last executing test programs: 4.570650322s ago: executing program 1 (id=428): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) (async, rerun: 32) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@userxattr}, {@index_off}, {@uuid_on}], [], 0x2c}) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net\x00') getdents64(r0, &(0x7f0000002080)=""/4108, 0x100c) getdents64(r0, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1672d7a6, 0x0, 0x0, 0x0, 0xff}, [@call={0x85, 0x0, 0x0, 0xe}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) (async, rerun: 64) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x81}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) (async, rerun: 64) sendmsg$unix(r5, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) (rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c7ffffc826a8", 0x0, 0x3a, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async) openat2(r0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000280)={0x591002, 0x8c, 0xc}, 0x18) 3.500921615s ago: executing program 0 (id=431): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0xe9503, 0x0) timer_create(0x0, 0x0, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00000000040000090000000000000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c300000638af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018240000", @ANYBLOB="0000000000000000b703"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r2, 0x0, 0x0}, 0x10) timer_settime(r1, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x77359400}}, &(0x7f0000000440)) r3 = epoll_create1(0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x1618c2, 0x63) write$P9_RLERRORu(r4, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40) write$P9_RSTATu(r4, &(0x7f00000003c0)={0xfffffd9a, 0x7d, 0xa, {{0x0, 0xa9, 0x3, 0x6, {0x0, 0x1, 0x5}, 0x100000, 0x8, 0x7, 0x2, 0x1, '\x00', 0x1, '\x00', 0x73, '\x17\xe0_|s/\xec\xcf\x1e|~\xf4*wIX\xbe[_\x12\xd4zZs\x85\xc4/\xa2?\xbc=\x82O\xc7\xf7\xf1\r\xd0\x06\x14\xbb\xf1\xbb\x99\xaa\xdb\xf1\xf0\xe3\xdf\x1c\x16{\"\f\x8c0\xd0I\xff\x02):9\xe7\xa6\x9e~\xa9\xa3\xf7\xaaW)o\x96\x1bm+\xcb\xf1\xbf\x0e\xaa\xd6|\"\xf73r+F\x10\xf2P\xcc\x1f\xd7\x7f\xfc\x0e,x\xe5\x10^\xff\xf9\x12\x00\x00\x00\x00\x00\x00', 0x1, '{'}, 0x4, 'GPL\x00'}}, 0xc2) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r4, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f00000004c0)) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000c00), r6) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r9 = dup2(r8, r8) write$vhost_msg_v2(r9, &(0x7f0000000200)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x2}}, 0x48) sendmsg$TIPC_NL_PEER_REMOVE(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000c40)={0x24, r7, 0x101, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bind$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x2, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x40) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0600000003000000400000000500000080000000", @ANYRES32=r10, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}\x00'/28], 0x50) sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="7c020000", @ANYRES16=r7, @ANYBLOB="00042cbd7000ffdbdf25030000003c000380080002000800000008000300090000000800020009000000080003000700000008000100080000000800020001800000080001001a000000500004800900010073797a310000000034000780080004000000020008000105070000000800040049b900000800020001000100080004000000000008000200000000000900010073797a31000000000c0007800800020001000000680005802c00028008000300010000000800040002000000080001000e000000080004000180000008000400f4000000080001007564700007000100696200001c000280080001000e000000080004000200000008000400000100000c0002800800020050890000d00002801c0003800800020008000000080001000300000008000100d6fd214a040004000c00038008000200090000000400040004000400040004000400040044000380080001000800000008000100810000000800020005000000080001000100010008000100060000000800010006000000080001000600000008000200050000004c0003800800010002000000080002000c000000080001000d000000080001000c00000008000200070000000800010008000000080002000100000008000200050000000800010000000000140001801000010069623a6d6163766c616e3000500005804c00028008000200000800000800030009000000080004007d0000000800030007000000080001001a0000000800040000000000080001001a00000008000300070000000800040004000000340007800c00030073000000000000000c000400000800000000000008000100fcffffff08000200030000000800020004000000"], 0x27c}, 0x1, 0x0, 0x0, 0x4004840}, 0x4000804) 3.419923287s ago: executing program 1 (id=433): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xd9, 0x0, 0x1, 0x4000}, 0x80, 0x0, 0x4, 0x2, 0x4, 0xf, 0x2, 0x0, 0x0, 0x0, {0x0, 0x0, 0x6, 0x0, 0xfffffffd}}}}]}, 0x78}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x4}, 0x8) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r5, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x4f, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x80000000}, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}], 0x38) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r5, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}], 0x10) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a04000000ffffffffe6ffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x2100208b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) recvmmsg$unix(r9, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0xa32, 0x60, 0x0) 1.960869118s ago: executing program 0 (id=437): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0) write$nci(r0, 0x0, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ffffff07000000400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x26004004}, 0x40) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a01010000000000f9ff000a0000090900020073797a31000000200900010073797a310000000014000380100000800c00018006000100582e000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4004850}, 0x40) close(0x3) r4 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x2902) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f00000002c0)={0x100, 0x401, 0x0, 'queue1\x00', 0x3}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc00c64b5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'md4\x00'}, 0x58) r5 = accept4$alg(r1, 0x0, 0x0, 0x0) sendmmsg$sock(r5, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780), 0x8}}], 0x1, 0x24048800) 1.93681749s ago: executing program 0 (id=438): socket(0x39, 0x2, 0x3a) rseq(0x0, 0x0, 0x1, 0x0) msgget$private(0x0, 0x3ac) setrlimit(0x0, &(0x7f0000000000)={0x0, 0xfffffffffffffffd}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000840), 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r0) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00#\f!\x00'}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$kcm(0x10, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001040000000000000000beb126a300400000", @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001c001a8018000a8014000700200100000000000000000000000000001400350077673100"/56], 0x50}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00020000000000400000000000000000000800"], 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x100) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f00000000c0), 0x2, 0x0) write$cgroup_type(r6, &(0x7f0000000080), 0x9) 1.50077666s ago: executing program 1 (id=439): unshare(0x22020600) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @device_b}, 0x0, @random=0x6, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="414c5450434d20274c696e652043617074757265272030303030303030303030303030303030303030300a4c494e45320a4449474954414c330a535045414b4552202753796e7468272030303030303030303030433030303030617374657220506c61796261636b272030303030303030301a30303030303030303030300a4c494e45330a4c494e453120274d617374657220506061796261636b20d178d153424e47c2ab736a69746368"], 0xf7) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r5, r4, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f00000022c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000040}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) 1.407751744s ago: executing program 1 (id=440): socket(0x39, 0x2, 0x3a) rseq(0x0, 0x0, 0x1, 0x0) msgget$private(0x0, 0x3ac) setrlimit(0x0, &(0x7f0000000000)={0x0, 0xfffffffffffffffd}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000840), 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) close(r0) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00#\f!\x00'}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$kcm(0x10, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001040000000000000000beb126a300400000", @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001c001a8018000a8014000700200100000000000000000000000000001400350077673100"/56], 0x50}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00020000000000400000000000000000000800"], 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x100) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f00000000c0), 0x2, 0x0) write$cgroup_type(r6, &(0x7f0000000080), 0x9) 1.407261263s ago: executing program 2 (id=441): syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) socket(0x10, 0x3, 0x0) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4) sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, r5, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902) 1.290482097s ago: executing program 2 (id=442): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDMKTONE(r1, 0x4b30, 0x7) syz_clone3(&(0x7f00000005c0)={0x3c947200, 0x0, 0x0, &(0x7f00000003c0), {}, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffe3a) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000180)={0x0, 0x1000, 0x9, 0x3, 0x18, "7678052565fa839af6e1ea549c8336b65ebce5"}) ioctl$VHOST_VDPA_GET_CONFIG_SIZE(r0, 0x8004af79, &(0x7f0000000040)) openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x521000, 0x1) r2 = openat2(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x201, 0x80, 0x20}, 0x18) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r2, 0x7a4, &(0x7f0000000100)={{@local, 0x1}, 0x9, 0x100000000000008, 0x2434, 0x3}) madvise(&(0x7f00006d3000/0x4000)=nil, 0x4000, 0x66) madvise(&(0x7f0000a9d000/0x2000)=nil, 0x2000, 0xb) 1.060748782s ago: executing program 2 (id=444): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') r1 = fcntl$getown(r0, 0x9) syz_open_procfs(r1, &(0x7f0000000040)='oom_score_adj\x00') mmap$binder(&(0x7f00005f0000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0xfffffffc) 1.042677565s ago: executing program 2 (id=445): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet(0x2, 0x2, 0x1) bind$inet(r1, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x9}, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) openat$kvm(0xffffffffffffff9c, 0x0, 0x2400, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x24, r3, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3c}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 934.271742ms ago: executing program 2 (id=447): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xf) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4800}, 0x20040094) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r4, 0x4030ae7b, &(0x7f0000000100)={0x7d3498b1, 0x62577da1d55d7c2f, 0x3, 0x2, 0x3}) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r1, 0x4068aea3, &(0x7f00000008c0)={0xc5, 0x0, r4}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0) open(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0xa) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000001c0)="9a3a4901230ae024cbddc15c9e729d2827ea828bc0cfc169ade8ba4f2502f78a072724bf2ae086c890bdd32d2e397f6280a9fe6226d29ad4d3", 0x39}, {&(0x7f0000000500)="9604228f0d376caa6d6af9d598811f47c194022d478561978cef765612837087b39f9a34072f366b3d6c1a10dff105d4beb2b0fe1e64d72e95eec8a4c95c8cde48007f86566b8d9adef05acc64b0b0bbae5e8f5f29644e897fcb9c9dc55fdec13a0feb5ac08aaa29063da45503072f30c37389aa36d93bed2292e234e1b2b0c83e7c448702b0e42527ce2f9fcb93520f7c9a8f0c8f163eecaab0cea044d315a5c46c93641c0050c827abe26d57a1d3e04dd6501d67bf8116b67d0703", 0xbc}, {&(0x7f0000000440)="d47cf5b5659eec9bd85ace22253d5b9e831b77b6b96f7e957a374890793c483f81c9b34b0468eb4dacacd7215d0bf96305f7d69f69ddaa5324b5c5baf8145c0edfb3425c197e909668f70bdf6a771fd49a83d4b09454606304be18f8c07023a4109a94506d2d8f94b91647e50492c0e1b179feafb3", 0x75}, {&(0x7f00000005c0)="d9daa1b6120d384120f29672bd56b7329da58ce8dc0048036fc6c206094e20fc227585abc33eefc01153876c0720e78f8a39d98a895d0554c36cbb8d49956612674830314ea07277ef111d9f81b9f77518a5603deea7c9a87bf0f49844186a90823cfac9f9bec11b86b773736f3d4e6fbf4bd7daf412fc8e6302043e1cc2bca5f0f9fe9ef496707353647c1f888757c4962d70dea09008fada9c036727bdca724a7d6f9bd47af3ddf6cc82e29a8794616079846b85ef5e160600c75b5d949536aa3af255bd82753a8e37203874a59c480481fab0b1583b0eae88e4837307e910768ded5fe755a70bc36c8a0d4bce9d61860e9f", 0xf3}, {&(0x7f00000006c0)="327f428238bc7858af1a5489d8b093ed4c0f07b47188b6dabd2e1dba606946cfe065705971f9f2665519586f4061bb626e049973e8521440bacb698c6e5b44455e3682a555b4b38d827e1b79b02f9c0dcd8d086206f09578cbd150d462411040a64736a2c11cbee591250b066e05064b34a7f17c6f7aeeafa5046f7397c72daa6e7ccae547d29dd38cd7ee8be874a053f0bec972ed5effa66ce5ac2d9e53", 