1 added [ 48.696438][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.722379][ T5357] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.724511][ T5357] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.726547][ T5357] bridge_slave_0: entered allmulticast mode [ 48.729122][ T5357] bridge_slave_0: entered promiscuous mode [ 48.767480][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.771471][ T5357] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.773385][ T5357] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.775310][ T5357] bridge_slave_1: entered allmulticast mode [ 48.777622][ T5357] bridge_slave_1: entered promiscuous mode [ 48.796316][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.798244][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.806407][ T5356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.810673][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.812516][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.819055][ T5356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.909573][ T5357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.940318][ T5348] team0: Port device team_slave_0 added [ 48.944246][ T5348] team0: Port device team_slave_1 added [ 48.947381][ T5357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.069118][ T5357] team0: Port device team_slave_0 added [ 49.077024][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.079339][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.086191][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.092962][ T5356] hsr_slave_0: entered promiscuous mode [ 49.095236][ T5356] hsr_slave_1: entered promiscuous mode [ 49.097340][ T5356] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.099847][ T5356] Cannot create hsr debugfs directory [ 49.103001][ T5357] team0: Port device team_slave_1 added [ 49.136609][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.139125][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.148223][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.205406][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.207536][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.214525][ T5357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.218878][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.220803][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.227190][ T5357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.332204][ T5348] hsr_slave_0: entered promiscuous mode [ 49.334707][ T5348] hsr_slave_1: entered promiscuous mode [ 49.337101][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.339179][ T5348] Cannot create hsr debugfs directory [ 49.413692][ T5357] hsr_slave_0: entered promiscuous mode [ 49.416988][ T5357] hsr_slave_1: entered promiscuous mode [ 49.419353][ T5357] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.422030][ T5357] Cannot create hsr debugfs directory [ 49.480329][ T5355] Bluetooth: hci1: command tx timeout [ 49.480352][ T5358] Bluetooth: hci2: command tx timeout [ 49.559656][ T5358] Bluetooth: hci3: command tx timeout [ 49.569620][ T5358] Bluetooth: hci0: command tx timeout [ 49.637397][ T5352] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.688705][ T5352] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.696982][ T5352] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.744831][ T5352] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.820223][ T5356] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 49.825239][ T5356] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 49.832824][ T5356] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 49.837631][ T5356] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 49.902557][ T5348] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 49.912198][ T5348] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 49.916418][ T5348] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 49.921030][ T5348] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 50.005453][ T5357] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 50.011812][ T5357] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 50.024428][ T5357] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 50.030976][ T5357] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 50.044342][ T5352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.076168][ T5352] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.103303][ T99] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.105398][ T99] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.127660][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.130284][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.138915][ T5356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.184292][ T5356] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.212493][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.232131][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.234075][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.237488][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.239461][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.262464][ T5348] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.292437][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.294286][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.308809][ T5357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.325744][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.328093][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.371760][ T5357] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.385527][ T5348] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.388181][ T5348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.411482][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.413377][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.416359][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.418211][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.446395][ T5357] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.492392][ T5352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.525870][ T5352] veth0_vlan: entered promiscuous mode [ 50.534647][ T5352] veth1_vlan: entered promiscuous mode [ 50.558098][ T5352] veth0_macvtap: entered promiscuous mode [ 50.564199][ T5352] veth1_macvtap: entered promiscuous mode [ 50.582379][ T5352] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.594230][ T5356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.602833][ T5352] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.606737][ T5357] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.618970][ T5352] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.622318][ T5352] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.624627][ T5352] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.626899][ T5352] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.657046][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.689315][ T5356] veth0_vlan: entered promiscuous mode [ 50.707449][ T5356] veth1_vlan: entered promiscuous mode [ 50.727920][ T5357] veth0_vlan: entered promiscuous mode [ 50.750617][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.751817][ T5357] veth1_vlan: entered promiscuous mode [ 50.753402][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.784971][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.786991][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.808304][ T5348] veth0_vlan: entered promiscuous mode [ 50.818586][ T5356] veth0_macvtap: entered promiscuous mode [ 50.828380][ T5356] veth1_macvtap: entered promiscuous mode [ 50.835138][ T5348] veth1_vlan: entered promiscuous mode [ 50.849253][ T5357] veth0_macvtap: entered promiscuous mode [ 50.868260][ T5357] veth1_macvtap: entered promiscuous mode [ 50.878335][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.882639][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.887028][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.895115][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.898624][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.904839][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.922405][ T5356] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.925567][ T5356] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.929034][ T5356] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.934913][ T5356] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.957560][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.960669][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.963141][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.965835][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.969639][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.974435][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.977918][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.981692][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.984426][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.987913][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.991531][ T5348] veth0_macvtap: entered promiscuous mode [ 51.012855][ T5357] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.018301][ T5357] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.022488][ T5357] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.025691][ T5357] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.032426][ T5348] veth1_macvtap: entered promiscuous mode [ 51.102294][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.105314][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.107870][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.111093][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.113645][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 51.116353][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.120271][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.123519][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.126641][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.143799][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.147196][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.150373][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.153108][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.155776][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 51.158672][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 51.164198][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.177658][ T5348] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.180348][ T5348] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.182665][ T5348] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.184974][ T5348] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.195156][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.197837][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.222558][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.225709][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.290790][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.293617][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.306576][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.308604][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.334080][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.336170][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.347872][ T5419] netlink: 'syz.2.3': attribute type 10 has an invalid length. [ 51.352168][ T5419] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3'. [ 51.354981][ T5419] bridge0: port 3(macvlan1) entered blocking state [ 51.356940][ T5419] bridge0: port 3(macvlan1) entered disabled state [ 51.360840][ T5419] macvlan1: entered allmulticast mode [ 51.363495][ T5419] veth1_vlan: entered allmulticast mode [ 51.366337][ T5419] macvlan1: entered promiscuous mode [ 51.369169][ T5419] bridge0: port 3(macvlan1) entered blocking state [ 51.371373][ T5419] bridge0: port 3(macvlan1) entered forwarding state [ 51.461414][ T39] audit: type=1326 audit(1726660574.310:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 51.466996][ T39] audit: type=1326 audit(1726660574.310:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 51.472779][ T39] audit: type=1326 audit(1726660574.310:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=266 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 51.493356][ T39] audit: type=1326 audit(1726660574.310:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.3.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000 [ 51.508779][ T5431] syz.3.9[5431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.508948][ T5431] syz.3.9[5431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.559724][ T5358] Bluetooth: hci1: command tx timeout [ 51.564501][ T5358] Bluetooth: hci2: command tx timeout [ 51.564637][ T5433] netlink: 'syz.3.10': attribute type 4 has an invalid length. [ 51.585837][ T5433] netlink: 'syz.3.10': attribute type 4 has an invalid length. [ 51.639859][ T5355] Bluetooth: hci0: command tx timeout [ 51.640535][ T5358] Bluetooth: hci3: command tx timeout [ 51.661932][ T5435] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11'. [ 51.742501][ T5439] netlink: 64 bytes leftover after parsing attributes in process `syz.3.13'. [ 51.745665][ T5439] netlink: 60 bytes leftover after parsing attributes in process `syz.3.13'. [ 51.748906][ T5439] unsupported nlmsg_type 40 [ 51.846535][ T39] audit: type=1326 audit(1726660574.690:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5442 comm="syz.3.15" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf743e579 code=0x0 [ 52.064251][ T39] audit: type=1107 audit(1726660574.910:7): pid=5447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 52.070340][ T5448] capability: warning: `syz.0.17' uses 32-bit capabilities (legacy support in use) [ 52.255392][ T5462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23'. [ 52.426888][ T39] audit: type=1326 audit(1726660575.270:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.1.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 52.447770][ T39] audit: type=1326 audit(1726660575.270:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.1.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 52.464952][ T39] audit: type=1326 audit(1726660575.270:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.1.28" exe="/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 52.474647][ T39] audit: type=1326 audit(1726660575.270:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.1.28" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 52.579614][ T5480] sch_tbf: burst 1 is lower than device lo mtu (65550) ! [ 52.687273][ T5488] netlink: 28 bytes leftover after parsing attributes in process `syz.2.34'. [ 52.764988][ T5499] netlink: 12 bytes leftover after parsing attributes in process `syz.0.36'. [ 52.886863][ T5515] netlink: 'syz.3.46': attribute type 3 has an invalid length. [ 53.025737][ T5527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.51'. [ 53.240394][ T981] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 53.440908][ T981] usb 8-1: Using ep0 maxpacket: 8 [ 53.444419][ T981] usb 8-1: config 0 has an invalid interface number: 156 but max is 0 [ 53.446819][ T981] usb 8-1: config 0 has no interface number 0 [ 53.451927][ T981] usb 8-1: New USB device found, idVendor=1b3d, idProduct=016d, bcdDevice=94.93 [ 53.455351][ T981] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.457924][ T981] usb 8-1: Product: syz [ 53.457936][ T981] usb 8-1: Manufacturer: syz [ 53.460855][ T981] usb 8-1: SerialNumber: syz [ 53.467303][ T981] usb 8-1: config 0 descriptor?? [ 53.474796][ T981] ftdi_sio 8-1:0.156: FTDI USB Serial Device converter detected [ 53.484828][ T981] ftdi_sio ttyUSB0: unknown device type: 0x9493 [ 53.641591][ T5358] Bluetooth: hci2: command tx timeout [ 53.641613][ T5355] Bluetooth: hci1: command tx timeout [ 53.679192][ T5524] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.721294][ T5355] Bluetooth: hci3: command tx timeout [ 53.721312][ T5358] Bluetooth: hci0: command tx timeout [ 53.978229][ T1411] usb 8-1: USB disconnect, device number 2 [ 53.981207][ T1411] ftdi_sio 8-1:0.156: device disconnected [ 54.644191][ T5617] 9pnet: Could not find request transport: 0xffffffffffffffff [ 54.717817][ T5628] netlink: 28 bytes leftover after parsing attributes in process `syz.3.78'. [ 54.722440][ T5628] netlink: 28 bytes leftover after parsing attributes in process `syz.3.78'. [ 54.948155][ T5641] Zero length message leads to an empty skb [ 55.708511][ T5658] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 55.720798][ T5358] Bluetooth: hci1: command tx timeout [ 55.729501][ T5358] Bluetooth: hci2: command tx timeout [ 55.803404][ T5358] Bluetooth: hci3: command tx timeout [ 55.809531][ T5358] Bluetooth: hci0: command tx timeout [ 56.023418][ T5684] netlink: 'syz.3.104': attribute type 4 has an invalid length. [ 56.033279][ T5684] netlink: 'syz.3.104': attribute type 4 has an invalid length. [ 56.154714][ T5699] Driver unsupported XDP return value 0 on prog (id 73) dev N/A, expect packet loss! [ 56.321180][ T5721] hsr_slave_0: left promiscuous mode [ 56.323588][ T5721] hsr_slave_1: left promiscuous mode [ 56.471445][ T39] kauditd_printk_skb: 151 callbacks suppressed [ 56.471456][ T39] audit: type=1326 audit(1726660579.320:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.478763][ T39] audit: type=1326 audit(1726660579.320:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.484290][ T39] audit: type=1326 audit(1726660579.320:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.496787][ T39] audit: type=1326 audit(1726660579.320:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.507672][ T39] audit: type=1326 audit(1726660579.320:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=24 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.514126][ T39] audit: type=1326 audit(1726660579.320:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.519340][ T39] audit: type=1326 audit(1726660579.320:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5728 comm="+}[@" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 56.528803][ T39] audit: type=1326 audit(1726660579.320:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5729 comm="syz.1.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 56.534244][ T39] audit: type=1326 audit(1726660579.320:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5729 comm="syz.1.126" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 56.539860][ T39] audit: type=1326 audit(1726660579.320:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5729 comm="syz.1.126" exe="/syz-executor" sig=0 arch=40000003 syscall=398 compat=1 ip=0xf7ff5579 code=0x7ffc0000 [ 57.237939][ T5748] IPv6: NLM_F_CREATE should be specified when creating new route [ 57.336054][ T5758] __nla_validate_parse: 6 callbacks suppressed [ 57.336069][ T5758] netlink: 104 bytes leftover after parsing attributes in process `+}[@'. [ 57.417235][ T5764] process 'syz.1.142' launched './file0' with NULL argv: empty string added [ 57.611440][ T5788] netlink: 'syz.3.154': attribute type 1 has an invalid length. [ 57.614140][ T5788] netlink: 'syz.3.154': attribute type 4 has an invalid length. [ 57.616702][ T5788] netlink: 15334 bytes leftover after parsing attributes in process `syz.3.154'. [ 57.810710][ T5812] program syz.3.167 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.821561][ T5815] syz.1.166 uses obsolete (PF_INET,SOCK_PACKET) [ 58.036805][ T5840] syz.1.176[5840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.036893][ T5840] syz.1.176[5840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.099601][ T5846] netlink: 44 bytes leftover after parsing attributes in process `syz.1.177'. [ 58.156978][ T5848] syz.2.178[5848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.157119][ T5848] syz.2.178[5848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.245633][ T5858] netlink: 24 bytes leftover after parsing attributes in process `syz.1.181'. [ 58.465248][ T5865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.185'. [ 