0x9e}, {&(0x7f0000002900)="a137c6ed265562c345e72810a4bf5340d03857e18b6ad8a1f09a18ac0e6768cc035a905b8e72b0c5810b104825af590403db72942bfd336accccec73cacee47ab436775ee55e5d551c5fac5f56558764873da03327b2fe8288fd4f15ce108ba33e4a2260a3c16b44af139d42f42a263b22447dca641799cf9e18790cddb448f5ce3c2563a65cc72cab35bb8d505206dd53db66612ee2e4e375597ea2dec019b2b68a7782fdbe10644fabd8db3709886e247da674a4be8981852fcc67e96ed117f6c3e142213c95625fb4c25cee7f070611b988046ca5abf28b754e4982c639cc147e7275182ecb98ee4a064e4fa36eb48378c90facc879f51e5b051d6a80d051514ef384621610c71571d2a5a8b32a850036f365b9d42edd5eecf41573b5b255666ee04cd8dbea4865ff4c88fbbbc02df025a3d468242d95e2a6cd288452bbce04caccc02085cde2ea3c38ace86706dfb1b0ee3404d5575cf411f51dd2a9ba048410c5f7f8bee06f60298d570fa9ac8e0b6507edd3ed3fdae0848d901feaf6a81dbdcb122bc4901d3a2407d722e3b510512cd1ba9a5096b98268b830c8df892616c78102a93363de9427b1b9b18c49fe352a926193734bfec4360180e6fb75137c704c43d62bcd29bf48cdfee62cf009d36e1c915d75c56d13f3a10f6cf634788fc89445328a5f0c5bd1442faff220abc507e5c88f709e0cf9a9ad7453e917570697b983db1554e85062a06354ed26260604db76037e90c0f6b27ea032b016317595afbf3709a9911e6f2d9b5ca957737124547172e3e1584e6c4b8130ec3830a7dfd549d9d897c55c10503ba54e3702a0a19e58980e10b5578b90286ab1daf43eb0575b1ab103f5b0960dbbbe0a70a72ad972883ce0e6f113207dcd2848018d19753da9909336d5d843ea7d0cdbfe56493bc98ab718f8a6b3192fc80e8650441164b7fba8b5a8b6ecdbe33c7fca3c308748588a3623feb8fb116178f5aa0c369857fa3ab15b6ffa6c413855aab22e22bf46f8d2c2ed24a270a3ce81f26172d38754f529c327176dd565da7422efc8a4d6363d8ae3869fd5eeb7d185e57edc583bd4ac0b5d426497da171cca8ad225041ce9e846fdb298e1ef75b90e6d2039b728eafe991c64e3fc34066cb9af6296766cf2e49a6da03e7cd0a354bb9a249fa0bba871ee811152cdb620622dbbbc759f88509426016ea9d52527293038dc9436db2b3215102f498e62e2a5ac8171745fd6160a264b6327294cf05fa87889e975f1b3bc4aa6cd0b03e891b67070ad4e48801c04518e156018bf157b966574e2de07f92afe8f8d70549ac40e4c9ab74054c82129aef46696171616693a4c2976ca3bed4f455d2462d998809ff298e0a1b55456220c6575eb8c34904910788e673e73eb18b36c1284de24d95bff49d2eb99ea4fd5f8d3f68bf601fc179426af39c6d900c89e1d56d29d9a24b8516be0f4efd4ab21f0e288108e5623e41bb0b7c22fd88b0579a4737706f4e317c87b6354b246f07f43cca6c4f058064b9b68a183413b73d80100dd3f4a757a51c90f843cf6a75261f4c997663b1e19c1c681a8e29ba58d2c0a2a7fff6accd7a6c963e8f3c6ab71dbf14d1ad9daadd20f40082bc8191dd08906247e65d05ff8e2f215bee450e922bb5ce99d25166f4ba5a400164ed61cb75085184090660431d2ca0aa528e8872a36933663942a04e3b12bf923cb2a4dc25a20fdaaebdf6cfa85125cf3ede4c4b2a09b4ac4d01e0d56ec76e4b17a3d76cfcb64b837f753a169869916fcfda14b7eae7bac77d2e539975e62dfc10f328bffc11c0eceaffc9daefc77178d46cee6d24b51827ccf8f788fcddfd98276d15ec867c815e8a9c3640a2aed37dc073c1a436be4139956327b6d8b31455a7778fdbb32c8b32d0147ff3647ebdc78cb545ebff5262f41523ae34c98a7adff858dd329bcc361eedf86e614ea9d9f1bb1a90bf75530160de0198bbea39fa134d6b595d81cd6ab1623cb74d50578057dc28ebf0b18764c1cf1c1269dae8b5d6da17d49bccb92734b3d997cdd80954d2a014fcd61b461cff348a9dd543b7a04ffff89c8df1413fd99778adf0cc04c091bb8a0fbd1c72fce13df794fdca7d45adc10f13553c800b40ad94bb473cace54ecaaa53b055c3bb953fc059f3c21c6eddf1d26503fe54492c38e3b2085c0d42d1aaf5f77e82323f5a74e4fee358e9e2d6ce369db4b4837deb70c19a0f01d351e4d6d8e84cadaeca639c204c3addc1587212cdc35ed39f7da15966dc6a11dc5f71f5a40171b1205664d52ba986a173bdbb024ec44404747bc8664375694035bd7868a8b07789d34ca55d2f74e61773e50e60c30edd79d19206e142bb5f4605b2120907495835a426eadd0238388a37fb16a35b387a746912603facd88743ccafc3f22e463dfc6745bf99bdc401a7b8e3c7cc558eae57f045ed5fa6b05610e5a937552b26bb871826627ec41a71f502d002e0bc26b659b8b2443fecc4d1ff0ee1724567eefb58a19a571a3fb2a5346eda2bd84ced0a9e149af6b81b2d73b1432cbbcfa2172831aead911cbda589bb44d71b887ba497447ea921a50a71c7be793fcaed51a6f8d6602e6998ae45d502f93239e8c636e4946f31184c3775be369e66fadfbcf042504fc870651e63fd83720d3164aef6895e22fc9227f0abe9092cac38c16dcc72473dddd4d57e9536f40b21c73193601784faf1a5723277359bcb1b376a18f994125a5805855a56a94876a89236790abdc6f36ba39012fe2bab7d2c004a419ff1f4ff490ac91cef744379db9dcc608f84d7d66900ca2a6d3964b919b1c9650168e852138348a90432238b970b740c6887130770028b5ab4cbf969c49f2ef32601af0f8f9c6c1488819b1633955bdd25c704bd743a6c1715cdfb516e0ea6761230c24e549aef54991ec4f12cc4347da2d33d0240691b1c7ac1fca82605131d697f048a2c6a30b86fae47c9c9ed5f98a8e395cbbee913ec5e9ba8ce9e71fa42ca08f1034d22fab13b74127fbaafde81b55c5fa31163665c9ce62fc2dc821653825f7330f9bac8b5a5606c87081d0a6b7cce459912a4adcdcb32e5be7ebdf77dce4de8ed6d147345815ad5097c64ae46730b6061dc5db996dc07c99eeb8dbdd00fbc2184ae7de25456f2a027459243cfbad027a267a1b379946947901f28bd4146a708bcd4d9c3d907e70b06c00af484b4577b466fee0e3ec4efa7d59d9002cd649e3b39f24d04c3933f03f48067fa577d9a6ac17fcf39349bcc4e3aea35b3920b222e4a7d0de82028cd76df292a5425247a21082bb4319fbaaa046e2871ef6b3939fb5364bf2d359e7fc4dcbb06c139d3c327c6de6c56f59a5ebd293c0f454e9401852012d928c681930a82ea66bee74d581d9bfa053e1834fcc73f3b8a51e5b9f6fb0d342e210be6582b06ee54fdcafac6de1c629eb54a7d63d99c41e57eb164433e7402bb52f3a2ce3c27f867842e5252ad19f5b94be8f3c7e94bf44c219e98d34b28d2417c1d845f79c6d0502cb4695ddf1e16c66e8e4d601f4c6007000031f20e05874d2048b09874796750cc2d58db91fa62470c4b1ea3b2164e2a13fe18d6a1c35be54864d80d664077c4191d7b2b8196dd825ff2ef3ebc3ff4dab98a597289b3dc38ec28b8df4619d8b6964326d2f8975b473855698d869090e28f659e1ccc449b745d35d1de25ab699c8e47f24c316b55e019d20197e9896bda09e73b82c2b7633a70df872574e0be87ec6b0598cef96a7ef04e848cf4688180ecd1180fa67226e959c73709ede4036007f4c8e6f93b665f4aabcde2f00000000000004010fa86935724e8b52da379918e1794fa0efd5d1697b18f4b8cca99f2aa4e275365ea3cf06a776d064793ebd2ddd6fae8766c9c489e0903b4224648f6a3af03dc9ed8d8ef7c13feb9e727696a627cde878b20aa350aeb8b9656f3375ede8a6b41b90f0ed58c9d95f3bd2e8aec7096f989387e21158c146c91ac51ce25a418c9acb02004cfe6b6f59f65f1c2489a646a7114f1558fb28082007f554285f7ecfa2f9fcd611f20403c6494469b957743cd09532c3299b3222579b3b34b7c59e2e62d8633a86aa3ad11058c79f166317781a6444286ac7f0c9bc5606f167229f78d33e33c0752af190c0b5c1d92e5b6114b4907c226688904714b680665f2db312eb44a5dfa8384d91b92bfbb67dd3b462a61c62f56dd88e18395ee59b2cee012292a2a11c685ed295499ce673148e9e7a644ef5fef7b18af642445732e3db887cdf5e5ba9acd4484513ebb00ab36b1ae65d1f8f1778e29f977d856391cd82bd6b00cfb9dec0d28ada9c7ce4f5abb8d20ed185bbec84ace80557f3fb16aac8b096a44b21acf9d231073e6687ca1faea1d76a8cad6f6735e341714ebc608d258cc566886ac3e85d87318f689d6b60eb350b89c19f2147d5a3ee3ee8ad270bf83902a6edcbf118afe8b2f9bca2b875499d51e77c463c5f85d92ebcd358144aaf08aea1b5a108b62c537ebd1ef3925bcc540ca85cb3e834fa808a682abed00225b542e179d9346839e5ad2a6e6d1a2f44acd7d601f903e04658671052c2b8561c476d8ed192959c7bd0016f886ace19f29f5aae8239490b6c471a648f25ff82e2a01f74cc7064949424fa9521858e32632816eb7215c09e5691267518fc7021d9dfbadb6dc7f94ceb302be957bdfda9affb0c0cefa58a473bea7e936925841f509b484430298bf22c23b969d132b84488375e1e0b14e536da636c4a63cb1735599edea057193b672974cee0e3c45307b4f2743e19930d1396164196ff9b12584991ea271ab28d7a10af032911d15bee1568d1952ecfdc4ad9f6b2cdbed98512b6d5371dea7d923acbf532241cef7c9df1f5b0c0f0cbfa04de347385b3731cf2d99bf606a533c5da38fe47d3ad947728766186d8143c03cf9b5c3d4866a225e0cd720eaf393c80ad1b1868bfd7f1d81b6e9462d2d3f9fc5d8d458d587679d1f1b86b7299e242ae73fdfd07cf2668545ae4f654b0f1efd7ec25db38b01588e4bbe575135a9152bef8ece84b5271cf7a43d63c85d63d6335d1db036a89cff2e9ebaad18eafae0c0de91ad1341b79dd3a12becbff963a2f203c7c2366fec1031693cc0516bd79b5c0ba7e207658fa6d7f834f40fcfe306f911d06c0f153437491d5c420f344f8f753df9d71b2bd7bf447ca2b57626fe306373a621606f724287c249eab0d1cb7dac9af7be134195588f833b38e3fc3ca59e4c81d0d6680e07c7ca129b75c382ab4b4588b10c4dc221ed40727e425b8a6c67a9b7e273c2f81d49f6f61780873a30654b3b84d56faeb1e176e7d1f598bf6759c058649d43b17eb3c88241d361873dbb029b00b03ac4c08d49e45c514cf4cca76a8f38766318ef76a791026d8cd8a255711d2d205a71e30b72867bd4b15549433045053f99d142925968b43cb5769d300b1a2dd72f3f39e0bdc8a058010e9f7187a303436c340785f1cb2dd40cb079fc3b46077b887834f3679bce3f189d23953174ca5958f556a8f5962091c6ac629bc7d4e31aa4910411e40d1d12ce3e9823f8fca1c051be300149865739c92996ef8635d1c80d729dd6c045bfdc918319d10a312e82c98e46cbe52d2922e97dc06c00d3ceced4a44338331949ef675cb37c84b6ecda6c47735761d99120c3f6a33408b4a81504e01ddc2b4d8320e364380502ea96a1a14d37031ce44b43c430888b067fbb96df12b94892e7dd4dd26e46edf1f2511e46488e790ef573f8863078c4ad49df704a42143a21d646f323c308c56bc30de1bbbae57823b4c2ecc4de253866f1e9c4d74fb7cb80a76c9bc2b3b9bc6a4233f86aa3d77bb6c5c31900f8411ad50192ee0e86ae245cece863aa013115a1356e148a12da67050f94863a14d5400"/4195, 0x1063}, {&(0x7f0000000280)="90b72069ecad393ccbb90311a5aea6235b13c54d40491e96ffec1f07f4f26d101b6b4944", 0x24}, {&(0x7f0000000780)="766d8552d4424e1cb912d08fed45942aed159e5066308df73036e96cc58fc447fd9f6252976a167738045d2c94d34313078d31bade8be8909927ce10680b1beed03d82db90313f0097f7065fcfae6595e8e05acefcfb9880b9ba793bf92cc9125f80dbf0f76b5960fe387ef91e12d263650ad7c1baaa7587c31b42db4071380971bb43cdf1578ec38941260564ef0d92cf915f076e24c6ce2e3f31", 0x9b}, {&(0x7f0000000340)="475187e2ee6d1e1765", 0x9}], 0x9) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x0, 0x40000000}) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) close(0xffffffffffffffff) r8 = syz_io_uring_setup(0xe8d, &(0x7f0000000940)={0x0, 0x59c3, 0x800, 0xfff, 0x5cc, 0x0, r5}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x119, &(0x7f0000000140)=0x816, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}) io_uring_enter(r8, 0x769, 0x4, 0x0, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000240)) openat$hpet(0xffffffffffffff9c, 0x0, 0x80080, 0x0) 925.69967ms ago: executing program 0 (id=448): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000040)={0x7fffffff, 0x1000, {r2}, {0xffffffffffffffff}, 0x4, 0x453}) prctl$PR_SCHED_CORE(0x3e, 0x3, r3, 0x0, 0x0) syz_open_dev$cec(0x0, 0x0, 0x416400) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8004, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r5 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='gid', &(0x7f00000006c0)='0\x00#\x04\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\r\xef;\x03 \xe2\xb6\x92Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd!\x93\xf4\xb8\xe3\x85\xc5\xed(\xf4\xea\x12\x99\x89\x01<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00FA#\x8f\xcfN`\xd5\xdd\x99\xb24\xdf\xa8A\x8d\xc3\x1b{\xd4IO\xecIO\b\xf8\xe1\x9bdy\xb6(\x1fy\x14\x02\xd6]\xfd\xcc\xf6\xf1<\x82\xf1h+5\xd2f\xa2\x1c\x89\x93\xc7Qn8\xef?6\xfd\xbf\xc5\xb1\r\x80\xd9\xb0\x8f\xff\tH@\x12\xaf\xe0\x89<#\x1c\xe1\x8f\x7f} \xbb\xaf\xbf\x10\xe2\xdd\xf1\x93W^\xed5\x1c\x856rj,S\xd2&a\xc5\x9dh\xf3\x1e\xd1:|\xdaM\xf7\x95[f\xb18\xb4\xf79\raS\x05\n8\xe3 \xfd-\xcc\xc8\x0e\x05\xa2\xba/L\x80(\xa3\x9a\xdf\xe0\xd1\xcc\xdf\x1a)\xac\x95', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 819.128019ms ago: executing program 3 (id=450): syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) socket(0x10, 0x3, 0x0) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4) sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, r5, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902) 816.494684ms ago: executing program 3 (id=451): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800000, &(0x7f0000000c00)=ANY=[]) chdir(&(0x7f0000000300)='./file0\x00') r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$unix(0x1, 0x5, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0x7}, {0xfff2, 0x7}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x1, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="500000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100766c616e000000000c0002800600010d0300fb0008001b00000400000a000100aaaaaaaaaa190000"], 0x50}}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r7) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xa0000, {0x0, 0x0, 0x0, r10, {0x0, 0x9}, {0x10, 0xb}, {0x0, 0xa858712265c6c23}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x6}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240000a0}, 0x4028040) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) creat(0x0, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$TUNSETOFFLOAD(r11, 0x40086602, 0x110e22fff2) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) setreuid(0x0, 0x0) 540.788019ms ago: executing program 3 (id=452): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, 0x0, 0xffffffffffffffff}) read$FUSE(0xffffffffffffffff, &(0x7f0000000d40)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_POLL(r3, &(0x7f0000000100)={0x18, 0xffffffffffffffda, r4, {0x7}}, 0x18) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000340)={0x1, 0x0, [{0x259, 0x0, 0x1000000001a}]}) socket$packet(0x11, 0x3, 0x300) r8 = socket(0x11, 0x800000003, 0x0) bind$packet(r8, &(0x7f0000000d00)={0x11, 0x0, r2, 0x1, 0x7f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb5}}, 0x14) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) 540.113366ms ago: executing program 1 (id=453): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="39000000140081ae10003c000500018311001f9de60cbda816dc9f2c90c3c79f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb3", 0x39}], 0x1, 0x0, 0x0, 0xa6}, 0x0) 539.917083ms ago: executing program 3 (id=454): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000500100001"], 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, [@map_val={0x18, 0x0, 0x2, 0x0, r0}, @ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0x18, 0x110}]}, &(0x7f00000003c0)='syzkaller\x00', 0x5}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x58, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 480.786072ms ago: executing program 1 (id=455): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = syz_io_uring_setup(0x3ff, &(0x7f00000005c0)={0x0, 0x32b2, 0x100, 0x1, 0x3da}, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r0], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x400000080001001, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) io_setup(0x10000, &(0x7f0000000800)) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c000180060006008848000010000280"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) socket$inet_udplite(0x2, 0x2, 0x88) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000002080), &(0x7f0000002280)=ANY=[@ANYBLOB="00fb810053371d3801d2c1d77bd61a9060ee67b9cca461c451a7a6d244ccf4d51827bf970be4a74129328126f102cf3074f0bb64303cc0070ca4949dd24bbd617f"], 0x81, 0x1) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) io_setup(0x7a, &(0x7f0000000000)) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 480.458903ms ago: executing program 2 (id=456): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x46) getdents64(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xe, 0x4, 0xffffbe0000000001, 0x8, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000200)=0x415a, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r3, &(0x7f0000000340)=[{{0x0, 0x2a, 0x0, 0x0, &(0x7f00000002c0)=""/33, 0x21}, 0x4}], 0x3d5, 0x45833af92e4b38ff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4c050) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x1, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, &(0x7f00000000c0)={{@hyper, 0x10001}, 0x0, 0x2, 0x8000}) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0x400c010}, 0x4080010) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xa, 0x6, 0x8, 0x6, 0x100, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x80}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000031a330e2b75ff67a02f692a60ec9307ff8c2ec06bd5f1b52046936edf88feae3c5588575377cdfa32f885b2f483280df2a593022e6f23eb1473ac1d557bc51fd5b2d1bfe86c67a7b3f8814a8204b23d3911c5737364c8ab33f30f907073c5d67282488c5bc4fa42408ab4aa14bb88de55f0bb31a02a4f729a01df2a75611f7a813161e3f62f5998f6354bc9fde52096d0861743124f2eba630a72ce82fee08b46a50073b0aa3e0d3eedb6e5c21555b34179e9f5bb22f2157664cbd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r6 = openat$ocfs2_control(0xffffff9c, &(0x7f00000003c0), 0x18141, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r6, &(0x7f0000000400)={0x2, 0x4}, 0x2) 420.744782ms ago: executing program 3 (id=457): syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, 0x0, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902) 369.010542ms ago: executing program 3 (id=458): sendto$inet(0xffffffffffffffff, &(0x7f0000000d00)="1ce0fff20a456a28ee049e4cd11db1253f1fe637220f3f68bddbd5b601145acf9ab25c2e", 0x24, 0x0, &(0x7f0000001100)={0x2, 0x2000, @rand_addr=0x64010101}, 0x10) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000c80)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10", 0x48}], 0x3, &(0x7f0000000c40)=ANY=[@ANYRES16=r2], 0x104}], 0x1, 0x40800) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x40010005) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040004}, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f0000000c00)=[{{&(0x7f0000000440)=@sco, 0x80, &(0x7f0000000600)=[{&(0x7f00000004c0)=""/76, 0x4c}, {&(0x7f0000000540)}, {&(0x7f0000000540)=""/60, 0x3c}], 0x3, &(0x7f0000000640)=""/252, 0xfc}, 0xffff}, {{&(0x7f0000000740)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/48, 0x30}, {&(0x7f0000000800)=""/97, 0x61}, {&(0x7f0000000880)=""/23, 0x17}, {&(0x7f00000008c0)=""/225, 0xe1}, {&(0x7f0000000d40)=""/95, 0x5f}, {&(0x7f0000000a40)=""/61, 0x3d}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000a80)=""/151, 0x97}, {&(0x7f0000000b40)=""/19, 0x13}], 0x9}, 0xc}], 0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001400010125bd7000ffdfdf25011008074e244e22030000003100000001ffffffc300000006000000000000000000004007000000", @ANYRES32=0x0, @ANYBLOB="de000000ffffff7f0200010003000000"], 0x4c}, 0x1, 0x0, 0x0, 0x24048084}, 0x40000) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x90041, 0x0, 0x4}, 0x18) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f003, 0x4}) mknod$loop(&(0x7f0000000200)='./file0\x00', 0x20, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) gettid() r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/meminfo\x00', 0x0, 0x0) lseek(r5, 0x9, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}}, 0x5c) socket(0x10, 0x3, 0x0) 530.802µs ago: executing program 0 (id=459): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) r2 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0) close(r2) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f00000004c0)={[&(0x7f0000000500)='\x068\x1b\x9e\x8d\x80\x11\xce\xb2\x7f\x95\xad\x00\'Q\tV\x8fde[olX\xac\x12\x85\xa1g\xea\x80\x1c\xa5\xb7\xc8+v\xec;\xce_@]\xc6\xbe#\x90r\xff\x90\x04\x83\x13$\xe2^2GO\x90\xe1\xcd\x82\xc3Rk\xd5\n\x95\x91\x05\x11EKE\x9f\xca\x1e\x0f\"\"X\x16\x94\x9f\bB\xf7\xa35N\xe4\xaf\xfb\x06\xb9\xa9\x9b\x9e\xe8#\x16+XM\xcb\x89h&\xda}7\xeb\xf7k\x16\x97\x1f7`\x14\xf3\nZ\xd3OG\x1a\xc7\x94\x80\xcb\xbd\x92\xc3\x87o\x83E\xe2V\xa4\xdc\xa1\xf3/\xe2\xa7\x1e.\x13_Q\xea\f\x19\xe3 &-1,\x16\x04\xd7\x008\x90\x95bQ\x05\xb9\x14\x04\xee\xe8ld\xb8\x82\x1a8\xabx g<\xf7\xf1\x82\xd3\xe9)\xe0 \xf2\t\x00\x00\x00\x00\x00\x00\x00\xd1@(\xe4Q\xdd\xbdp\xa4\xe9r\xb0\xd8&>m\x15\xe6V\xf09\x054\xd3\x88d\xb8\x9e\x87\x89\xee!~\xe9)D\x8a\xe3\xf8F9C\xc2hy\x94\x8c\x00\x00\x00\x00:\x12']}, 0x0, 0x0) open(&(0x7f0000000000)='./file1\x00', 0x501001, 0x1d8) 0s ago: executing program 0 (id=460): syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00') syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) rseq(0x0, 0x0, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4) sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, r5, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:1920' (ED25519) to the list of known hosts. [ 48.172008][ T5904] cgroup: Unknown subsys name 'net' [ 48.316648][ T5904] cgroup: Unknown subsys name 'cpuset' [ 48.320328][ T5904] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.231438][ T5904] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.390520][ T5932] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.393954][ T5932] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.396947][ T5934] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.399471][ T5934] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.402078][ T5934] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.404571][ T5932] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.407577][ T5932] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.410336][ T5939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.410370][ T5932] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.412861][ T5939] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.416036][ T5932] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.417729][ T5939] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.419905][ T5932] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.424936][ T5293] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.429129][ T5932] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.430762][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.432643][ T5932] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.437015][ T5932] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.442344][ T5940] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.446799][ T5940] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.645728][ T5928] chnl_net:caif_netlink_parms(): no params data found [ 52.666371][ T5936] chnl_net:caif_netlink_parms(): no params data found [ 52.699325][ T5929] chnl_net:caif_netlink_parms(): no params data found [ 52.865665][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.868548][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.870824][ T5936] bridge_slave_0: entered allmulticast mode [ 52.874711][ T5936] bridge_slave_0: entered promiscuous mode [ 52.878337][ T5941] chnl_net:caif_netlink_parms(): no params data found [ 52.886056][ T5928] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.888393][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.890674][ T5928] bridge_slave_0: entered allmulticast mode [ 52.893600][ T5928] bridge_slave_0: entered promiscuous mode [ 52.896785][ T5928] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.899131][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.901387][ T5928] bridge_slave_1: entered allmulticast mode [ 52.904343][ T5928] bridge_slave_1: entered promiscuous mode [ 52.910119][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.912544][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.915319][ T5929] bridge_slave_0: entered allmulticast mode [ 52.917879][ T5929] bridge_slave_0: entered promiscuous mode [ 52.922080][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.924509][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.926706][ T5936] bridge_slave_1: entered allmulticast mode [ 52.929325][ T5936] bridge_slave_1: entered promiscuous mode [ 52.954347][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.956571][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.958864][ T5929] bridge_slave_1: entered allmulticast mode [ 52.961916][ T5929] bridge_slave_1: entered promiscuous mode [ 52.978297][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.011799][ T5928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.016874][ T5928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.026458][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.059144][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.063178][ T5928] team0: Port device team_slave_0 added [ 53.065017][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.067725][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.070296][ T5941] bridge_slave_0: entered allmulticast mode [ 53.073010][ T5941] bridge_slave_0: entered promiscuous mode [ 53.076025][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.078179][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.080476][ T5941] bridge_slave_1: entered allmulticast mode [ 53.083302][ T5941] bridge_slave_1: entered promiscuous mode [ 53.092751][ T5936] team0: Port device team_slave_0 added [ 53.096190][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.106203][ T5928] team0: Port device team_slave_1 added [ 53.121066][ T5936] team0: Port device team_slave_1 added [ 53.141130][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.143504][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.151443][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.167771][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.184083][ T5929] team0: Port device team_slave_0 added [ 53.186650][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.188831][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.197090][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.203594][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.206898][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.209118][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.218088][ T5928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.223032][ T5929] team0: Port device team_slave_1 added [ 53.235912][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.238093][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.246229][ T5928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.273192][ T5941] team0: Port device team_slave_0 added [ 53.276966][ T5941] team0: Port device team_slave_1 added [ 53.290378][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.292686][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.300615][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.309570][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.311758][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.319677][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.334661][ T5936] hsr_slave_0: entered promiscuous mode [ 53.336989][ T5936] hsr_slave_1: entered promiscuous mode [ 53.351745][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.354354][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.363076][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.367510][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.369718][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.377796][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.384319][ T5928] hsr_slave_0: entered