58.599612][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 58.631099][ T5869] netlink: 4 bytes leftover after parsing attributes in process `syz.3.186'. [ 58.818003][ T5870] ieee802154 phy0 wpan0: encryption failed: -22 [ 58.839239][ T5870] netlink: 'syz.1.184': attribute type 2 has an invalid length. [ 59.342465][ T5876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.189'. [ 59.448348][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.190'. [ 59.630018][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 59.684113][ T5892] bridge0: port 3(macvlan1) entered disabled state [ 59.689895][ T5892] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.693024][ T5892] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.707513][ T5892] bridge0: entered allmulticast mode [ 59.729046][ T5894] bridge0: port 3(macvlan1) entered blocking state [ 59.731246][ T5894] bridge0: port 3(macvlan1) entered forwarding state [ 59.733219][ T5894] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.735078][ T5894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.737100][ T5894] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.738982][ T5894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.741854][ T5894] bridge0: entered promiscuous mode [ 60.378065][ T5905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.200'. [ 60.424841][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.427457][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.928800][ T5923] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 60.933035][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.936121][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.941115][ T5923] bridge0: entered allmulticast mode [ 61.024485][ T5926] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.169543][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.172329][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.229605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.409563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.559555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.649637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.689536][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.720094][ T5358] Bluetooth: hci3: command tx timeout [ 61.739618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.960025][ T5939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.213'. [ 62.151660][ T5943] nvme_fabrics: missing parameter 'transport=%s' [ 62.153727][ T5943] nvme_fabrics: missing parameter 'nqn=%s' [ 62.586158][ T5963] sp0: Synchronizing with TNC [ 62.668423][ T5963] input input5: cannot allocate more than FF_MAX_EFFECTS effects [ 62.916499][ T5975] ucma_write: process 118 (syz.2.222) changed security contexts after opening file descriptor, this is not allowed. [ 63.260403][ T5984] netlink: 164 bytes leftover after parsing attributes in process `syz.2.226'. [ 63.409563][ T5358] Bluetooth: hci1: command tx timeout [ 63.546702][ T39] kauditd_printk_skb: 34 callbacks suppressed [ 63.546717][ T39] audit: type=1400 audit(1726660586.390:207): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616 [ 64.243340][ T6007] can0: slcan on pts0. [ 64.348404][ T6009] netlink: 14 bytes leftover after parsing attributes in process `syz.1.233'. [ 64.382003][ T6007] can0 (unregistered): slcan off pts0. [ 64.836980][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.839203][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.845365][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.847911][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.850931][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.853526][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.855830][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.857737][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.860276][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.862196][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.864154][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.866312][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.868192][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.870650][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.872631][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.874546][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.876489][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.878495][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.880954][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.882887][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.884859][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.886842][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.888709][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.890808][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.892781][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.894728][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.896667][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.898620][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.900799][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.902743][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.904577][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.906519][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.908474][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.910926][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.913103][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.915100][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.917057][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.919063][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.921701][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.923778][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.925741][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.927704][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.930724][ T5649] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 64.939667][ T5649] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz0] on syz0 [ 65.124937][ T6066] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 65.163927][ T6066] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 65.319636][ T5358] Bluetooth: hci3: command tx timeout [ 66.136895][ T6090] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 66.141299][ T6090] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 66.541418][ T6106] nvme_fabrics: missing parameter 'transport=%s' [ 66.543934][ T6106] nvme_fabrics: missing parameter 'nqn=%s' [ 67.000976][ T6122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'. [ 67.551659][ T6142] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 