promiscuous mode [ 53.386307][ T5928] hsr_slave_1: entered promiscuous mode [ 53.388264][ T5928] debugfs: 'hsr0' already exists in 'hsr' [ 53.389976][ T5928] Cannot create hsr debugfs directory [ 53.415557][ T5929] hsr_slave_0: entered promiscuous mode [ 53.417798][ T5929] hsr_slave_1: entered promiscuous mode [ 53.419881][ T5929] debugfs: 'hsr0' already exists in 'hsr' [ 53.421719][ T5929] Cannot create hsr debugfs directory [ 53.471684][ T5941] hsr_slave_0: entered promiscuous mode [ 53.474069][ T5941] hsr_slave_1: entered promiscuous mode [ 53.476117][ T5941] debugfs: 'hsr0' already exists in 'hsr' [ 53.477928][ T5941] Cannot create hsr debugfs directory [ 53.709059][ T5936] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 53.715158][ T5936] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 53.719831][ T5936] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 53.728636][ T5936] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 53.756934][ T5928] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 53.763754][ T5928] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 53.768724][ T5928] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 53.777494][ T5928] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 53.815529][ T5929] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 53.823834][ T5929] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 53.827784][ T5929] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 53.844615][ T5929] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 53.883297][ T5941] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 53.887550][ T5941] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 53.896200][ T5941] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 53.900512][ T5941] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 53.938590][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.961477][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.975456][ T5936] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.992696][ T829] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.994875][ T829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.006297][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.008354][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.011330][ T5928] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.021607][ T829] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.023718][ T829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.047349][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.050818][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.053166][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.092085][ T5929] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.107150][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.119926][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.122318][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.137152][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.139440][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.146369][ T5941] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.156626][ T829] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.158945][ T829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.169808][ T829] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.172123][ T829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.200329][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.211787][ T5941] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.217129][ T5941] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.239540][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.270566][ T5936] veth0_vlan: entered promiscuous mode [ 54.276966][ T5936] veth1_vlan: entered promiscuous mode [ 54.301543][ T5928] veth0_vlan: entered promiscuous mode [ 54.312502][ T5936] veth0_macvtap: entered promiscuous mode [ 54.316835][ T5936] veth1_macvtap: entered promiscuous mode [ 54.323720][ T5928] veth1_vlan: entered promiscuous mode [ 54.329074][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.341024][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.352004][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.361899][ T104] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.368071][ T5928] veth0_macvtap: entered promiscuous mode [ 54.371893][ T104] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.375540][ T104] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.379734][ T5928] veth1_macvtap: entered promiscuous mode [ 54.384943][ T104] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.391314][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.401730][ T5929] veth0_vlan: entered promiscuous mode [ 54.419370][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.429402][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.434136][ T5929] veth1_vlan: entered promiscuous mode [ 54.452719][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.457134][ T829] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.459932][ T829] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.465739][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.468529][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.478533][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.492315][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.494592][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.496102][ T63] Bluetooth: hci2: command tx timeout [ 54.502801][ T63] Bluetooth: hci3: command tx timeout [ 54.502834][ T5937] Bluetooth: hci0: command tx timeout [ 54.506836][ T5940] Bluetooth: hci1: command tx timeout [ 54.511796][ T5941] veth0_vlan: entered promiscuous mode [ 54.517145][ T5929] veth0_macvtap: entered promiscuous mode [ 54.520858][ T5929] veth1_macvtap: entered promiscuous mode [ 54.532669][ T5936] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 54.534547][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.540524][ T5941] veth1_vlan: entered promiscuous mode [ 54.555420][ T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.557747][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.557966][ T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.579284][ T60] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.582076][ T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.599788][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.608198][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.612300][ T60] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.621503][ T60] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.671275][ T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.675622][ T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.678611][ T6016] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 54.692674][ T6016] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 54.696766][ T5941] veth0_macvtap: entered promiscuous mode [ 54.715559][ T5941] veth1_macvtap: entered promiscuous mode [ 54.718053][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.720323][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.725846][ T6018] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET) [ 54.728859][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.735884][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.741404][ T78] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.744724][ T78] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.747677][ T78] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.750176][ T78] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.823453][ T6021] fuse: Unknown parameter '' [ 54.835731][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.838218][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.856631][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.860530][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.042291][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.179241][ T6031] fuse: Bad value for 'group_id' [ 55.181112][ T6031] fuse: Bad value for 'group_id' [ 55.197080][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 56.563101][ T6027] Set syz1 is full, maxelem 65536 reached [ 56.602484][ T5940] Bluetooth: hci1: command tx timeout [ 56.604374][ T5940] Bluetooth: hci0: command tx timeout [ 56.606432][ T5940] Bluetooth: hci3: command tx timeout [ 56.608269][ T5940] Bluetooth: hci2: command tx timeout [ 56.652435][ T6036] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 57.213035][ T78] wlan1: Trigger new scan to find an IBSS to join [ 58.532442][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 58.563478][ T6039] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.566316][ T6039] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.662687][ T5940] Bluetooth: hci3: command tx timeout [ 58.663368][ T63] Bluetooth: hci0: command tx timeout [ 58.664482][ T5940] Bluetooth: hci1: command tx timeout [ 58.667975][ T5937] Bluetooth: hci2: command tx timeout [ 58.685204][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.694640][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.972699][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 59.128029][ T6053] team0 (unregistering): Port device team_slave_0 removed [ 59.134224][ T6053] team0 (unregistering): Port device team_slave_1 removed [ 59.145538][ T829] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.152294][ T829] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.155202][ T829] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.157994][ T829] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.201370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.204316][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.207028][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.292774][ T78] wlan1: Trigger new scan to find an IBSS to join [ 59.590009][ T6078] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 60.091367][ T6086] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 60.174611][ T6081] netlink: 48 bytes leftover after parsing attributes in process `syz.3.17'. [ 60.302777][ T6089] netlink: 48 bytes leftover after parsing attributes in process `syz.0.18'. [ 60.646575][ T6054] Set syz1 is full, maxelem 65536 reached [ 60.733921][ T5937] Bluetooth: hci0: command tx timeout [ 60.733965][ T5940] Bluetooth: hci3: command tx timeout [ 60.736057][ T5932] Bluetooth: hci2: command tx timeout [ 60.737557][ T5940] Bluetooth: hci1: command tx timeout [ 60.778592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #4a!!! [ 61.231751][ T6107] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received [ 62.081311][ T6112] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 62.252745][ T78] wlan1: Trigger new scan to find an IBSS to join [ 62.254915][ T78] wlan1: Trigger new scan to find an IBSS to join [ 62.327179][ T6116] netlink: 48 bytes leftover after parsing attributes in process `syz.2.24'. [ 62.526124][ T6118] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 62.583671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.695964][ T6125] lo speed is unknown, defaulting to 1000 [ 62.703008][ T6125] lo speed is unknown, defaulting to 1000 [ 62.709697][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 62.713712][ T6125] lo speed is unknown, defaulting to 1000 [ 62.760398][ T6127] ªªªªªª: renamed from lo (while UP) [ 62.903959][ T34] ªªªªªª speed is unknown, defaulting to 1000 [ 62.906042][ T6125] infiniband sz1: set active [ 62.951442][ T6125] infiniband sz1: added ªªªªªª [ 63.015832][ T6126] netlink: 48 bytes leftover after parsing attributes in process `syz.0.25'. [ 63.022313][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 63.061535][ T6125] RDS/IB: sz1: added [ 63.068170][ T6125] smc: adding ib device sz1 with port count 1 [ 63.071306][ T6125] smc: ib device sz1 port 1 has no pnetid [ 63.083253][ T6125] ªªªªªª speed is unknown, defaulting to 1000 [ 63.143477][ T24] ªªªªªª speed is unknown, defaulting to 1000 [ 63.300917][ T6139] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 63.315796][ T6125] ªªªªªª speed is unknown, defaulting to 1000 [ 63.341043][ T78] wlan1: Creating new IBSS network, BSSID c2:e1:b9:9c:4f:24 [ 63.404156][ T6125] ªªªªªª speed is unknown, defaulting to 1000 [ 63.528747][ T6125] ªªªªªª speed is unknown, defaulting to 1000 [ 63.533696][ T6142] netlink: 48 bytes leftover after parsing attributes in process `syz.0.29'. [ 63.613677][ T24] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 63.784278][ T24] usb 7-1: config 0 has no interfaces? [ 63.787806][ T24] usb 7-1: New USB device found, idVendor=046d, idProduct=08c2, bcdDevice=d4.71 [ 63.790656][ T24] usb 7-1: New USB device strings: Mfr=11, Product=2, SerialNumber=3 [ 63.793592][ T24] usb 7-1: Product: syz [ 63.795005][ T24] usb 7-1: Manufacturer: syz [ 63.796485][ T24] usb 7-1: SerialNumber: syz [ 63.800378][ T24] usb 7-1: config 0 descriptor?? [ 64.008791][ T5937] Bluetooth: hci0: unexpected subevent 0x0e length: 248 > 15 [ 64.011210][ T5937] Bluetooth: hci0: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00 [ 64.035026][ T24] usb 7-1: USB disconnect, device number 2 [ 64.182828][ T829] wlan1: Trigger new scan to find an IBSS to join [ 65.153189][ T6166] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.155684][ T6166] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.194790][ T6166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.200294][ T6166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.431430][ T78] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.434487][ T78] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.437295][ T78] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.440177][ T78] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.476000][ T6175] fuse: Unknown parameter '' [ 65.642454][ T6169] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 65.664592][ T6180] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received [ 65.761161][ T6183] team0 (unregistering): Port device team_slave_0 removed [ 65.766013][ T6183] team0 (unregistering): Port device team_slave_1 removed [ 65.849992][ T6184] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 65.902443][ T60] wlan1: Selected IBSS BSSID c2:e1:b9:9c:4f:24 based on configured SSID [ 66.108077][ T6191] netlink: 48 bytes leftover after parsing attributes in process `syz.1.42'. [ 66.131842][ T6193] netlink: 48 bytes leftover after parsing attributes in process `syz.2.37'. [ 68.064467][ T6186] Set syz1 is full, maxelem 65536 reached [ 68.158556][ T6210] netlink: 'syz.3.46': attribute type 2 has an invalid length. [ 68.161946][ T6210] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.166047][ T6210] netlink: 4 bytes leftover after parsing attributes in process `syz.3.46'. [ 68.169772][ T6210] bond0: (slave bond_slave_1): Releasing backup interface [ 68.342379][ T46] wlan1: Trigger new scan to find an IBSS to join [ 68.636942][ T6218] process 'syz.2.48' launched '/dev/fd/6' with NULL argv: empty string added [ 72.945920][ T6246] netlink: 48 bytes leftover after parsing attributes in process `syz.0.52'. [ 73.212353][ T78] wlan1: Trigger new scan to find an IBSS to join [ 74.263077][ T60] wlan1: Creating new IBSS network, BSSID 16:a4:10:68:d5:11 [ 74.302106][ T6278] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 74.759137][ T6289] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 74.759191][ T46] wlan1: Selected IBSS BSSID c2:e1:b9:9c:4f:24 based on configured SSID [ 75.049955][ T6292] netlink: 48 bytes leftover after parsing attributes in process `syz.1.63'. [ 75.675674][ T6306] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 75.835393][ T6316] Zero length message leads to an empty skb [ 75.928580][ T6319] gretap1: entered promiscuous mode [ 75.935663][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 75.938416][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.028193][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.75'. [ 76.033522][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.75'. [ 76.041973][ T6323] netlink: 'syz.1.75': attribute type 12 has an invalid length. [ 76.096398][ T6328] netlink: 188 bytes leftover after parsing attributes in process `syz.0.76'. [ 76.577059][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.579966][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.766867][ T6332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.776292][ T6332] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.911623][ T6342] mmap: syz.0.81 (6342) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.022226][ T34] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 77.173874][ T34] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 77.177497][ T34] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 77.181750][ T34] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 77.186090][ T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 77.190655][ T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024 [ 77.197186][ T34] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 77.200966][ T34] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 77.204740][ T34] usb 7-1: Product: syz [ 77.206697][ T34] usb 7-1: Manufacturer: syz [ 77.216626][ T34] cdc_wdm 7-1:1.0: skipping garbage [ 77.219779][ T34] cdc_wdm 7-1:1.0: skipping garbage [ 77.226066][ T34] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 77.228610][ T34] cdc_wdm 7-1:1.0: Unknown control protocol [ 77.416610][ T34] usb 7-1: USB disconnect, device number 3 [ 79.766400][ T6353] cgroup: Name too long [ 79.852375][ T5942] ªªªªªª speed is unknown, defaulting to 1000 [ 79.855031][ T5942] sz1: Port: 1 Link DOWN [ 79.857394][ T5942] ªªªªªª speed is unknown, defaulting to 1000 [ 79.860185][ T829] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.864121][ T829] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.874590][ T6346] gretap1: entered promiscuous mode [ 79.879165][ T829] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.882032][ T829] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.008894][ T6358] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 80.011551][ T6358] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 80.015947][ T6358] vhci_hcd vhci_hcd.0: Device attached [ 80.305399][ T6376] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 80.422377][ T24] usb 42-1: SetAddress Request (2) to port 0 [ 80.425625][ T24] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 80.843806][ T6369] vhci_hcd: connection reset by peer [ 80.849947][ T46] vhci_hcd vhci_hcd.2: stop threads [ 80.853182][ T46] vhci_hcd vhci_hcd.2: release socket [ 80.855651][ T46] vhci_hcd vhci_hcd.2: disconnect device [ 80.901253][ T6386] netlink: 48 bytes leftover after parsing attributes in process `syz.1.95'. [ 80.971823][ T6398] netlink: get zone limit has 4 unknown bytes [ 81.002042][ T6402] netlink: 'syz.0.101': attribute type 3 has an invalid length. [ 81.716926][ T6421] netlink: 12 bytes leftover after parsing attributes in process `syz.2.108'. [ 81.720437][ T6421] netlink: 31 bytes leftover after parsing attributes in process `syz.2.108'. [ 81.723441][ T6421] netlink: 'syz.2.108': attribute type 3 has an invalid length. [ 81.725957][ T6421] netlink: 'syz.2.108': attribute type 2 has an invalid length. [ 81.728409][ T6421] netlink: 31 bytes leftover after parsing attributes in process `syz.2.108'. [ 81.731717][ T6421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.108'. [ 81.736127][ T6421] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.945499][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'. [ 81.948796][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'. [ 82.082407][ T39] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 82.233557][ T39] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 82.236666][ T39] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 82.240670][ T39] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 82.243644][ T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.432936][ T6457] FAULT_INJECTION: forcing a failure. [ 82.432936][ T6457] name failslab, interval 1, probability 0, space 0, times 1 [ 82.437231][ T6457] CPU: 1 UID: 0 PID: 6457 Comm: syz.1.121 Not tainted syzkaller #0 PREEMPT(full) [ 82.437245][ T6457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 82.437252][ T6457] Call Trace: [ 82.437256][ T6457] [ 82.437260][ T6457] dump_stack_lvl+0x100/0x190 [ 82.437280][ T6457] should_fail_ex.cold+0x5/0xa [ 82.437293][ T6457] should_failslab+0xc2/0x120 [ 82.437309][ T6457] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 82.437323][ T6457] ? __alloc_skb+0x140/0x710 [ 82.437339][ T6457] __alloc_skb+0x140/0x710 [ 82.437350][ T6457] ? __alloc_skb+0x5b7/0x710 [ 82.437361][ T6457] ? __pfx___alloc_skb+0x10/0x10 [ 82.437372][ T6457] ? genl_rcv_msg+0x4be/0x800 [ 82.437391][ T6457] netlink_ack+0x117/0xb80 [ 82.437409][ T6457] netlink_rcv_skb+0x333/0x420 [ 82.437424][ T6457] ? __pfx_genl_rcv_msg+0x10/0x10 [ 82.437440][ T6457] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 82.437459][ T6457] ? netlink_deliver_tap+0x1ae/0xcc0 [ 82.437475][ T6457] genl_rcv+0x28/0x40 [ 82.437489][ T6457] netlink_unicast+0x5aa/0x870 [ 82.437505][ T6457] ? __pfx_netlink_unicast+0x10/0x10 [ 82.437524][ T6457] netlink_sendmsg+0x8b0/0xda0 [ 82.437545][ T6457] ? __pfx_netlink_sendmsg+0x10/0x10 [ 82.437580][ T6457] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 82.437610][ T6457] ____sys_sendmsg+0xa54/0xc30 [ 82.437630][ T6457] ? __pfx_____sys_sendmsg+0x10/0x10 [ 82.437652][ T6457] ___sys_sendmsg+0x190/0x1e0 [ 82.437663][ T6457] ? __pfx____sys_sendmsg+0x10/0x10 [ 82.437695][ T6457] __sys_sendmsg+0x170/0x220 [ 82.437712][ T6457] ? __pfx___sys_sendmsg+0x10/0x10 [ 82.437730][ T6457] ? __pfx_ksys_write+0x10/0x10 [ 82.437747][ T6457] __do_fast_syscall_32+0xe3/0x8c0 [ 82.437763][ T6457] do_fast_syscall_32+0x32/0x70 [ 82.437777][ T6457] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 82.437791][ T6457] RIP: 0023:0xf7f74f6c [ 82.437802][ T6457] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 82.437811][ T6457] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 82.437822][ T6457] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0 [ 82.437829][ T6457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 82.437834][ T6457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 82.437840][ T6457] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 82.437846][ T6457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.437858][ T6457] [ 82.462909][ T39] usb 7-1: usb_control_msg returned -32 [ 82.484007][ T6459] Bluetooth: MGMT ver 1.23 [ 82.535041][ T39] usbtmc 7-1:16.0: can't read capabilities [ 83.001713][ T6470] 9p: Bad value for 'rfdno' [ 83.137290][ T6474] netlink: 'syz.3.128': attribute type 1 has an invalid length. [ 83.239397][ T6477] netlink: 56 bytes leftover after parsing attributes in process `syz.3.129'. [ 83.324073][ T6477] "syz.3.129" (6477) uses obsolete ecb(arc4) skcipher [ 84.828440][ T6002] usb 7-1: USB disconnect, device number 4 [ 85.142970][ T6497] team0 (unregistering): Port device team_slave_0 removed [ 85.151700][ T6497] team0 (unregistering): Port device team_slave_1 removed [ 85.452513][ T24] usb 42-1: device descriptor read/8, error -110 [ 85.499184][ T6506] Set syz1 is full, maxelem 65536 reached [ 85.560141][ T6511] ªªªªªª speed is unknown, defaulting to 1000 [ 85.603298][ T6514] netlink: 28 bytes leftover after parsing attributes in process `syz.3.137'. [ 85.784837][ T6517] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 85.860282][ T24] usb usb42-port1: attempt power cycle [ 86.075995][ T6520] netlink: 48 bytes leftover after parsing attributes in process `syz.3.138'. [ 86.433955][ T24] usb usb42-port1: unable to enumerate USB device [ 86.479570][ T10] cfg80211: failed to load regulatory.db [ 87.825089][ T6548] FAULT_INJECTION: forcing a failure. [ 87.825089][ T6548] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 87.833894][ T6548] CPU: 1 UID: 0 PID: 6548 Comm: syz.2.148 Not tainted syzkaller #0 PREEMPT(full) [ 87.833909][ T6548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 87.833916][ T6548] Call Trace: [ 87.833920][ T6548] [ 87.833925][ T6548] dump_stack_lvl+0x100/0x190 [ 87.833957][ T6548] should_fail_ex.cold+0x5/0xa [ 87.833969][ T6548] _copy_from_user+0x2e/0xd0 [ 87.833983][ T6548] ia32_restore_sigcontext+0xc5/0x620 [ 87.833999][ T6548] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 87.834017][ T6548] ? rcu_is_watching+0x12/0xc0 [ 87.834032][ T6548] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.834045][ T6548] ? lockdep_hardirqs_on+0x78/0x100 [ 87.834061][ T6548] __do_compat_sys_sigreturn+0x1b2/0x280 [ 87.834076][ T6548] ? __pfx___do_compat_sys_sigreturn+0x10/0x10 [ 87.834090][ T6548] ? rcu_is_watching+0x12/0xc0 [ 87.834108][ T6548] do_int80_emulation+0x141/0x6b0 [ 87.834123][ T6548] asm_int80_emulation+0x1a/0x20 [ 87.834134][ T6548] RIP: 0023:0xf7fc2f78 [ 87.834143][ T6548] Code: c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 5d 5a 59 c3 58 b8 77 00 00 00 cd 80 <0f> 0b 8d b6 00 00 00 00 b8 ad 00 00 00 cd 80 0f 0b 84 e8 ff ff 68 [ 87.834153][ T6548] RSP: 002b:00000000f5484574 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 87.834163][ T6548] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000000 [ 87.834170][ T6548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 87.834175][ T6548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 87.834181][ T6548] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 87.834187][ T6548] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 87.834199][ T6548] [ 87.925724][ T6557] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received [ 88.063413][ T6561] netlink: 12 bytes leftover after parsing attributes in process `syz.0.150'. [ 88.067051][ T6561] netlink: 'syz.0.150': attribute type 6 has an invalid length. [ 88.089298][ T6561] vxlan0: entered promiscuous mode [ 88.104351][ T1142] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.109900][ T1142] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.119483][ T6561] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.150'. [ 88.126870][ T1142] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.131199][ T1142] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.871505][ T6580] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 89.085889][ T6597] netlink: 28 bytes leftover after parsing attributes in process `syz.3.161'. [ 89.128964][ T6592] netlink: 48 bytes leftover after parsing attributes in process `syz.1.158'. [ 90.291746][ T6629] : renamed from bond_slave_0 [ 90.298562][ T6629] netlink: 12 bytes leftover after parsing attributes in process `syz.3.171'. [ 90.566953][ T6635] fuse: Unknown parameter '0xffffffffffffffff' [ 90.625906][ T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.631091][ T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.634532][ T12] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.637451][ T12] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 91.117872][ T6641] netlink: 20 bytes leftover after parsing attributes in process `syz.0.173'. [ 92.329846][ T6681] syzkaller0: entered promiscuous mode [ 92.332280][ T6681] syzkaller0: entered allmulticast mode [ 92.464865][ T6684] netlink: 'syz.3.187': attribute type 10 has an invalid length. [ 92.469750][ T6684] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 94.354286][ T6699] team0 (unregistering): Port device team_slave_0 removed [ 94.357850][ T6699] team0 (unregistering): Port device team_slave_1 removed [ 95.212670][ T78] wlan1: Trigger new scan to find an IBSS to join [ 96.144516][ T6738] ªªªªªª speed is unknown, defaulting to 1000 [ 96.458431][ T6743] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received [ 96.585382][ T6745] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 96.598922][ T6745] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 96.607361][ T6745] tipc: Started in network mode [ 96.609625][ T6745] tipc: Node identity 124de07d736e, cluster identity 4711 [ 96.614333][ T6745] tipc: Enabled bearer , priority 0 [ 96.631043][ T6745] syzkaller0: entered promiscuous mode [ 96.633708][ T6745] syzkaller0: entered allmulticast mode [ 96.641653][ T6745] tipc: Resetting bearer [ 96.645844][ T6744] tipc: Resetting bearer [ 96.653041][ T6744] tipc: Disabling bearer [ 96.958369][ T6755] loop5: detected capacity change from 0 to 7 [ 97.442246][ T6770] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 97.444367][ T6770] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 97.447737][ T6770] vhci_hcd vhci_hcd.0: Device attached [ 97.492215][ C3] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 97.495487][ C3] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 97.712284][ T1454] usb 42-1: SetAddress Request (6) to port 0 [ 97.714336][ T1454] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 97.899857][ T6771] vhci_hcd: connection reset by peer [ 97.912929][ T46] vhci_hcd vhci_hcd.2: stop threads [ 97.914724][ T46] vhci_hcd vhci_hcd.2: release socket [ 97.917152][ T46] vhci_hcd vhci_hcd.2: disconnect device [ 98.244292][ T6784] tipc: Can't bind to reserved service type 0 [ 98.315136][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.318208][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.182383][ T1139] wlan1: Trigger new scan to find an IBSS to join [ 100.760181][ T6848] 9p: Bad value for 'wfdno' [ 101.032226][ T53] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 101.100749][ T6865] Set syz1 is full, maxelem 65536 reached [ 101.127862][ T6867] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 101.183516][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 101.187065][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 101.190068][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 101.193866][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 101.200627][ T53] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 101.205839][ T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.210415][ T53] usb 7-1: Product: syz [ 101.213328][ T53] usb 7-1: Manufacturer: syz [ 101.216043][ T53] usb 7-1: SerialNumber: syz [ 101.221663][ T53] usb 7-1: config 0 descriptor?? [ 101.300249][ T6870] netlink: 48 bytes leftover after parsing attributes in process `syz.3.238'. [ 101.433313][ T53] adutux 7-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 101.832944][ T6880] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 101.835294][ T6880] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 101.838988][ T6880] vhci_hcd vhci_hcd.0: Device attached [ 101.850293][ T6880] netlink: 'syz.2.234': attribute type 1 has an invalid length. [ 101.958086][ T6880] bond1: (slave geneve2): making interface the new active one [ 101.994220][ T6880] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 102.001479][ T6890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.242'. [ 102.011999][ T78] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 102.022447][ T78] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 102.025667][ T78] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 102.028380][ T78] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 102.102770][ T6896] netlink: 24 bytes leftover after parsing attributes in process `syz.0.243'. [ 102.108628][ T6896] netlink: 24 bytes leftover after parsing attributes in process `syz.0.243'. [ 102.990058][ T6917] IPv6: NLM_F_CREATE should be specified when creating new route [ 102.994701][ T40] audit: type=1326 audit(1771138382.060:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.003416][ T40] audit: type=1326 audit(1771138382.060:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.012431][ T40] audit: type=1326 audit(1771138382.060:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.022867][ T40] audit: type=1326 audit(1771138382.060:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.031459][ T6919] Set syz1 is full, maxelem 65536 reached [ 103.042266][ T40] audit: type=1326 audit(1771138382.060:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.049073][ T40] audit: type=1326 audit(1771138382.060:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.055653][ T40] audit: type=1326 audit(1771138382.060:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.062259][ T40] audit: type=1326 audit(1771138382.060:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.072226][ T40] audit: type=1326 audit(1771138382.060:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.078765][ T40] audit: type=1326 audit(1771138382.060:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.3.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 103.163260][ T6928] netlink: 232 bytes leftover after parsing attributes in process `syz.0.254'. [ 103.225072][ T1237] wlan1: Trigger new scan to find an IBSS to join [ 103.812878][ T6881] vhci_hcd: connection reset by peer [ 103.813936][ T53] usb 7-1: USB disconnect, device number 5 [ 103.815496][ T13] vhci_hcd vhci_hcd.2: stop threads [ 103.819306][ T13] vhci_hcd vhci_hcd.2: release socket [ 103.822627][ T1454] usb 42-1: device descriptor read/8, error -110 [ 103.823080][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 104.217142][ T1454] usb usb42-port1: attempt power cycle [ 104.284036][ T78] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 104.429098][ T6959] ======================================================= [ 104.429098][ T6959] WARNING: The mand mount option has been deprecated and [ 104.429098][ T6959] and is ignored by this kernel. Remove the mand [ 104.429098][ T6959] option from the mount to silence this warning. [ 104.429098][ T6959] ======================================================= [ 104.842711][ T1454] usb usb42-port1: unable to enumerate USB device [ 105.049216][ T6981] netlink: 24 bytes leftover after parsing attributes in process `syz.0.269'. [ 106.252273][ T78] wlan1: Trigger new scan to find an IBSS to join [ 107.421993][ T7015] macvlan2: entered promiscuous mode [ 107.431064][ T7015] macvlan3: entered promiscuous mode [ 107.646003][ T7036] raw_sendmsg: syz.1.287 forgot to set AF_INET. Fix it! [ 107.707162][ T7042] xt_CT: You must specify a L4 protocol and not use inversions on it [ 109.212469][ T13] wlan1: Trigger new scan to find an IBSS to join [ 109.583185][ T40] kauditd_printk_skb: 37 callbacks suppressed [ 109.583197][ T40] audit: type=1326 audit(1771138388.650:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.595256][ T40] audit: type=1326 audit(1771138388.650:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.602042][ T40] audit: type=1326 audit(1771138388.660:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.609295][ T40] audit: type=1326 audit(1771138388.660:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.616817][ T40] audit: type=1326 audit(1771138388.660:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.623883][ T40] audit: type=1326 audit(1771138388.660:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.630809][ T40] audit: type=1326 audit(1771138388.660:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 109.638412][ T40] audit: type=1326 audit(1771138388.660:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7068 comm="syz.3.294" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 110.123381][ T78] wlan1: Creating new IBSS network, BSSID 8a:be:24:05:a4:8c [ 110.346803][ T7083] syz.3.297 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 113.014621][ T46] wlan1: Selected IBSS BSSID 8a:be:24:05:a4:8c based on configured SSID [ 113.018392][ T7111] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 113.307476][ T7121] netlink: 48 bytes leftover after parsing attributes in process `syz.3.305'. [ 113.965375][ T7156] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond_slave_1, syncid = 0, id = 0 [ 114.152224][ T6068] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 114.179346][ T7168] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 114.324973][ T6068] usb 6-1: config 0 interface 0 altsetting 251 has an invalid descriptor for endpoint zero, skipping [ 114.330176][ T6068] usb 6-1: config 0 interface 0 has no altsetting 0 [ 114.341144][ T6068] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 114.344610][ T6068] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 114.347168][ T6068] usb 6-1: Product: syz [ 114.348493][ T6068] usb 6-1: Manufacturer: syz [ 114.351779][ T6068] usb 6-1: SerialNumber: syz [ 114.358675][ T6068] usb 6-1: config 0 descriptor?? [ 114.415210][ T6068] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 114.539319][ T5944] udevd[5944]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 114.570153][ T7181] syzkaller0: entered promiscuous mode [ 114.571979][ T7181] syzkaller0: entered allmulticast mode [ 114.576436][ T7181] capability: warning: `syz.2.326' uses deprecated v2 capabilities in a way that may be insecure [ 114.585607][ T34] usb 6-1: USB disconnect, device number 2 [ 114.678207][ T7186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'. [ 114.681000][ T7186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'. [ 115.464230][ T7193] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.466755][ T7193] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.617780][ T7193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.630729][ T7193] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.765796][ T78] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.769151][ T78] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 115.772521][ T78] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.775737][ T78] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 115.779861][ T78] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.783398][ T78] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 115.786570][ T78] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.789701][ T78] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 117.055421][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.334'. [ 117.605885][ T7237] netlink: 'syz.1.340': attribute type 2 has an invalid length. [ 117.639871][ T7237] ‚#{6c: entered promiscuous mode [ 117.646155][ T7237] netlink: 'syz.1.340': attribute type 2 has an invalid length. [ 117.649207][ T7237] ‚#{6c: left promiscuous mode [ 118.484139][ T7270] Illegal XDP return value 4294967262 on prog (id 44) dev syz_tun, expect packet loss! [ 118.582260][ T7272] syz.1.350: vmalloc error: size 2147483264, exceeds total pages, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 118.587259][ T7272] CPU: 1 UID: 0 PID: 7272 Comm: syz.1.350 Not tainted syzkaller #0 PREEMPT(full) [ 118.587273][ T7272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 118.587280][ T7272] Call Trace: [ 118.587284][ T7272] [ 118.587289][ T7272] dump_stack_lvl+0x100/0x190 [ 118.587308][ T7272] warn_alloc.cold+0x95/0x1c1 [ 118.587329][ T7272] ? __pfx_warn_alloc+0x10/0x10 [ 118.587342][ T7272] ? __lock_acquire+0x4a5/0x2630 [ 118.587364][ T7272] __vmalloc_node_range_noprof+0x1252/0x1530 [ 118.587380][ T7272] ? do_replace+0x1c6/0x490 [ 118.587401][ T7272] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 