67.799536][ T5649] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 68.014865][ T5649] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 68.029522][ T5649] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.036366][ T5649] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 68.047034][ T5649] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 68.054264][ T5649] usb 5-1: Manufacturer: syz [ 68.064932][ T5649] usb 5-1: config 0 descriptor?? [ 68.209497][ T5649] rc_core: IR keymap rc-hauppauge not found [ 68.211716][ T5649] Registered IR keymap rc-empty [ 68.235809][ T5649] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 68.255594][ T5649] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input6 [ 68.872601][ T6170] capability: warning: `syz.2.274' uses deprecated v2 capabilities in a way that may be insecure [ 69.409574][ T5358] Bluetooth: hci3: command tx timeout [ 70.101140][ T35] usb 5-1: USB disconnect, device number 2 [ 70.621337][ T6202] nvme_fabrics: missing parameter 'transport=%s' [ 70.623006][ T6202] nvme_fabrics: missing parameter 'nqn=%s' [ 70.923383][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.925094][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.069434][ T5649] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 71.269464][ T5649] usb 8-1: Using ep0 maxpacket: 32 [ 71.280779][ T5649] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 71.285798][ T5649] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 71.288152][ T5649] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 71.300698][ T5649] usb 8-1: Product: syz [ 71.301820][ T5649] usb 8-1: Manufacturer: syz [ 71.303029][ T5649] usb 8-1: SerialNumber: syz [ 71.313618][ T5649] usb 8-1: config 0 descriptor?? [ 71.320959][ T6207] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 71.570149][ T5358] Bluetooth: hci3: command tx timeout [ 71.711545][ T6224] syzkaller1: entered promiscuous mode [ 71.713479][ T6224] syzkaller1: entered allmulticast mode [ 71.780546][ T5649] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 71.969471][ T5649] usb 6-1: Using ep0 maxpacket: 8 [ 71.973874][ T5649] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 71.976204][ T5649] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 71.978886][ T5649] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 71.988077][ T5649] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 71.991051][ T5649] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 71.995013][ T5649] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 71.997572][ T5649] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.227117][ T5649] usb 6-1: usb_control_msg returned -32 [ 72.228641][ T5649] usbtmc 6-1:16.0: can't read capabilities [ 73.761897][ T5393] usb 8-1: USB disconnect, device number 3 [ 73.929056][ T39] audit: type=1326 audit(1726660596.770:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 73.937895][ T39] audit: type=1326 audit(1726660596.770:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 73.944358][ T39] audit: type=1326 audit(1726660596.790:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 73.951787][ T39] audit: type=1326 audit(1726660596.790:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 73.957973][ T6267] fuse: Unknown parameter 'dont_appraise' [ 73.958099][ T39] audit: type=1326 audit(1726660596.790:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 73.976906][ T39] audit: type=1326 audit(1726660596.790:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 73.987961][ T39] audit: type=1326 audit(1726660596.790:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 74.002653][ T39] audit: type=1326 audit(1726660596.790:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 74.012926][ T39] audit: type=1326 audit(1726660596.790:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 74.020961][ T39] audit: type=1326 audit(1726660596.790:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6265 comm="syz.2.302" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 74.524183][ T35] usb 6-1: USB disconnect, device number 2 [ 75.068732][ T6309] netlink: 104 bytes leftover after parsing attributes in process `syz.3.313'. [ 75.071430][ T6309] netlink: 104 bytes leftover after parsing attributes in process `syz.3.313'. [ 75.139353][ T6314] FAULT_INJECTION: forcing a failure. [ 75.139353][ T6314] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 75.144165][ T6314] CPU: 0 UID: 0 PID: 6314 Comm: syz.3.316 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 75.146827][ T6314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.150023][ T6314] Call Trace: [ 75.151461][ T6314] [ 75.152645][ T6314] dump_stack_lvl+0x16c/0x1f0 [ 75.154029][ T6314] should_fail_ex+0x497/0x5b0 [ 75.155303][ T6314] _copy_from_user+0x30/0xf0 [ 75.156536][ T6314] get_compat_msghdr+0xa8/0x170 [ 75.157824][ T6314] ? __pfx_get_compat_msghdr+0x10/0x10 [ 75.159355][ T6314] ? __pfx___lock_acquire+0x10/0x10 [ 75.160767][ T6314] ___sys_sendmsg+0x1b0/0x1e0 [ 75.162006][ T6314] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.163379][ T6314] ? find_held_lock+0x2d/0x110 [ 75.164641][ T6314] ? ksys_write+0x21c/0x260 [ 75.165845][ T6314] ? __fget_light+0x173/0x210 [ 75.167085][ T6314] __sys_sendmsg+0x117/0x1f0 [ 75.168322][ T6314] ? __pfx___sys_sendmsg+0x10/0x10 [ 75.169702][ T6314] __do_fast_syscall_32+0x73/0x120 [ 75.171065][ T6314] do_fast_syscall_32+0x32/0x80 [ 75.172355][ T6314] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 75.173992][ T6314] RIP: 0023:0xf743e579 [ 75.175057][ T6314] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 75.180021][ T6314] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 75.182171][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200 [ 75.184224][ T6314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.186276][ T6314] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 75.188321][ T6314] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 75.190352][ T6314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 75.192406][ T6314] [ 75.193723][ T5358] Bluetooth: hci2: command tx timeout [ 75.424711][ T6323] autofs: Bad value for 'fd' [ 75.452680][ T6327] xt_connbytes: Forcing CT accounting to be enabled [ 75.454684][ T6327] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 76.051889][ T25] cfg80211: failed to load regulatory.db [ 76.169584][ T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 76.372344][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 76.378182][ T8] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 76.382964][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 76.390912][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 