118.587413][ T7272] ? __lock_acquire+0x4a5/0x2630 [ 118.587429][ T7272] ? do_replace+0x1c6/0x490 [ 118.587444][ T7272] __vmalloc_node_noprof+0xad/0xf0 [ 118.587455][ T7272] ? do_replace+0x1c6/0x490 [ 118.587472][ T7272] __vmalloc_noprof+0xa3/0x120 [ 118.587483][ T7272] ? __pfx___vmalloc_noprof+0x10/0x10 [ 118.587500][ T7272] do_replace+0x1c6/0x490 [ 118.587517][ T7272] ? __pfx_do_replace+0x10/0x10 [ 118.587538][ T7272] ? register_lock_class+0x40/0x560 [ 118.587555][ T7272] compat_do_replace+0x589/0x7a0 [ 118.587575][ T7272] ? lock_acquire+0x1cf/0x380 [ 118.587588][ T7272] ? __pfx_compat_do_replace+0x10/0x10 [ 118.587605][ T7272] ? rcu_is_watching+0x12/0xc0 [ 118.587637][ T7272] ? bpf_lsm_capable+0x9/0x10 [ 118.587661][ T7272] ? security_capable+0x80/0x260 [ 118.587691][ T7272] do_ebt_set_ctl+0x2f5/0x3f0 [ 118.587720][ T7272] ? __pfx_do_ebt_set_ctl+0x10/0x10 [ 118.587752][ T7272] ? nf_sockopt_find.isra.0+0x222/0x290 [ 118.587780][ T7272] nf_setsockopt+0x8d/0xf0 [ 118.587810][ T7272] ip_setsockopt+0xcb/0xf0 [ 118.587868][ T7272] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 118.587890][ T7272] do_sock_setsockopt+0xf3/0x1d0 [ 118.587909][ T7272] __sys_setsockopt+0x119/0x190 [ 118.587927][ T7272] __ia32_sys_setsockopt+0xbc/0x160 [ 118.587941][ T7272] ? __do_fast_syscall_32+0x94/0x8c0 [ 118.587957][ T7272] ? lockdep_hardirqs_on+0x78/0x100 [ 118.587971][ T7272] __do_fast_syscall_32+0xe3/0x8c0 [ 118.587987][ T7272] do_fast_syscall_32+0x32/0x70 [ 118.588001][ T7272] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 118.588017][ T7272] RIP: 0023:0xf7f74f6c [ 118.588026][ T7272] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 118.588037][ T7272] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e [ 118.588047][ T7272] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000000000 [ 118.588054][ T7272] RDX: 0000000000000080 RSI: 0000000080000200 RDI: 0000000000000108 [ 118.588060][ T7272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 118.588066][ T7272] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 118.588072][ T7272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 118.588085][ T7272] [ 118.588167][ T7272] Mem-Info: [ 118.634387][ T7274] syzkaller0: entered promiscuous mode [ 118.635534][ T7272] active_anon:7193 inactive_anon:14 isolated_anon:0 [ 118.635534][ T7272] active_file:4583 inactive_file:35202 isolated_file:0 [ 118.635534][ T7272] unevictable:1768 dirty:105 writeback:0 [ 118.635534][ T7272] slab_reclaimable:9336 slab_unreclaimable:57004 [ 118.635534][ T7272] mapped:26188 shmem:3599 pagetables:1084 [ 118.635534][ T7272] sec_pagetables:311 bounce:0 [ 118.635534][ T7272] kernel_misc_reclaimable:0 [ 118.635534][ T7272] free:49687 free_pcp:15414 free_cma:0 [ 118.636152][ T7268] netlink: 4608 bytes leftover after parsing attributes in process `syz.2.348'. [ 118.637500][ T7274] syzkaller0: entered allmulticast mode [ 118.639299][ T7272] Node 0 active_anon:268kB inactive_anon:56kB active_file:1140kB inactive_file:52kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:840kB dirty:36kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1876kB sec_pagetables:1156kB all_unreclaimable? yes Balloon:0kB [ 118.748267][ T7272] Node 1 active_anon:23004kB inactive_anon:0kB active_file:17192kB inactive_file:140756kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:98612kB dirty:384kB writeback:0kB shmem:5560kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:4412kB pagetables:2560kB sec_pagetables:88kB all_unreclaimable? no Balloon:0kB [ 118.758414][ T7272] Node 0 DMA free:1888kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:552kB local_pcp:52kB free_cma:0kB [ 118.767591][ T7272] lowmem_reserve[]: 0 285 285 285 285 [ 118.769337][ T7272] Node 0 DMA32 free:12972kB boost:0kB min:13076kB low:16344kB high:19612kB reserved_highatomic:0KB free_highatomic:0KB active_anon:268kB inactive_anon:56kB active_file:1140kB inactive_file:52kB unevictable:3536kB writepending:36kB zspages:0kB present:1032196kB managed:292808kB mlocked:0kB bounce:0kB free_pcp:11572kB local_pcp:1856kB free_cma:0kB [ 118.779509][ T7272] lowmem_reserve[]: 0 0 0 0 0 [ 118.781193][ T7272] Node 1 DMA32 free:187616kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23004kB inactive_anon:0kB active_file:17192kB inactive_file:140756kB unevictable:3536kB writepending:384kB zspages:2876kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:51360kB local_pcp:19332kB free_cma:0kB [ 118.791642][ T7272] lowmem_reserve[]: 0 0 0 0 0 [ 118.793386][ T7272] Node 0 DMA: 14*4kB (UM) 9*8kB (UM) 10*16kB (UM) 12*32kB (UM) 7*64kB (UM) 2*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 1888kB [ 118.798307][ T7272] Node 0 DMA32: 7*4kB (E) 20*8kB (UE) 23*16kB (UME) 72*32kB (UME) 48*64kB (UME) 29*128kB (ME) 9*256kB (M) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 12972kB [ 118.803772][ T7272] Node 1 DMA32: 2189*4kB (UME) 976*8kB (UME) 625*16kB (UME) 41*32kB (UME) 90*64kB (UME) 86*128kB (UME) 46*256kB (UM) 34*512kB (UM) 17*1024kB (UM) 5*2048kB (UM) 21*4096kB (UM) = 187492kB [ 118.811623][ T7272] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 118.818094][ T7272] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 118.822351][ T7272] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 118.826506][ T7272] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 118.830369][ T7272] 42768 total pagecache pages [ 118.832741][ T7272] 711 pages in swap cache [ 118.834593][ T7272] Free swap = 115808kB [ 118.836293][ T7272] Total swap = 124996kB [ 118.838144][ T7272] 524155 pages RAM [ 118.839771][ T7272] 0 pages HighMem/MovableOnly [ 118.841792][ T7272] 210060 pages reserved [ 118.843674][ T7272] 0 pages cma reserved [ 119.011478][ T7288] netlink: 132 bytes leftover after parsing attributes in process `syz.0.356'. [ 119.443863][ T7310] ªªªªªª speed is unknown, defaulting to 1000 [ 119.497832][ T40] audit: type=1326 audit(1771138398.560:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7302 comm="syz.0.359" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7fc00000 [ 120.166848][ T40] audit: type=1326 audit(1771138399.230:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7302 comm="syz.0.359" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf706ef6c code=0x7fc00000 [ 120.263557][ T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 120.297093][ T7334] xt_CT: You must specify a L4 protocol and not use inversions on it [ 120.412358][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 120.422404][ T24] usb 7-1: config 0 has no interfaces? [ 120.431591][ T24] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 120.435800][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.439112][ T24] usb 7-1: Product: syz [ 120.440875][ T24] usb 7-1: Manufacturer: syz [ 120.443263][ T24] usb 7-1: SerialNumber: syz [ 120.452729][ T24] usb 7-1: config 0 descriptor?? [ 120.564253][ T7343] netlink: 7060 bytes leftover after parsing attributes in process `syz.3.371'. [ 120.755321][ T24] usb 7-1: USB disconnect, device number 6 [ 121.481888][ T7360] netlink: 'syz.0.375': attribute type 5 has an invalid length. [ 121.740903][ T40] audit: type=1326 audit(1771138400.800:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7359 comm="syz.0.375" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x0 [ 122.338165][ T7374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.379'. [ 124.052332][ T5996] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 124.232665][ T5996] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 124.243576][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.246947][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.250836][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.263413][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.267248][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.271004][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.283219][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.287092][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.291549][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.323176][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.327041][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.331633][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.413342][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.416938][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.421632][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.436005][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.439853][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.444407][ T7414] smc: removing ib device sz1 [ 124.447432][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.454561][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.458785][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.463208][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.467733][ T5996] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 124.479062][ T5996] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 124.483223][ T5996] usb 7-1: config 0 interface 0 has no altsetting 0 [ 124.487707][ T5996] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 124.491510][ T5996] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 124.495396][ T5996] usb 7-1: Product: syz [ 124.497434][ T5996] usb 7-1: Manufacturer: syz [ 124.499431][ T5996] usb 7-1: SerialNumber: syz [ 124.508324][ T5996] usb 7-1: config 0 descriptor?? [ 124.520481][ T5996] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 124.991736][ T24] usb 7-1: USB disconnect, device number 7 [ 125.006466][ T24] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 126.404370][ T7455] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 126.716798][ T24] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 126.913951][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 126.920063][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.924710][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.928655][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 126.961569][ T24] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 126.965550][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.983172][ T24] usb 7-1: config 0 descriptor?? [ 127.022359][ T40] audit: type=1326 audit(1771138406.080:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.0.405" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x0 [ 127.399743][ T24] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 127.402075][ T24] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 127.415096][ T24] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 127.417325][ T24] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 127.419504][ T24] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 127.451321][ T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input6 [ 127.525007][ T24] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 127.527799][ T24] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 128.064893][ T1454] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 128.072364][ T1454] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 128.072477][ T34] usb 7-1: USB disconnect, device number 8 [ 128.075818][ T1454] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 128.081753][ T1454] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 128.252775][ T10] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 128.463626][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.466774][ T10] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 128.476409][ T10] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.00 [ 128.479271][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.481773][ T10] usb 6-1: Product: syz [ 128.493583][ T10] usb 6-1: Manufacturer: syz [ 128.495065][ T10] usb 6-1: SerialNumber: syz [ 128.499297][ T10] usb 6-1: config 0 descriptor?? [ 128.749234][ T10] usb 6-1: USB disconnect, device number 3 [ 128.894365][ T7500] netlink: 4 bytes leftover after parsing attributes in process `syz.0.415'. [ 129.601177][ T7503] trusted_key: encrypted_key: master key parameter 'user:' is invalid [ 129.844028][ T7506] netlink: 12 bytes leftover after parsing attributes in process `syz.0.418'. [ 131.627091][ T7531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.248022][ T7542] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 133.250869][ T7542] overlayfs: missing 'lowerdir' [ 134.407070][ T7554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.434'. [ 134.480113][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.434'. [ 134.918929][ T7564] syzkaller0: entered promiscuous mode [ 134.920821][ T7564] syzkaller0: entered allmulticast mode [ 135.250016][ T7400] syz.1.385 (7400) used greatest stack depth: 18744 bytes left [ 135.813311][ T7576] netlink: 16 bytes leftover after parsing attributes in process `syz.0.437'. [ 136.178161][ T7582] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 136.236243][ T7582] netlink: 48 bytes leftover after parsing attributes in process `syz.0.438'. [ 136.345700][ T7592] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 136.746312][ T7600] netlink: 48 bytes leftover after parsing attributes in process `syz.1.440'. [ 136.929469][ T7620] netlink: 'syz.2.447': attribute type 39 has an invalid length. [ 137.228039][ T7633] netlink: 'syz.3.452': attribute type 4 has an invalid length. [ 137.232971][ T7633] netlink: 'syz.3.452': attribute type 4 has an invalid length. [ 137.375053][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.377818][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.410811][ T7649] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 137.562387][ T40] audit: type=1326 audit(1771138416.610:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.570794][ T40] audit: type=1326 audit(1771138416.610:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.579471][ T40] audit: type=1326 audit(1771138416.610:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.588009][ T40] audit: type=1326 audit(1771138416.610:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.596683][ T40] audit: type=1326 audit(1771138416.610:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf713572b code=0x7ffc0000 [ 137.604568][ T40] audit: type=1326 audit(1771138416.610:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.612893][ T40] audit: type=1326 audit(1771138416.610:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.620928][ T40] audit: type=1326 audit(1771138416.610:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.629315][ T40] audit: type=1326 audit(1771138416.610:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.638003][ T40] audit: type=1326 audit(1771138416.610:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7647 comm="syz.3.458" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 137.847571][ T7658] ================================================================== [ 137.850120][ T7658] BUG: KASAN: slab-out-of-bounds in __list_add_valid_or_report+0x105/0x130 [ 137.852712][ T7658] Read of size 8 at addr ffff888051554600 by task syz.0.460/7658 [ 137.857438][ T7658] [ 137.858335][ T7658] CPU: 1 UID: 0 PID: 7658 Comm: syz.0.460 Not tainted syzkaller #0 PREEMPT(full) [ 137.858359][ T7658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 137.858369][ T7658] Call Trace: [ 137.858376][ T7658] [ 137.858382][ T7658] dump_stack_lvl+0x100/0x190 [ 137.858413][ T7658] print_report+0x156/0x4c9 [ 137.858438][ T7658] ? __virt_addr_valid+0x81/0x620 [ 137.858463][ T7658] ? __phys_addr+0xe8/0x180 [ 137.858484][ T7658] ? __list_add_valid_or_report+0x105/0x130 [ 137.858512][ T7658] kasan_report+0xdf/0x1e0 [ 137.858537][ T7658] ? __list_add_valid_or_report+0x105/0x130 [ 137.858564][ T7658] __list_add_valid_or_report+0x105/0x130 [ 137.858593][ T7658] clone_mnt+0x633/0x930 [ 137.858616][ T7658] vfs_open_tree+0xb02/0x1500 [ 137.858645][ T7658] ? __pfx_vfs_open_tree+0x10/0x10 [ 137.858668][ T7658] ? alloc_fd+0x476/0x790 [ 137.858692][ T7658] ? do_raw_spin_unlock+0x145/0x1e0 [ 137.858717][ T7658] ? _raw_spin_unlock+0x28/0x50 [ 137.858736][ T7658] ? alloc_fd+0x476/0x790 [ 137.858761][ T7658] ? __ia32_sys_open_tree+0xa3/0x150 [ 137.858789][ T7658] __ia32_sys_open_tree+0xa3/0x150 [ 137.858818][ T7658] __do_fast_syscall_32+0xe3/0x8c0 [ 137.858843][ T7658] do_fast_syscall_32+0x32/0x70 [ 137.858866][ T7658] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 137.858889][ T7658] RIP: 0023:0xf706ef6c [ 137.858902][ T7658] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 137.858919][ T7658] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 00000000000001ac [ 137.858937][ T7658] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000640 [ 137.858949][ T7658] RDX: 0000000000001902 RSI: 0000000000000000 RDI: 0000000000000000 [ 137.858960][ T7658] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 137.858970][ T7658] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 137.858981][ T7658] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 137.858998][ T7658] [ 137.859004][ T7658] [ 137.930492][ T7658] Allocated by task 7639: [ 137.931846][ T7658] kasan_save_stack+0x30/0x50 [ 137.933354][ T7658] kasan_save_track+0x14/0x30 [ 137.934858][ T7658] __kasan_slab_alloc+0x89/0x90 [ 137.936387][ T7658] kmem_cache_alloc_noprof+0x241/0x6e0 [ 137.938096][ T7658] vm_area_alloc+0x1f/0x160 [ 137.939522][ T7658] __mmap_region+0x1027/0x2760 [ 137.941033][ T7658] mmap_region+0x30a/0x3e0 [ 137.942448][ T7658] do_mmap+0xc63/0x12f0 [ 137.943792][ T7658] vm_mmap_pgoff+0x29e/0x470 [ 137.945286][ T7658] ksys_mmap_pgoff+0x328/0x5b0 [ 137.946806][ T7658] __do_fast_syscall_32+0xe3/0x8c0 [ 137.948416][ T7658] do_fast_syscall_32+0x32/0x70 [ 137.949952][ T7658] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 137.951917][ T7658] [ 137.952686][ T7658] The buggy address belongs to the object at ffff888051554500 [ 137.952686][ T7658] which belongs to the cache vm_area_struct of size 256 [ 137.957180][ T7658] The buggy address is located 0 bytes to the right of [ 137.957180][ T7658] allocated 256-byte region [ffff888051554500, ffff888051554600) [ 137.961622][ T7658] [ 137.962392][ T7658] The buggy address belongs to the physical page: [ 137.964385][ T7658] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51554 [ 137.967618][ T7658] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 137.970241][ T7658] memcg:ffff888051777401 [ 137.971574][ T7658] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 137.973962][ T7658] page_type: f5(slab) [ 137.975285][ T7658] raw: 04fff00000000040 ffff88804049a140 dead000000000122 0000000000000000 [ 137.977934][ T7658] raw: 0000000000000000 0000000800190019 00000000f5000000 ffff888051777401 [ 137.980570][ T7658] head: 04fff00000000040 ffff88804049a140 dead000000000122 0000000000000000 [ 137.983281][ T7658] head: 0000000000000000 0000000800190019 00000000f5000000 ffff888051777401 [ 137.986115][ T7658] head: 04fff00000000001 ffffea0001455501 00000000ffffffff 00000000ffffffff [ 137.988787][ T7658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 137.991453][ T7658] page dumped because: kasan: bad access detected [ 137.993475][ T7658] page_owner tracks the page as allocated [ 137.995268][ T7658] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5936, tgid 5936 (syz-executor), ts 137265111178, free_ts 136981513385 [ 138.001812][ T7658] post_alloc_hook+0x153/0x170 [ 138.003341][ T7658] get_page_from_freelist+0x111d/0x3140 [ 138.005237][ T7658] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 138.007091][ T7658] new_slab+0xa6/0x6e0 [ 138.008381][ T7658] refill_objects+0x26b/0x400 [ 138.009867][ T7658] __pcs_replace_empty_main+0x19f/0x600 [ 138.011596][ T7658] kmem_cache_alloc_noprof+0x480/0x6e0 [ 138.013333][ T7658] vm_area_dup+0x27/0x8e0 [ 138.014722][ T7658] dup_mmap+0x6c9/0x1db0 [ 138.016062][ T7658] copy_process+0x73d1/0x7a10 [ 138.017557][ T7658] kernel_clone+0xfc/0x9a0 [ 138.018968][ T7658] __do_compat_sys_ia32_clone+0xd4/0x120 [ 138.020730][ T7658] __do_fast_syscall_32+0xe3/0x8c0 [ 138.022372][ T7658] do_fast_syscall_32+0x32/0x70 [ 138.023934][ T7658] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 138.025934][ T7658] page last free pid 12 tgid 12 stack trace: [ 138.027795][ T7658] __free_frozen_pages+0x7ca/0x10a0 [ 138.029428][ T7658] qlist_free_all+0x47/0xe0 [ 138.030858][ T7658] kasan_quarantine_reduce+0x1a0/0x1f0 [ 138.032552][ T7658] __kasan_slab_alloc+0x69/0x90 [ 138.034101][ T7658] __kmalloc_cache_noprof+0x243/0x6f0 [ 138.035802][ T7658] kobject_uevent_env+0x263/0x18b0 [ 138.037455][ T7658] nfs_netns_sysfs_destroy+0x4c/0xc0 [ 138.039108][ T7658] nfs_clients_exit+0x5a/0x1c0 [ 138.040613][ T7658] ops_undo_list+0x2ee/0xab0 [ 138.042095][ T7658] cleanup_net+0x499/0x920 [ 138.043528][ T7658] process_one_work+0x9d7/0x1920 [ 138.045165][ T7658] worker_thread+0x5da/0xe40 [ 138.046625][ T7658] kthread+0x370/0x450 [ 138.047911][ T7658] ret_from_fork+0x754/0xd80 [ 138.049374][ T7658] ret_from_fork_asm+0x1a/0x30 [ 138.050873][ T7658] [ 138.051642][ T7658] Memory state around the buggy address: [ 138.053410][ T7658] ffff888051554500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 138.055896][ T7658] ffff888051554580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 138.058368][ T7658] >ffff888051554600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 138.060845][ T7658] ^ [ 138.062145][ T7658] ffff888051554680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 138.064653][ T7658] ffff888051554700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 138.067141][ T7658] ================================================================== [ 138.069711][ T7658] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 138.072014][ T7658] CPU: 1 UID: 0 PID: 7658 Comm: syz.0.460 Not tainted syzkaller #0 PREEMPT(full) [ 138.074907][ T7658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 138.078001][ T7658] Call Trace: [ 138.079052][ T7658] [ 138.079990][ T7658] dump_stack_lvl+0x100/0x190 [ 138.081487][ T7658] vpanic+0x552/0x970 [ 138.082709][ T7658] ? __pfx_vpanic+0x10/0x10 [ 138.084175][ T7658] ? __list_add_valid_or_report+0x105/0x130 [ 138.086062][ T7658] panic+0xd1/0xe0 [ 138.087254][ T7658] ? __pfx_panic+0x10/0x10 [ 138.088673][ T7658] ? __list_add_valid_or_report+0x105/0x130 [ 138.090547][ T7658] ? preempt_schedule_common+0x42/0xc0 [ 138.092258][ T7658] check_panic_on_warn.cold+0x19/0x34 [ 138.093980][ T7658] end_report.part.0+0x3a/0x90 [ 138.095561][ T7658] kasan_report.cold+0xe/0x18 [ 138.097048][ T7658] ? __list_add_valid_or_report+0x105/0x130 [ 138.098925][ T7658] __list_add_valid_or_report+0x105/0x130 [ 138.100711][ T7658] clone_mnt+0x633/0x930 [ 138.102081][ T7658] vfs_open_tree+0xb02/0x1500 [ 138.103594][ T7658] ? __pfx_vfs_open_tree+0x10/0x10 [ 138.105210][ T7658] ? alloc_fd+0x476/0x790 [ 138.106577][ T7658] ? do_raw_spin_unlock+0x145/0x1e0 [ 138.108216][ T7658] ? _raw_spin_unlock+0x28/0x50 [ 138.109755][ T7658] ? alloc_fd+0x476/0x790 [ 138.111123][ T7658] ? __ia32_sys_open_tree+0xa3/0x150 [ 138.112786][ T7658] __ia32_sys_open_tree+0xa3/0x150 [ 138.114432][ T7658] __do_fast_syscall_32+0xe3/0x8c0 [ 138.116042][ T7658] do_fast_syscall_32+0x32/0x70 [ 138.117566][ T7658] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 138.119581][ T7658] RIP: 0023:0xf706ef6c [ 138.120861][ T7658] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 138.126824][ T7658] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 00000000000001ac [ 138.129410][ T7658] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000640 [ 138.131860][ T7658] RDX: 0000000000001902 RSI: 0000000000000000 RDI: 0000000000000000 [ 138.134340][ T7658] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 138.136790][ T7658] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 138.139250][ T7658] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 138.141723][ T7658] [ 138.143399][ T7658] Kernel Offset: disabled [ 138.144750][ T7658] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:53:37 Registers: info registers vcpu 0 CPU#0 RAX=00000000002f079f RBX=ffffffff8e4975c0 RCX=ffffffff8b8b8c75 RDX=0000000000000000 RSI=ffffffff8de7571f RDI=ffffffff8c1adca0 RBP=0000000000000000 RSP=ffffffff8e407e00 R8 =0000000000000001 R9 =ffffed1005646795 R10=ffff88802b233cab R11=0000000000000000 R12=fffffbfff1c92eb8 R13=0000000000000000 R14=ffffffff90d95310 R15=0000000000000000 RIP=ffffffff8b8b75df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809715a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7465014 CR3=000000004e027000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8575a885 RDI=ffffffff9b47de40 RBP=ffffffff9b47de00 RSP=ffffc900066cf718 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000038 R14=0000000000000010 R15=ffffffff8575a820 RIP=ffffffff8575a8af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809725a000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73b1204 CR3=000000004e027000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff91cf928e RBX=ffffffff912c0170 RCX=dffffc0000000000 RDX=1ffffffff225802e RSI=0000000000000000 RDI=ffffffff912c0170 RBP=ffffffff912c0170 RSP=ffffc90002d0ea48 R8 =ffffffff91cf9294 R9 =0000000000000007 R10=0000000000000200 R11=000000000005629a R12=ffffffff912c0170 R13=ffffffff86629a09 R14=ffffffff912c0170 R15=ffffffff912c0170 RIP=ffffffff81b7a2b0 RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f0868577300 ffffffff 00c00000 GS =0000 ffff88809735a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005602218aff40 CR3=0000000025dc2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffff8880416a8000 RBX=0000000000000000 RCX=ffffc90000415110 RDX=0000000000000008 RSI=ffffc90000415100 RDI=ffff888028d79c38 RBP=0000000000000000 RSP=ffffc900005e8e48 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff888028d79918 R13=dffffc0000000000 R14=ffff888028d79800 R15=0000000000000001 RIP=ffffffff867f01b1 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809745a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71a5700 CR3=000000004f907000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000