76.396989][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 76.404230][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 76.407750][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 76.410300][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.626622][ T8] usb 5-1: usb_control_msg returned -32 [ 76.628158][ T8] usbtmc 5-1:16.0: can't read capabilities [ 76.662308][ T8] usb 5-1: USB disconnect, device number 3 [ 77.086158][ T6369] netlink: 'syz.1.330': attribute type 1 has an invalid length. [ 77.088290][ T6369] netlink: 224 bytes leftover after parsing attributes in process `syz.1.330'. [ 77.847388][ T6394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.335'. [ 77.867537][ T6393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.335'. [ 78.490631][ T6400] netlink: 'syz.1.338': attribute type 10 has an invalid length. [ 78.562065][ T6400] bridge0: port 3(team0) entered blocking state [ 78.572760][ T6400] bridge0: port 3(team0) entered disabled state [ 78.574560][ T6400] team0: entered allmulticast mode [ 78.575955][ T6400] team_slave_0: entered allmulticast mode [ 78.619879][ T6400] team_slave_1: entered allmulticast mode [ 78.623519][ T6400] team0: entered promiscuous mode [ 78.625401][ T6400] team_slave_0: entered promiscuous mode [ 78.627318][ T6400] team_slave_1: entered promiscuous mode [ 78.632461][ T6400] bridge0: port 3(team0) entered blocking state [ 78.634978][ T6400] bridge0: port 3(team0) entered forwarding state [ 78.889689][ T6471] netlink: 60 bytes leftover after parsing attributes in process `syz.2.341'. [ 80.255680][ T6506] nvme_fabrics: missing parameter 'transport=%s' [ 80.266450][ T6506] nvme_fabrics: missing parameter 'nqn=%s' [ 81.114622][ T39] kauditd_printk_skb: 24 callbacks suppressed [ 81.114633][ T39] audit: type=1326 audit(1726660603.960:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.3.357" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf743e579 code=0x0 [ 81.559450][ T5358] Bluetooth: hci0: command tx timeout [ 82.899589][ T5649] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 83.089541][ T5649] usb 7-1: Using ep0 maxpacket: 32 [ 83.094635][ T5649] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 83.096828][ T5649] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 83.100569][ T5649] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 83.104859][ T5649] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 83.113995][ T5649] usb 7-1: config 0 interface 0 has no altsetting 0 [ 83.122810][ T5649] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 83.125728][ T5649] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 83.128080][ T5649] usb 7-1: Product: syz [ 83.129222][ T5649] usb 7-1: Manufacturer: syz [ 83.133411][ T5649] usb 7-1: SerialNumber: syz [ 83.138106][ T5649] usb 7-1: config 0 descriptor?? [ 83.145403][ T5649] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 83.156742][ T5649] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 83.356370][ T5649] usb 7-1: USB disconnect, device number 2 [ 83.358585][ C3] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 83.363982][ T5649] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 83.479563][ T5358] Bluetooth: hci1: command tx timeout [ 83.578863][ T6578] netlink: 48 bytes leftover after parsing attributes in process `syz.2.371'. [ 83.585827][ T6578] ldusb: No device or device unplugged -19 [ 83.591451][ T6578] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.917246][ T6635] nvme_fabrics: missing parameter 'transport=%s' [ 84.918991][ T6635] nvme_fabrics: missing parameter 'nqn=%s' [ 85.471031][ T6649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 85.559578][ T5358] Bluetooth: hci1: command tx timeout [ 85.782066][ T6660] tipc: Enabling of bearer <dp:s> rejected, media not registered [ 86.251701][ T6668] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 86.265331][ T6668] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 86.332656][ T6677] netlink: 'syz.3.396': attribute type 4 has an invalid length. [ 86.335446][ T6668] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 86.337623][ T6668] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 86.410041][ T6668] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 86.412450][ T6668] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 86.449581][ T6677] netlink: 'syz.3.396': attribute type 4 has an invalid length. [ 86.460746][ T6668] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 86.462929][ T6668] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 87.838580][ T6714] syz.2.400 (6714) used greatest stack depth: 20864 bytes left [ 87.885502][ T6744] FAULT_INJECTION: forcing a failure. [ 87.885502][ T6744] name failslab, interval 1, probability 0, space 0, times 1 [ 87.907938][ T6744] CPU: 1 UID: 0 PID: 6744 Comm: syz.0.408 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 87.910629][ T6744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.913454][ T6744] Call Trace: [ 87.914342][ T6744] [ 87.915133][ T6744] dump_stack_lvl+0x16c/0x1f0 [ 87.916383][ T6744] should_fail_ex+0x497/0x5b0 [ 87.917630][ T6744] should_failslab+0xc2/0x120 [ 87.918874][ T6744] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 87.920298][ T6744] ? skb_clone+0x190/0x3f0 [ 87.921488][ T6744] skb_clone+0x190/0x3f0 [ 87.922621][ T6744] netlink_deliver_tap+0xb26/0xcf0 [ 87.923995][ T6744] netlink_dump+0xb2d/0xcc0 [ 87.925206][ T6744] ? __pfx_netlink_dump+0x10/0x10 [ 87.926545][ T6744] ? kasan_save_track+0x14/0x30 [ 87.927842][ T6744] ? __kasan_kmalloc+0xaa/0xb0 [ 87.929116][ T6744] ? genl_start+0x677/0x950 [ 87.930325][ T6744] __netlink_dump_start+0x6d9/0x980 [ 87.931717][ T6744] genl_family_rcv_msg_dumpit+0x1e1/0x2e0 [ 87.933213][ T6744] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 87.934860][ T6744] ? genl_op_from_small+0x25/0x440 [ 87.936220][ T6744] ? __pfx_genl_start+0x10/0x10 [ 87.937507][ T6744] ? __pfx_genl_dumpit+0x10/0x10 [ 87.938812][ T6744] ? __pfx_genl_done+0x10/0x10 [ 87.940090][ T6744] ? bpf_lsm_capable+0x9/0x10 [ 87.941341][ T6744] ? security_capable+0x7e/0x260 [ 87.942664][ T6744] ? ns_capable+0xd7/0x110 [ 87.943861][ T6744] genl_rcv_msg+0x470/0x800 [ 87.945070][ T6744] ? __pfx_genl_rcv_msg+0x10/0x10 [ 87.946387][ T6744] ? __pfx_batadv_tt_global_dump+0x10/0x10 [ 87.947926][ T6744] netlink_rcv_skb+0x165/0x410 [ 87.949191][ T6744] ? __pfx_genl_rcv_msg+0x10/0x10 [ 87.950524][ T6744] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 87.951937][ T6744] ? down_read+0xc9/0x330 [ 87.953078][ T6744] ? __pfx_down_read+0x10/0x10 [ 87.954337][ T6744] ? netlink_deliver_tap+0x1ae/0xcf0 [ 87.955753][ T6744] genl_rcv+0x28/0x40 [ 87.956818][ T6744] netlink_unicast+0x53c/0x7f0 [ 87.958083][ T6744] ? __pfx_netlink_unicast+0x10/0x10 [ 87.959480][ T6744] ? __phys_addr_symbol+0x30/0x80 [ 87.960800][ T6744] ? __check_object_size+0x4b0/0x720 [ 87.962187][ T6744] netlink_sendmsg+0x8b8/0xd70 [ 87.963465][ T6744] ? __pfx_netlink_sendmsg+0x10/0x10 [ 87.964852][ T6744] ____sys_sendmsg+0x9ae/0xb40 [ 87.966068][ T6744] ? __pfx_____sys_sendmsg+0x10/0x10 [ 87.967440][ T6744] ? get_compat_msghdr+0x11b/0x170 [ 87.968788][ T6744] ? __pfx___lock_acquire+0x10/0x10 [ 87.970157][ T6744] ___sys_sendmsg+0x135/0x1e0 [ 87.971412][ T6744] ? __pfx____sys_sendmsg+0x10/0x10 [ 87.972775][ T6744] ? find_held_lock+0x2d/0x110 [ 87.974042][ T6744] ? ksys_write+0x21c/0x260 [ 87.975265][ T6744] ? __fget_light+0x173/0x210 [ 87.976514][ T6744] __sys_sendmsg+0x117/0x1f0 [ 87.977744][ T6744] ? __pfx___sys_sendmsg+0x10/0x10 [ 87.979109][ T6744] __do_fast_syscall_32+0x73/0x120 [ 87.980435][ T6744] do_fast_syscall_32+0x32/0x80 [ 87.981710][ T6744] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 87.983365][ T6744] RIP: 0023:0xf741e579 [ 87.984437][ T6744] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 87.989463][ T6744] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 87.991624][ T6744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200 [ 87.993547][ T6744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 87.995411][ T6744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 87.997278][ T6744] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 87.999339][ T6744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.001394][ T6744] [ 88.242743][ T6746] xt_CT: You must specify a L4 protocol and not use inversions on it [ 88.294213][ T39] audit: type=1326 audit(1726660611.140:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6747 comm="syz.1.410" exe="/syz-executor" sig=9 arch=40000003 syscall=172 compat=1 ip=0xf7ff5579 code=0x0 [ 88.382578][ T6755] netlink: 40 bytes leftover after parsing attributes in process `syz.1.411'. [ 88.459870][ T6757] netlink: 'syz.0.409': attribute type 4 has an invalid length. [ 88.798803][ T6760] ERROR: device name not specified. [ 89.260895][ T6459] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.370595][ T6766] bridge_slave_0: left allmulticast mode [ 89.373193][ T6766] bridge_slave_0: left promiscuous mode [ 89.376049][ T6766] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.391471][ T6766] netlink: 'syz.0.413': attribute type 2 has an invalid length. [ 89.394225][ T6766] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.413'. [ 89.589307][ T6776] overlay: Unknown parameter 'rootcontext' [ 90.279716][ T39] audit: type=1326 audit(1726660613.120:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.291162][ T39] audit: type=1326 audit(1726660613.120:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.296684][ T39] audit: type=1326 audit(1726660613.130:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.302616][ T39] audit: type=1326 audit(1726660613.130:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.315145][ T39] audit: type=1326 audit(1726660613.130:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.325125][ T39] audit: type=1326 audit(1726660613.140:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.330694][ T39] audit: type=1326 audit(1726660613.140:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.339588][ T39] audit: type=1326 audit(1726660613.140:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.345786][ T39] audit: type=1326 audit(1726660613.140:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.0.424" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf741e579 code=0x7ffc0000 [ 90.639562][ T5390] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 90.819641][ T5390] usb 7-1: Using ep0 maxpacket: 8 [ 90.823446][ T5390] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 90.827081][ T5390] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 90.831138][ T5390] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 90.836309][ T5390] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 90.841061][ T5390] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 90.844133][ T5390] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.060015][ T5390] usb 7-1: GET_CAPABILITIES returned 0 [ 91.061567][ T5390] usbtmc 7-1:16.0: can't read capabilities [ 91.078523][ T5393] usb 7-1: USB disconnect, device number 3 [ 91.474227][ T6831] netlink: 'syz.1.434': attribute type 1 has an invalid length. [ 91.562136][ T6830] fuse: blksize only supported for fuseblk [ 91.765365][ T6837] input: syz0 as /devices/virtual/input/input12 [ 91.888293][ T6843] Invalid ELF section header overflow [ 91.904506][ T6843] warning: `syz.3.438' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 91.921678][ T6841] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 92.482273][ T6448] list_add corruption. next->prev should be prev (ffffe8ffac62f980), but was ffff8880223c7000. (next=ffff8880005f2400). [ 92.491846][ T6448] ------------[ cut here ]------------ [ 92.493846][ T6448] kernel BUG at lib/list_debug.c:29! [ 92.496195][ T6448] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 92.500021][ T6448] CPU: 0 UID: 0 PID: 6448 Comm: kworker/u32:15 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 92.504080][ T6448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.507762][ T6448] Workqueue: zswap1 compact_page_work [ 92.509605][ T6448] RIP: 0010:__list_add_valid_or_report+0xa9/0x100 [ 92.512258][ T6448] Code: 9e b0 8b e8 79 16 e4 fc 90 0f 0b 48 c7 c7 a0 9e b0 8b e8 6a 16 e4 fc 90 0f 0b 48 89 d9 48 c7 c7 00 9f b0 8b e8 58 16 e4 fc 90 <0f> 0b 48 89 f1 48 c7 c7 80 9f b0 8b 48 89 de e8 43 16 e4 fc 90 0f [ 92.519956][ T6448] RSP: 0000:ffffc90021cc7c00 EFLAGS: 00010282 [ 92.522291][ T6448] RAX: 0000000000000075 RBX: ffff8880005f2400 RCX: ffffffff816be279 [ 92.525204][ T6448] RDX: 0000000000000000 RSI: ffffffff816c7036 RDI: 0000000000000005 [ 92.528214][ T6448] RBP: ffff88802b313000 R08: 0000000000000005 R09: 0000000000000000 [ 92.531214][ T6448] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000 [ 92.534112][ T6448] R13: ffff88802b313008 R14: ffff88802b313000 R15: ffffea0000acc4c0 [ 92.537134][ T6448] FS: 0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000 [ 92.540404][ T6448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.542851][ T6448] CR2: 000000000c381b5e CR3: 00000000690a6000 CR4: 0000000000350ef0 [ 92.545728][ T6448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.548659][ T6448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.551595][ T6448] Call Trace: [ 92.552840][ T6448] [ 92.553941][ T6448] ? show_regs+0x8c/0xa0 [ 92.555546][ T6448] ? die+0x36/0xa0 [ 92.556933][ T6448] ? do_trap+0x232/0x430 [ 92.558485][ T6448] ? __list_add_valid_or_report+0xa9/0x100 [ 92.560637][ T6448] ? __list_add_valid_or_report+0xa9/0x100 [ 92.562784][ T6448] ? do_error_trap+0xf4/0x230 [ 92.564549][ T6448] ? __list_add_valid_or_report+0xa9/0x100 [ 92.566674][ T6448] ? handle_invalid_op+0x34/0x40 [ 92.568525][ T6448] ? __list_add_valid_or_report+0xa9/0x100 [ 92.570668][ T6448] ? exc_invalid_op+0x2e/0x50 [ 92.572406][ T6448] ? asm_exc_invalid_op+0x1a/0x20 [ 92.574260][ T6448] ? __wake_up_klogd.part.0+0x99/0xf0 [ 92.576132][ T6448] ? vprintk+0x86/0xa0 [ 92.577642][ T6448] ? __list_add_valid_or_report+0xa9/0x100 [ 92.579738][ T6448] do_compact_page+0x10b9/0x25d0 [ 92.581580][ T6448] process_one_work+0x958/0x1ad0 [ 92.583398][ T6448] ? __pfx_compact_page_work+0x10/0x10 [ 92.585406][ T6448] ? __pfx_process_one_work+0x10/0x10 [ 92.587400][ T6448] ? assign_work+0x1a0/0x250 [ 92.589136][ T6448] worker_thread+0x6c8/0xf00 [ 92.590857][ T6448] ? __pfx_worker_thread+0x10/0x10 [ 92.592741][ T6448] kthread+0x2c1/0x3a0 [ 92.594256][ T6448] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.596135][ T6448] ? __pfx_kthread+0x10/0x10 [ 92.597818][ T6448] ret_from_fork+0x45/0x80 [ 92.599478][ T6448] ? __pfx_kthread+0x10/0x10 [ 92.601191][ T6448] ret_from_fork_asm+0x1a/0x30 [ 92.602959][ T6448] [ 92.604129][ T6448] Modules linked in: [ 92.605784][ T6448] ---[ end trace 0000000000000000 ]--- [ 92.607839][ T6448] RIP: 0010:__list_add_valid_or_report+0xa9/0x100 [ 92.610281][ T6448] Code: 9e b0 8b e8 79 16 e4 fc 90 0f 0b 48 c7 c7 a0 9e b0 8b e8 6a 16 e4 fc 90 0f 0b 48 89 d9 48 c7 c7 00 9f b0 8b e8 58 16 e4 fc 90 <0f> 0b 48 89 f1 48 c7 c7 80 9f b0 8b 48 89 de e8 43 16 e4 fc 90 0f [ 92.615373][ T6854] netlink: 'syz.1.441': attribute type 9 has an invalid length. [ 92.617328][ T6448] RSP: 0000:ffffc90021cc7c00 EFLAGS: 00010282 [ 92.617352][ T6448] RAX: 0000000000000075 RBX: ffff8880005f2400 RCX: ffffffff816be279 [ 92.617363][ T6448] RDX: 0000000000000000 RSI: ffffffff816c7036 RDI: 0000000000000005 [ 92.627132][ T6854] netlink: 134712 bytes leftover after parsing attributes in process `syz.1.441'. [ 92.627407][ T6448] RBP: ffff88802b313000 R08: 0000000000000005 R09: 0000000000000000 [ 92.632896][ T6448] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000 [ 92.635827][ T6448] R13: ffff88802b313008 R14: ffff88802b313000 R15: ffffea0000acc4c0 [ 92.638734][ T6448] FS: 0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000 [ 92.642109][ T6448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.644631][ T6448] CR2: 000000000c381b5e CR3: 00000000690a6000 CR4: 0000000000350ef0 [ 92.647610][ T6448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.650645][ T6448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.653596][ T6448] Kernel panic - not syncing: Fatal exception [ 92.656356][ T6448] Kernel Offset: disabled [ 92.657969][ T6448] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:56:55 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fcd3b5 RDI=ffffffff9a5e9460 RBP=ffffffff9a5e9420 RSP=ffffc90021cc75e0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6e69203a73706f4f R12=0000000000000000 R13=0000000000000020 R14=ffffffff84fcd350 R15=0000000000000000 RIP=ffffffff84fcd3df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c381b5e CR3=00000000690a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000164a6b RBX=0000000000000001 RCX=ffffffff8b094f29 RDX=0000000000000000 RSI=ffffffff8b4cd360 RDI=ffffffff8bb09d80 RBP=ffffed10037e5910 RSP=ffffc90000477e08 R8 =0000000000000001 R9 =ffffed10056e6fd9 R10=ffff88802b737ecb R11=0000000000000000 R12=0000000000000001 R13=ffff88801bf2c880 R14=ffffffff901b3398 R15=0000000000000000 RIP=ffffffff8b09630f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000056088000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000e800000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffc90000540d00 RBX=ffffc900005405e8 RCX=ffffffff813ca599 RDX=0000000000000008 RSI=ffffc90000540d00 RDI=ffffc900005405e8 RBP=ffffc90000540d00 RSP=ffffc90000540520 R8 =0000000000000001 R9 =0000000000000004 R10=0000000000000002 R11=0000000000000200 R12=ffffc900005405f0 R13=ffffc90000540d08 R14=ffffffff9105e4ac R15=0000000000000002 RIP=ffffffff813c9bad RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f2511c8ed00 ffffffff 00c00000 GS =0000 ffff88802b800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f74b6108 CR3=000000004a766000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 6b20657479622d32 3320646e61707865 ZMM17=d7f03b1cafa901f0 650214dc26f5455d d7f03b1cafa901f0 650214dc26f5455d d7f03b1cafa901f0 650214dc26f5455d d7f03b1cafa901f0 650214dc26f5455d ZMM18=eaa41cb93507b167 56ba56d35c28dd48 eaa41cb93507b167 56ba56d35c28dd48 eaa41cb93507b167 56ba56d35c28dd48 eaa41cb93507b167 56ba56d35c28dd48 ZMM19=1e06000000000000 0000000000000204 1e06000000000000 0000000000000203 1e06000000000000 0000000000000202 1e06000000000000 0000000000000201 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=650214dc650214dc 650214dc650214dc 650214dc650214dc 650214dc650214dc 650214dc650214dc 650214dc650214dc 650214dc650214dc 650214dc650214dc ZMM22=afa901f0afa901f0 afa901f0afa901f0 afa901f0afa901f0 afa901f0afa901f0 afa901f0afa901f0 afa901f0afa901f0 afa901f0afa901f0 afa901f0afa901f0 ZMM23=d7f03b1cd7f03b1c d7f03b1cd7f03b1c d7f03b1cd7f03b1c d7f03b1cd7f03b1c d7f03b1cd7f03b1c d7f03b1cd7f03b1c d7f03b1cd7f03b1c d7f03b1cd7f03b1c ZMM24=5c28dd485c28dd48 5c28dd485c28dd48 5c28dd485c28dd48 5c28dd485c28dd48 5c28dd485c28dd48 5c28dd485c28dd48 5c28dd485c28dd48 5c28dd485c28dd48 ZMM25=56ba56d356ba56d3 56ba56d356ba56d3 56ba56d356ba56d3 56ba56d356ba56d3 56ba56d356ba56d3 56ba56d356ba56d3 56ba56d356ba56d3 56ba56d356ba56d3 ZMM26=3507b1673507b167 3507b1673507b167 3507b1673507b167 3507b1673507b167 3507b1673507b167 3507b1673507b167 3507b1673507b167 3507b1673507b167 ZMM27=eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 eaa41cb9eaa41cb9 ZMM28=00000200000001ff 000001fe000001fd 000001fc000001fb 000001fa000001f9 000001f8000001f7 000001f6000001f5 000001f4000001f3 000001f2000001f1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=1e0600001e060000 1e0600001e060000 1e0600001e060000 1e0600001e060000 1e0600001e060000 1e0600001e060000 1e0600001e060000 1e0600001e060000 info registers vcpu 3 CPU#3 RAX=ffff888022640d00 RBX=ffff888022640d00 RCX=ffffffff8afc6134 RDX=ffff88801eb8c880 RSI=ffffffff8afc5f39 RDI=0000000000000001 RBP=ffffc90000e1f618 RSP=ffffc90000e1f5f0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=ffff88802b928a40 R12=1ffff920001c3ebf R13=ffff888023914000 R14=0000000000000000 R15=ffffc90000e1f888 RIP=ffffffff818b24cc RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020ff7000 CR3=00000000627b6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000